net: convert print_mac to %pM
[linux-2.6.git] / drivers / net / wireless / b43 / main.c
1 /*
2
3   Broadcom B43 wireless driver
4
5   Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6   Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7   Copyright (c) 2005, 2006 Michael Buesch <mb@bu3sch.de>
8   Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9   Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
10
11   Some parts of the code in this file are derived from the ipw2200
12   driver  Copyright(c) 2003 - 2004 Intel Corporation.
13
14   This program is free software; you can redistribute it and/or modify
15   it under the terms of the GNU General Public License as published by
16   the Free Software Foundation; either version 2 of the License, or
17   (at your option) any later version.
18
19   This program is distributed in the hope that it will be useful,
20   but WITHOUT ANY WARRANTY; without even the implied warranty of
21   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
22   GNU General Public License for more details.
23
24   You should have received a copy of the GNU General Public License
25   along with this program; see the file COPYING.  If not, write to
26   the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
27   Boston, MA 02110-1301, USA.
28
29 */
30
31 #include <linux/delay.h>
32 #include <linux/init.h>
33 #include <linux/moduleparam.h>
34 #include <linux/if_arp.h>
35 #include <linux/etherdevice.h>
36 #include <linux/firmware.h>
37 #include <linux/wireless.h>
38 #include <linux/workqueue.h>
39 #include <linux/skbuff.h>
40 #include <linux/io.h>
41 #include <linux/dma-mapping.h>
42 #include <asm/unaligned.h>
43
44 #include "b43.h"
45 #include "main.h"
46 #include "debugfs.h"
47 #include "phy_common.h"
48 #include "phy_g.h"
49 #include "phy_n.h"
50 #include "dma.h"
51 #include "pio.h"
52 #include "sysfs.h"
53 #include "xmit.h"
54 #include "lo.h"
55 #include "pcmcia.h"
56
57 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
58 MODULE_AUTHOR("Martin Langer");
59 MODULE_AUTHOR("Stefano Brivio");
60 MODULE_AUTHOR("Michael Buesch");
61 MODULE_LICENSE("GPL");
62
63 MODULE_FIRMWARE(B43_SUPPORTED_FIRMWARE_ID);
64
65
66 static int modparam_bad_frames_preempt;
67 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
68 MODULE_PARM_DESC(bad_frames_preempt,
69                  "enable(1) / disable(0) Bad Frames Preemption");
70
71 static char modparam_fwpostfix[16];
72 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
73 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
74
75 static int modparam_hwpctl;
76 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
77 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
78
79 static int modparam_nohwcrypt;
80 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
81 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
82
83 int b43_modparam_qos = 1;
84 module_param_named(qos, b43_modparam_qos, int, 0444);
85 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
86
87 static int modparam_btcoex = 1;
88 module_param_named(btcoex, modparam_btcoex, int, 0444);
89 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistance (default on)");
90
91
92 static const struct ssb_device_id b43_ssb_tbl[] = {
93         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
94         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
95         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
96         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
97         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
98         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
99         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
100         SSB_DEVTABLE_END
101 };
102
103 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
104
105 /* Channel and ratetables are shared for all devices.
106  * They can't be const, because ieee80211 puts some precalculated
107  * data in there. This data is the same for all devices, so we don't
108  * get concurrency issues */
109 #define RATETAB_ENT(_rateid, _flags) \
110         {                                                               \
111                 .bitrate        = B43_RATE_TO_BASE100KBPS(_rateid),     \
112                 .hw_value       = (_rateid),                            \
113                 .flags          = (_flags),                             \
114         }
115
116 /*
117  * NOTE: When changing this, sync with xmit.c's
118  *       b43_plcp_get_bitrate_idx_* functions!
119  */
120 static struct ieee80211_rate __b43_ratetable[] = {
121         RATETAB_ENT(B43_CCK_RATE_1MB, 0),
122         RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
123         RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
124         RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
125         RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
126         RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
127         RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
128         RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
129         RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
130         RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
131         RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
132         RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
133 };
134
135 #define b43_a_ratetable         (__b43_ratetable + 4)
136 #define b43_a_ratetable_size    8
137 #define b43_b_ratetable         (__b43_ratetable + 0)
138 #define b43_b_ratetable_size    4
139 #define b43_g_ratetable         (__b43_ratetable + 0)
140 #define b43_g_ratetable_size    12
141
142 #define CHAN4G(_channel, _freq, _flags) {                       \
143         .band                   = IEEE80211_BAND_2GHZ,          \
144         .center_freq            = (_freq),                      \
145         .hw_value               = (_channel),                   \
146         .flags                  = (_flags),                     \
147         .max_antenna_gain       = 0,                            \
148         .max_power              = 30,                           \
149 }
150 static struct ieee80211_channel b43_2ghz_chantable[] = {
151         CHAN4G(1, 2412, 0),
152         CHAN4G(2, 2417, 0),
153         CHAN4G(3, 2422, 0),
154         CHAN4G(4, 2427, 0),
155         CHAN4G(5, 2432, 0),
156         CHAN4G(6, 2437, 0),
157         CHAN4G(7, 2442, 0),
158         CHAN4G(8, 2447, 0),
159         CHAN4G(9, 2452, 0),
160         CHAN4G(10, 2457, 0),
161         CHAN4G(11, 2462, 0),
162         CHAN4G(12, 2467, 0),
163         CHAN4G(13, 2472, 0),
164         CHAN4G(14, 2484, 0),
165 };
166 #undef CHAN4G
167
168 #define CHAN5G(_channel, _flags) {                              \
169         .band                   = IEEE80211_BAND_5GHZ,          \
170         .center_freq            = 5000 + (5 * (_channel)),      \
171         .hw_value               = (_channel),                   \
172         .flags                  = (_flags),                     \
173         .max_antenna_gain       = 0,                            \
174         .max_power              = 30,                           \
175 }
176 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
177         CHAN5G(32, 0),          CHAN5G(34, 0),
178         CHAN5G(36, 0),          CHAN5G(38, 0),
179         CHAN5G(40, 0),          CHAN5G(42, 0),
180         CHAN5G(44, 0),          CHAN5G(46, 0),
181         CHAN5G(48, 0),          CHAN5G(50, 0),
182         CHAN5G(52, 0),          CHAN5G(54, 0),
183         CHAN5G(56, 0),          CHAN5G(58, 0),
184         CHAN5G(60, 0),          CHAN5G(62, 0),
185         CHAN5G(64, 0),          CHAN5G(66, 0),
186         CHAN5G(68, 0),          CHAN5G(70, 0),
187         CHAN5G(72, 0),          CHAN5G(74, 0),
188         CHAN5G(76, 0),          CHAN5G(78, 0),
189         CHAN5G(80, 0),          CHAN5G(82, 0),
190         CHAN5G(84, 0),          CHAN5G(86, 0),
191         CHAN5G(88, 0),          CHAN5G(90, 0),
192         CHAN5G(92, 0),          CHAN5G(94, 0),
193         CHAN5G(96, 0),          CHAN5G(98, 0),
194         CHAN5G(100, 0),         CHAN5G(102, 0),
195         CHAN5G(104, 0),         CHAN5G(106, 0),
196         CHAN5G(108, 0),         CHAN5G(110, 0),
197         CHAN5G(112, 0),         CHAN5G(114, 0),
198         CHAN5G(116, 0),         CHAN5G(118, 0),
199         CHAN5G(120, 0),         CHAN5G(122, 0),
200         CHAN5G(124, 0),         CHAN5G(126, 0),
201         CHAN5G(128, 0),         CHAN5G(130, 0),
202         CHAN5G(132, 0),         CHAN5G(134, 0),
203         CHAN5G(136, 0),         CHAN5G(138, 0),
204         CHAN5G(140, 0),         CHAN5G(142, 0),
205         CHAN5G(144, 0),         CHAN5G(145, 0),
206         CHAN5G(146, 0),         CHAN5G(147, 0),
207         CHAN5G(148, 0),         CHAN5G(149, 0),
208         CHAN5G(150, 0),         CHAN5G(151, 0),
209         CHAN5G(152, 0),         CHAN5G(153, 0),
210         CHAN5G(154, 0),         CHAN5G(155, 0),
211         CHAN5G(156, 0),         CHAN5G(157, 0),
212         CHAN5G(158, 0),         CHAN5G(159, 0),
213         CHAN5G(160, 0),         CHAN5G(161, 0),
214         CHAN5G(162, 0),         CHAN5G(163, 0),
215         CHAN5G(164, 0),         CHAN5G(165, 0),
216         CHAN5G(166, 0),         CHAN5G(168, 0),
217         CHAN5G(170, 0),         CHAN5G(172, 0),
218         CHAN5G(174, 0),         CHAN5G(176, 0),
219         CHAN5G(178, 0),         CHAN5G(180, 0),
220         CHAN5G(182, 0),         CHAN5G(184, 0),
221         CHAN5G(186, 0),         CHAN5G(188, 0),
222         CHAN5G(190, 0),         CHAN5G(192, 0),
223         CHAN5G(194, 0),         CHAN5G(196, 0),
224         CHAN5G(198, 0),         CHAN5G(200, 0),
225         CHAN5G(202, 0),         CHAN5G(204, 0),
226         CHAN5G(206, 0),         CHAN5G(208, 0),
227         CHAN5G(210, 0),         CHAN5G(212, 0),
228         CHAN5G(214, 0),         CHAN5G(216, 0),
229         CHAN5G(218, 0),         CHAN5G(220, 0),
230         CHAN5G(222, 0),         CHAN5G(224, 0),
231         CHAN5G(226, 0),         CHAN5G(228, 0),
232 };
233
234 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
235         CHAN5G(34, 0),          CHAN5G(36, 0),
236         CHAN5G(38, 0),          CHAN5G(40, 0),
237         CHAN5G(42, 0),          CHAN5G(44, 0),
238         CHAN5G(46, 0),          CHAN5G(48, 0),
239         CHAN5G(52, 0),          CHAN5G(56, 0),
240         CHAN5G(60, 0),          CHAN5G(64, 0),
241         CHAN5G(100, 0),         CHAN5G(104, 0),
242         CHAN5G(108, 0),         CHAN5G(112, 0),
243         CHAN5G(116, 0),         CHAN5G(120, 0),
244         CHAN5G(124, 0),         CHAN5G(128, 0),
245         CHAN5G(132, 0),         CHAN5G(136, 0),
246         CHAN5G(140, 0),         CHAN5G(149, 0),
247         CHAN5G(153, 0),         CHAN5G(157, 0),
248         CHAN5G(161, 0),         CHAN5G(165, 0),
249         CHAN5G(184, 0),         CHAN5G(188, 0),
250         CHAN5G(192, 0),         CHAN5G(196, 0),
251         CHAN5G(200, 0),         CHAN5G(204, 0),
252         CHAN5G(208, 0),         CHAN5G(212, 0),
253         CHAN5G(216, 0),
254 };
255 #undef CHAN5G
256
257 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
258         .band           = IEEE80211_BAND_5GHZ,
259         .channels       = b43_5ghz_nphy_chantable,
260         .n_channels     = ARRAY_SIZE(b43_5ghz_nphy_chantable),
261         .bitrates       = b43_a_ratetable,
262         .n_bitrates     = b43_a_ratetable_size,
263 };
264
265 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
266         .band           = IEEE80211_BAND_5GHZ,
267         .channels       = b43_5ghz_aphy_chantable,
268         .n_channels     = ARRAY_SIZE(b43_5ghz_aphy_chantable),
269         .bitrates       = b43_a_ratetable,
270         .n_bitrates     = b43_a_ratetable_size,
271 };
272
273 static struct ieee80211_supported_band b43_band_2GHz = {
274         .band           = IEEE80211_BAND_2GHZ,
275         .channels       = b43_2ghz_chantable,
276         .n_channels     = ARRAY_SIZE(b43_2ghz_chantable),
277         .bitrates       = b43_g_ratetable,
278         .n_bitrates     = b43_g_ratetable_size,
279 };
280
281 static void b43_wireless_core_exit(struct b43_wldev *dev);
282 static int b43_wireless_core_init(struct b43_wldev *dev);
283 static void b43_wireless_core_stop(struct b43_wldev *dev);
284 static int b43_wireless_core_start(struct b43_wldev *dev);
285
286 static int b43_ratelimit(struct b43_wl *wl)
287 {
288         if (!wl || !wl->current_dev)
289                 return 1;
290         if (b43_status(wl->current_dev) < B43_STAT_STARTED)
291                 return 1;
292         /* We are up and running.
293          * Ratelimit the messages to avoid DoS over the net. */
294         return net_ratelimit();
295 }
296
297 void b43info(struct b43_wl *wl, const char *fmt, ...)
298 {
299         va_list args;
300
301         if (!b43_ratelimit(wl))
302                 return;
303         va_start(args, fmt);
304         printk(KERN_INFO "b43-%s: ",
305                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
306         vprintk(fmt, args);
307         va_end(args);
308 }
309
310 void b43err(struct b43_wl *wl, const char *fmt, ...)
311 {
312         va_list args;
313
314         if (!b43_ratelimit(wl))
315                 return;
316         va_start(args, fmt);
317         printk(KERN_ERR "b43-%s ERROR: ",
318                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
319         vprintk(fmt, args);
320         va_end(args);
321 }
322
323 void b43warn(struct b43_wl *wl, const char *fmt, ...)
324 {
325         va_list args;
326
327         if (!b43_ratelimit(wl))
328                 return;
329         va_start(args, fmt);
330         printk(KERN_WARNING "b43-%s warning: ",
331                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
332         vprintk(fmt, args);
333         va_end(args);
334 }
335
336 #if B43_DEBUG
337 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
338 {
339         va_list args;
340
341         va_start(args, fmt);
342         printk(KERN_DEBUG "b43-%s debug: ",
343                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
344         vprintk(fmt, args);
345         va_end(args);
346 }
347 #endif /* DEBUG */
348
349 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
350 {
351         u32 macctl;
352
353         B43_WARN_ON(offset % 4 != 0);
354
355         macctl = b43_read32(dev, B43_MMIO_MACCTL);
356         if (macctl & B43_MACCTL_BE)
357                 val = swab32(val);
358
359         b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
360         mmiowb();
361         b43_write32(dev, B43_MMIO_RAM_DATA, val);
362 }
363
364 static inline void b43_shm_control_word(struct b43_wldev *dev,
365                                         u16 routing, u16 offset)
366 {
367         u32 control;
368
369         /* "offset" is the WORD offset. */
370         control = routing;
371         control <<= 16;
372         control |= offset;
373         b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
374 }
375
376 u32 __b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
377 {
378         u32 ret;
379
380         if (routing == B43_SHM_SHARED) {
381                 B43_WARN_ON(offset & 0x0001);
382                 if (offset & 0x0003) {
383                         /* Unaligned access */
384                         b43_shm_control_word(dev, routing, offset >> 2);
385                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
386                         ret <<= 16;
387                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
388                         ret |= b43_read16(dev, B43_MMIO_SHM_DATA);
389
390                         goto out;
391                 }
392                 offset >>= 2;
393         }
394         b43_shm_control_word(dev, routing, offset);
395         ret = b43_read32(dev, B43_MMIO_SHM_DATA);
396 out:
397         return ret;
398 }
399
400 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
401 {
402         struct b43_wl *wl = dev->wl;
403         unsigned long flags;
404         u32 ret;
405
406         spin_lock_irqsave(&wl->shm_lock, flags);
407         ret = __b43_shm_read32(dev, routing, offset);
408         spin_unlock_irqrestore(&wl->shm_lock, flags);
409
410         return ret;
411 }
412
413 u16 __b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
414 {
415         u16 ret;
416
417         if (routing == B43_SHM_SHARED) {
418                 B43_WARN_ON(offset & 0x0001);
419                 if (offset & 0x0003) {
420                         /* Unaligned access */
421                         b43_shm_control_word(dev, routing, offset >> 2);
422                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
423
424                         goto out;
425                 }
426                 offset >>= 2;
427         }
428         b43_shm_control_word(dev, routing, offset);
429         ret = b43_read16(dev, B43_MMIO_SHM_DATA);
430 out:
431         return ret;
432 }
433
434 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
435 {
436         struct b43_wl *wl = dev->wl;
437         unsigned long flags;
438         u16 ret;
439
440         spin_lock_irqsave(&wl->shm_lock, flags);
441         ret = __b43_shm_read16(dev, routing, offset);
442         spin_unlock_irqrestore(&wl->shm_lock, flags);
443
444         return ret;
445 }
446
447 void __b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
448 {
449         if (routing == B43_SHM_SHARED) {
450                 B43_WARN_ON(offset & 0x0001);
451                 if (offset & 0x0003) {
452                         /* Unaligned access */
453                         b43_shm_control_word(dev, routing, offset >> 2);
454                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
455                                     (value >> 16) & 0xffff);
456                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
457                         b43_write16(dev, B43_MMIO_SHM_DATA, value & 0xffff);
458                         return;
459                 }
460                 offset >>= 2;
461         }
462         b43_shm_control_word(dev, routing, offset);
463         b43_write32(dev, B43_MMIO_SHM_DATA, value);
464 }
465
466 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
467 {
468         struct b43_wl *wl = dev->wl;
469         unsigned long flags;
470
471         spin_lock_irqsave(&wl->shm_lock, flags);
472         __b43_shm_write32(dev, routing, offset, value);
473         spin_unlock_irqrestore(&wl->shm_lock, flags);
474 }
475
476 void __b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
477 {
478         if (routing == B43_SHM_SHARED) {
479                 B43_WARN_ON(offset & 0x0001);
480                 if (offset & 0x0003) {
481                         /* Unaligned access */
482                         b43_shm_control_word(dev, routing, offset >> 2);
483                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
484                         return;
485                 }
486                 offset >>= 2;
487         }
488         b43_shm_control_word(dev, routing, offset);
489         b43_write16(dev, B43_MMIO_SHM_DATA, value);
490 }
491
492 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
493 {
494         struct b43_wl *wl = dev->wl;
495         unsigned long flags;
496
497         spin_lock_irqsave(&wl->shm_lock, flags);
498         __b43_shm_write16(dev, routing, offset, value);
499         spin_unlock_irqrestore(&wl->shm_lock, flags);
500 }
501
502 /* Read HostFlags */
503 u64 b43_hf_read(struct b43_wldev * dev)
504 {
505         u64 ret;
506
507         ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI);
508         ret <<= 16;
509         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI);
510         ret <<= 16;
511         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO);
512
513         return ret;
514 }
515
516 /* Write HostFlags */
517 void b43_hf_write(struct b43_wldev *dev, u64 value)
518 {
519         u16 lo, mi, hi;
520
521         lo = (value & 0x00000000FFFFULL);
522         mi = (value & 0x0000FFFF0000ULL) >> 16;
523         hi = (value & 0xFFFF00000000ULL) >> 32;
524         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO, lo);
525         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI, mi);
526         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI, hi);
527 }
528
529 void b43_tsf_read(struct b43_wldev *dev, u64 * tsf)
530 {
531         /* We need to be careful. As we read the TSF from multiple
532          * registers, we should take care of register overflows.
533          * In theory, the whole tsf read process should be atomic.
534          * We try to be atomic here, by restaring the read process,
535          * if any of the high registers changed (overflew).
536          */
537         if (dev->dev->id.revision >= 3) {
538                 u32 low, high, high2;
539
540                 do {
541                         high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
542                         low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
543                         high2 = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
544                 } while (unlikely(high != high2));
545
546                 *tsf = high;
547                 *tsf <<= 32;
548                 *tsf |= low;
549         } else {
550                 u64 tmp;
551                 u16 v0, v1, v2, v3;
552                 u16 test1, test2, test3;
553
554                 do {
555                         v3 = b43_read16(dev, B43_MMIO_TSF_3);
556                         v2 = b43_read16(dev, B43_MMIO_TSF_2);
557                         v1 = b43_read16(dev, B43_MMIO_TSF_1);
558                         v0 = b43_read16(dev, B43_MMIO_TSF_0);
559
560                         test3 = b43_read16(dev, B43_MMIO_TSF_3);
561                         test2 = b43_read16(dev, B43_MMIO_TSF_2);
562                         test1 = b43_read16(dev, B43_MMIO_TSF_1);
563                 } while (v3 != test3 || v2 != test2 || v1 != test1);
564
565                 *tsf = v3;
566                 *tsf <<= 48;
567                 tmp = v2;
568                 tmp <<= 32;
569                 *tsf |= tmp;
570                 tmp = v1;
571                 tmp <<= 16;
572                 *tsf |= tmp;
573                 *tsf |= v0;
574         }
575 }
576
577 static void b43_time_lock(struct b43_wldev *dev)
578 {
579         u32 macctl;
580
581         macctl = b43_read32(dev, B43_MMIO_MACCTL);
582         macctl |= B43_MACCTL_TBTTHOLD;
583         b43_write32(dev, B43_MMIO_MACCTL, macctl);
584         /* Commit the write */
585         b43_read32(dev, B43_MMIO_MACCTL);
586 }
587
588 static void b43_time_unlock(struct b43_wldev *dev)
589 {
590         u32 macctl;
591
592         macctl = b43_read32(dev, B43_MMIO_MACCTL);
593         macctl &= ~B43_MACCTL_TBTTHOLD;
594         b43_write32(dev, B43_MMIO_MACCTL, macctl);
595         /* Commit the write */
596         b43_read32(dev, B43_MMIO_MACCTL);
597 }
598
599 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
600 {
601         /* Be careful with the in-progress timer.
602          * First zero out the low register, so we have a full
603          * register-overflow duration to complete the operation.
604          */
605         if (dev->dev->id.revision >= 3) {
606                 u32 lo = (tsf & 0x00000000FFFFFFFFULL);
607                 u32 hi = (tsf & 0xFFFFFFFF00000000ULL) >> 32;
608
609                 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, 0);
610                 mmiowb();
611                 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, hi);
612                 mmiowb();
613                 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, lo);
614         } else {
615                 u16 v0 = (tsf & 0x000000000000FFFFULL);
616                 u16 v1 = (tsf & 0x00000000FFFF0000ULL) >> 16;
617                 u16 v2 = (tsf & 0x0000FFFF00000000ULL) >> 32;
618                 u16 v3 = (tsf & 0xFFFF000000000000ULL) >> 48;
619
620                 b43_write16(dev, B43_MMIO_TSF_0, 0);
621                 mmiowb();
622                 b43_write16(dev, B43_MMIO_TSF_3, v3);
623                 mmiowb();
624                 b43_write16(dev, B43_MMIO_TSF_2, v2);
625                 mmiowb();
626                 b43_write16(dev, B43_MMIO_TSF_1, v1);
627                 mmiowb();
628                 b43_write16(dev, B43_MMIO_TSF_0, v0);
629         }
630 }
631
632 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
633 {
634         b43_time_lock(dev);
635         b43_tsf_write_locked(dev, tsf);
636         b43_time_unlock(dev);
637 }
638
639 static
640 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 * mac)
641 {
642         static const u8 zero_addr[ETH_ALEN] = { 0 };
643         u16 data;
644
645         if (!mac)
646                 mac = zero_addr;
647
648         offset |= 0x0020;
649         b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
650
651         data = mac[0];
652         data |= mac[1] << 8;
653         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
654         data = mac[2];
655         data |= mac[3] << 8;
656         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
657         data = mac[4];
658         data |= mac[5] << 8;
659         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
660 }
661
662 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
663 {
664         const u8 *mac;
665         const u8 *bssid;
666         u8 mac_bssid[ETH_ALEN * 2];
667         int i;
668         u32 tmp;
669
670         bssid = dev->wl->bssid;
671         mac = dev->wl->mac_addr;
672
673         b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
674
675         memcpy(mac_bssid, mac, ETH_ALEN);
676         memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
677
678         /* Write our MAC address and BSSID to template ram */
679         for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
680                 tmp = (u32) (mac_bssid[i + 0]);
681                 tmp |= (u32) (mac_bssid[i + 1]) << 8;
682                 tmp |= (u32) (mac_bssid[i + 2]) << 16;
683                 tmp |= (u32) (mac_bssid[i + 3]) << 24;
684                 b43_ram_write(dev, 0x20 + i, tmp);
685         }
686 }
687
688 static void b43_upload_card_macaddress(struct b43_wldev *dev)
689 {
690         b43_write_mac_bssid_templates(dev);
691         b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
692 }
693
694 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
695 {
696         /* slot_time is in usec. */
697         if (dev->phy.type != B43_PHYTYPE_G)
698                 return;
699         b43_write16(dev, 0x684, 510 + slot_time);
700         b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
701 }
702
703 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
704 {
705         b43_set_slot_time(dev, 9);
706         dev->short_slot = 1;
707 }
708
709 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
710 {
711         b43_set_slot_time(dev, 20);
712         dev->short_slot = 0;
713 }
714
715 /* Enable a Generic IRQ. "mask" is the mask of which IRQs to enable.
716  * Returns the _previously_ enabled IRQ mask.
717  */
718 static inline u32 b43_interrupt_enable(struct b43_wldev *dev, u32 mask)
719 {
720         u32 old_mask;
721
722         old_mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
723         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, old_mask | mask);
724
725         return old_mask;
726 }
727
728 /* Disable a Generic IRQ. "mask" is the mask of which IRQs to disable.
729  * Returns the _previously_ enabled IRQ mask.
730  */
731 static inline u32 b43_interrupt_disable(struct b43_wldev *dev, u32 mask)
732 {
733         u32 old_mask;
734
735         old_mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
736         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, old_mask & ~mask);
737
738         return old_mask;
739 }
740
741 /* Synchronize IRQ top- and bottom-half.
742  * IRQs must be masked before calling this.
743  * This must not be called with the irq_lock held.
744  */
745 static void b43_synchronize_irq(struct b43_wldev *dev)
746 {
747         synchronize_irq(dev->dev->irq);
748         tasklet_kill(&dev->isr_tasklet);
749 }
750
751 /* DummyTransmission function, as documented on
752  * http://bcm-specs.sipsolutions.net/DummyTransmission
753  */
754 void b43_dummy_transmission(struct b43_wldev *dev)
755 {
756         struct b43_wl *wl = dev->wl;
757         struct b43_phy *phy = &dev->phy;
758         unsigned int i, max_loop;
759         u16 value;
760         u32 buffer[5] = {
761                 0x00000000,
762                 0x00D40000,
763                 0x00000000,
764                 0x01000000,
765                 0x00000000,
766         };
767
768         switch (phy->type) {
769         case B43_PHYTYPE_A:
770                 max_loop = 0x1E;
771                 buffer[0] = 0x000201CC;
772                 break;
773         case B43_PHYTYPE_B:
774         case B43_PHYTYPE_G:
775                 max_loop = 0xFA;
776                 buffer[0] = 0x000B846E;
777                 break;
778         default:
779                 B43_WARN_ON(1);
780                 return;
781         }
782
783         spin_lock_irq(&wl->irq_lock);
784         write_lock(&wl->tx_lock);
785
786         for (i = 0; i < 5; i++)
787                 b43_ram_write(dev, i * 4, buffer[i]);
788
789         /* Commit writes */
790         b43_read32(dev, B43_MMIO_MACCTL);
791
792         b43_write16(dev, 0x0568, 0x0000);
793         b43_write16(dev, 0x07C0, 0x0000);
794         value = ((phy->type == B43_PHYTYPE_A) ? 1 : 0);
795         b43_write16(dev, 0x050C, value);
796         b43_write16(dev, 0x0508, 0x0000);
797         b43_write16(dev, 0x050A, 0x0000);
798         b43_write16(dev, 0x054C, 0x0000);
799         b43_write16(dev, 0x056A, 0x0014);
800         b43_write16(dev, 0x0568, 0x0826);
801         b43_write16(dev, 0x0500, 0x0000);
802         b43_write16(dev, 0x0502, 0x0030);
803
804         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
805                 b43_radio_write16(dev, 0x0051, 0x0017);
806         for (i = 0x00; i < max_loop; i++) {
807                 value = b43_read16(dev, 0x050E);
808                 if (value & 0x0080)
809                         break;
810                 udelay(10);
811         }
812         for (i = 0x00; i < 0x0A; i++) {
813                 value = b43_read16(dev, 0x050E);
814                 if (value & 0x0400)
815                         break;
816                 udelay(10);
817         }
818         for (i = 0x00; i < 0x19; i++) {
819                 value = b43_read16(dev, 0x0690);
820                 if (!(value & 0x0100))
821                         break;
822                 udelay(10);
823         }
824         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
825                 b43_radio_write16(dev, 0x0051, 0x0037);
826
827         write_unlock(&wl->tx_lock);
828         spin_unlock_irq(&wl->irq_lock);
829 }
830
831 static void key_write(struct b43_wldev *dev,
832                       u8 index, u8 algorithm, const u8 * key)
833 {
834         unsigned int i;
835         u32 offset;
836         u16 value;
837         u16 kidx;
838
839         /* Key index/algo block */
840         kidx = b43_kidx_to_fw(dev, index);
841         value = ((kidx << 4) | algorithm);
842         b43_shm_write16(dev, B43_SHM_SHARED,
843                         B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
844
845         /* Write the key to the Key Table Pointer offset */
846         offset = dev->ktp + (index * B43_SEC_KEYSIZE);
847         for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
848                 value = key[i];
849                 value |= (u16) (key[i + 1]) << 8;
850                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
851         }
852 }
853
854 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 * addr)
855 {
856         u32 addrtmp[2] = { 0, 0, };
857         u8 per_sta_keys_start = 8;
858
859         if (b43_new_kidx_api(dev))
860                 per_sta_keys_start = 4;
861
862         B43_WARN_ON(index < per_sta_keys_start);
863         /* We have two default TX keys and possibly two default RX keys.
864          * Physical mac 0 is mapped to physical key 4 or 8, depending
865          * on the firmware version.
866          * So we must adjust the index here.
867          */
868         index -= per_sta_keys_start;
869
870         if (addr) {
871                 addrtmp[0] = addr[0];
872                 addrtmp[0] |= ((u32) (addr[1]) << 8);
873                 addrtmp[0] |= ((u32) (addr[2]) << 16);
874                 addrtmp[0] |= ((u32) (addr[3]) << 24);
875                 addrtmp[1] = addr[4];
876                 addrtmp[1] |= ((u32) (addr[5]) << 8);
877         }
878
879         if (dev->dev->id.revision >= 5) {
880                 /* Receive match transmitter address mechanism */
881                 b43_shm_write32(dev, B43_SHM_RCMTA,
882                                 (index * 2) + 0, addrtmp[0]);
883                 b43_shm_write16(dev, B43_SHM_RCMTA,
884                                 (index * 2) + 1, addrtmp[1]);
885         } else {
886                 /* RXE (Receive Engine) and
887                  * PSM (Programmable State Machine) mechanism
888                  */
889                 if (index < 8) {
890                         /* TODO write to RCM 16, 19, 22 and 25 */
891                 } else {
892                         b43_shm_write32(dev, B43_SHM_SHARED,
893                                         B43_SHM_SH_PSM + (index * 6) + 0,
894                                         addrtmp[0]);
895                         b43_shm_write16(dev, B43_SHM_SHARED,
896                                         B43_SHM_SH_PSM + (index * 6) + 4,
897                                         addrtmp[1]);
898                 }
899         }
900 }
901
902 static void do_key_write(struct b43_wldev *dev,
903                          u8 index, u8 algorithm,
904                          const u8 * key, size_t key_len, const u8 * mac_addr)
905 {
906         u8 buf[B43_SEC_KEYSIZE] = { 0, };
907         u8 per_sta_keys_start = 8;
908
909         if (b43_new_kidx_api(dev))
910                 per_sta_keys_start = 4;
911
912         B43_WARN_ON(index >= dev->max_nr_keys);
913         B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
914
915         if (index >= per_sta_keys_start)
916                 keymac_write(dev, index, NULL); /* First zero out mac. */
917         if (key)
918                 memcpy(buf, key, key_len);
919         key_write(dev, index, algorithm, buf);
920         if (index >= per_sta_keys_start)
921                 keymac_write(dev, index, mac_addr);
922
923         dev->key[index].algorithm = algorithm;
924 }
925
926 static int b43_key_write(struct b43_wldev *dev,
927                          int index, u8 algorithm,
928                          const u8 * key, size_t key_len,
929                          const u8 * mac_addr,
930                          struct ieee80211_key_conf *keyconf)
931 {
932         int i;
933         int sta_keys_start;
934
935         if (key_len > B43_SEC_KEYSIZE)
936                 return -EINVAL;
937         for (i = 0; i < dev->max_nr_keys; i++) {
938                 /* Check that we don't already have this key. */
939                 B43_WARN_ON(dev->key[i].keyconf == keyconf);
940         }
941         if (index < 0) {
942                 /* Either pairwise key or address is 00:00:00:00:00:00
943                  * for transmit-only keys. Search the index. */
944                 if (b43_new_kidx_api(dev))
945                         sta_keys_start = 4;
946                 else
947                         sta_keys_start = 8;
948                 for (i = sta_keys_start; i < dev->max_nr_keys; i++) {
949                         if (!dev->key[i].keyconf) {
950                                 /* found empty */
951                                 index = i;
952                                 break;
953                         }
954                 }
955                 if (index < 0) {
956                         b43err(dev->wl, "Out of hardware key memory\n");
957                         return -ENOSPC;
958                 }
959         } else
960                 B43_WARN_ON(index > 3);
961
962         do_key_write(dev, index, algorithm, key, key_len, mac_addr);
963         if ((index <= 3) && !b43_new_kidx_api(dev)) {
964                 /* Default RX key */
965                 B43_WARN_ON(mac_addr);
966                 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
967         }
968         keyconf->hw_key_idx = index;
969         dev->key[index].keyconf = keyconf;
970
971         return 0;
972 }
973
974 static int b43_key_clear(struct b43_wldev *dev, int index)
975 {
976         if (B43_WARN_ON((index < 0) || (index >= dev->max_nr_keys)))
977                 return -EINVAL;
978         do_key_write(dev, index, B43_SEC_ALGO_NONE,
979                      NULL, B43_SEC_KEYSIZE, NULL);
980         if ((index <= 3) && !b43_new_kidx_api(dev)) {
981                 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
982                              NULL, B43_SEC_KEYSIZE, NULL);
983         }
984         dev->key[index].keyconf = NULL;
985
986         return 0;
987 }
988
989 static void b43_clear_keys(struct b43_wldev *dev)
990 {
991         int i;
992
993         for (i = 0; i < dev->max_nr_keys; i++)
994                 b43_key_clear(dev, i);
995 }
996
997 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
998 {
999         u32 macctl;
1000         u16 ucstat;
1001         bool hwps;
1002         bool awake;
1003         int i;
1004
1005         B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1006                     (ps_flags & B43_PS_DISABLED));
1007         B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1008
1009         if (ps_flags & B43_PS_ENABLED) {
1010                 hwps = 1;
1011         } else if (ps_flags & B43_PS_DISABLED) {
1012                 hwps = 0;
1013         } else {
1014                 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1015                 //      and thus is not an AP and we are associated, set bit 25
1016         }
1017         if (ps_flags & B43_PS_AWAKE) {
1018                 awake = 1;
1019         } else if (ps_flags & B43_PS_ASLEEP) {
1020                 awake = 0;
1021         } else {
1022                 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1023                 //      or we are associated, or FIXME, or the latest PS-Poll packet sent was
1024                 //      successful, set bit26
1025         }
1026
1027 /* FIXME: For now we force awake-on and hwps-off */
1028         hwps = 0;
1029         awake = 1;
1030
1031         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1032         if (hwps)
1033                 macctl |= B43_MACCTL_HWPS;
1034         else
1035                 macctl &= ~B43_MACCTL_HWPS;
1036         if (awake)
1037                 macctl |= B43_MACCTL_AWAKE;
1038         else
1039                 macctl &= ~B43_MACCTL_AWAKE;
1040         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1041         /* Commit write */
1042         b43_read32(dev, B43_MMIO_MACCTL);
1043         if (awake && dev->dev->id.revision >= 5) {
1044                 /* Wait for the microcode to wake up. */
1045                 for (i = 0; i < 100; i++) {
1046                         ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1047                                                 B43_SHM_SH_UCODESTAT);
1048                         if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1049                                 break;
1050                         udelay(10);
1051                 }
1052         }
1053 }
1054
1055 void b43_wireless_core_reset(struct b43_wldev *dev, u32 flags)
1056 {
1057         u32 tmslow;
1058         u32 macctl;
1059
1060         flags |= B43_TMSLOW_PHYCLKEN;
1061         flags |= B43_TMSLOW_PHYRESET;
1062         ssb_device_enable(dev->dev, flags);
1063         msleep(2);              /* Wait for the PLL to turn on. */
1064
1065         /* Now take the PHY out of Reset again */
1066         tmslow = ssb_read32(dev->dev, SSB_TMSLOW);
1067         tmslow |= SSB_TMSLOW_FGC;
1068         tmslow &= ~B43_TMSLOW_PHYRESET;
1069         ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1070         ssb_read32(dev->dev, SSB_TMSLOW);       /* flush */
1071         msleep(1);
1072         tmslow &= ~SSB_TMSLOW_FGC;
1073         ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1074         ssb_read32(dev->dev, SSB_TMSLOW);       /* flush */
1075         msleep(1);
1076
1077         /* Turn Analog ON, but only if we already know the PHY-type.
1078          * This protects against very early setup where we don't know the
1079          * PHY-type, yet. wireless_core_reset will be called once again later,
1080          * when we know the PHY-type. */
1081         if (dev->phy.ops)
1082                 dev->phy.ops->switch_analog(dev, 1);
1083
1084         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1085         macctl &= ~B43_MACCTL_GMODE;
1086         if (flags & B43_TMSLOW_GMODE)
1087                 macctl |= B43_MACCTL_GMODE;
1088         macctl |= B43_MACCTL_IHR_ENABLED;
1089         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1090 }
1091
1092 static void handle_irq_transmit_status(struct b43_wldev *dev)
1093 {
1094         u32 v0, v1;
1095         u16 tmp;
1096         struct b43_txstatus stat;
1097
1098         while (1) {
1099                 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1100                 if (!(v0 & 0x00000001))
1101                         break;
1102                 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1103
1104                 stat.cookie = (v0 >> 16);
1105                 stat.seq = (v1 & 0x0000FFFF);
1106                 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1107                 tmp = (v0 & 0x0000FFFF);
1108                 stat.frame_count = ((tmp & 0xF000) >> 12);
1109                 stat.rts_count = ((tmp & 0x0F00) >> 8);
1110                 stat.supp_reason = ((tmp & 0x001C) >> 2);
1111                 stat.pm_indicated = !!(tmp & 0x0080);
1112                 stat.intermediate = !!(tmp & 0x0040);
1113                 stat.for_ampdu = !!(tmp & 0x0020);
1114                 stat.acked = !!(tmp & 0x0002);
1115
1116                 b43_handle_txstatus(dev, &stat);
1117         }
1118 }
1119
1120 static void drain_txstatus_queue(struct b43_wldev *dev)
1121 {
1122         u32 dummy;
1123
1124         if (dev->dev->id.revision < 5)
1125                 return;
1126         /* Read all entries from the microcode TXstatus FIFO
1127          * and throw them away.
1128          */
1129         while (1) {
1130                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1131                 if (!(dummy & 0x00000001))
1132                         break;
1133                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1134         }
1135 }
1136
1137 static u32 b43_jssi_read(struct b43_wldev *dev)
1138 {
1139         u32 val = 0;
1140
1141         val = b43_shm_read16(dev, B43_SHM_SHARED, 0x08A);
1142         val <<= 16;
1143         val |= b43_shm_read16(dev, B43_SHM_SHARED, 0x088);
1144
1145         return val;
1146 }
1147
1148 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1149 {
1150         b43_shm_write16(dev, B43_SHM_SHARED, 0x088, (jssi & 0x0000FFFF));
1151         b43_shm_write16(dev, B43_SHM_SHARED, 0x08A, (jssi & 0xFFFF0000) >> 16);
1152 }
1153
1154 static void b43_generate_noise_sample(struct b43_wldev *dev)
1155 {
1156         b43_jssi_write(dev, 0x7F7F7F7F);
1157         b43_write32(dev, B43_MMIO_MACCMD,
1158                     b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1159 }
1160
1161 static void b43_calculate_link_quality(struct b43_wldev *dev)
1162 {
1163         /* Top half of Link Quality calculation. */
1164
1165         if (dev->phy.type != B43_PHYTYPE_G)
1166                 return;
1167         if (dev->noisecalc.calculation_running)
1168                 return;
1169         dev->noisecalc.calculation_running = 1;
1170         dev->noisecalc.nr_samples = 0;
1171
1172         b43_generate_noise_sample(dev);
1173 }
1174
1175 static void handle_irq_noise(struct b43_wldev *dev)
1176 {
1177         struct b43_phy_g *phy = dev->phy.g;
1178         u16 tmp;
1179         u8 noise[4];
1180         u8 i, j;
1181         s32 average;
1182
1183         /* Bottom half of Link Quality calculation. */
1184
1185         if (dev->phy.type != B43_PHYTYPE_G)
1186                 return;
1187
1188         /* Possible race condition: It might be possible that the user
1189          * changed to a different channel in the meantime since we
1190          * started the calculation. We ignore that fact, since it's
1191          * not really that much of a problem. The background noise is
1192          * an estimation only anyway. Slightly wrong results will get damped
1193          * by the averaging of the 8 sample rounds. Additionally the
1194          * value is shortlived. So it will be replaced by the next noise
1195          * calculation round soon. */
1196
1197         B43_WARN_ON(!dev->noisecalc.calculation_running);
1198         *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1199         if (noise[0] == 0x7F || noise[1] == 0x7F ||
1200             noise[2] == 0x7F || noise[3] == 0x7F)
1201                 goto generate_new;
1202
1203         /* Get the noise samples. */
1204         B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1205         i = dev->noisecalc.nr_samples;
1206         noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1207         noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1208         noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1209         noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1210         dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1211         dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1212         dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1213         dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1214         dev->noisecalc.nr_samples++;
1215         if (dev->noisecalc.nr_samples == 8) {
1216                 /* Calculate the Link Quality by the noise samples. */
1217                 average = 0;
1218                 for (i = 0; i < 8; i++) {
1219                         for (j = 0; j < 4; j++)
1220                                 average += dev->noisecalc.samples[i][j];
1221                 }
1222                 average /= (8 * 4);
1223                 average *= 125;
1224                 average += 64;
1225                 average /= 128;
1226                 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1227                 tmp = (tmp / 128) & 0x1F;
1228                 if (tmp >= 8)
1229                         average += 2;
1230                 else
1231                         average -= 25;
1232                 if (tmp == 8)
1233                         average -= 72;
1234                 else
1235                         average -= 48;
1236
1237                 dev->stats.link_noise = average;
1238                 dev->noisecalc.calculation_running = 0;
1239                 return;
1240         }
1241 generate_new:
1242         b43_generate_noise_sample(dev);
1243 }
1244
1245 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1246 {
1247         if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1248                 ///TODO: PS TBTT
1249         } else {
1250                 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1251                         b43_power_saving_ctl_bits(dev, 0);
1252         }
1253         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1254                 dev->dfq_valid = 1;
1255 }
1256
1257 static void handle_irq_atim_end(struct b43_wldev *dev)
1258 {
1259         if (dev->dfq_valid) {
1260                 b43_write32(dev, B43_MMIO_MACCMD,
1261                             b43_read32(dev, B43_MMIO_MACCMD)
1262                             | B43_MACCMD_DFQ_VALID);
1263                 dev->dfq_valid = 0;
1264         }
1265 }
1266
1267 static void handle_irq_pmq(struct b43_wldev *dev)
1268 {
1269         u32 tmp;
1270
1271         //TODO: AP mode.
1272
1273         while (1) {
1274                 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1275                 if (!(tmp & 0x00000008))
1276                         break;
1277         }
1278         /* 16bit write is odd, but correct. */
1279         b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1280 }
1281
1282 static void b43_write_template_common(struct b43_wldev *dev,
1283                                       const u8 * data, u16 size,
1284                                       u16 ram_offset,
1285                                       u16 shm_size_offset, u8 rate)
1286 {
1287         u32 i, tmp;
1288         struct b43_plcp_hdr4 plcp;
1289
1290         plcp.data = 0;
1291         b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1292         b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1293         ram_offset += sizeof(u32);
1294         /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1295          * So leave the first two bytes of the next write blank.
1296          */
1297         tmp = (u32) (data[0]) << 16;
1298         tmp |= (u32) (data[1]) << 24;
1299         b43_ram_write(dev, ram_offset, tmp);
1300         ram_offset += sizeof(u32);
1301         for (i = 2; i < size; i += sizeof(u32)) {
1302                 tmp = (u32) (data[i + 0]);
1303                 if (i + 1 < size)
1304                         tmp |= (u32) (data[i + 1]) << 8;
1305                 if (i + 2 < size)
1306                         tmp |= (u32) (data[i + 2]) << 16;
1307                 if (i + 3 < size)
1308                         tmp |= (u32) (data[i + 3]) << 24;
1309                 b43_ram_write(dev, ram_offset + i - 2, tmp);
1310         }
1311         b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1312                         size + sizeof(struct b43_plcp_hdr6));
1313 }
1314
1315 /* Check if the use of the antenna that ieee80211 told us to
1316  * use is possible. This will fall back to DEFAULT.
1317  * "antenna_nr" is the antenna identifier we got from ieee80211. */
1318 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1319                                   u8 antenna_nr)
1320 {
1321         u8 antenna_mask;
1322
1323         if (antenna_nr == 0) {
1324                 /* Zero means "use default antenna". That's always OK. */
1325                 return 0;
1326         }
1327
1328         /* Get the mask of available antennas. */
1329         if (dev->phy.gmode)
1330                 antenna_mask = dev->dev->bus->sprom.ant_available_bg;
1331         else
1332                 antenna_mask = dev->dev->bus->sprom.ant_available_a;
1333
1334         if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1335                 /* This antenna is not available. Fall back to default. */
1336                 return 0;
1337         }
1338
1339         return antenna_nr;
1340 }
1341
1342 static int b43_antenna_from_ieee80211(struct b43_wldev *dev, u8 antenna)
1343 {
1344         antenna = b43_ieee80211_antenna_sanitize(dev, antenna);
1345         switch (antenna) {
1346         case 0:         /* default/diversity */
1347                 return B43_ANTENNA_DEFAULT;
1348         case 1:         /* Antenna 0 */
1349                 return B43_ANTENNA0;
1350         case 2:         /* Antenna 1 */
1351                 return B43_ANTENNA1;
1352         case 3:         /* Antenna 2 */
1353                 return B43_ANTENNA2;
1354         case 4:         /* Antenna 3 */
1355                 return B43_ANTENNA3;
1356         default:
1357                 return B43_ANTENNA_DEFAULT;
1358         }
1359 }
1360
1361 /* Convert a b43 antenna number value to the PHY TX control value. */
1362 static u16 b43_antenna_to_phyctl(int antenna)
1363 {
1364         switch (antenna) {
1365         case B43_ANTENNA0:
1366                 return B43_TXH_PHY_ANT0;
1367         case B43_ANTENNA1:
1368                 return B43_TXH_PHY_ANT1;
1369         case B43_ANTENNA2:
1370                 return B43_TXH_PHY_ANT2;
1371         case B43_ANTENNA3:
1372                 return B43_TXH_PHY_ANT3;
1373         case B43_ANTENNA_AUTO:
1374                 return B43_TXH_PHY_ANT01AUTO;
1375         }
1376         B43_WARN_ON(1);
1377         return 0;
1378 }
1379
1380 static void b43_write_beacon_template(struct b43_wldev *dev,
1381                                       u16 ram_offset,
1382                                       u16 shm_size_offset)
1383 {
1384         unsigned int i, len, variable_len;
1385         const struct ieee80211_mgmt *bcn;
1386         const u8 *ie;
1387         bool tim_found = 0;
1388         unsigned int rate;
1389         u16 ctl;
1390         int antenna;
1391         struct ieee80211_tx_info *info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1392
1393         bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1394         len = min((size_t) dev->wl->current_beacon->len,
1395                   0x200 - sizeof(struct b43_plcp_hdr6));
1396         rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1397
1398         b43_write_template_common(dev, (const u8 *)bcn,
1399                                   len, ram_offset, shm_size_offset, rate);
1400
1401         /* Write the PHY TX control parameters. */
1402         antenna = b43_antenna_from_ieee80211(dev, info->antenna_sel_tx);
1403         antenna = b43_antenna_to_phyctl(antenna);
1404         ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1405         /* We can't send beacons with short preamble. Would get PHY errors. */
1406         ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1407         ctl &= ~B43_TXH_PHY_ANT;
1408         ctl &= ~B43_TXH_PHY_ENC;
1409         ctl |= antenna;
1410         if (b43_is_cck_rate(rate))
1411                 ctl |= B43_TXH_PHY_ENC_CCK;
1412         else
1413                 ctl |= B43_TXH_PHY_ENC_OFDM;
1414         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1415
1416         /* Find the position of the TIM and the DTIM_period value
1417          * and write them to SHM. */
1418         ie = bcn->u.beacon.variable;
1419         variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1420         for (i = 0; i < variable_len - 2; ) {
1421                 uint8_t ie_id, ie_len;
1422
1423                 ie_id = ie[i];
1424                 ie_len = ie[i + 1];
1425                 if (ie_id == 5) {
1426                         u16 tim_position;
1427                         u16 dtim_period;
1428                         /* This is the TIM Information Element */
1429
1430                         /* Check whether the ie_len is in the beacon data range. */
1431                         if (variable_len < ie_len + 2 + i)
1432                                 break;
1433                         /* A valid TIM is at least 4 bytes long. */
1434                         if (ie_len < 4)
1435                                 break;
1436                         tim_found = 1;
1437
1438                         tim_position = sizeof(struct b43_plcp_hdr6);
1439                         tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1440                         tim_position += i;
1441
1442                         dtim_period = ie[i + 3];
1443
1444                         b43_shm_write16(dev, B43_SHM_SHARED,
1445                                         B43_SHM_SH_TIMBPOS, tim_position);
1446                         b43_shm_write16(dev, B43_SHM_SHARED,
1447                                         B43_SHM_SH_DTIMPER, dtim_period);
1448                         break;
1449                 }
1450                 i += ie_len + 2;
1451         }
1452         if (!tim_found) {
1453                 /*
1454                  * If ucode wants to modify TIM do it behind the beacon, this
1455                  * will happen, for example, when doing mesh networking.
1456                  */
1457                 b43_shm_write16(dev, B43_SHM_SHARED,
1458                                 B43_SHM_SH_TIMBPOS,
1459                                 len + sizeof(struct b43_plcp_hdr6));
1460                 b43_shm_write16(dev, B43_SHM_SHARED,
1461                                 B43_SHM_SH_DTIMPER, 0);
1462         }
1463         b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1464 }
1465
1466 static void b43_write_probe_resp_plcp(struct b43_wldev *dev,
1467                                       u16 shm_offset, u16 size,
1468                                       struct ieee80211_rate *rate)
1469 {
1470         struct b43_plcp_hdr4 plcp;
1471         u32 tmp;
1472         __le16 dur;
1473
1474         plcp.data = 0;
1475         b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate->hw_value);
1476         dur = ieee80211_generic_frame_duration(dev->wl->hw,
1477                                                dev->wl->vif, size,
1478                                                rate);
1479         /* Write PLCP in two parts and timing for packet transfer */
1480         tmp = le32_to_cpu(plcp.data);
1481         b43_shm_write16(dev, B43_SHM_SHARED, shm_offset, tmp & 0xFFFF);
1482         b43_shm_write16(dev, B43_SHM_SHARED, shm_offset + 2, tmp >> 16);
1483         b43_shm_write16(dev, B43_SHM_SHARED, shm_offset + 6, le16_to_cpu(dur));
1484 }
1485
1486 /* Instead of using custom probe response template, this function
1487  * just patches custom beacon template by:
1488  * 1) Changing packet type
1489  * 2) Patching duration field
1490  * 3) Stripping TIM
1491  */
1492 static const u8 * b43_generate_probe_resp(struct b43_wldev *dev,
1493                                           u16 *dest_size,
1494                                           struct ieee80211_rate *rate)
1495 {
1496         const u8 *src_data;
1497         u8 *dest_data;
1498         u16 src_size, elem_size, src_pos, dest_pos;
1499         __le16 dur;
1500         struct ieee80211_hdr *hdr;
1501         size_t ie_start;
1502
1503         src_size = dev->wl->current_beacon->len;
1504         src_data = (const u8 *)dev->wl->current_beacon->data;
1505
1506         /* Get the start offset of the variable IEs in the packet. */
1507         ie_start = offsetof(struct ieee80211_mgmt, u.probe_resp.variable);
1508         B43_WARN_ON(ie_start != offsetof(struct ieee80211_mgmt, u.beacon.variable));
1509
1510         if (B43_WARN_ON(src_size < ie_start))
1511                 return NULL;
1512
1513         dest_data = kmalloc(src_size, GFP_ATOMIC);
1514         if (unlikely(!dest_data))
1515                 return NULL;
1516
1517         /* Copy the static data and all Information Elements, except the TIM. */
1518         memcpy(dest_data, src_data, ie_start);
1519         src_pos = ie_start;
1520         dest_pos = ie_start;
1521         for ( ; src_pos < src_size - 2; src_pos += elem_size) {
1522                 elem_size = src_data[src_pos + 1] + 2;
1523                 if (src_data[src_pos] == 5) {
1524                         /* This is the TIM. */
1525                         continue;
1526                 }
1527                 memcpy(dest_data + dest_pos, src_data + src_pos,
1528                        elem_size);
1529                 dest_pos += elem_size;
1530         }
1531         *dest_size = dest_pos;
1532         hdr = (struct ieee80211_hdr *)dest_data;
1533
1534         /* Set the frame control. */
1535         hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
1536                                          IEEE80211_STYPE_PROBE_RESP);
1537         dur = ieee80211_generic_frame_duration(dev->wl->hw,
1538                                                dev->wl->vif, *dest_size,
1539                                                rate);
1540         hdr->duration_id = dur;
1541
1542         return dest_data;
1543 }
1544
1545 static void b43_write_probe_resp_template(struct b43_wldev *dev,
1546                                           u16 ram_offset,
1547                                           u16 shm_size_offset,
1548                                           struct ieee80211_rate *rate)
1549 {
1550         const u8 *probe_resp_data;
1551         u16 size;
1552
1553         size = dev->wl->current_beacon->len;
1554         probe_resp_data = b43_generate_probe_resp(dev, &size, rate);
1555         if (unlikely(!probe_resp_data))
1556                 return;
1557
1558         /* Looks like PLCP headers plus packet timings are stored for
1559          * all possible basic rates
1560          */
1561         b43_write_probe_resp_plcp(dev, 0x31A, size, &b43_b_ratetable[0]);
1562         b43_write_probe_resp_plcp(dev, 0x32C, size, &b43_b_ratetable[1]);
1563         b43_write_probe_resp_plcp(dev, 0x33E, size, &b43_b_ratetable[2]);
1564         b43_write_probe_resp_plcp(dev, 0x350, size, &b43_b_ratetable[3]);
1565
1566         size = min((size_t) size, 0x200 - sizeof(struct b43_plcp_hdr6));
1567         b43_write_template_common(dev, probe_resp_data,
1568                                   size, ram_offset, shm_size_offset,
1569                                   rate->hw_value);
1570         kfree(probe_resp_data);
1571 }
1572
1573 static void b43_upload_beacon0(struct b43_wldev *dev)
1574 {
1575         struct b43_wl *wl = dev->wl;
1576
1577         if (wl->beacon0_uploaded)
1578                 return;
1579         b43_write_beacon_template(dev, 0x68, 0x18);
1580         /* FIXME: Probe resp upload doesn't really belong here,
1581          *        but we don't use that feature anyway. */
1582         b43_write_probe_resp_template(dev, 0x268, 0x4A,
1583                                       &__b43_ratetable[3]);
1584         wl->beacon0_uploaded = 1;
1585 }
1586
1587 static void b43_upload_beacon1(struct b43_wldev *dev)
1588 {
1589         struct b43_wl *wl = dev->wl;
1590
1591         if (wl->beacon1_uploaded)
1592                 return;
1593         b43_write_beacon_template(dev, 0x468, 0x1A);
1594         wl->beacon1_uploaded = 1;
1595 }
1596
1597 static void handle_irq_beacon(struct b43_wldev *dev)
1598 {
1599         struct b43_wl *wl = dev->wl;
1600         u32 cmd, beacon0_valid, beacon1_valid;
1601
1602         if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1603             !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
1604                 return;
1605
1606         /* This is the bottom half of the asynchronous beacon update. */
1607
1608         /* Ignore interrupt in the future. */
1609         dev->irq_savedstate &= ~B43_IRQ_BEACON;
1610
1611         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1612         beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1613         beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1614
1615         /* Schedule interrupt manually, if busy. */
1616         if (beacon0_valid && beacon1_valid) {
1617                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1618                 dev->irq_savedstate |= B43_IRQ_BEACON;
1619                 return;
1620         }
1621
1622         if (unlikely(wl->beacon_templates_virgin)) {
1623                 /* We never uploaded a beacon before.
1624                  * Upload both templates now, but only mark one valid. */
1625                 wl->beacon_templates_virgin = 0;
1626                 b43_upload_beacon0(dev);
1627                 b43_upload_beacon1(dev);
1628                 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1629                 cmd |= B43_MACCMD_BEACON0_VALID;
1630                 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1631         } else {
1632                 if (!beacon0_valid) {
1633                         b43_upload_beacon0(dev);
1634                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1635                         cmd |= B43_MACCMD_BEACON0_VALID;
1636                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1637                 } else if (!beacon1_valid) {
1638                         b43_upload_beacon1(dev);
1639                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1640                         cmd |= B43_MACCMD_BEACON1_VALID;
1641                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1642                 }
1643         }
1644 }
1645
1646 static void b43_beacon_update_trigger_work(struct work_struct *work)
1647 {
1648         struct b43_wl *wl = container_of(work, struct b43_wl,
1649                                          beacon_update_trigger);
1650         struct b43_wldev *dev;
1651
1652         mutex_lock(&wl->mutex);
1653         dev = wl->current_dev;
1654         if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1655                 spin_lock_irq(&wl->irq_lock);
1656                 /* update beacon right away or defer to irq */
1657                 dev->irq_savedstate = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
1658                 handle_irq_beacon(dev);
1659                 /* The handler might have updated the IRQ mask. */
1660                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK,
1661                             dev->irq_savedstate);
1662                 mmiowb();
1663                 spin_unlock_irq(&wl->irq_lock);
1664         }
1665         mutex_unlock(&wl->mutex);
1666 }
1667
1668 /* Asynchronously update the packet templates in template RAM.
1669  * Locking: Requires wl->irq_lock to be locked. */
1670 static void b43_update_templates(struct b43_wl *wl)
1671 {
1672         struct sk_buff *beacon;
1673
1674         /* This is the top half of the ansynchronous beacon update.
1675          * The bottom half is the beacon IRQ.
1676          * Beacon update must be asynchronous to avoid sending an
1677          * invalid beacon. This can happen for example, if the firmware
1678          * transmits a beacon while we are updating it. */
1679
1680         /* We could modify the existing beacon and set the aid bit in
1681          * the TIM field, but that would probably require resizing and
1682          * moving of data within the beacon template.
1683          * Simply request a new beacon and let mac80211 do the hard work. */
1684         beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1685         if (unlikely(!beacon))
1686                 return;
1687
1688         if (wl->current_beacon)
1689                 dev_kfree_skb_any(wl->current_beacon);
1690         wl->current_beacon = beacon;
1691         wl->beacon0_uploaded = 0;
1692         wl->beacon1_uploaded = 0;
1693         queue_work(wl->hw->workqueue, &wl->beacon_update_trigger);
1694 }
1695
1696 static void b43_set_ssid(struct b43_wldev *dev, const u8 * ssid, u8 ssid_len)
1697 {
1698         u32 tmp;
1699         u16 i, len;
1700
1701         len = min((u16) ssid_len, (u16) 0x100);
1702         for (i = 0; i < len; i += sizeof(u32)) {
1703                 tmp = (u32) (ssid[i + 0]);
1704                 if (i + 1 < len)
1705                         tmp |= (u32) (ssid[i + 1]) << 8;
1706                 if (i + 2 < len)
1707                         tmp |= (u32) (ssid[i + 2]) << 16;
1708                 if (i + 3 < len)
1709                         tmp |= (u32) (ssid[i + 3]) << 24;
1710                 b43_shm_write32(dev, B43_SHM_SHARED, 0x380 + i, tmp);
1711         }
1712         b43_shm_write16(dev, B43_SHM_SHARED, 0x48, len);
1713 }
1714
1715 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1716 {
1717         b43_time_lock(dev);
1718         if (dev->dev->id.revision >= 3) {
1719                 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1720                 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1721         } else {
1722                 b43_write16(dev, 0x606, (beacon_int >> 6));
1723                 b43_write16(dev, 0x610, beacon_int);
1724         }
1725         b43_time_unlock(dev);
1726         b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1727 }
1728
1729 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1730 {
1731         u16 reason;
1732
1733         /* Read the register that contains the reason code for the panic. */
1734         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1735         b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1736
1737         switch (reason) {
1738         default:
1739                 b43dbg(dev->wl, "The panic reason is unknown.\n");
1740                 /* fallthrough */
1741         case B43_FWPANIC_DIE:
1742                 /* Do not restart the controller or firmware.
1743                  * The device is nonfunctional from now on.
1744                  * Restarting would result in this panic to trigger again,
1745                  * so we avoid that recursion. */
1746                 break;
1747         case B43_FWPANIC_RESTART:
1748                 b43_controller_restart(dev, "Microcode panic");
1749                 break;
1750         }
1751 }
1752
1753 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1754 {
1755         unsigned int i, cnt;
1756         u16 reason, marker_id, marker_line;
1757         __le16 *buf;
1758
1759         /* The proprietary firmware doesn't have this IRQ. */
1760         if (!dev->fw.opensource)
1761                 return;
1762
1763         /* Read the register that contains the reason code for this IRQ. */
1764         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1765
1766         switch (reason) {
1767         case B43_DEBUGIRQ_PANIC:
1768                 b43_handle_firmware_panic(dev);
1769                 break;
1770         case B43_DEBUGIRQ_DUMP_SHM:
1771                 if (!B43_DEBUG)
1772                         break; /* Only with driver debugging enabled. */
1773                 buf = kmalloc(4096, GFP_ATOMIC);
1774                 if (!buf) {
1775                         b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1776                         goto out;
1777                 }
1778                 for (i = 0; i < 4096; i += 2) {
1779                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1780                         buf[i / 2] = cpu_to_le16(tmp);
1781                 }
1782                 b43info(dev->wl, "Shared memory dump:\n");
1783                 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1784                                16, 2, buf, 4096, 1);
1785                 kfree(buf);
1786                 break;
1787         case B43_DEBUGIRQ_DUMP_REGS:
1788                 if (!B43_DEBUG)
1789                         break; /* Only with driver debugging enabled. */
1790                 b43info(dev->wl, "Microcode register dump:\n");
1791                 for (i = 0, cnt = 0; i < 64; i++) {
1792                         u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1793                         if (cnt == 0)
1794                                 printk(KERN_INFO);
1795                         printk("r%02u: 0x%04X  ", i, tmp);
1796                         cnt++;
1797                         if (cnt == 6) {
1798                                 printk("\n");
1799                                 cnt = 0;
1800                         }
1801                 }
1802                 printk("\n");
1803                 break;
1804         case B43_DEBUGIRQ_MARKER:
1805                 if (!B43_DEBUG)
1806                         break; /* Only with driver debugging enabled. */
1807                 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1808                                            B43_MARKER_ID_REG);
1809                 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1810                                              B43_MARKER_LINE_REG);
1811                 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1812                         "at line number %u\n",
1813                         marker_id, marker_line);
1814                 break;
1815         default:
1816                 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1817                        reason);
1818         }
1819 out:
1820         /* Acknowledge the debug-IRQ, so the firmware can continue. */
1821         b43_shm_write16(dev, B43_SHM_SCRATCH,
1822                         B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1823 }
1824
1825 /* Interrupt handler bottom-half */
1826 static void b43_interrupt_tasklet(struct b43_wldev *dev)
1827 {
1828         u32 reason;
1829         u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1830         u32 merged_dma_reason = 0;
1831         int i;
1832         unsigned long flags;
1833
1834         spin_lock_irqsave(&dev->wl->irq_lock, flags);
1835
1836         B43_WARN_ON(b43_status(dev) != B43_STAT_STARTED);
1837
1838         reason = dev->irq_reason;
1839         for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1840                 dma_reason[i] = dev->dma_reason[i];
1841                 merged_dma_reason |= dma_reason[i];
1842         }
1843
1844         if (unlikely(reason & B43_IRQ_MAC_TXERR))
1845                 b43err(dev->wl, "MAC transmission error\n");
1846
1847         if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1848                 b43err(dev->wl, "PHY transmission error\n");
1849                 rmb();
1850                 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1851                         atomic_set(&dev->phy.txerr_cnt,
1852                                    B43_PHY_TX_BADNESS_LIMIT);
1853                         b43err(dev->wl, "Too many PHY TX errors, "
1854                                         "restarting the controller\n");
1855                         b43_controller_restart(dev, "PHY TX errors");
1856                 }
1857         }
1858
1859         if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK |
1860                                           B43_DMAIRQ_NONFATALMASK))) {
1861                 if (merged_dma_reason & B43_DMAIRQ_FATALMASK) {
1862                         b43err(dev->wl, "Fatal DMA error: "
1863                                "0x%08X, 0x%08X, 0x%08X, "
1864                                "0x%08X, 0x%08X, 0x%08X\n",
1865                                dma_reason[0], dma_reason[1],
1866                                dma_reason[2], dma_reason[3],
1867                                dma_reason[4], dma_reason[5]);
1868                         b43_controller_restart(dev, "DMA error");
1869                         mmiowb();
1870                         spin_unlock_irqrestore(&dev->wl->irq_lock, flags);
1871                         return;
1872                 }
1873                 if (merged_dma_reason & B43_DMAIRQ_NONFATALMASK) {
1874                         b43err(dev->wl, "DMA error: "
1875                                "0x%08X, 0x%08X, 0x%08X, "
1876                                "0x%08X, 0x%08X, 0x%08X\n",
1877                                dma_reason[0], dma_reason[1],
1878                                dma_reason[2], dma_reason[3],
1879                                dma_reason[4], dma_reason[5]);
1880                 }
1881         }
1882
1883         if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1884                 handle_irq_ucode_debug(dev);
1885         if (reason & B43_IRQ_TBTT_INDI)
1886                 handle_irq_tbtt_indication(dev);
1887         if (reason & B43_IRQ_ATIM_END)
1888                 handle_irq_atim_end(dev);
1889         if (reason & B43_IRQ_BEACON)
1890                 handle_irq_beacon(dev);
1891         if (reason & B43_IRQ_PMQ)
1892                 handle_irq_pmq(dev);
1893         if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1894                 ;/* TODO */
1895         if (reason & B43_IRQ_NOISESAMPLE_OK)
1896                 handle_irq_noise(dev);
1897
1898         /* Check the DMA reason registers for received data. */
1899         if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
1900                 if (b43_using_pio_transfers(dev))
1901                         b43_pio_rx(dev->pio.rx_queue);
1902                 else
1903                         b43_dma_rx(dev->dma.rx_ring);
1904         }
1905         B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1906         B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
1907         B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
1908         B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1909         B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1910
1911         if (reason & B43_IRQ_TX_OK)
1912                 handle_irq_transmit_status(dev);
1913
1914         b43_interrupt_enable(dev, dev->irq_savedstate);
1915         mmiowb();
1916         spin_unlock_irqrestore(&dev->wl->irq_lock, flags);
1917 }
1918
1919 static void b43_interrupt_ack(struct b43_wldev *dev, u32 reason)
1920 {
1921         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
1922
1923         b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
1924         b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
1925         b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
1926         b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
1927         b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
1928         b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
1929 }
1930
1931 /* Interrupt handler top-half */
1932 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
1933 {
1934         irqreturn_t ret = IRQ_NONE;
1935         struct b43_wldev *dev = dev_id;
1936         u32 reason;
1937
1938         if (!dev)
1939                 return IRQ_NONE;
1940
1941         spin_lock(&dev->wl->irq_lock);
1942
1943         if (b43_status(dev) < B43_STAT_STARTED)
1944                 goto out;
1945         reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1946         if (reason == 0xffffffff)       /* shared IRQ */
1947                 goto out;
1948         ret = IRQ_HANDLED;
1949         reason &= b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
1950         if (!reason)
1951                 goto out;
1952
1953         dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
1954             & 0x0001DC00;
1955         dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
1956             & 0x0000DC00;
1957         dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
1958             & 0x0000DC00;
1959         dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
1960             & 0x0001DC00;
1961         dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
1962             & 0x0000DC00;
1963         dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
1964             & 0x0000DC00;
1965
1966         b43_interrupt_ack(dev, reason);
1967         /* disable all IRQs. They are enabled again in the bottom half. */
1968         dev->irq_savedstate = b43_interrupt_disable(dev, B43_IRQ_ALL);
1969         /* save the reason code and call our bottom half. */
1970         dev->irq_reason = reason;
1971         tasklet_schedule(&dev->isr_tasklet);
1972       out:
1973         mmiowb();
1974         spin_unlock(&dev->wl->irq_lock);
1975
1976         return ret;
1977 }
1978
1979 static void do_release_fw(struct b43_firmware_file *fw)
1980 {
1981         release_firmware(fw->data);
1982         fw->data = NULL;
1983         fw->filename = NULL;
1984 }
1985
1986 static void b43_release_firmware(struct b43_wldev *dev)
1987 {
1988         do_release_fw(&dev->fw.ucode);
1989         do_release_fw(&dev->fw.pcm);
1990         do_release_fw(&dev->fw.initvals);
1991         do_release_fw(&dev->fw.initvals_band);
1992 }
1993
1994 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
1995 {
1996         const char *text;
1997
1998         text = "You must go to "
1999                "http://linuxwireless.org/en/users/Drivers/b43#devicefirmware "
2000                "and download the latest firmware (version 4).\n";
2001         if (error)
2002                 b43err(wl, text);
2003         else
2004                 b43warn(wl, text);
2005 }
2006
2007 static int do_request_fw(struct b43_wldev *dev,
2008                          const char *name,
2009                          struct b43_firmware_file *fw,
2010                          bool silent)
2011 {
2012         char path[sizeof(modparam_fwpostfix) + 32];
2013         const struct firmware *blob;
2014         struct b43_fw_header *hdr;
2015         u32 size;
2016         int err;
2017
2018         if (!name) {
2019                 /* Don't fetch anything. Free possibly cached firmware. */
2020                 do_release_fw(fw);
2021                 return 0;
2022         }
2023         if (fw->filename) {
2024                 if (strcmp(fw->filename, name) == 0)
2025                         return 0; /* Already have this fw. */
2026                 /* Free the cached firmware first. */
2027                 do_release_fw(fw);
2028         }
2029
2030         snprintf(path, ARRAY_SIZE(path),
2031                  "b43%s/%s.fw",
2032                  modparam_fwpostfix, name);
2033         err = request_firmware(&blob, path, dev->dev->dev);
2034         if (err == -ENOENT) {
2035                 if (!silent) {
2036                         b43err(dev->wl, "Firmware file \"%s\" not found\n",
2037                                path);
2038                 }
2039                 return err;
2040         } else if (err) {
2041                 b43err(dev->wl, "Firmware file \"%s\" request failed (err=%d)\n",
2042                        path, err);
2043                 return err;
2044         }
2045         if (blob->size < sizeof(struct b43_fw_header))
2046                 goto err_format;
2047         hdr = (struct b43_fw_header *)(blob->data);
2048         switch (hdr->type) {
2049         case B43_FW_TYPE_UCODE:
2050         case B43_FW_TYPE_PCM:
2051                 size = be32_to_cpu(hdr->size);
2052                 if (size != blob->size - sizeof(struct b43_fw_header))
2053                         goto err_format;
2054                 /* fallthrough */
2055         case B43_FW_TYPE_IV:
2056                 if (hdr->ver != 1)
2057                         goto err_format;
2058                 break;
2059         default:
2060                 goto err_format;
2061         }
2062
2063         fw->data = blob;
2064         fw->filename = name;
2065
2066         return 0;
2067
2068 err_format:
2069         b43err(dev->wl, "Firmware file \"%s\" format error.\n", path);
2070         release_firmware(blob);
2071
2072         return -EPROTO;
2073 }
2074
2075 static int b43_request_firmware(struct b43_wldev *dev)
2076 {
2077         struct b43_firmware *fw = &dev->fw;
2078         const u8 rev = dev->dev->id.revision;
2079         const char *filename;
2080         u32 tmshigh;
2081         int err;
2082
2083         /* Get microcode */
2084         tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
2085         if ((rev >= 5) && (rev <= 10))
2086                 filename = "ucode5";
2087         else if ((rev >= 11) && (rev <= 12))
2088                 filename = "ucode11";
2089         else if (rev >= 13)
2090                 filename = "ucode13";
2091         else
2092                 goto err_no_ucode;
2093         err = do_request_fw(dev, filename, &fw->ucode, 0);
2094         if (err)
2095                 goto err_load;
2096
2097         /* Get PCM code */
2098         if ((rev >= 5) && (rev <= 10))
2099                 filename = "pcm5";
2100         else if (rev >= 11)
2101                 filename = NULL;
2102         else
2103                 goto err_no_pcm;
2104         fw->pcm_request_failed = 0;
2105         err = do_request_fw(dev, filename, &fw->pcm, 1);
2106         if (err == -ENOENT) {
2107                 /* We did not find a PCM file? Not fatal, but
2108                  * core rev <= 10 must do without hwcrypto then. */
2109                 fw->pcm_request_failed = 1;
2110         } else if (err)
2111                 goto err_load;
2112
2113         /* Get initvals */
2114         switch (dev->phy.type) {
2115         case B43_PHYTYPE_A:
2116                 if ((rev >= 5) && (rev <= 10)) {
2117                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2118                                 filename = "a0g1initvals5";
2119                         else
2120                                 filename = "a0g0initvals5";
2121                 } else
2122                         goto err_no_initvals;
2123                 break;
2124         case B43_PHYTYPE_G:
2125                 if ((rev >= 5) && (rev <= 10))
2126                         filename = "b0g0initvals5";
2127                 else if (rev >= 13)
2128                         filename = "b0g0initvals13";
2129                 else
2130                         goto err_no_initvals;
2131                 break;
2132         case B43_PHYTYPE_N:
2133                 if ((rev >= 11) && (rev <= 12))
2134                         filename = "n0initvals11";
2135                 else
2136                         goto err_no_initvals;
2137                 break;
2138         default:
2139                 goto err_no_initvals;
2140         }
2141         err = do_request_fw(dev, filename, &fw->initvals, 0);
2142         if (err)
2143                 goto err_load;
2144
2145         /* Get bandswitch initvals */
2146         switch (dev->phy.type) {
2147         case B43_PHYTYPE_A:
2148                 if ((rev >= 5) && (rev <= 10)) {
2149                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2150                                 filename = "a0g1bsinitvals5";
2151                         else
2152                                 filename = "a0g0bsinitvals5";
2153                 } else if (rev >= 11)
2154                         filename = NULL;
2155                 else
2156                         goto err_no_initvals;
2157                 break;
2158         case B43_PHYTYPE_G:
2159                 if ((rev >= 5) && (rev <= 10))
2160                         filename = "b0g0bsinitvals5";
2161                 else if (rev >= 11)
2162                         filename = NULL;
2163                 else
2164                         goto err_no_initvals;
2165                 break;
2166         case B43_PHYTYPE_N:
2167                 if ((rev >= 11) && (rev <= 12))
2168                         filename = "n0bsinitvals11";
2169                 else
2170                         goto err_no_initvals;
2171                 break;
2172         default:
2173                 goto err_no_initvals;
2174         }
2175         err = do_request_fw(dev, filename, &fw->initvals_band, 0);
2176         if (err)
2177                 goto err_load;
2178
2179         return 0;
2180
2181 err_load:
2182         b43_print_fw_helptext(dev->wl, 1);
2183         goto error;
2184
2185 err_no_ucode:
2186         err = -ENODEV;
2187         b43err(dev->wl, "No microcode available for core rev %u\n", rev);
2188         goto error;
2189
2190 err_no_pcm:
2191         err = -ENODEV;
2192         b43err(dev->wl, "No PCM available for core rev %u\n", rev);
2193         goto error;
2194
2195 err_no_initvals:
2196         err = -ENODEV;
2197         b43err(dev->wl, "No Initial Values firmware file for PHY %u, "
2198                "core rev %u\n", dev->phy.type, rev);
2199         goto error;
2200
2201 error:
2202         b43_release_firmware(dev);
2203         return err;
2204 }
2205
2206 static int b43_upload_microcode(struct b43_wldev *dev)
2207 {
2208         const size_t hdr_len = sizeof(struct b43_fw_header);
2209         const __be32 *data;
2210         unsigned int i, len;
2211         u16 fwrev, fwpatch, fwdate, fwtime;
2212         u32 tmp, macctl;
2213         int err = 0;
2214
2215         /* Jump the microcode PSM to offset 0 */
2216         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2217         B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2218         macctl |= B43_MACCTL_PSM_JMP0;
2219         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2220         /* Zero out all microcode PSM registers and shared memory. */
2221         for (i = 0; i < 64; i++)
2222                 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2223         for (i = 0; i < 4096; i += 2)
2224                 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2225
2226         /* Upload Microcode. */
2227         data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2228         len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2229         b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2230         for (i = 0; i < len; i++) {
2231                 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2232                 udelay(10);
2233         }
2234
2235         if (dev->fw.pcm.data) {
2236                 /* Upload PCM data. */
2237                 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2238                 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2239                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2240                 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2241                 /* No need for autoinc bit in SHM_HW */
2242                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2243                 for (i = 0; i < len; i++) {
2244                         b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2245                         udelay(10);
2246                 }
2247         }
2248
2249         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2250
2251         /* Start the microcode PSM */
2252         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2253         macctl &= ~B43_MACCTL_PSM_JMP0;
2254         macctl |= B43_MACCTL_PSM_RUN;
2255         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2256
2257         /* Wait for the microcode to load and respond */
2258         i = 0;
2259         while (1) {
2260                 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2261                 if (tmp == B43_IRQ_MAC_SUSPENDED)
2262                         break;
2263                 i++;
2264                 if (i >= 20) {
2265                         b43err(dev->wl, "Microcode not responding\n");
2266                         b43_print_fw_helptext(dev->wl, 1);
2267                         err = -ENODEV;
2268                         goto error;
2269                 }
2270                 msleep_interruptible(50);
2271                 if (signal_pending(current)) {
2272                         err = -EINTR;
2273                         goto error;
2274                 }
2275         }
2276         b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);       /* dummy read */
2277
2278         /* Get and check the revisions. */
2279         fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2280         fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2281         fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2282         fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2283
2284         if (fwrev <= 0x128) {
2285                 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2286                        "binary drivers older than version 4.x is unsupported. "
2287                        "You must upgrade your firmware files.\n");
2288                 b43_print_fw_helptext(dev->wl, 1);
2289                 err = -EOPNOTSUPP;
2290                 goto error;
2291         }
2292         dev->fw.rev = fwrev;
2293         dev->fw.patch = fwpatch;
2294         dev->fw.opensource = (fwdate == 0xFFFF);
2295
2296         if (dev->fw.opensource) {
2297                 /* Patchlevel info is encoded in the "time" field. */
2298                 dev->fw.patch = fwtime;
2299                 b43info(dev->wl, "Loading OpenSource firmware version %u.%u%s\n",
2300                         dev->fw.rev, dev->fw.patch,
2301                         dev->fw.pcm_request_failed ? " (Hardware crypto not supported)" : "");
2302         } else {
2303                 b43info(dev->wl, "Loading firmware version %u.%u "
2304                         "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2305                         fwrev, fwpatch,
2306                         (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2307                         (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2308                 if (dev->fw.pcm_request_failed) {
2309                         b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2310                                 "Hardware accelerated cryptography is disabled.\n");
2311                         b43_print_fw_helptext(dev->wl, 0);
2312                 }
2313         }
2314
2315         if (b43_is_old_txhdr_format(dev)) {
2316                 b43warn(dev->wl, "You are using an old firmware image. "
2317                         "Support for old firmware will be removed in July 2008.\n");
2318                 b43_print_fw_helptext(dev->wl, 0);
2319         }
2320
2321         return 0;
2322
2323 error:
2324         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2325         macctl &= ~B43_MACCTL_PSM_RUN;
2326         macctl |= B43_MACCTL_PSM_JMP0;
2327         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2328
2329         return err;
2330 }
2331
2332 static int b43_write_initvals(struct b43_wldev *dev,
2333                               const struct b43_iv *ivals,
2334                               size_t count,
2335                               size_t array_size)
2336 {
2337         const struct b43_iv *iv;
2338         u16 offset;
2339         size_t i;
2340         bool bit32;
2341
2342         BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2343         iv = ivals;
2344         for (i = 0; i < count; i++) {
2345                 if (array_size < sizeof(iv->offset_size))
2346                         goto err_format;
2347                 array_size -= sizeof(iv->offset_size);
2348                 offset = be16_to_cpu(iv->offset_size);
2349                 bit32 = !!(offset & B43_IV_32BIT);
2350                 offset &= B43_IV_OFFSET_MASK;
2351                 if (offset >= 0x1000)
2352                         goto err_format;
2353                 if (bit32) {
2354                         u32 value;
2355
2356                         if (array_size < sizeof(iv->data.d32))
2357                                 goto err_format;
2358                         array_size -= sizeof(iv->data.d32);
2359
2360                         value = get_unaligned_be32(&iv->data.d32);
2361                         b43_write32(dev, offset, value);
2362
2363                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2364                                                         sizeof(__be16) +
2365                                                         sizeof(__be32));
2366                 } else {
2367                         u16 value;
2368
2369                         if (array_size < sizeof(iv->data.d16))
2370                                 goto err_format;
2371                         array_size -= sizeof(iv->data.d16);
2372
2373                         value = be16_to_cpu(iv->data.d16);
2374                         b43_write16(dev, offset, value);
2375
2376                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2377                                                         sizeof(__be16) +
2378                                                         sizeof(__be16));
2379                 }
2380         }
2381         if (array_size)
2382                 goto err_format;
2383
2384         return 0;
2385
2386 err_format:
2387         b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2388         b43_print_fw_helptext(dev->wl, 1);
2389
2390         return -EPROTO;
2391 }
2392
2393 static int b43_upload_initvals(struct b43_wldev *dev)
2394 {
2395         const size_t hdr_len = sizeof(struct b43_fw_header);
2396         const struct b43_fw_header *hdr;
2397         struct b43_firmware *fw = &dev->fw;
2398         const struct b43_iv *ivals;
2399         size_t count;
2400         int err;
2401
2402         hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2403         ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2404         count = be32_to_cpu(hdr->size);
2405         err = b43_write_initvals(dev, ivals, count,
2406                                  fw->initvals.data->size - hdr_len);
2407         if (err)
2408                 goto out;
2409         if (fw->initvals_band.data) {
2410                 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2411                 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2412                 count = be32_to_cpu(hdr->size);
2413                 err = b43_write_initvals(dev, ivals, count,
2414                                          fw->initvals_band.data->size - hdr_len);
2415                 if (err)
2416                         goto out;
2417         }
2418 out:
2419
2420         return err;
2421 }
2422
2423 /* Initialize the GPIOs
2424  * http://bcm-specs.sipsolutions.net/GPIO
2425  */
2426 static int b43_gpio_init(struct b43_wldev *dev)
2427 {
2428         struct ssb_bus *bus = dev->dev->bus;
2429         struct ssb_device *gpiodev, *pcidev = NULL;
2430         u32 mask, set;
2431
2432         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2433                     & ~B43_MACCTL_GPOUTSMSK);
2434
2435         b43_write16(dev, B43_MMIO_GPIO_MASK, b43_read16(dev, B43_MMIO_GPIO_MASK)
2436                     | 0x000F);
2437
2438         mask = 0x0000001F;
2439         set = 0x0000000F;
2440         if (dev->dev->bus->chip_id == 0x4301) {
2441                 mask |= 0x0060;
2442                 set |= 0x0060;
2443         }
2444         if (0 /* FIXME: conditional unknown */ ) {
2445                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2446                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2447                             | 0x0100);
2448                 mask |= 0x0180;
2449                 set |= 0x0180;
2450         }
2451         if (dev->dev->bus->sprom.boardflags_lo & B43_BFL_PACTRL) {
2452                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2453                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2454                             | 0x0200);
2455                 mask |= 0x0200;
2456                 set |= 0x0200;
2457         }
2458         if (dev->dev->id.revision >= 2)
2459                 mask |= 0x0010; /* FIXME: This is redundant. */
2460
2461 #ifdef CONFIG_SSB_DRIVER_PCICORE
2462         pcidev = bus->pcicore.dev;
2463 #endif
2464         gpiodev = bus->chipco.dev ? : pcidev;
2465         if (!gpiodev)
2466                 return 0;
2467         ssb_write32(gpiodev, B43_GPIO_CONTROL,
2468                     (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2469                      & mask) | set);
2470
2471         return 0;
2472 }
2473
2474 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2475 static void b43_gpio_cleanup(struct b43_wldev *dev)
2476 {
2477         struct ssb_bus *bus = dev->dev->bus;
2478         struct ssb_device *gpiodev, *pcidev = NULL;
2479
2480 #ifdef CONFIG_SSB_DRIVER_PCICORE
2481         pcidev = bus->pcicore.dev;
2482 #endif
2483         gpiodev = bus->chipco.dev ? : pcidev;
2484         if (!gpiodev)
2485                 return;
2486         ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2487 }
2488
2489 /* http://bcm-specs.sipsolutions.net/EnableMac */
2490 void b43_mac_enable(struct b43_wldev *dev)
2491 {
2492         if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2493                 u16 fwstate;
2494
2495                 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2496                                          B43_SHM_SH_UCODESTAT);
2497                 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2498                     (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2499                         b43err(dev->wl, "b43_mac_enable(): The firmware "
2500                                "should be suspended, but current state is %u\n",
2501                                fwstate);
2502                 }
2503         }
2504
2505         dev->mac_suspended--;
2506         B43_WARN_ON(dev->mac_suspended < 0);
2507         if (dev->mac_suspended == 0) {
2508                 b43_write32(dev, B43_MMIO_MACCTL,
2509                             b43_read32(dev, B43_MMIO_MACCTL)
2510                             | B43_MACCTL_ENABLED);
2511                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2512                             B43_IRQ_MAC_SUSPENDED);
2513                 /* Commit writes */
2514                 b43_read32(dev, B43_MMIO_MACCTL);
2515                 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2516                 b43_power_saving_ctl_bits(dev, 0);
2517         }
2518 }
2519
2520 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2521 void b43_mac_suspend(struct b43_wldev *dev)
2522 {
2523         int i;
2524         u32 tmp;
2525
2526         might_sleep();
2527         B43_WARN_ON(dev->mac_suspended < 0);
2528
2529         if (dev->mac_suspended == 0) {
2530                 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2531                 b43_write32(dev, B43_MMIO_MACCTL,
2532                             b43_read32(dev, B43_MMIO_MACCTL)
2533                             & ~B43_MACCTL_ENABLED);
2534                 /* force pci to flush the write */
2535                 b43_read32(dev, B43_MMIO_MACCTL);
2536                 for (i = 35; i; i--) {
2537                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2538                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2539                                 goto out;
2540                         udelay(10);
2541                 }
2542                 /* Hm, it seems this will take some time. Use msleep(). */
2543                 for (i = 40; i; i--) {
2544                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2545                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2546                                 goto out;
2547                         msleep(1);
2548                 }
2549                 b43err(dev->wl, "MAC suspend failed\n");
2550         }
2551 out:
2552         dev->mac_suspended++;
2553 }
2554
2555 static void b43_adjust_opmode(struct b43_wldev *dev)
2556 {
2557         struct b43_wl *wl = dev->wl;
2558         u32 ctl;
2559         u16 cfp_pretbtt;
2560
2561         ctl = b43_read32(dev, B43_MMIO_MACCTL);
2562         /* Reset status to STA infrastructure mode. */
2563         ctl &= ~B43_MACCTL_AP;
2564         ctl &= ~B43_MACCTL_KEEP_CTL;
2565         ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2566         ctl &= ~B43_MACCTL_KEEP_BAD;
2567         ctl &= ~B43_MACCTL_PROMISC;
2568         ctl &= ~B43_MACCTL_BEACPROMISC;
2569         ctl |= B43_MACCTL_INFRA;
2570
2571         if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
2572             b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
2573                 ctl |= B43_MACCTL_AP;
2574         else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
2575                 ctl &= ~B43_MACCTL_INFRA;
2576
2577         if (wl->filter_flags & FIF_CONTROL)
2578                 ctl |= B43_MACCTL_KEEP_CTL;
2579         if (wl->filter_flags & FIF_FCSFAIL)
2580                 ctl |= B43_MACCTL_KEEP_BAD;
2581         if (wl->filter_flags & FIF_PLCPFAIL)
2582                 ctl |= B43_MACCTL_KEEP_BADPLCP;
2583         if (wl->filter_flags & FIF_PROMISC_IN_BSS)
2584                 ctl |= B43_MACCTL_PROMISC;
2585         if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2586                 ctl |= B43_MACCTL_BEACPROMISC;
2587
2588         /* Workaround: On old hardware the HW-MAC-address-filter
2589          * doesn't work properly, so always run promisc in filter
2590          * it in software. */
2591         if (dev->dev->id.revision <= 4)
2592                 ctl |= B43_MACCTL_PROMISC;
2593
2594         b43_write32(dev, B43_MMIO_MACCTL, ctl);
2595
2596         cfp_pretbtt = 2;
2597         if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2598                 if (dev->dev->bus->chip_id == 0x4306 &&
2599                     dev->dev->bus->chip_rev == 3)
2600                         cfp_pretbtt = 100;
2601                 else
2602                         cfp_pretbtt = 50;
2603         }
2604         b43_write16(dev, 0x612, cfp_pretbtt);
2605 }
2606
2607 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
2608 {
2609         u16 offset;
2610
2611         if (is_ofdm) {
2612                 offset = 0x480;
2613                 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
2614         } else {
2615                 offset = 0x4C0;
2616                 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
2617         }
2618         b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
2619                         b43_shm_read16(dev, B43_SHM_SHARED, offset));
2620 }
2621
2622 static void b43_rate_memory_init(struct b43_wldev *dev)
2623 {
2624         switch (dev->phy.type) {
2625         case B43_PHYTYPE_A:
2626         case B43_PHYTYPE_G:
2627         case B43_PHYTYPE_N:
2628                 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
2629                 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
2630                 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
2631                 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
2632                 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
2633                 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
2634                 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
2635                 if (dev->phy.type == B43_PHYTYPE_A)
2636                         break;
2637                 /* fallthrough */
2638         case B43_PHYTYPE_B:
2639                 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
2640                 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
2641                 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
2642                 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
2643                 break;
2644         default:
2645                 B43_WARN_ON(1);
2646         }
2647 }
2648
2649 /* Set the default values for the PHY TX Control Words. */
2650 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
2651 {
2652         u16 ctl = 0;
2653
2654         ctl |= B43_TXH_PHY_ENC_CCK;
2655         ctl |= B43_TXH_PHY_ANT01AUTO;
2656         ctl |= B43_TXH_PHY_TXPWR;
2657
2658         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
2659         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
2660         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
2661 }
2662
2663 /* Set the TX-Antenna for management frames sent by firmware. */
2664 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
2665 {
2666         u16 ant;
2667         u16 tmp;
2668
2669         ant = b43_antenna_to_phyctl(antenna);
2670
2671         /* For ACK/CTS */
2672         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
2673         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2674         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
2675         /* For Probe Resposes */
2676         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
2677         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2678         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
2679 }
2680
2681 /* This is the opposite of b43_chip_init() */
2682 static void b43_chip_exit(struct b43_wldev *dev)
2683 {
2684         b43_phy_exit(dev);
2685         b43_gpio_cleanup(dev);
2686         /* firmware is released later */
2687 }
2688
2689 /* Initialize the chip
2690  * http://bcm-specs.sipsolutions.net/ChipInit
2691  */
2692 static int b43_chip_init(struct b43_wldev *dev)
2693 {
2694         struct b43_phy *phy = &dev->phy;
2695         int err;
2696         u32 value32, macctl;
2697         u16 value16;
2698
2699         /* Initialize the MAC control */
2700         macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
2701         if (dev->phy.gmode)
2702                 macctl |= B43_MACCTL_GMODE;
2703         macctl |= B43_MACCTL_INFRA;
2704         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2705
2706         err = b43_request_firmware(dev);
2707         if (err)
2708                 goto out;
2709         err = b43_upload_microcode(dev);
2710         if (err)
2711                 goto out;       /* firmware is released later */
2712
2713         err = b43_gpio_init(dev);
2714         if (err)
2715                 goto out;       /* firmware is released later */
2716
2717         err = b43_upload_initvals(dev);
2718         if (err)
2719                 goto err_gpio_clean;
2720
2721         /* Turn the Analog on and initialize the PHY. */
2722         phy->ops->switch_analog(dev, 1);
2723         err = b43_phy_init(dev);
2724         if (err)
2725                 goto err_gpio_clean;
2726
2727         /* Disable Interference Mitigation. */
2728         if (phy->ops->interf_mitigation)
2729                 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
2730
2731         /* Select the antennae */
2732         if (phy->ops->set_rx_antenna)
2733                 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
2734         b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
2735
2736         if (phy->type == B43_PHYTYPE_B) {
2737                 value16 = b43_read16(dev, 0x005E);
2738                 value16 |= 0x0004;
2739                 b43_write16(dev, 0x005E, value16);
2740         }
2741         b43_write32(dev, 0x0100, 0x01000000);
2742         if (dev->dev->id.revision < 5)
2743                 b43_write32(dev, 0x010C, 0x01000000);
2744
2745         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2746                     & ~B43_MACCTL_INFRA);
2747         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2748                     | B43_MACCTL_INFRA);
2749
2750         /* Probe Response Timeout value */
2751         /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
2752         b43_shm_write16(dev, B43_SHM_SHARED, 0x0074, 0x0000);
2753
2754         /* Initially set the wireless operation mode. */
2755         b43_adjust_opmode(dev);
2756
2757         if (dev->dev->id.revision < 3) {
2758                 b43_write16(dev, 0x060E, 0x0000);
2759                 b43_write16(dev, 0x0610, 0x8000);
2760                 b43_write16(dev, 0x0604, 0x0000);
2761                 b43_write16(dev, 0x0606, 0x0200);
2762         } else {
2763                 b43_write32(dev, 0x0188, 0x80000000);
2764                 b43_write32(dev, 0x018C, 0x02000000);
2765         }
2766         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
2767         b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001DC00);
2768         b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
2769         b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
2770         b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
2771         b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
2772         b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
2773
2774         value32 = ssb_read32(dev->dev, SSB_TMSLOW);
2775         value32 |= 0x00100000;
2776         ssb_write32(dev->dev, SSB_TMSLOW, value32);
2777
2778         b43_write16(dev, B43_MMIO_POWERUP_DELAY,
2779                     dev->dev->bus->chipco.fast_pwrup_delay);
2780
2781         err = 0;
2782         b43dbg(dev->wl, "Chip initialized\n");
2783 out:
2784         return err;
2785
2786 err_gpio_clean:
2787         b43_gpio_cleanup(dev);
2788         return err;
2789 }
2790
2791 static void b43_periodic_every60sec(struct b43_wldev *dev)
2792 {
2793         const struct b43_phy_operations *ops = dev->phy.ops;
2794
2795         if (ops->pwork_60sec)
2796                 ops->pwork_60sec(dev);
2797
2798         /* Force check the TX power emission now. */
2799         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
2800 }
2801
2802 static void b43_periodic_every30sec(struct b43_wldev *dev)
2803 {
2804         /* Update device statistics. */
2805         b43_calculate_link_quality(dev);
2806 }
2807
2808 static void b43_periodic_every15sec(struct b43_wldev *dev)
2809 {
2810         struct b43_phy *phy = &dev->phy;
2811         u16 wdr;
2812
2813         if (dev->fw.opensource) {
2814                 /* Check if the firmware is still alive.
2815                  * It will reset the watchdog counter to 0 in its idle loop. */
2816                 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
2817                 if (unlikely(wdr)) {
2818                         b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
2819                         b43_controller_restart(dev, "Firmware watchdog");
2820                         return;
2821                 } else {
2822                         b43_shm_write16(dev, B43_SHM_SCRATCH,
2823                                         B43_WATCHDOG_REG, 1);
2824                 }
2825         }
2826
2827         if (phy->ops->pwork_15sec)
2828                 phy->ops->pwork_15sec(dev);
2829
2830         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
2831         wmb();
2832 }
2833
2834 static void do_periodic_work(struct b43_wldev *dev)
2835 {
2836         unsigned int state;
2837
2838         state = dev->periodic_state;
2839         if (state % 4 == 0)
2840                 b43_periodic_every60sec(dev);
2841         if (state % 2 == 0)
2842                 b43_periodic_every30sec(dev);
2843         b43_periodic_every15sec(dev);
2844 }
2845
2846 /* Periodic work locking policy:
2847  *      The whole periodic work handler is protected by
2848  *      wl->mutex. If another lock is needed somewhere in the
2849  *      pwork callchain, it's aquired in-place, where it's needed.
2850  */
2851 static void b43_periodic_work_handler(struct work_struct *work)
2852 {
2853         struct b43_wldev *dev = container_of(work, struct b43_wldev,
2854                                              periodic_work.work);
2855         struct b43_wl *wl = dev->wl;
2856         unsigned long delay;
2857
2858         mutex_lock(&wl->mutex);
2859
2860         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
2861                 goto out;
2862         if (b43_debug(dev, B43_DBG_PWORK_STOP))
2863                 goto out_requeue;
2864
2865         do_periodic_work(dev);
2866
2867         dev->periodic_state++;
2868 out_requeue:
2869         if (b43_debug(dev, B43_DBG_PWORK_FAST))
2870                 delay = msecs_to_jiffies(50);
2871         else
2872                 delay = round_jiffies_relative(HZ * 15);
2873         queue_delayed_work(wl->hw->workqueue, &dev->periodic_work, delay);
2874 out:
2875         mutex_unlock(&wl->mutex);
2876 }
2877
2878 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
2879 {
2880         struct delayed_work *work = &dev->periodic_work;
2881
2882         dev->periodic_state = 0;
2883         INIT_DELAYED_WORK(work, b43_periodic_work_handler);
2884         queue_delayed_work(dev->wl->hw->workqueue, work, 0);
2885 }
2886
2887 /* Check if communication with the device works correctly. */
2888 static int b43_validate_chipaccess(struct b43_wldev *dev)
2889 {
2890         u32 v, backup;
2891
2892         backup = b43_shm_read32(dev, B43_SHM_SHARED, 0);
2893
2894         /* Check for read/write and endianness problems. */
2895         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
2896         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
2897                 goto error;
2898         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
2899         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
2900                 goto error;
2901
2902         b43_shm_write32(dev, B43_SHM_SHARED, 0, backup);
2903
2904         if ((dev->dev->id.revision >= 3) && (dev->dev->id.revision <= 10)) {
2905                 /* The 32bit register shadows the two 16bit registers
2906                  * with update sideeffects. Validate this. */
2907                 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
2908                 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
2909                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
2910                         goto error;
2911                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
2912                         goto error;
2913         }
2914         b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
2915
2916         v = b43_read32(dev, B43_MMIO_MACCTL);
2917         v |= B43_MACCTL_GMODE;
2918         if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
2919                 goto error;
2920
2921         return 0;
2922 error:
2923         b43err(dev->wl, "Failed to validate the chipaccess\n");
2924         return -ENODEV;
2925 }
2926
2927 static void b43_security_init(struct b43_wldev *dev)
2928 {
2929         dev->max_nr_keys = (dev->dev->id.revision >= 5) ? 58 : 20;
2930         B43_WARN_ON(dev->max_nr_keys > ARRAY_SIZE(dev->key));
2931         dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
2932         /* KTP is a word address, but we address SHM bytewise.
2933          * So multiply by two.
2934          */
2935         dev->ktp *= 2;
2936         if (dev->dev->id.revision >= 5) {
2937                 /* Number of RCMTA address slots */
2938                 b43_write16(dev, B43_MMIO_RCMTA_COUNT, dev->max_nr_keys - 8);
2939         }
2940         b43_clear_keys(dev);
2941 }
2942
2943 static int b43_rng_read(struct hwrng *rng, u32 * data)
2944 {
2945         struct b43_wl *wl = (struct b43_wl *)rng->priv;
2946         unsigned long flags;
2947
2948         /* Don't take wl->mutex here, as it could deadlock with
2949          * hwrng internal locking. It's not needed to take
2950          * wl->mutex here, anyway. */
2951
2952         spin_lock_irqsave(&wl->irq_lock, flags);
2953         *data = b43_read16(wl->current_dev, B43_MMIO_RNG);
2954         spin_unlock_irqrestore(&wl->irq_lock, flags);
2955
2956         return (sizeof(u16));
2957 }
2958
2959 static void b43_rng_exit(struct b43_wl *wl)
2960 {
2961         if (wl->rng_initialized)
2962                 hwrng_unregister(&wl->rng);
2963 }
2964
2965 static int b43_rng_init(struct b43_wl *wl)
2966 {
2967         int err;
2968
2969         snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
2970                  "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
2971         wl->rng.name = wl->rng_name;
2972         wl->rng.data_read = b43_rng_read;
2973         wl->rng.priv = (unsigned long)wl;
2974         wl->rng_initialized = 1;
2975         err = hwrng_register(&wl->rng);
2976         if (err) {
2977                 wl->rng_initialized = 0;
2978                 b43err(wl, "Failed to register the random "
2979                        "number generator (%d)\n", err);
2980         }
2981
2982         return err;
2983 }
2984
2985 static int b43_op_tx(struct ieee80211_hw *hw,
2986                      struct sk_buff *skb)
2987 {
2988         struct b43_wl *wl = hw_to_b43_wl(hw);
2989         struct b43_wldev *dev = wl->current_dev;
2990         unsigned long flags;
2991         int err;
2992
2993         if (unlikely(skb->len < 2 + 2 + 6)) {
2994                 /* Too short, this can't be a valid frame. */
2995                 goto drop_packet;
2996         }
2997         B43_WARN_ON(skb_shinfo(skb)->nr_frags);
2998         if (unlikely(!dev))
2999                 goto drop_packet;
3000
3001         /* Transmissions on seperate queues can run concurrently. */
3002         read_lock_irqsave(&wl->tx_lock, flags);
3003
3004         err = -ENODEV;
3005         if (likely(b43_status(dev) >= B43_STAT_STARTED)) {
3006                 if (b43_using_pio_transfers(dev))
3007                         err = b43_pio_tx(dev, skb);
3008                 else
3009                         err = b43_dma_tx(dev, skb);
3010         }
3011
3012         read_unlock_irqrestore(&wl->tx_lock, flags);
3013
3014         if (unlikely(err))
3015                 goto drop_packet;
3016         return NETDEV_TX_OK;
3017
3018 drop_packet:
3019         /* We can not transmit this packet. Drop it. */
3020         dev_kfree_skb_any(skb);
3021         return NETDEV_TX_OK;
3022 }
3023
3024 /* Locking: wl->irq_lock */
3025 static void b43_qos_params_upload(struct b43_wldev *dev,
3026                                   const struct ieee80211_tx_queue_params *p,
3027                                   u16 shm_offset)
3028 {
3029         u16 params[B43_NR_QOSPARAMS];
3030         int bslots, tmp;
3031         unsigned int i;
3032
3033         bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3034
3035         memset(&params, 0, sizeof(params));
3036
3037         params[B43_QOSPARAM_TXOP] = p->txop * 32;
3038         params[B43_QOSPARAM_CWMIN] = p->cw_min;
3039         params[B43_QOSPARAM_CWMAX] = p->cw_max;
3040         params[B43_QOSPARAM_CWCUR] = p->cw_min;
3041         params[B43_QOSPARAM_AIFS] = p->aifs;
3042         params[B43_QOSPARAM_BSLOTS] = bslots;
3043         params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3044
3045         for (i = 0; i < ARRAY_SIZE(params); i++) {
3046                 if (i == B43_QOSPARAM_STATUS) {
3047                         tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3048                                              shm_offset + (i * 2));
3049                         /* Mark the parameters as updated. */
3050                         tmp |= 0x100;
3051                         b43_shm_write16(dev, B43_SHM_SHARED,
3052                                         shm_offset + (i * 2),
3053                                         tmp);
3054                 } else {
3055                         b43_shm_write16(dev, B43_SHM_SHARED,
3056                                         shm_offset + (i * 2),
3057                                         params[i]);
3058                 }
3059         }
3060 }
3061
3062 /* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3063 static const u16 b43_qos_shm_offsets[] = {
3064         /* [mac80211-queue-nr] = SHM_OFFSET, */
3065         [0] = B43_QOS_VOICE,
3066         [1] = B43_QOS_VIDEO,
3067         [2] = B43_QOS_BESTEFFORT,
3068         [3] = B43_QOS_BACKGROUND,
3069 };
3070
3071 /* Update all QOS parameters in hardware. */
3072 static void b43_qos_upload_all(struct b43_wldev *dev)
3073 {
3074         struct b43_wl *wl = dev->wl;
3075         struct b43_qos_params *params;
3076         unsigned int i;
3077
3078         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3079                      ARRAY_SIZE(wl->qos_params));
3080
3081         b43_mac_suspend(dev);
3082         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3083                 params = &(wl->qos_params[i]);
3084                 b43_qos_params_upload(dev, &(params->p),
3085                                       b43_qos_shm_offsets[i]);
3086         }
3087         b43_mac_enable(dev);
3088 }
3089
3090 static void b43_qos_clear(struct b43_wl *wl)
3091 {
3092         struct b43_qos_params *params;
3093         unsigned int i;
3094
3095         /* Initialize QoS parameters to sane defaults. */
3096
3097         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3098                      ARRAY_SIZE(wl->qos_params));
3099
3100         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3101                 params = &(wl->qos_params[i]);
3102
3103                 switch (b43_qos_shm_offsets[i]) {
3104                 case B43_QOS_VOICE:
3105                         params->p.txop = 0;
3106                         params->p.aifs = 2;
3107                         params->p.cw_min = 0x0001;
3108                         params->p.cw_max = 0x0001;
3109                         break;
3110                 case B43_QOS_VIDEO:
3111                         params->p.txop = 0;
3112                         params->p.aifs = 2;
3113                         params->p.cw_min = 0x0001;
3114                         params->p.cw_max = 0x0001;
3115                         break;
3116                 case B43_QOS_BESTEFFORT:
3117                         params->p.txop = 0;
3118                         params->p.aifs = 3;
3119                         params->p.cw_min = 0x0001;
3120                         params->p.cw_max = 0x03FF;
3121                         break;
3122                 case B43_QOS_BACKGROUND:
3123                         params->p.txop = 0;
3124                         params->p.aifs = 7;
3125                         params->p.cw_min = 0x0001;
3126                         params->p.cw_max = 0x03FF;
3127                         break;
3128                 default:
3129                         B43_WARN_ON(1);
3130                 }
3131         }
3132 }
3133
3134 /* Initialize the core's QOS capabilities */
3135 static void b43_qos_init(struct b43_wldev *dev)
3136 {
3137         /* Upload the current QOS parameters. */
3138         b43_qos_upload_all(dev);
3139
3140         /* Enable QOS support. */
3141         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3142         b43_write16(dev, B43_MMIO_IFSCTL,
3143                     b43_read16(dev, B43_MMIO_IFSCTL)
3144                     | B43_MMIO_IFSCTL_USE_EDCF);
3145 }
3146
3147 static int b43_op_conf_tx(struct ieee80211_hw *hw, u16 _queue,
3148                           const struct ieee80211_tx_queue_params *params)
3149 {
3150         struct b43_wl *wl = hw_to_b43_wl(hw);
3151         struct b43_wldev *dev;
3152         unsigned int queue = (unsigned int)_queue;
3153         int err = -ENODEV;
3154
3155         if (queue >= ARRAY_SIZE(wl->qos_params)) {
3156                 /* Queue not available or don't support setting
3157                  * params on this queue. Return success to not
3158                  * confuse mac80211. */
3159                 return 0;
3160         }
3161         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3162                      ARRAY_SIZE(wl->qos_params));
3163
3164         mutex_lock(&wl->mutex);
3165         dev = wl->current_dev;
3166         if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3167                 goto out_unlock;
3168
3169         memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3170         b43_mac_suspend(dev);
3171         b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3172                               b43_qos_shm_offsets[queue]);
3173         b43_mac_enable(dev);
3174         err = 0;
3175
3176 out_unlock:
3177         mutex_unlock(&wl->mutex);
3178
3179         return err;
3180 }
3181
3182 static int b43_op_get_tx_stats(struct ieee80211_hw *hw,
3183                                struct ieee80211_tx_queue_stats *stats)
3184 {
3185         struct b43_wl *wl = hw_to_b43_wl(hw);
3186         struct b43_wldev *dev = wl->current_dev;
3187         unsigned long flags;
3188         int err = -ENODEV;
3189
3190         if (!dev)
3191                 goto out;
3192         spin_lock_irqsave(&wl->irq_lock, flags);
3193         if (likely(b43_status(dev) >= B43_STAT_STARTED)) {
3194                 if (b43_using_pio_transfers(dev))
3195                         b43_pio_get_tx_stats(dev, stats);
3196                 else
3197                         b43_dma_get_tx_stats(dev, stats);
3198                 err = 0;
3199         }
3200         spin_unlock_irqrestore(&wl->irq_lock, flags);
3201 out:
3202         return err;
3203 }
3204
3205 static int b43_op_get_stats(struct ieee80211_hw *hw,
3206                             struct ieee80211_low_level_stats *stats)
3207 {
3208         struct b43_wl *wl = hw_to_b43_wl(hw);
3209         unsigned long flags;
3210
3211         spin_lock_irqsave(&wl->irq_lock, flags);
3212         memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3213         spin_unlock_irqrestore(&wl->irq_lock, flags);
3214
3215         return 0;
3216 }
3217
3218 static void b43_put_phy_into_reset(struct b43_wldev *dev)
3219 {
3220         struct ssb_device *sdev = dev->dev;
3221         u32 tmslow;
3222
3223         tmslow = ssb_read32(sdev, SSB_TMSLOW);
3224         tmslow &= ~B43_TMSLOW_GMODE;
3225         tmslow |= B43_TMSLOW_PHYRESET;
3226         tmslow |= SSB_TMSLOW_FGC;
3227         ssb_write32(sdev, SSB_TMSLOW, tmslow);
3228         msleep(1);
3229
3230         tmslow = ssb_read32(sdev, SSB_TMSLOW);
3231         tmslow &= ~SSB_TMSLOW_FGC;
3232         tmslow |= B43_TMSLOW_PHYRESET;
3233         ssb_write32(sdev, SSB_TMSLOW, tmslow);
3234         msleep(1);
3235 }
3236
3237 static const char * band_to_string(enum ieee80211_band band)
3238 {
3239         switch (band) {
3240         case IEEE80211_BAND_5GHZ:
3241                 return "5";
3242         case IEEE80211_BAND_2GHZ:
3243                 return "2.4";
3244         default:
3245                 break;
3246         }
3247         B43_WARN_ON(1);
3248         return "";
3249 }
3250
3251 /* Expects wl->mutex locked */
3252 static int b43_switch_band(struct b43_wl *wl, struct ieee80211_channel *chan)
3253 {
3254         struct b43_wldev *up_dev = NULL;
3255         struct b43_wldev *down_dev;
3256         struct b43_wldev *d;
3257         int err;
3258         bool gmode;
3259         int prev_status;
3260
3261         /* Find a device and PHY which supports the band. */
3262         list_for_each_entry(d, &wl->devlist, list) {
3263                 switch (chan->band) {
3264                 case IEEE80211_BAND_5GHZ:
3265                         if (d->phy.supports_5ghz) {
3266                                 up_dev = d;
3267                                 gmode = 0;
3268                         }
3269                         break;
3270                 case IEEE80211_BAND_2GHZ:
3271                         if (d->phy.supports_2ghz) {
3272                                 up_dev = d;
3273                                 gmode = 1;
3274                         }
3275                         break;
3276                 default:
3277                         B43_WARN_ON(1);
3278                         return -EINVAL;
3279                 }
3280                 if (up_dev)
3281                         break;
3282         }
3283         if (!up_dev) {
3284                 b43err(wl, "Could not find a device for %s-GHz band operation\n",
3285                        band_to_string(chan->band));
3286                 return -ENODEV;
3287         }
3288         if ((up_dev == wl->current_dev) &&
3289             (!!wl->current_dev->phy.gmode == !!gmode)) {
3290                 /* This device is already running. */
3291                 return 0;
3292         }
3293         b43dbg(wl, "Switching to %s-GHz band\n",
3294                band_to_string(chan->band));
3295         down_dev = wl->current_dev;
3296
3297         prev_status = b43_status(down_dev);
3298         /* Shutdown the currently running core. */
3299         if (prev_status >= B43_STAT_STARTED)
3300                 b43_wireless_core_stop(down_dev);
3301         if (prev_status >= B43_STAT_INITIALIZED)
3302                 b43_wireless_core_exit(down_dev);
3303
3304         if (down_dev != up_dev) {
3305                 /* We switch to a different core, so we put PHY into
3306                  * RESET on the old core. */
3307                 b43_put_phy_into_reset(down_dev);
3308         }
3309
3310         /* Now start the new core. */
3311         up_dev->phy.gmode = gmode;
3312         if (prev_status >= B43_STAT_INITIALIZED) {
3313                 err = b43_wireless_core_init(up_dev);
3314                 if (err) {
3315                         b43err(wl, "Fatal: Could not initialize device for "
3316                                "selected %s-GHz band\n",
3317                                band_to_string(chan->band));
3318                         goto init_failure;
3319                 }
3320         }
3321         if (prev_status >= B43_STAT_STARTED) {
3322                 err = b43_wireless_core_start(up_dev);
3323                 if (err) {
3324                         b43err(wl, "Fatal: Coult not start device for "
3325                                "selected %s-GHz band\n",
3326                                band_to_string(chan->band));
3327                         b43_wireless_core_exit(up_dev);
3328                         goto init_failure;
3329                 }
3330         }
3331         B43_WARN_ON(b43_status(up_dev) != prev_status);
3332
3333         wl->current_dev = up_dev;
3334
3335         return 0;
3336 init_failure:
3337         /* Whoops, failed to init the new core. No core is operating now. */
3338         wl->current_dev = NULL;
3339         return err;
3340 }
3341
3342 static int b43_op_config(struct ieee80211_hw *hw, struct ieee80211_conf *conf)
3343 {
3344         struct b43_wl *wl = hw_to_b43_wl(hw);
3345         struct b43_wldev *dev;
3346         struct b43_phy *phy;
3347         unsigned long flags;
3348         int antenna;
3349         int err = 0;
3350         u32 savedirqs;
3351
3352         mutex_lock(&wl->mutex);
3353
3354         /* Switch the band (if necessary). This might change the active core. */
3355         err = b43_switch_band(wl, conf->channel);
3356         if (err)
3357                 goto out_unlock_mutex;
3358         dev = wl->current_dev;
3359         phy = &dev->phy;
3360
3361         /* Disable IRQs while reconfiguring the device.
3362          * This makes it possible to drop the spinlock throughout
3363          * the reconfiguration process. */
3364         spin_lock_irqsave(&wl->irq_lock, flags);
3365         if (b43_status(dev) < B43_STAT_STARTED) {
3366                 spin_unlock_irqrestore(&wl->irq_lock, flags);
3367                 goto out_unlock_mutex;
3368         }
3369         savedirqs = b43_interrupt_disable(dev, B43_IRQ_ALL);
3370         spin_unlock_irqrestore(&wl->irq_lock, flags);
3371         b43_synchronize_irq(dev);
3372
3373         /* Switch to the requested channel.
3374          * The firmware takes care of races with the TX handler. */
3375         if (conf->channel->hw_value != phy->channel)
3376                 b43_switch_channel(dev, conf->channel->hw_value);
3377
3378         /* Enable/Disable ShortSlot timing. */
3379         if ((!!(conf->flags & IEEE80211_CONF_SHORT_SLOT_TIME)) !=
3380             dev->short_slot) {
3381                 B43_WARN_ON(phy->type != B43_PHYTYPE_G);
3382                 if (conf->flags & IEEE80211_CONF_SHORT_SLOT_TIME)
3383                         b43_short_slot_timing_enable(dev);
3384                 else
3385                         b43_short_slot_timing_disable(dev);
3386         }
3387
3388         dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_RADIOTAP);
3389
3390         /* Adjust the desired TX power level. */
3391         if (conf->power_level != 0) {
3392                 spin_lock_irqsave(&wl->irq_lock, flags);
3393                 if (conf->power_level != phy->desired_txpower) {
3394                         phy->desired_txpower = conf->power_level;
3395                         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
3396                                                    B43_TXPWR_IGNORE_TSSI);
3397                 }
3398                 spin_unlock_irqrestore(&wl->irq_lock, flags);
3399         }
3400
3401         /* Antennas for RX and management frame TX. */
3402         antenna = b43_antenna_from_ieee80211(dev, conf->antenna_sel_tx);
3403         b43_mgmtframe_txantenna(dev, antenna);
3404         antenna = b43_antenna_from_ieee80211(dev, conf->antenna_sel_rx);
3405         if (phy->ops->set_rx_antenna)
3406                 phy->ops->set_rx_antenna(dev, antenna);
3407
3408         /* Update templates for AP/mesh mode. */
3409         if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3410             b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
3411                 b43_set_beacon_int(dev, conf->beacon_int);
3412
3413         if (!!conf->radio_enabled != phy->radio_on) {
3414                 if (conf->radio_enabled) {
3415                         b43_software_rfkill(dev, RFKILL_STATE_UNBLOCKED);
3416                         b43info(dev->wl, "Radio turned on by software\n");
3417                         if (!dev->radio_hw_enable) {
3418                                 b43info(dev->wl, "The hardware RF-kill button "
3419                                         "still turns the radio physically off. "
3420                                         "Press the button to turn it on.\n");
3421                         }
3422                 } else {
3423                         b43_software_rfkill(dev, RFKILL_STATE_SOFT_BLOCKED);
3424                         b43info(dev->wl, "Radio turned off by software\n");
3425                 }
3426         }
3427
3428         spin_lock_irqsave(&wl->irq_lock, flags);
3429         b43_interrupt_enable(dev, savedirqs);
3430         mmiowb();
3431         spin_unlock_irqrestore(&wl->irq_lock, flags);
3432       out_unlock_mutex:
3433         mutex_unlock(&wl->mutex);
3434
3435         return err;
3436 }
3437
3438 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
3439                            const u8 *local_addr, const u8 *addr,
3440                            struct ieee80211_key_conf *key)
3441 {
3442         struct b43_wl *wl = hw_to_b43_wl(hw);
3443         struct b43_wldev *dev;
3444         unsigned long flags;
3445         u8 algorithm;
3446         u8 index;
3447         int err;
3448
3449         if (modparam_nohwcrypt)
3450                 return -ENOSPC; /* User disabled HW-crypto */
3451
3452         mutex_lock(&wl->mutex);
3453         spin_lock_irqsave(&wl->irq_lock, flags);
3454
3455         dev = wl->current_dev;
3456         err = -ENODEV;
3457         if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
3458                 goto out_unlock;
3459
3460         if (dev->fw.pcm_request_failed) {
3461                 /* We don't have firmware for the crypto engine.
3462                  * Must use software-crypto. */
3463                 err = -EOPNOTSUPP;
3464                 goto out_unlock;
3465         }
3466
3467         err = -EINVAL;
3468         switch (key->alg) {
3469         case ALG_WEP:
3470                 if (key->keylen == 5)
3471                         algorithm = B43_SEC_ALGO_WEP40;
3472                 else
3473                         algorithm = B43_SEC_ALGO_WEP104;
3474                 break;
3475         case ALG_TKIP:
3476                 algorithm = B43_SEC_ALGO_TKIP;
3477                 break;
3478         case ALG_CCMP:
3479                 algorithm = B43_SEC_ALGO_AES;
3480                 break;
3481         default:
3482                 B43_WARN_ON(1);
3483                 goto out_unlock;
3484         }
3485         index = (u8) (key->keyidx);
3486         if (index > 3)
3487                 goto out_unlock;
3488
3489         switch (cmd) {
3490         case SET_KEY:
3491                 if (algorithm == B43_SEC_ALGO_TKIP) {
3492                         /* FIXME: No TKIP hardware encryption for now. */
3493                         err = -EOPNOTSUPP;
3494                         goto out_unlock;
3495                 }
3496
3497                 if (is_broadcast_ether_addr(addr)) {
3498                         /* addr is FF:FF:FF:FF:FF:FF for default keys */
3499                         err = b43_key_write(dev, index, algorithm,
3500                                             key->key, key->keylen, NULL, key);
3501                 } else {
3502                         /*
3503                          * either pairwise key or address is 00:00:00:00:00:00
3504                          * for transmit-only keys
3505                          */
3506                         err = b43_key_write(dev, -1, algorithm,
3507                                             key->key, key->keylen, addr, key);
3508                 }
3509                 if (err)
3510                         goto out_unlock;
3511
3512                 if (algorithm == B43_SEC_ALGO_WEP40 ||
3513                     algorithm == B43_SEC_ALGO_WEP104) {
3514                         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
3515                 } else {
3516                         b43_hf_write(dev,
3517                                      b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
3518                 }
3519                 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
3520                 break;
3521         case DISABLE_KEY: {
3522                 err = b43_key_clear(dev, key->hw_key_idx);
3523                 if (err)
3524                         goto out_unlock;
3525                 break;
3526         }
3527         default:
3528                 B43_WARN_ON(1);
3529         }
3530 out_unlock:
3531         spin_unlock_irqrestore(&wl->irq_lock, flags);
3532         mutex_unlock(&wl->mutex);
3533         if (!err) {
3534                 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
3535                        "mac: %pM\n",
3536                        cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
3537                        addr);
3538         }
3539         return err;
3540 }
3541
3542 static void b43_op_configure_filter(struct ieee80211_hw *hw,
3543                                     unsigned int changed, unsigned int *fflags,
3544                                     int mc_count, struct dev_addr_list *mc_list)
3545 {
3546         struct b43_wl *wl = hw_to_b43_wl(hw);
3547         struct b43_wldev *dev = wl->current_dev;
3548         unsigned long flags;
3549
3550         if (!dev) {
3551                 *fflags = 0;
3552                 return;
3553         }
3554
3555         spin_lock_irqsave(&wl->irq_lock, flags);
3556         *fflags &= FIF_PROMISC_IN_BSS |
3557                   FIF_ALLMULTI |
3558                   FIF_FCSFAIL |
3559                   FIF_PLCPFAIL |
3560                   FIF_CONTROL |
3561                   FIF_OTHER_BSS |
3562                   FIF_BCN_PRBRESP_PROMISC;
3563
3564         changed &= FIF_PROMISC_IN_BSS |
3565                    FIF_ALLMULTI |
3566                    FIF_FCSFAIL |
3567                    FIF_PLCPFAIL |
3568                    FIF_CONTROL |
3569                    FIF_OTHER_BSS |
3570                    FIF_BCN_PRBRESP_PROMISC;
3571
3572         wl->filter_flags = *fflags;
3573
3574         if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
3575                 b43_adjust_opmode(dev);
3576         spin_unlock_irqrestore(&wl->irq_lock, flags);
3577 }
3578
3579 static int b43_op_config_interface(struct ieee80211_hw *hw,
3580                                    struct ieee80211_vif *vif,
3581                                    struct ieee80211_if_conf *conf)
3582 {
3583         struct b43_wl *wl = hw_to_b43_wl(hw);
3584         struct b43_wldev *dev = wl->current_dev;
3585         unsigned long flags;
3586
3587         if (!dev)
3588                 return -ENODEV;
3589         mutex_lock(&wl->mutex);
3590         spin_lock_irqsave(&wl->irq_lock, flags);
3591         B43_WARN_ON(wl->vif != vif);
3592         if (conf->bssid)
3593                 memcpy(wl->bssid, conf->bssid, ETH_ALEN);
3594         else
3595                 memset(wl->bssid, 0, ETH_ALEN);
3596         if (b43_status(dev) >= B43_STAT_INITIALIZED) {
3597                 if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3598                     b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT)) {
3599                         B43_WARN_ON(vif->type != wl->if_type);
3600                         if (conf->changed & IEEE80211_IFCC_SSID)
3601                                 b43_set_ssid(dev, conf->ssid, conf->ssid_len);
3602                         if (conf->changed & IEEE80211_IFCC_BEACON)
3603                                 b43_update_templates(wl);
3604                 } else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC)) {
3605                         if (conf->changed & IEEE80211_IFCC_BEACON)
3606                                 b43_update_templates(wl);
3607                 }
3608                 b43_write_mac_bssid_templates(dev);
3609         }
3610         spin_unlock_irqrestore(&wl->irq_lock, flags);
3611         mutex_unlock(&wl->mutex);
3612
3613         return 0;
3614 }
3615
3616 /* Locking: wl->mutex */
3617 static void b43_wireless_core_stop(struct b43_wldev *dev)
3618 {
3619         struct b43_wl *wl = dev->wl;
3620         unsigned long flags;
3621
3622         if (b43_status(dev) < B43_STAT_STARTED)
3623                 return;
3624
3625         /* Disable and sync interrupts. We must do this before than
3626          * setting the status to INITIALIZED, as the interrupt handler
3627          * won't care about IRQs then. */
3628         spin_lock_irqsave(&wl->irq_lock, flags);
3629         dev->irq_savedstate = b43_interrupt_disable(dev, B43_IRQ_ALL);
3630         b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* flush */
3631         spin_unlock_irqrestore(&wl->irq_lock, flags);
3632         b43_synchronize_irq(dev);
3633
3634         write_lock_irqsave(&wl->tx_lock, flags);
3635         b43_set_status(dev, B43_STAT_INITIALIZED);
3636         write_unlock_irqrestore(&wl->tx_lock, flags);
3637
3638         b43_pio_stop(dev);
3639         mutex_unlock(&wl->mutex);
3640         /* Must unlock as it would otherwise deadlock. No races here.
3641          * Cancel the possibly running self-rearming periodic work. */
3642         cancel_delayed_work_sync(&dev->periodic_work);
3643         mutex_lock(&wl->mutex);
3644
3645         b43_mac_suspend(dev);
3646         free_irq(dev->dev->irq, dev);
3647         b43dbg(wl, "Wireless interface stopped\n");
3648 }
3649
3650 /* Locking: wl->mutex */
3651 static int b43_wireless_core_start(struct b43_wldev *dev)
3652 {
3653         int err;
3654
3655         B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
3656
3657         drain_txstatus_queue(dev);
3658         err = request_irq(dev->dev->irq, b43_interrupt_handler,
3659                           IRQF_SHARED, KBUILD_MODNAME, dev);
3660         if (err) {
3661                 b43err(dev->wl, "Cannot request IRQ-%d\n", dev->dev->irq);
3662                 goto out;
3663         }
3664
3665         /* We are ready to run. */
3666         b43_set_status(dev, B43_STAT_STARTED);
3667
3668         /* Start data flow (TX/RX). */
3669         b43_mac_enable(dev);
3670         b43_interrupt_enable(dev, dev->irq_savedstate);
3671
3672         /* Start maintainance work */
3673         b43_periodic_tasks_setup(dev);
3674
3675         b43dbg(dev->wl, "Wireless interface started\n");
3676       out:
3677         return err;
3678 }
3679
3680 /* Get PHY and RADIO versioning numbers */
3681 static int b43_phy_versioning(struct b43_wldev *dev)
3682 {
3683         struct b43_phy *phy = &dev->phy;
3684         u32 tmp;
3685         u8 analog_type;
3686         u8 phy_type;
3687         u8 phy_rev;
3688         u16 radio_manuf;
3689         u16 radio_ver;
3690         u16 radio_rev;
3691         int unsupported = 0;
3692
3693         /* Get PHY versioning */
3694         tmp = b43_read16(dev, B43_MMIO_PHY_VER);
3695         analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
3696         phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
3697         phy_rev = (tmp & B43_PHYVER_VERSION);
3698         switch (phy_type) {
3699         case B43_PHYTYPE_A:
3700                 if (phy_rev >= 4)
3701                         unsupported = 1;
3702                 break;
3703         case B43_PHYTYPE_B:
3704                 if (phy_rev != 2 && phy_rev != 4 && phy_rev != 6
3705                     && phy_rev != 7)
3706                         unsupported = 1;
3707                 break;
3708         case B43_PHYTYPE_G:
3709                 if (phy_rev > 9)
3710                         unsupported = 1;
3711                 break;
3712 #ifdef CONFIG_B43_NPHY
3713         case B43_PHYTYPE_N:
3714                 if (phy_rev > 1)
3715                         unsupported = 1;
3716                 break;
3717 #endif
3718         default:
3719                 unsupported = 1;
3720         };
3721         if (unsupported) {
3722                 b43err(dev->wl, "FOUND UNSUPPORTED PHY "
3723                        "(Analog %u, Type %u, Revision %u)\n",
3724                        analog_type, phy_type, phy_rev);
3725                 return -EOPNOTSUPP;
3726         }
3727         b43dbg(dev->wl, "Found PHY: Analog %u, Type %u, Revision %u\n",
3728                analog_type, phy_type, phy_rev);
3729
3730         /* Get RADIO versioning */
3731         if (dev->dev->bus->chip_id == 0x4317) {
3732                 if (dev->dev->bus->chip_rev == 0)
3733                         tmp = 0x3205017F;
3734                 else if (dev->dev->bus->chip_rev == 1)
3735                         tmp = 0x4205017F;
3736                 else
3737                         tmp = 0x5205017F;
3738         } else {
3739                 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
3740                 tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
3741                 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
3742                 tmp |= (u32)b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH) << 16;
3743         }
3744         radio_manuf = (tmp & 0x00000FFF);
3745         radio_ver = (tmp & 0x0FFFF000) >> 12;
3746         radio_rev = (tmp & 0xF0000000) >> 28;
3747         if (radio_manuf != 0x17F /* Broadcom */)
3748                 unsupported = 1;
3749         switch (phy_type) {
3750         case B43_PHYTYPE_A:
3751                 if (radio_ver != 0x2060)
3752                         unsupported = 1;
3753                 if (radio_rev != 1)
3754                         unsupported = 1;
3755                 if (radio_manuf != 0x17F)
3756                         unsupported = 1;
3757                 break;
3758         case B43_PHYTYPE_B:
3759                 if ((radio_ver & 0xFFF0) != 0x2050)
3760                         unsupported = 1;
3761                 break;
3762         case B43_PHYTYPE_G:
3763                 if (radio_ver != 0x2050)
3764                         unsupported = 1;
3765                 break;
3766         case B43_PHYTYPE_N:
3767                 if (radio_ver != 0x2055)
3768                         unsupported = 1;
3769                 break;
3770         default:
3771                 B43_WARN_ON(1);
3772         }
3773         if (unsupported) {
3774                 b43err(dev->wl, "FOUND UNSUPPORTED RADIO "
3775                        "(Manuf 0x%X, Version 0x%X, Revision %u)\n",
3776                        radio_manuf, radio_ver, radio_rev);
3777                 return -EOPNOTSUPP;
3778         }
3779         b43dbg(dev->wl, "Found Radio: Manuf 0x%X, Version 0x%X, Revision %u\n",
3780                radio_manuf, radio_ver, radio_rev);
3781
3782         phy->radio_manuf = radio_manuf;
3783         phy->radio_ver = radio_ver;
3784         phy->radio_rev = radio_rev;
3785
3786         phy->analog = analog_type;
3787         phy->type = phy_type;
3788         phy->rev = phy_rev;
3789
3790         return 0;
3791 }
3792
3793 static void setup_struct_phy_for_init(struct b43_wldev *dev,
3794                                       struct b43_phy *phy)
3795 {
3796         phy->hardware_power_control = !!modparam_hwpctl;
3797         phy->next_txpwr_check_time = jiffies;
3798         /* PHY TX errors counter. */
3799         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3800 }
3801
3802 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
3803 {
3804         dev->dfq_valid = 0;
3805
3806         /* Assume the radio is enabled. If it's not enabled, the state will
3807          * immediately get fixed on the first periodic work run. */
3808         dev->radio_hw_enable = 1;
3809
3810         /* Stats */
3811         memset(&dev->stats, 0, sizeof(dev->stats));
3812
3813         setup_struct_phy_for_init(dev, &dev->phy);
3814
3815         /* IRQ related flags */
3816         dev->irq_reason = 0;
3817         memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
3818         dev->irq_savedstate = B43_IRQ_MASKTEMPLATE;
3819
3820         dev->mac_suspended = 1;
3821
3822         /* Noise calculation context */
3823         memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
3824 }
3825
3826 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
3827 {
3828         struct ssb_sprom *sprom = &dev->dev->bus->sprom;
3829         u64 hf;
3830
3831         if (!modparam_btcoex)
3832                 return;
3833         if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
3834                 return;
3835         if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
3836                 return;
3837
3838         hf = b43_hf_read(dev);
3839         if (sprom->boardflags_lo & B43_BFL_BTCMOD)
3840                 hf |= B43_HF_BTCOEXALT;
3841         else
3842                 hf |= B43_HF_BTCOEX;
3843         b43_hf_write(dev, hf);
3844 }
3845
3846 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
3847 {
3848         if (!modparam_btcoex)
3849                 return;
3850         //TODO
3851 }
3852
3853 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
3854 {
3855 #ifdef CONFIG_SSB_DRIVER_PCICORE
3856         struct ssb_bus *bus = dev->dev->bus;
3857         u32 tmp;
3858
3859         if (bus->pcicore.dev &&
3860             bus->pcicore.dev->id.coreid == SSB_DEV_PCI &&
3861             bus->pcicore.dev->id.revision <= 5) {
3862                 /* IMCFGLO timeouts workaround. */
3863                 tmp = ssb_read32(dev->dev, SSB_IMCFGLO);
3864                 tmp &= ~SSB_IMCFGLO_REQTO;
3865                 tmp &= ~SSB_IMCFGLO_SERTO;
3866                 switch (bus->bustype) {
3867                 case SSB_BUSTYPE_PCI:
3868                 case SSB_BUSTYPE_PCMCIA:
3869                         tmp |= 0x32;
3870                         break;
3871                 case SSB_BUSTYPE_SSB:
3872                         tmp |= 0x53;
3873                         break;
3874                 }
3875                 ssb_write32(dev->dev, SSB_IMCFGLO, tmp);
3876         }
3877 #endif /* CONFIG_SSB_DRIVER_PCICORE */
3878 }
3879
3880 /* Write the short and long frame retry limit values. */
3881 static void b43_set_retry_limits(struct b43_wldev *dev,
3882                                  unsigned int short_retry,
3883                                  unsigned int long_retry)
3884 {
3885         /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3886          * the chip-internal counter. */
3887         short_retry = min(short_retry, (unsigned int)0xF);
3888         long_retry = min(long_retry, (unsigned int)0xF);
3889
3890         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3891                         short_retry);
3892         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3893                         long_retry);
3894 }
3895
3896 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
3897 {
3898         u16 pu_delay;
3899
3900         /* The time value is in microseconds. */
3901         if (dev->phy.type == B43_PHYTYPE_A)
3902                 pu_delay = 3700;
3903         else
3904                 pu_delay = 1050;
3905         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
3906                 pu_delay = 500;
3907         if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
3908                 pu_delay = max(pu_delay, (u16)2400);
3909
3910         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
3911 }
3912
3913 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
3914 static void b43_set_pretbtt(struct b43_wldev *dev)
3915 {
3916         u16 pretbtt;
3917
3918         /* The time value is in microseconds. */
3919         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC)) {
3920                 pretbtt = 2;
3921         } else {
3922                 if (dev->phy.type == B43_PHYTYPE_A)
3923                         pretbtt = 120;
3924                 else
3925                         pretbtt = 250;
3926         }
3927         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
3928         b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
3929 }
3930
3931 /* Shutdown a wireless core */
3932 /* Locking: wl->mutex */
3933 static void b43_wireless_core_exit(struct b43_wldev *dev)
3934 {
3935         u32 macctl;
3936
3937         B43_WARN_ON(b43_status(dev) > B43_STAT_INITIALIZED);
3938         if (b43_status(dev) != B43_STAT_INITIALIZED)
3939                 return;
3940         b43_set_status(dev, B43_STAT_UNINIT);
3941
3942         /* Stop the microcode PSM. */
3943         macctl = b43_read32(dev, B43_MMIO_MACCTL);
3944         macctl &= ~B43_MACCTL_PSM_RUN;
3945         macctl |= B43_MACCTL_PSM_JMP0;
3946         b43_write32(dev, B43_MMIO_MACCTL, macctl);
3947
3948         if (!dev->suspend_in_progress) {
3949                 b43_leds_exit(dev);
3950                 b43_rng_exit(dev->wl);
3951         }
3952         b43_dma_free(dev);
3953         b43_pio_free(dev);
3954         b43_chip_exit(dev);
3955         dev->phy.ops->switch_analog(dev, 0);
3956         if (dev->wl->current_beacon) {
3957                 dev_kfree_skb_any(dev->wl->current_beacon);
3958                 dev->wl->current_beacon = NULL;
3959         }
3960
3961         ssb_device_disable(dev->dev, 0);
3962         ssb_bus_may_powerdown(dev->dev->bus);
3963 }
3964
3965 /* Initialize a wireless core */
3966 static int b43_wireless_core_init(struct b43_wldev *dev)
3967 {
3968         struct b43_wl *wl = dev->wl;
3969         struct ssb_bus *bus = dev->dev->bus;
3970         struct ssb_sprom *sprom = &bus->sprom;
3971         struct b43_phy *phy = &dev->phy;
3972         int err;
3973         u64 hf;
3974         u32 tmp;
3975
3976         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
3977
3978         err = ssb_bus_powerup(bus, 0);
3979         if (err)
3980                 goto out;
3981         if (!ssb_device_is_enabled(dev->dev)) {
3982                 tmp = phy->gmode ? B43_TMSLOW_GMODE : 0;
3983                 b43_wireless_core_reset(dev, tmp);
3984         }
3985
3986         /* Reset all data structures. */
3987         setup_struct_wldev_for_init(dev);
3988         phy->ops->prepare_structs(dev);
3989
3990         /* Enable IRQ routing to this device. */
3991         ssb_pcicore_dev_irqvecs_enable(&bus->pcicore, dev->dev);
3992
3993         b43_imcfglo_timeouts_workaround(dev);
3994         b43_bluetooth_coext_disable(dev);
3995         if (phy->ops->prepare_hardware) {
3996                 err = phy->ops->prepare_hardware(dev);
3997                 if (err)
3998                         goto err_busdown;
3999         }
4000         err = b43_chip_init(dev);
4001         if (err)
4002                 goto err_busdown;
4003         b43_shm_write16(dev, B43_SHM_SHARED,
4004                         B43_SHM_SH_WLCOREREV, dev->dev->id.revision);
4005         hf = b43_hf_read(dev);
4006         if (phy->type == B43_PHYTYPE_G) {
4007                 hf |= B43_HF_SYMW;
4008                 if (phy->rev == 1)
4009                         hf |= B43_HF_GDCW;
4010                 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4011                         hf |= B43_HF_OFDMPABOOST;
4012         } else if (phy->type == B43_PHYTYPE_B) {
4013                 hf |= B43_HF_SYMW;
4014                 if (phy->rev >= 2 && phy->radio_ver == 0x2050)
4015                         hf &= ~B43_HF_GDCW;
4016         }
4017         b43_hf_write(dev, hf);
4018
4019         b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4020                              B43_DEFAULT_LONG_RETRY_LIMIT);
4021         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4022         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4023
4024         /* Disable sending probe responses from firmware.
4025          * Setting the MaxTime to one usec will always trigger
4026          * a timeout, so we never send any probe resp.
4027          * A timeout of zero is infinite. */
4028         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4029
4030         b43_rate_memory_init(dev);
4031         b43_set_phytxctl_defaults(dev);
4032
4033         /* Minimum Contention Window */
4034         if (phy->type == B43_PHYTYPE_B) {
4035                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4036         } else {
4037                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4038         }
4039         /* Maximum Contention Window */
4040         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4041
4042         if ((dev->dev->bus->bustype == SSB_BUSTYPE_PCMCIA) || B43_FORCE_PIO) {
4043                 dev->__using_pio_transfers = 1;
4044                 err = b43_pio_init(dev);
4045         } else {
4046                 dev->__using_pio_transfers = 0;
4047                 err = b43_dma_init(dev);
4048         }
4049         if (err)
4050                 goto err_chip_exit;
4051         b43_qos_init(dev);
4052         b43_set_synth_pu_delay(dev, 1);
4053         b43_bluetooth_coext_enable(dev);
4054
4055         ssb_bus_powerup(bus, 1);        /* Enable dynamic PCTL */
4056         b43_upload_card_macaddress(dev);
4057         b43_security_init(dev);
4058         if (!dev->suspend_in_progress)
4059                 b43_rng_init(wl);
4060
4061         b43_set_status(dev, B43_STAT_INITIALIZED);
4062
4063         if (!dev->suspend_in_progress)
4064                 b43_leds_init(dev);
4065 out:
4066         return err;
4067
4068 err_chip_exit:
4069         b43_chip_exit(dev);
4070 err_busdown:
4071         ssb_bus_may_powerdown(bus);
4072         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4073         return err;
4074 }
4075
4076 static int b43_op_add_interface(struct ieee80211_hw *hw,
4077                                 struct ieee80211_if_init_conf *conf)
4078 {
4079         struct b43_wl *wl = hw_to_b43_wl(hw);
4080         struct b43_wldev *dev;
4081         unsigned long flags;
4082         int err = -EOPNOTSUPP;
4083
4084         /* TODO: allow WDS/AP devices to coexist */
4085
4086         if (conf->type != NL80211_IFTYPE_AP &&
4087             conf->type != NL80211_IFTYPE_MESH_POINT &&
4088             conf->type != NL80211_IFTYPE_STATION &&
4089             conf->type != NL80211_IFTYPE_WDS &&
4090             conf->type != NL80211_IFTYPE_ADHOC)
4091                 return -EOPNOTSUPP;
4092
4093         mutex_lock(&wl->mutex);
4094         if (wl->operating)
4095                 goto out_mutex_unlock;
4096
4097         b43dbg(wl, "Adding Interface type %d\n", conf->type);
4098
4099         dev = wl->current_dev;
4100         wl->operating = 1;
4101         wl->vif = conf->vif;
4102         wl->if_type = conf->type;
4103         memcpy(wl->mac_addr, conf->mac_addr, ETH_ALEN);
4104
4105         spin_lock_irqsave(&wl->irq_lock, flags);
4106         b43_adjust_opmode(dev);
4107         b43_set_pretbtt(dev);
4108         b43_set_synth_pu_delay(dev, 0);
4109         b43_upload_card_macaddress(dev);
4110         spin_unlock_irqrestore(&wl->irq_lock, flags);
4111
4112         err = 0;
4113  out_mutex_unlock:
4114         mutex_unlock(&wl->mutex);
4115
4116         return err;
4117 }
4118
4119 static void b43_op_remove_interface(struct ieee80211_hw *hw,
4120                                     struct ieee80211_if_init_conf *conf)
4121 {
4122         struct b43_wl *wl = hw_to_b43_wl(hw);
4123         struct b43_wldev *dev = wl->current_dev;
4124         unsigned long flags;
4125
4126         b43dbg(wl, "Removing Interface type %d\n", conf->type);
4127
4128         mutex_lock(&wl->mutex);
4129
4130         B43_WARN_ON(!wl->operating);
4131         B43_WARN_ON(wl->vif != conf->vif);
4132         wl->vif = NULL;
4133
4134         wl->operating = 0;
4135
4136         spin_lock_irqsave(&wl->irq_lock, flags);
4137         b43_adjust_opmode(dev);
4138         memset(wl->mac_addr, 0, ETH_ALEN);
4139         b43_upload_card_macaddress(dev);
4140         spin_unlock_irqrestore(&wl->irq_lock, flags);
4141
4142         mutex_unlock(&wl->mutex);
4143 }
4144
4145 static int b43_op_start(struct ieee80211_hw *hw)
4146 {
4147         struct b43_wl *wl = hw_to_b43_wl(hw);
4148         struct b43_wldev *dev = wl->current_dev;
4149         int did_init = 0;
4150         int err = 0;
4151         bool do_rfkill_exit = 0;
4152
4153         /* Kill all old instance specific information to make sure
4154          * the card won't use it in the short timeframe between start
4155          * and mac80211 reconfiguring it. */
4156         memset(wl->bssid, 0, ETH_ALEN);
4157         memset(wl->mac_addr, 0, ETH_ALEN);
4158         wl->filter_flags = 0;
4159         wl->radiotap_enabled = 0;
4160         b43_qos_clear(wl);
4161         wl->beacon0_uploaded = 0;
4162         wl->beacon1_uploaded = 0;
4163         wl->beacon_templates_virgin = 1;
4164
4165         /* First register RFkill.
4166          * LEDs that are registered later depend on it. */
4167         b43_rfkill_init(dev);
4168
4169         mutex_lock(&wl->mutex);
4170
4171         if (b43_status(dev) < B43_STAT_INITIALIZED) {
4172                 err = b43_wireless_core_init(dev);
4173                 if (err) {
4174                         do_rfkill_exit = 1;
4175                         goto out_mutex_unlock;
4176                 }
4177                 did_init = 1;
4178         }
4179
4180         if (b43_status(dev) < B43_STAT_STARTED) {
4181                 err = b43_wireless_core_start(dev);
4182                 if (err) {
4183                         if (did_init)
4184                                 b43_wireless_core_exit(dev);
4185                         do_rfkill_exit = 1;
4186                         goto out_mutex_unlock;
4187                 }
4188         }
4189
4190  out_mutex_unlock:
4191         mutex_unlock(&wl->mutex);
4192
4193         if (do_rfkill_exit)
4194                 b43_rfkill_exit(dev);
4195
4196         return err;
4197 }
4198
4199 static void b43_op_stop(struct ieee80211_hw *hw)
4200 {
4201         struct b43_wl *wl = hw_to_b43_wl(hw);
4202         struct b43_wldev *dev = wl->current_dev;
4203
4204         b43_rfkill_exit(dev);
4205         cancel_work_sync(&(wl->beacon_update_trigger));
4206
4207         mutex_lock(&wl->mutex);
4208         if (b43_status(dev) >= B43_STAT_STARTED)
4209                 b43_wireless_core_stop(dev);
4210         b43_wireless_core_exit(dev);
4211         mutex_unlock(&wl->mutex);
4212
4213         cancel_work_sync(&(wl->txpower_adjust_work));
4214 }
4215
4216 static int b43_op_set_retry_limit(struct ieee80211_hw *hw,
4217                                   u32 short_retry_limit, u32 long_retry_limit)
4218 {
4219         struct b43_wl *wl = hw_to_b43_wl(hw);
4220         struct b43_wldev *dev;
4221         int err = 0;
4222
4223         mutex_lock(&wl->mutex);
4224         dev = wl->current_dev;
4225         if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED))) {
4226                 err = -ENODEV;
4227                 goto out_unlock;
4228         }
4229         b43_set_retry_limits(dev, short_retry_limit, long_retry_limit);
4230 out_unlock:
4231         mutex_unlock(&wl->mutex);
4232
4233         return err;
4234 }
4235
4236 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
4237                                  struct ieee80211_sta *sta, bool set)
4238 {
4239         struct b43_wl *wl = hw_to_b43_wl(hw);
4240         unsigned long flags;
4241
4242         spin_lock_irqsave(&wl->irq_lock, flags);
4243         b43_update_templates(wl);
4244         spin_unlock_irqrestore(&wl->irq_lock, flags);
4245
4246         return 0;
4247 }
4248
4249 static void b43_op_sta_notify(struct ieee80211_hw *hw,
4250                               struct ieee80211_vif *vif,
4251                               enum sta_notify_cmd notify_cmd,
4252                               struct ieee80211_sta *sta)
4253 {
4254         struct b43_wl *wl = hw_to_b43_wl(hw);
4255
4256         B43_WARN_ON(!vif || wl->vif != vif);
4257 }
4258
4259 static const struct ieee80211_ops b43_hw_ops = {
4260         .tx                     = b43_op_tx,
4261         .conf_tx                = b43_op_conf_tx,
4262         .add_interface          = b43_op_add_interface,
4263         .remove_interface       = b43_op_remove_interface,
4264         .config                 = b43_op_config,
4265         .config_interface       = b43_op_config_interface,
4266         .configure_filter       = b43_op_configure_filter,
4267         .set_key                = b43_op_set_key,
4268         .get_stats              = b43_op_get_stats,
4269         .get_tx_stats           = b43_op_get_tx_stats,
4270         .start                  = b43_op_start,
4271         .stop                   = b43_op_stop,
4272         .set_retry_limit        = b43_op_set_retry_limit,
4273         .set_tim                = b43_op_beacon_set_tim,
4274         .sta_notify             = b43_op_sta_notify,
4275 };
4276
4277 /* Hard-reset the chip. Do not call this directly.
4278  * Use b43_controller_restart()
4279  */
4280 static void b43_chip_reset(struct work_struct *work)
4281 {
4282         struct b43_wldev *dev =
4283             container_of(work, struct b43_wldev, restart_work);
4284         struct b43_wl *wl = dev->wl;
4285         int err = 0;
4286         int prev_status;
4287
4288         mutex_lock(&wl->mutex);
4289
4290         prev_status = b43_status(dev);
4291         /* Bring the device down... */
4292         if (prev_status >= B43_STAT_STARTED)
4293                 b43_wireless_core_stop(dev);
4294         if (prev_status >= B43_STAT_INITIALIZED)
4295                 b43_wireless_core_exit(dev);
4296
4297         /* ...and up again. */
4298         if (prev_status >= B43_STAT_INITIALIZED) {
4299                 err = b43_wireless_core_init(dev);
4300                 if (err)
4301                         goto out;
4302         }
4303         if (prev_status >= B43_STAT_STARTED) {
4304                 err = b43_wireless_core_start(dev);
4305                 if (err) {
4306                         b43_wireless_core_exit(dev);
4307                         goto out;
4308                 }
4309         }
4310 out:
4311         if (err)
4312                 wl->current_dev = NULL; /* Failed to init the dev. */
4313         mutex_unlock(&wl->mutex);
4314         if (err)
4315                 b43err(wl, "Controller restart FAILED\n");
4316         else
4317                 b43info(wl, "Controller restarted\n");
4318 }
4319
4320 static int b43_setup_bands(struct b43_wldev *dev,
4321                            bool have_2ghz_phy, bool have_5ghz_phy)
4322 {
4323         struct ieee80211_hw *hw = dev->wl->hw;
4324
4325         if (have_2ghz_phy)
4326                 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &b43_band_2GHz;
4327         if (dev->phy.type == B43_PHYTYPE_N) {
4328                 if (have_5ghz_phy)
4329                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_nphy;
4330         } else {
4331                 if (have_5ghz_phy)
4332                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
4333         }
4334
4335         dev->phy.supports_2ghz = have_2ghz_phy;
4336         dev->phy.supports_5ghz = have_5ghz_phy;
4337
4338         return 0;
4339 }
4340
4341 static void b43_wireless_core_detach(struct b43_wldev *dev)
4342 {
4343         /* We release firmware that late to not be required to re-request
4344          * is all the time when we reinit the core. */
4345         b43_release_firmware(dev);
4346         b43_phy_free(dev);
4347 }
4348
4349 static int b43_wireless_core_attach(struct b43_wldev *dev)
4350 {
4351         struct b43_wl *wl = dev->wl;
4352         struct ssb_bus *bus = dev->dev->bus;
4353         struct pci_dev *pdev = bus->host_pci;
4354         int err;
4355         bool have_2ghz_phy = 0, have_5ghz_phy = 0;
4356         u32 tmp;
4357
4358         /* Do NOT do any device initialization here.
4359          * Do it in wireless_core_init() instead.
4360          * This function is for gathering basic information about the HW, only.
4361          * Also some structs may be set up here. But most likely you want to have
4362          * that in core_init(), too.
4363          */
4364
4365         err = ssb_bus_powerup(bus, 0);
4366         if (err) {
4367                 b43err(wl, "Bus powerup failed\n");
4368                 goto out;
4369         }
4370         /* Get the PHY type. */
4371         if (dev->dev->id.revision >= 5) {
4372                 u32 tmshigh;
4373
4374                 tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
4375                 have_2ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY);
4376                 have_5ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_5GHZ_PHY);
4377         } else
4378                 B43_WARN_ON(1);
4379
4380         dev->phy.gmode = have_2ghz_phy;
4381         tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4382         b43_wireless_core_reset(dev, tmp);
4383
4384         err = b43_phy_versioning(dev);
4385         if (err)
4386                 goto err_powerdown;
4387         /* Check if this device supports multiband. */
4388         if (!pdev ||
4389             (pdev->device != 0x4312 &&
4390              pdev->device != 0x4319 && pdev->device != 0x4324)) {
4391                 /* No multiband support. */
4392                 have_2ghz_phy = 0;
4393                 have_5ghz_phy = 0;
4394                 switch (dev->phy.type) {
4395                 case B43_PHYTYPE_A:
4396                         have_5ghz_phy = 1;
4397                         break;
4398                 case B43_PHYTYPE_G:
4399                 case B43_PHYTYPE_N:
4400                         have_2ghz_phy = 1;
4401                         break;
4402                 default:
4403                         B43_WARN_ON(1);
4404                 }
4405         }
4406         if (dev->phy.type == B43_PHYTYPE_A) {
4407                 /* FIXME */
4408                 b43err(wl, "IEEE 802.11a devices are unsupported\n");
4409                 err = -EOPNOTSUPP;
4410                 goto err_powerdown;
4411         }
4412         if (1 /* disable A-PHY */) {
4413                 /* FIXME: For now we disable the A-PHY on multi-PHY devices. */
4414                 if (dev->phy.type != B43_PHYTYPE_N) {
4415                         have_2ghz_phy = 1;
4416                         have_5ghz_phy = 0;
4417                 }
4418         }
4419
4420         err = b43_phy_allocate(dev);
4421         if (err)
4422                 goto err_powerdown;
4423
4424         dev->phy.gmode = have_2ghz_phy;
4425         tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4426         b43_wireless_core_reset(dev, tmp);
4427
4428         err = b43_validate_chipaccess(dev);
4429         if (err)
4430                 goto err_phy_free;
4431         err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
4432         if (err)
4433                 goto err_phy_free;
4434
4435         /* Now set some default "current_dev" */
4436         if (!wl->current_dev)
4437                 wl->current_dev = dev;
4438         INIT_WORK(&dev->restart_work, b43_chip_reset);
4439
4440         dev->phy.ops->switch_analog(dev, 0);
4441         ssb_device_disable(dev->dev, 0);
4442         ssb_bus_may_powerdown(bus);
4443
4444 out:
4445         return err;
4446
4447 err_phy_free:
4448         b43_phy_free(dev);
4449 err_powerdown:
4450         ssb_bus_may_powerdown(bus);
4451         return err;
4452 }
4453
4454 static void b43_one_core_detach(struct ssb_device *dev)
4455 {
4456         struct b43_wldev *wldev;
4457         struct b43_wl *wl;
4458
4459         /* Do not cancel ieee80211-workqueue based work here.
4460          * See comment in b43_remove(). */
4461
4462         wldev = ssb_get_drvdata(dev);
4463         wl = wldev->wl;
4464         b43_debugfs_remove_device(wldev);
4465         b43_wireless_core_detach(wldev);
4466         list_del(&wldev->list);
4467         wl->nr_devs--;
4468         ssb_set_drvdata(dev, NULL);
4469         kfree(wldev);
4470 }
4471
4472 static int b43_one_core_attach(struct ssb_device *dev, struct b43_wl *wl)
4473 {
4474         struct b43_wldev *wldev;
4475         struct pci_dev *pdev;
4476         int err = -ENOMEM;
4477
4478         if (!list_empty(&wl->devlist)) {
4479                 /* We are not the first core on this chip. */
4480                 pdev = dev->bus->host_pci;
4481                 /* Only special chips support more than one wireless
4482                  * core, although some of the other chips have more than
4483                  * one wireless core as well. Check for this and
4484                  * bail out early.
4485                  */
4486                 if (!pdev ||
4487                     ((pdev->device != 0x4321) &&
4488                      (pdev->device != 0x4313) && (pdev->device != 0x431A))) {
4489                         b43dbg(wl, "Ignoring unconnected 802.11 core\n");
4490                         return -ENODEV;
4491                 }
4492         }
4493
4494         wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
4495         if (!wldev)
4496                 goto out;
4497
4498         wldev->dev = dev;
4499         wldev->wl = wl;
4500         b43_set_status(wldev, B43_STAT_UNINIT);
4501         wldev->bad_frames_preempt = modparam_bad_frames_preempt;
4502         tasklet_init(&wldev->isr_tasklet,
4503                      (void (*)(unsigned long))b43_interrupt_tasklet,
4504                      (unsigned long)wldev);
4505         INIT_LIST_HEAD(&wldev->list);
4506
4507         err = b43_wireless_core_attach(wldev);
4508         if (err)
4509                 goto err_kfree_wldev;
4510
4511         list_add(&wldev->list, &wl->devlist);
4512         wl->nr_devs++;
4513         ssb_set_drvdata(dev, wldev);
4514         b43_debugfs_add_device(wldev);
4515
4516       out:
4517         return err;
4518
4519       err_kfree_wldev:
4520         kfree(wldev);
4521         return err;
4522 }
4523
4524 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice)         ( \
4525         (pdev->vendor == PCI_VENDOR_ID_##_vendor) &&                    \
4526         (pdev->device == _device) &&                                    \
4527         (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) &&       \
4528         (pdev->subsystem_device == _subdevice)                          )
4529
4530 static void b43_sprom_fixup(struct ssb_bus *bus)
4531 {
4532         struct pci_dev *pdev;
4533
4534         /* boardflags workarounds */
4535         if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
4536             bus->chip_id == 0x4301 && bus->boardinfo.rev == 0x74)
4537                 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
4538         if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
4539             bus->boardinfo.type == 0x4E && bus->boardinfo.rev > 0x40)
4540                 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
4541         if (bus->bustype == SSB_BUSTYPE_PCI) {
4542                 pdev = bus->host_pci;
4543                 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
4544                     IS_PDEV(pdev, BROADCOM, 0x4320,    DELL, 0x0003) ||
4545                     IS_PDEV(pdev, BROADCOM, 0x4320,      HP, 0x12f8) ||
4546                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
4547                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
4548                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
4549                     IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
4550                         bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
4551         }
4552 }
4553
4554 static void b43_wireless_exit(struct ssb_device *dev, struct b43_wl *wl)
4555 {
4556         struct ieee80211_hw *hw = wl->hw;
4557
4558         ssb_set_devtypedata(dev, NULL);
4559         ieee80211_free_hw(hw);
4560 }
4561
4562 static int b43_wireless_init(struct ssb_device *dev)
4563 {
4564         struct ssb_sprom *sprom = &dev->bus->sprom;
4565         struct ieee80211_hw *hw;
4566         struct b43_wl *wl;
4567         int err = -ENOMEM;
4568
4569         b43_sprom_fixup(dev->bus);
4570
4571         hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
4572         if (!hw) {
4573                 b43err(NULL, "Could not allocate ieee80211 device\n");
4574                 goto out;
4575         }
4576
4577         /* fill hw info */
4578         hw->flags = IEEE80211_HW_RX_INCLUDES_FCS |
4579                     IEEE80211_HW_SIGNAL_DBM |
4580                     IEEE80211_HW_NOISE_DBM;
4581
4582         hw->wiphy->interface_modes =
4583                 BIT(NL80211_IFTYPE_AP) |
4584                 BIT(NL80211_IFTYPE_MESH_POINT) |
4585                 BIT(NL80211_IFTYPE_STATION) |
4586                 BIT(NL80211_IFTYPE_WDS) |
4587                 BIT(NL80211_IFTYPE_ADHOC);
4588
4589         hw->queues = b43_modparam_qos ? 4 : 1;
4590         hw->max_altrates = 1;
4591         SET_IEEE80211_DEV(hw, dev->dev);
4592         if (is_valid_ether_addr(sprom->et1mac))
4593                 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
4594         else
4595                 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
4596
4597         /* Get and initialize struct b43_wl */
4598         wl = hw_to_b43_wl(hw);
4599         memset(wl, 0, sizeof(*wl));
4600         wl->hw = hw;
4601         spin_lock_init(&wl->irq_lock);
4602         rwlock_init(&wl->tx_lock);
4603         spin_lock_init(&wl->leds_lock);
4604         spin_lock_init(&wl->shm_lock);
4605         mutex_init(&wl->mutex);
4606         INIT_LIST_HEAD(&wl->devlist);
4607         INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
4608         INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
4609
4610         ssb_set_devtypedata(dev, wl);
4611         b43info(wl, "Broadcom %04X WLAN found\n", dev->bus->chip_id);
4612         err = 0;
4613       out:
4614         return err;
4615 }
4616
4617 static int b43_probe(struct ssb_device *dev, const struct ssb_device_id *id)
4618 {
4619         struct b43_wl *wl;
4620         int err;
4621         int first = 0;
4622
4623         wl = ssb_get_devtypedata(dev);
4624         if (!wl) {
4625                 /* Probing the first core. Must setup common struct b43_wl */
4626                 first = 1;
4627                 err = b43_wireless_init(dev);
4628                 if (err)
4629                         goto out;
4630                 wl = ssb_get_devtypedata(dev);
4631                 B43_WARN_ON(!wl);
4632         }
4633         err = b43_one_core_attach(dev, wl);
4634         if (err)
4635                 goto err_wireless_exit;
4636
4637         if (first) {
4638                 err = ieee80211_register_hw(wl->hw);
4639                 if (err)
4640                         goto err_one_core_detach;
4641         }
4642
4643       out:
4644         return err;
4645
4646       err_one_core_detach:
4647         b43_one_core_detach(dev);
4648       err_wireless_exit:
4649         if (first)
4650                 b43_wireless_exit(dev, wl);
4651         return err;
4652 }
4653
4654 static void b43_remove(struct ssb_device *dev)
4655 {
4656         struct b43_wl *wl = ssb_get_devtypedata(dev);
4657         struct b43_wldev *wldev = ssb_get_drvdata(dev);
4658
4659         /* We must cancel any work here before unregistering from ieee80211,
4660          * as the ieee80211 unreg will destroy the workqueue. */
4661         cancel_work_sync(&wldev->restart_work);
4662
4663         B43_WARN_ON(!wl);
4664         if (wl->current_dev == wldev)
4665                 ieee80211_unregister_hw(wl->hw);
4666
4667         b43_one_core_detach(dev);
4668
4669         if (list_empty(&wl->devlist)) {
4670                 /* Last core on the chip unregistered.
4671                  * We can destroy common struct b43_wl.
4672                  */
4673                 b43_wireless_exit(dev, wl);
4674         }
4675 }
4676
4677 /* Perform a hardware reset. This can be called from any context. */
4678 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
4679 {
4680         /* Must avoid requeueing, if we are in shutdown. */
4681         if (b43_status(dev) < B43_STAT_INITIALIZED)
4682                 return;
4683         b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
4684         queue_work(dev->wl->hw->workqueue, &dev->restart_work);
4685 }
4686
4687 #ifdef CONFIG_PM
4688
4689 static int b43_suspend(struct ssb_device *dev, pm_message_t state)
4690 {
4691         struct b43_wldev *wldev = ssb_get_drvdata(dev);
4692         struct b43_wl *wl = wldev->wl;
4693
4694         b43dbg(wl, "Suspending...\n");
4695
4696         mutex_lock(&wl->mutex);
4697         wldev->suspend_in_progress = true;
4698         wldev->suspend_init_status = b43_status(wldev);
4699         if (wldev->suspend_init_status >= B43_STAT_STARTED)
4700                 b43_wireless_core_stop(wldev);
4701         if (wldev->suspend_init_status >= B43_STAT_INITIALIZED)
4702                 b43_wireless_core_exit(wldev);
4703         mutex_unlock(&wl->mutex);
4704
4705         b43dbg(wl, "Device suspended.\n");
4706
4707         return 0;
4708 }
4709
4710 static int b43_resume(struct ssb_device *dev)
4711 {
4712         struct b43_wldev *wldev = ssb_get_drvdata(dev);
4713         struct b43_wl *wl = wldev->wl;
4714         int err = 0;
4715
4716         b43dbg(wl, "Resuming...\n");
4717
4718         mutex_lock(&wl->mutex);
4719         if (wldev->suspend_init_status >= B43_STAT_INITIALIZED) {
4720                 err = b43_wireless_core_init(wldev);
4721                 if (err) {
4722                         b43err(wl, "Resume failed at core init\n");
4723                         goto out;
4724                 }
4725         }
4726         if (wldev->suspend_init_status >= B43_STAT_STARTED) {
4727                 err = b43_wireless_core_start(wldev);
4728                 if (err) {
4729                         b43_leds_exit(wldev);
4730                         b43_rng_exit(wldev->wl);
4731                         b43_wireless_core_exit(wldev);
4732                         b43err(wl, "Resume failed at core start\n");
4733                         goto out;
4734                 }
4735         }
4736         b43dbg(wl, "Device resumed.\n");
4737  out:
4738         wldev->suspend_in_progress = false;
4739         mutex_unlock(&wl->mutex);
4740         return err;
4741 }
4742
4743 #else /* CONFIG_PM */
4744 # define b43_suspend    NULL
4745 # define b43_resume     NULL
4746 #endif /* CONFIG_PM */
4747
4748 static struct ssb_driver b43_ssb_driver = {
4749         .name           = KBUILD_MODNAME,
4750         .id_table       = b43_ssb_tbl,
4751         .probe          = b43_probe,
4752         .remove         = b43_remove,
4753         .suspend        = b43_suspend,
4754         .resume         = b43_resume,
4755 };
4756
4757 static void b43_print_driverinfo(void)
4758 {
4759         const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
4760                    *feat_leds = "", *feat_rfkill = "";
4761
4762 #ifdef CONFIG_B43_PCI_AUTOSELECT
4763         feat_pci = "P";
4764 #endif
4765 #ifdef CONFIG_B43_PCMCIA
4766         feat_pcmcia = "M";
4767 #endif
4768 #ifdef CONFIG_B43_NPHY
4769         feat_nphy = "N";
4770 #endif
4771 #ifdef CONFIG_B43_LEDS
4772         feat_leds = "L";
4773 #endif
4774 #ifdef CONFIG_B43_RFKILL
4775         feat_rfkill = "R";
4776 #endif
4777         printk(KERN_INFO "Broadcom 43xx driver loaded "
4778                "[ Features: %s%s%s%s%s, Firmware-ID: "
4779                B43_SUPPORTED_FIRMWARE_ID " ]\n",
4780                feat_pci, feat_pcmcia, feat_nphy,
4781                feat_leds, feat_rfkill);
4782 }
4783
4784 static int __init b43_init(void)
4785 {
4786         int err;
4787
4788         b43_debugfs_init();
4789         err = b43_pcmcia_init();
4790         if (err)
4791                 goto err_dfs_exit;
4792         err = ssb_driver_register(&b43_ssb_driver);
4793         if (err)
4794                 goto err_pcmcia_exit;
4795         b43_print_driverinfo();
4796
4797         return err;
4798
4799 err_pcmcia_exit:
4800         b43_pcmcia_exit();
4801 err_dfs_exit:
4802         b43_debugfs_exit();
4803         return err;
4804 }
4805
4806 static void __exit b43_exit(void)
4807 {
4808         ssb_driver_unregister(&b43_ssb_driver);
4809         b43_pcmcia_exit();
4810         b43_debugfs_exit();
4811 }
4812
4813 module_init(b43_init)
4814 module_exit(b43_exit)