Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6
[linux-2.6.git] / drivers / net / wireless / b43 / main.c
1 /*
2
3   Broadcom B43 wireless driver
4
5   Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6   Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7   Copyright (c) 2005-2009 Michael Buesch <mb@bu3sch.de>
8   Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9   Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
10
11   SDIO support
12   Copyright (c) 2009 Albert Herranz <albert_herranz@yahoo.es>
13
14   Some parts of the code in this file are derived from the ipw2200
15   driver  Copyright(c) 2003 - 2004 Intel Corporation.
16
17   This program is free software; you can redistribute it and/or modify
18   it under the terms of the GNU General Public License as published by
19   the Free Software Foundation; either version 2 of the License, or
20   (at your option) any later version.
21
22   This program is distributed in the hope that it will be useful,
23   but WITHOUT ANY WARRANTY; without even the implied warranty of
24   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
25   GNU General Public License for more details.
26
27   You should have received a copy of the GNU General Public License
28   along with this program; see the file COPYING.  If not, write to
29   the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
30   Boston, MA 02110-1301, USA.
31
32 */
33
34 #include <linux/delay.h>
35 #include <linux/init.h>
36 #include <linux/moduleparam.h>
37 #include <linux/if_arp.h>
38 #include <linux/etherdevice.h>
39 #include <linux/firmware.h>
40 #include <linux/wireless.h>
41 #include <linux/workqueue.h>
42 #include <linux/skbuff.h>
43 #include <linux/io.h>
44 #include <linux/dma-mapping.h>
45 #include <asm/unaligned.h>
46
47 #include "b43.h"
48 #include "main.h"
49 #include "debugfs.h"
50 #include "phy_common.h"
51 #include "phy_g.h"
52 #include "phy_n.h"
53 #include "dma.h"
54 #include "pio.h"
55 #include "sysfs.h"
56 #include "xmit.h"
57 #include "lo.h"
58 #include "pcmcia.h"
59 #include "sdio.h"
60 #include <linux/mmc/sdio_func.h>
61
62 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
63 MODULE_AUTHOR("Martin Langer");
64 MODULE_AUTHOR("Stefano Brivio");
65 MODULE_AUTHOR("Michael Buesch");
66 MODULE_AUTHOR("Gábor Stefanik");
67 MODULE_LICENSE("GPL");
68
69 MODULE_FIRMWARE(B43_SUPPORTED_FIRMWARE_ID);
70 MODULE_FIRMWARE("b43/ucode11.fw");
71 MODULE_FIRMWARE("b43/ucode13.fw");
72 MODULE_FIRMWARE("b43/ucode14.fw");
73 MODULE_FIRMWARE("b43/ucode15.fw");
74 MODULE_FIRMWARE("b43/ucode5.fw");
75 MODULE_FIRMWARE("b43/ucode9.fw");
76
77 static int modparam_bad_frames_preempt;
78 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
79 MODULE_PARM_DESC(bad_frames_preempt,
80                  "enable(1) / disable(0) Bad Frames Preemption");
81
82 static char modparam_fwpostfix[16];
83 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
84 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
85
86 static int modparam_hwpctl;
87 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
88 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
89
90 static int modparam_nohwcrypt;
91 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
92 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
93
94 static int modparam_hwtkip;
95 module_param_named(hwtkip, modparam_hwtkip, int, 0444);
96 MODULE_PARM_DESC(hwtkip, "Enable hardware tkip.");
97
98 static int modparam_qos = 1;
99 module_param_named(qos, modparam_qos, int, 0444);
100 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
101
102 static int modparam_btcoex = 1;
103 module_param_named(btcoex, modparam_btcoex, int, 0444);
104 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistence (default on)");
105
106 int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
107 module_param_named(verbose, b43_modparam_verbose, int, 0644);
108 MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
109
110 int b43_modparam_pio = B43_PIO_DEFAULT;
111 module_param_named(pio, b43_modparam_pio, int, 0644);
112 MODULE_PARM_DESC(pio, "Use PIO accesses by default: 0=DMA, 1=PIO");
113
114 static const struct ssb_device_id b43_ssb_tbl[] = {
115         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
116         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
117         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
118         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
119         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
120         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
121         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 12),
122         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
123         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
124         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
125         SSB_DEVTABLE_END
126 };
127
128 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
129
130 /* Channel and ratetables are shared for all devices.
131  * They can't be const, because ieee80211 puts some precalculated
132  * data in there. This data is the same for all devices, so we don't
133  * get concurrency issues */
134 #define RATETAB_ENT(_rateid, _flags) \
135         {                                                               \
136                 .bitrate        = B43_RATE_TO_BASE100KBPS(_rateid),     \
137                 .hw_value       = (_rateid),                            \
138                 .flags          = (_flags),                             \
139         }
140
141 /*
142  * NOTE: When changing this, sync with xmit.c's
143  *       b43_plcp_get_bitrate_idx_* functions!
144  */
145 static struct ieee80211_rate __b43_ratetable[] = {
146         RATETAB_ENT(B43_CCK_RATE_1MB, 0),
147         RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
148         RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
149         RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
150         RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
151         RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
152         RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
153         RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
154         RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
155         RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
156         RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
157         RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
158 };
159
160 #define b43_a_ratetable         (__b43_ratetable + 4)
161 #define b43_a_ratetable_size    8
162 #define b43_b_ratetable         (__b43_ratetable + 0)
163 #define b43_b_ratetable_size    4
164 #define b43_g_ratetable         (__b43_ratetable + 0)
165 #define b43_g_ratetable_size    12
166
167 #define CHAN4G(_channel, _freq, _flags) {                       \
168         .band                   = IEEE80211_BAND_2GHZ,          \
169         .center_freq            = (_freq),                      \
170         .hw_value               = (_channel),                   \
171         .flags                  = (_flags),                     \
172         .max_antenna_gain       = 0,                            \
173         .max_power              = 30,                           \
174 }
175 static struct ieee80211_channel b43_2ghz_chantable[] = {
176         CHAN4G(1, 2412, 0),
177         CHAN4G(2, 2417, 0),
178         CHAN4G(3, 2422, 0),
179         CHAN4G(4, 2427, 0),
180         CHAN4G(5, 2432, 0),
181         CHAN4G(6, 2437, 0),
182         CHAN4G(7, 2442, 0),
183         CHAN4G(8, 2447, 0),
184         CHAN4G(9, 2452, 0),
185         CHAN4G(10, 2457, 0),
186         CHAN4G(11, 2462, 0),
187         CHAN4G(12, 2467, 0),
188         CHAN4G(13, 2472, 0),
189         CHAN4G(14, 2484, 0),
190 };
191 #undef CHAN4G
192
193 #define CHAN5G(_channel, _flags) {                              \
194         .band                   = IEEE80211_BAND_5GHZ,          \
195         .center_freq            = 5000 + (5 * (_channel)),      \
196         .hw_value               = (_channel),                   \
197         .flags                  = (_flags),                     \
198         .max_antenna_gain       = 0,                            \
199         .max_power              = 30,                           \
200 }
201 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
202         CHAN5G(32, 0),          CHAN5G(34, 0),
203         CHAN5G(36, 0),          CHAN5G(38, 0),
204         CHAN5G(40, 0),          CHAN5G(42, 0),
205         CHAN5G(44, 0),          CHAN5G(46, 0),
206         CHAN5G(48, 0),          CHAN5G(50, 0),
207         CHAN5G(52, 0),          CHAN5G(54, 0),
208         CHAN5G(56, 0),          CHAN5G(58, 0),
209         CHAN5G(60, 0),          CHAN5G(62, 0),
210         CHAN5G(64, 0),          CHAN5G(66, 0),
211         CHAN5G(68, 0),          CHAN5G(70, 0),
212         CHAN5G(72, 0),          CHAN5G(74, 0),
213         CHAN5G(76, 0),          CHAN5G(78, 0),
214         CHAN5G(80, 0),          CHAN5G(82, 0),
215         CHAN5G(84, 0),          CHAN5G(86, 0),
216         CHAN5G(88, 0),          CHAN5G(90, 0),
217         CHAN5G(92, 0),          CHAN5G(94, 0),
218         CHAN5G(96, 0),          CHAN5G(98, 0),
219         CHAN5G(100, 0),         CHAN5G(102, 0),
220         CHAN5G(104, 0),         CHAN5G(106, 0),
221         CHAN5G(108, 0),         CHAN5G(110, 0),
222         CHAN5G(112, 0),         CHAN5G(114, 0),
223         CHAN5G(116, 0),         CHAN5G(118, 0),
224         CHAN5G(120, 0),         CHAN5G(122, 0),
225         CHAN5G(124, 0),         CHAN5G(126, 0),
226         CHAN5G(128, 0),         CHAN5G(130, 0),
227         CHAN5G(132, 0),         CHAN5G(134, 0),
228         CHAN5G(136, 0),         CHAN5G(138, 0),
229         CHAN5G(140, 0),         CHAN5G(142, 0),
230         CHAN5G(144, 0),         CHAN5G(145, 0),
231         CHAN5G(146, 0),         CHAN5G(147, 0),
232         CHAN5G(148, 0),         CHAN5G(149, 0),
233         CHAN5G(150, 0),         CHAN5G(151, 0),
234         CHAN5G(152, 0),         CHAN5G(153, 0),
235         CHAN5G(154, 0),         CHAN5G(155, 0),
236         CHAN5G(156, 0),         CHAN5G(157, 0),
237         CHAN5G(158, 0),         CHAN5G(159, 0),
238         CHAN5G(160, 0),         CHAN5G(161, 0),
239         CHAN5G(162, 0),         CHAN5G(163, 0),
240         CHAN5G(164, 0),         CHAN5G(165, 0),
241         CHAN5G(166, 0),         CHAN5G(168, 0),
242         CHAN5G(170, 0),         CHAN5G(172, 0),
243         CHAN5G(174, 0),         CHAN5G(176, 0),
244         CHAN5G(178, 0),         CHAN5G(180, 0),
245         CHAN5G(182, 0),         CHAN5G(184, 0),
246         CHAN5G(186, 0),         CHAN5G(188, 0),
247         CHAN5G(190, 0),         CHAN5G(192, 0),
248         CHAN5G(194, 0),         CHAN5G(196, 0),
249         CHAN5G(198, 0),         CHAN5G(200, 0),
250         CHAN5G(202, 0),         CHAN5G(204, 0),
251         CHAN5G(206, 0),         CHAN5G(208, 0),
252         CHAN5G(210, 0),         CHAN5G(212, 0),
253         CHAN5G(214, 0),         CHAN5G(216, 0),
254         CHAN5G(218, 0),         CHAN5G(220, 0),
255         CHAN5G(222, 0),         CHAN5G(224, 0),
256         CHAN5G(226, 0),         CHAN5G(228, 0),
257 };
258
259 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
260         CHAN5G(34, 0),          CHAN5G(36, 0),
261         CHAN5G(38, 0),          CHAN5G(40, 0),
262         CHAN5G(42, 0),          CHAN5G(44, 0),
263         CHAN5G(46, 0),          CHAN5G(48, 0),
264         CHAN5G(52, 0),          CHAN5G(56, 0),
265         CHAN5G(60, 0),          CHAN5G(64, 0),
266         CHAN5G(100, 0),         CHAN5G(104, 0),
267         CHAN5G(108, 0),         CHAN5G(112, 0),
268         CHAN5G(116, 0),         CHAN5G(120, 0),
269         CHAN5G(124, 0),         CHAN5G(128, 0),
270         CHAN5G(132, 0),         CHAN5G(136, 0),
271         CHAN5G(140, 0),         CHAN5G(149, 0),
272         CHAN5G(153, 0),         CHAN5G(157, 0),
273         CHAN5G(161, 0),         CHAN5G(165, 0),
274         CHAN5G(184, 0),         CHAN5G(188, 0),
275         CHAN5G(192, 0),         CHAN5G(196, 0),
276         CHAN5G(200, 0),         CHAN5G(204, 0),
277         CHAN5G(208, 0),         CHAN5G(212, 0),
278         CHAN5G(216, 0),
279 };
280 #undef CHAN5G
281
282 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
283         .band           = IEEE80211_BAND_5GHZ,
284         .channels       = b43_5ghz_nphy_chantable,
285         .n_channels     = ARRAY_SIZE(b43_5ghz_nphy_chantable),
286         .bitrates       = b43_a_ratetable,
287         .n_bitrates     = b43_a_ratetable_size,
288 };
289
290 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
291         .band           = IEEE80211_BAND_5GHZ,
292         .channels       = b43_5ghz_aphy_chantable,
293         .n_channels     = ARRAY_SIZE(b43_5ghz_aphy_chantable),
294         .bitrates       = b43_a_ratetable,
295         .n_bitrates     = b43_a_ratetable_size,
296 };
297
298 static struct ieee80211_supported_band b43_band_2GHz = {
299         .band           = IEEE80211_BAND_2GHZ,
300         .channels       = b43_2ghz_chantable,
301         .n_channels     = ARRAY_SIZE(b43_2ghz_chantable),
302         .bitrates       = b43_g_ratetable,
303         .n_bitrates     = b43_g_ratetable_size,
304 };
305
306 static void b43_wireless_core_exit(struct b43_wldev *dev);
307 static int b43_wireless_core_init(struct b43_wldev *dev);
308 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev);
309 static int b43_wireless_core_start(struct b43_wldev *dev);
310
311 static int b43_ratelimit(struct b43_wl *wl)
312 {
313         if (!wl || !wl->current_dev)
314                 return 1;
315         if (b43_status(wl->current_dev) < B43_STAT_STARTED)
316                 return 1;
317         /* We are up and running.
318          * Ratelimit the messages to avoid DoS over the net. */
319         return net_ratelimit();
320 }
321
322 void b43info(struct b43_wl *wl, const char *fmt, ...)
323 {
324         va_list args;
325
326         if (b43_modparam_verbose < B43_VERBOSITY_INFO)
327                 return;
328         if (!b43_ratelimit(wl))
329                 return;
330         va_start(args, fmt);
331         printk(KERN_INFO "b43-%s: ",
332                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
333         vprintk(fmt, args);
334         va_end(args);
335 }
336
337 void b43err(struct b43_wl *wl, const char *fmt, ...)
338 {
339         va_list args;
340
341         if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
342                 return;
343         if (!b43_ratelimit(wl))
344                 return;
345         va_start(args, fmt);
346         printk(KERN_ERR "b43-%s ERROR: ",
347                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
348         vprintk(fmt, args);
349         va_end(args);
350 }
351
352 void b43warn(struct b43_wl *wl, const char *fmt, ...)
353 {
354         va_list args;
355
356         if (b43_modparam_verbose < B43_VERBOSITY_WARN)
357                 return;
358         if (!b43_ratelimit(wl))
359                 return;
360         va_start(args, fmt);
361         printk(KERN_WARNING "b43-%s warning: ",
362                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
363         vprintk(fmt, args);
364         va_end(args);
365 }
366
367 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
368 {
369         va_list args;
370
371         if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
372                 return;
373         va_start(args, fmt);
374         printk(KERN_DEBUG "b43-%s debug: ",
375                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
376         vprintk(fmt, args);
377         va_end(args);
378 }
379
380 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
381 {
382         u32 macctl;
383
384         B43_WARN_ON(offset % 4 != 0);
385
386         macctl = b43_read32(dev, B43_MMIO_MACCTL);
387         if (macctl & B43_MACCTL_BE)
388                 val = swab32(val);
389
390         b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
391         mmiowb();
392         b43_write32(dev, B43_MMIO_RAM_DATA, val);
393 }
394
395 static inline void b43_shm_control_word(struct b43_wldev *dev,
396                                         u16 routing, u16 offset)
397 {
398         u32 control;
399
400         /* "offset" is the WORD offset. */
401         control = routing;
402         control <<= 16;
403         control |= offset;
404         b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
405 }
406
407 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
408 {
409         u32 ret;
410
411         if (routing == B43_SHM_SHARED) {
412                 B43_WARN_ON(offset & 0x0001);
413                 if (offset & 0x0003) {
414                         /* Unaligned access */
415                         b43_shm_control_word(dev, routing, offset >> 2);
416                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
417                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
418                         ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
419
420                         goto out;
421                 }
422                 offset >>= 2;
423         }
424         b43_shm_control_word(dev, routing, offset);
425         ret = b43_read32(dev, B43_MMIO_SHM_DATA);
426 out:
427         return ret;
428 }
429
430 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
431 {
432         u16 ret;
433
434         if (routing == B43_SHM_SHARED) {
435                 B43_WARN_ON(offset & 0x0001);
436                 if (offset & 0x0003) {
437                         /* Unaligned access */
438                         b43_shm_control_word(dev, routing, offset >> 2);
439                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
440
441                         goto out;
442                 }
443                 offset >>= 2;
444         }
445         b43_shm_control_word(dev, routing, offset);
446         ret = b43_read16(dev, B43_MMIO_SHM_DATA);
447 out:
448         return ret;
449 }
450
451 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
452 {
453         if (routing == B43_SHM_SHARED) {
454                 B43_WARN_ON(offset & 0x0001);
455                 if (offset & 0x0003) {
456                         /* Unaligned access */
457                         b43_shm_control_word(dev, routing, offset >> 2);
458                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
459                                     value & 0xFFFF);
460                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
461                         b43_write16(dev, B43_MMIO_SHM_DATA,
462                                     (value >> 16) & 0xFFFF);
463                         return;
464                 }
465                 offset >>= 2;
466         }
467         b43_shm_control_word(dev, routing, offset);
468         b43_write32(dev, B43_MMIO_SHM_DATA, value);
469 }
470
471 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
472 {
473         if (routing == B43_SHM_SHARED) {
474                 B43_WARN_ON(offset & 0x0001);
475                 if (offset & 0x0003) {
476                         /* Unaligned access */
477                         b43_shm_control_word(dev, routing, offset >> 2);
478                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
479                         return;
480                 }
481                 offset >>= 2;
482         }
483         b43_shm_control_word(dev, routing, offset);
484         b43_write16(dev, B43_MMIO_SHM_DATA, value);
485 }
486
487 /* Read HostFlags */
488 u64 b43_hf_read(struct b43_wldev *dev)
489 {
490         u64 ret;
491
492         ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI);
493         ret <<= 16;
494         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI);
495         ret <<= 16;
496         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO);
497
498         return ret;
499 }
500
501 /* Write HostFlags */
502 void b43_hf_write(struct b43_wldev *dev, u64 value)
503 {
504         u16 lo, mi, hi;
505
506         lo = (value & 0x00000000FFFFULL);
507         mi = (value & 0x0000FFFF0000ULL) >> 16;
508         hi = (value & 0xFFFF00000000ULL) >> 32;
509         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO, lo);
510         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI, mi);
511         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI, hi);
512 }
513
514 /* Read the firmware capabilities bitmask (Opensource firmware only) */
515 static u16 b43_fwcapa_read(struct b43_wldev *dev)
516 {
517         B43_WARN_ON(!dev->fw.opensource);
518         return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
519 }
520
521 void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
522 {
523         u32 low, high;
524
525         B43_WARN_ON(dev->dev->id.revision < 3);
526
527         /* The hardware guarantees us an atomic read, if we
528          * read the low register first. */
529         low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
530         high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
531
532         *tsf = high;
533         *tsf <<= 32;
534         *tsf |= low;
535 }
536
537 static void b43_time_lock(struct b43_wldev *dev)
538 {
539         u32 macctl;
540
541         macctl = b43_read32(dev, B43_MMIO_MACCTL);
542         macctl |= B43_MACCTL_TBTTHOLD;
543         b43_write32(dev, B43_MMIO_MACCTL, macctl);
544         /* Commit the write */
545         b43_read32(dev, B43_MMIO_MACCTL);
546 }
547
548 static void b43_time_unlock(struct b43_wldev *dev)
549 {
550         u32 macctl;
551
552         macctl = b43_read32(dev, B43_MMIO_MACCTL);
553         macctl &= ~B43_MACCTL_TBTTHOLD;
554         b43_write32(dev, B43_MMIO_MACCTL, macctl);
555         /* Commit the write */
556         b43_read32(dev, B43_MMIO_MACCTL);
557 }
558
559 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
560 {
561         u32 low, high;
562
563         B43_WARN_ON(dev->dev->id.revision < 3);
564
565         low = tsf;
566         high = (tsf >> 32);
567         /* The hardware guarantees us an atomic write, if we
568          * write the low register first. */
569         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
570         mmiowb();
571         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
572         mmiowb();
573 }
574
575 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
576 {
577         b43_time_lock(dev);
578         b43_tsf_write_locked(dev, tsf);
579         b43_time_unlock(dev);
580 }
581
582 static
583 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
584 {
585         static const u8 zero_addr[ETH_ALEN] = { 0 };
586         u16 data;
587
588         if (!mac)
589                 mac = zero_addr;
590
591         offset |= 0x0020;
592         b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
593
594         data = mac[0];
595         data |= mac[1] << 8;
596         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
597         data = mac[2];
598         data |= mac[3] << 8;
599         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
600         data = mac[4];
601         data |= mac[5] << 8;
602         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
603 }
604
605 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
606 {
607         const u8 *mac;
608         const u8 *bssid;
609         u8 mac_bssid[ETH_ALEN * 2];
610         int i;
611         u32 tmp;
612
613         bssid = dev->wl->bssid;
614         mac = dev->wl->mac_addr;
615
616         b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
617
618         memcpy(mac_bssid, mac, ETH_ALEN);
619         memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
620
621         /* Write our MAC address and BSSID to template ram */
622         for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
623                 tmp = (u32) (mac_bssid[i + 0]);
624                 tmp |= (u32) (mac_bssid[i + 1]) << 8;
625                 tmp |= (u32) (mac_bssid[i + 2]) << 16;
626                 tmp |= (u32) (mac_bssid[i + 3]) << 24;
627                 b43_ram_write(dev, 0x20 + i, tmp);
628         }
629 }
630
631 static void b43_upload_card_macaddress(struct b43_wldev *dev)
632 {
633         b43_write_mac_bssid_templates(dev);
634         b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
635 }
636
637 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
638 {
639         /* slot_time is in usec. */
640         /* This test used to exit for all but a G PHY. */
641         if (b43_current_band(dev->wl) == IEEE80211_BAND_5GHZ)
642                 return;
643         b43_write16(dev, B43_MMIO_IFSSLOT, 510 + slot_time);
644         /* Shared memory location 0x0010 is the slot time and should be
645          * set to slot_time; however, this register is initially 0 and changing
646          * the value adversely affects the transmit rate for BCM4311
647          * devices. Until this behavior is unterstood, delete this step
648          *
649          * b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
650          */
651 }
652
653 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
654 {
655         b43_set_slot_time(dev, 9);
656 }
657
658 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
659 {
660         b43_set_slot_time(dev, 20);
661 }
662
663 /* DummyTransmission function, as documented on
664  * http://bcm-v4.sipsolutions.net/802.11/DummyTransmission
665  */
666 void b43_dummy_transmission(struct b43_wldev *dev, bool ofdm, bool pa_on)
667 {
668         struct b43_phy *phy = &dev->phy;
669         unsigned int i, max_loop;
670         u16 value;
671         u32 buffer[5] = {
672                 0x00000000,
673                 0x00D40000,
674                 0x00000000,
675                 0x01000000,
676                 0x00000000,
677         };
678
679         if (ofdm) {
680                 max_loop = 0x1E;
681                 buffer[0] = 0x000201CC;
682         } else {
683                 max_loop = 0xFA;
684                 buffer[0] = 0x000B846E;
685         }
686
687         for (i = 0; i < 5; i++)
688                 b43_ram_write(dev, i * 4, buffer[i]);
689
690         b43_write16(dev, 0x0568, 0x0000);
691         if (dev->dev->id.revision < 11)
692                 b43_write16(dev, 0x07C0, 0x0000);
693         else
694                 b43_write16(dev, 0x07C0, 0x0100);
695         value = (ofdm ? 0x41 : 0x40);
696         b43_write16(dev, 0x050C, value);
697         if ((phy->type == B43_PHYTYPE_N) || (phy->type == B43_PHYTYPE_LP))
698                 b43_write16(dev, 0x0514, 0x1A02);
699         b43_write16(dev, 0x0508, 0x0000);
700         b43_write16(dev, 0x050A, 0x0000);
701         b43_write16(dev, 0x054C, 0x0000);
702         b43_write16(dev, 0x056A, 0x0014);
703         b43_write16(dev, 0x0568, 0x0826);
704         b43_write16(dev, 0x0500, 0x0000);
705         if (!pa_on && (phy->type == B43_PHYTYPE_N)) {
706                 //SPEC TODO
707         }
708
709         switch (phy->type) {
710         case B43_PHYTYPE_N:
711                 b43_write16(dev, 0x0502, 0x00D0);
712                 break;
713         case B43_PHYTYPE_LP:
714                 b43_write16(dev, 0x0502, 0x0050);
715                 break;
716         default:
717                 b43_write16(dev, 0x0502, 0x0030);
718         }
719
720         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
721                 b43_radio_write16(dev, 0x0051, 0x0017);
722         for (i = 0x00; i < max_loop; i++) {
723                 value = b43_read16(dev, 0x050E);
724                 if (value & 0x0080)
725                         break;
726                 udelay(10);
727         }
728         for (i = 0x00; i < 0x0A; i++) {
729                 value = b43_read16(dev, 0x050E);
730                 if (value & 0x0400)
731                         break;
732                 udelay(10);
733         }
734         for (i = 0x00; i < 0x19; i++) {
735                 value = b43_read16(dev, 0x0690);
736                 if (!(value & 0x0100))
737                         break;
738                 udelay(10);
739         }
740         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
741                 b43_radio_write16(dev, 0x0051, 0x0037);
742 }
743
744 static void key_write(struct b43_wldev *dev,
745                       u8 index, u8 algorithm, const u8 *key)
746 {
747         unsigned int i;
748         u32 offset;
749         u16 value;
750         u16 kidx;
751
752         /* Key index/algo block */
753         kidx = b43_kidx_to_fw(dev, index);
754         value = ((kidx << 4) | algorithm);
755         b43_shm_write16(dev, B43_SHM_SHARED,
756                         B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
757
758         /* Write the key to the Key Table Pointer offset */
759         offset = dev->ktp + (index * B43_SEC_KEYSIZE);
760         for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
761                 value = key[i];
762                 value |= (u16) (key[i + 1]) << 8;
763                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
764         }
765 }
766
767 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
768 {
769         u32 addrtmp[2] = { 0, 0, };
770         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
771
772         if (b43_new_kidx_api(dev))
773                 pairwise_keys_start = B43_NR_GROUP_KEYS;
774
775         B43_WARN_ON(index < pairwise_keys_start);
776         /* We have four default TX keys and possibly four default RX keys.
777          * Physical mac 0 is mapped to physical key 4 or 8, depending
778          * on the firmware version.
779          * So we must adjust the index here.
780          */
781         index -= pairwise_keys_start;
782         B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
783
784         if (addr) {
785                 addrtmp[0] = addr[0];
786                 addrtmp[0] |= ((u32) (addr[1]) << 8);
787                 addrtmp[0] |= ((u32) (addr[2]) << 16);
788                 addrtmp[0] |= ((u32) (addr[3]) << 24);
789                 addrtmp[1] = addr[4];
790                 addrtmp[1] |= ((u32) (addr[5]) << 8);
791         }
792
793         /* Receive match transmitter address (RCMTA) mechanism */
794         b43_shm_write32(dev, B43_SHM_RCMTA,
795                         (index * 2) + 0, addrtmp[0]);
796         b43_shm_write16(dev, B43_SHM_RCMTA,
797                         (index * 2) + 1, addrtmp[1]);
798 }
799
800 /* The ucode will use phase1 key with TEK key to decrypt rx packets.
801  * When a packet is received, the iv32 is checked.
802  * - if it doesn't the packet is returned without modification (and software
803  *   decryption can be done). That's what happen when iv16 wrap.
804  * - if it does, the rc4 key is computed, and decryption is tried.
805  *   Either it will success and B43_RX_MAC_DEC is returned,
806  *   either it fails and B43_RX_MAC_DEC|B43_RX_MAC_DECERR is returned
807  *   and the packet is not usable (it got modified by the ucode).
808  * So in order to never have B43_RX_MAC_DECERR, we should provide
809  * a iv32 and phase1key that match. Because we drop packets in case of
810  * B43_RX_MAC_DECERR, if we have a correct iv32 but a wrong phase1key, all
811  * packets will be lost without higher layer knowing (ie no resync possible
812  * until next wrap).
813  *
814  * NOTE : this should support 50 key like RCMTA because
815  * (B43_SHM_SH_KEYIDXBLOCK - B43_SHM_SH_TKIPTSCTTAK)/14 = 50
816  */
817 static void rx_tkip_phase1_write(struct b43_wldev *dev, u8 index, u32 iv32,
818                 u16 *phase1key)
819 {
820         unsigned int i;
821         u32 offset;
822         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
823
824         if (!modparam_hwtkip)
825                 return;
826
827         if (b43_new_kidx_api(dev))
828                 pairwise_keys_start = B43_NR_GROUP_KEYS;
829
830         B43_WARN_ON(index < pairwise_keys_start);
831         /* We have four default TX keys and possibly four default RX keys.
832          * Physical mac 0 is mapped to physical key 4 or 8, depending
833          * on the firmware version.
834          * So we must adjust the index here.
835          */
836         index -= pairwise_keys_start;
837         B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
838
839         if (b43_debug(dev, B43_DBG_KEYS)) {
840                 b43dbg(dev->wl, "rx_tkip_phase1_write : idx 0x%x, iv32 0x%x\n",
841                                 index, iv32);
842         }
843         /* Write the key to the  RX tkip shared mem */
844         offset = B43_SHM_SH_TKIPTSCTTAK + index * (10 + 4);
845         for (i = 0; i < 10; i += 2) {
846                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i,
847                                 phase1key ? phase1key[i / 2] : 0);
848         }
849         b43_shm_write16(dev, B43_SHM_SHARED, offset + i, iv32);
850         b43_shm_write16(dev, B43_SHM_SHARED, offset + i + 2, iv32 >> 16);
851 }
852
853 static void b43_op_update_tkip_key(struct ieee80211_hw *hw,
854                                    struct ieee80211_vif *vif,
855                                    struct ieee80211_key_conf *keyconf,
856                                    struct ieee80211_sta *sta,
857                                    u32 iv32, u16 *phase1key)
858 {
859         struct b43_wl *wl = hw_to_b43_wl(hw);
860         struct b43_wldev *dev;
861         int index = keyconf->hw_key_idx;
862
863         if (B43_WARN_ON(!modparam_hwtkip))
864                 return;
865
866         /* This is only called from the RX path through mac80211, where
867          * our mutex is already locked. */
868         B43_WARN_ON(!mutex_is_locked(&wl->mutex));
869         dev = wl->current_dev;
870         B43_WARN_ON(!dev || b43_status(dev) < B43_STAT_INITIALIZED);
871
872         keymac_write(dev, index, NULL); /* First zero out mac to avoid race */
873
874         rx_tkip_phase1_write(dev, index, iv32, phase1key);
875         /* only pairwise TKIP keys are supported right now */
876         if (WARN_ON(!sta))
877                 return;
878         keymac_write(dev, index, sta->addr);
879 }
880
881 static void do_key_write(struct b43_wldev *dev,
882                          u8 index, u8 algorithm,
883                          const u8 *key, size_t key_len, const u8 *mac_addr)
884 {
885         u8 buf[B43_SEC_KEYSIZE] = { 0, };
886         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
887
888         if (b43_new_kidx_api(dev))
889                 pairwise_keys_start = B43_NR_GROUP_KEYS;
890
891         B43_WARN_ON(index >= ARRAY_SIZE(dev->key));
892         B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
893
894         if (index >= pairwise_keys_start)
895                 keymac_write(dev, index, NULL); /* First zero out mac. */
896         if (algorithm == B43_SEC_ALGO_TKIP) {
897                 /*
898                  * We should provide an initial iv32, phase1key pair.
899                  * We could start with iv32=0 and compute the corresponding
900                  * phase1key, but this means calling ieee80211_get_tkip_key
901                  * with a fake skb (or export other tkip function).
902                  * Because we are lazy we hope iv32 won't start with
903                  * 0xffffffff and let's b43_op_update_tkip_key provide a
904                  * correct pair.
905                  */
906                 rx_tkip_phase1_write(dev, index, 0xffffffff, (u16*)buf);
907         } else if (index >= pairwise_keys_start) /* clear it */
908                 rx_tkip_phase1_write(dev, index, 0, NULL);
909         if (key)
910                 memcpy(buf, key, key_len);
911         key_write(dev, index, algorithm, buf);
912         if (index >= pairwise_keys_start)
913                 keymac_write(dev, index, mac_addr);
914
915         dev->key[index].algorithm = algorithm;
916 }
917
918 static int b43_key_write(struct b43_wldev *dev,
919                          int index, u8 algorithm,
920                          const u8 *key, size_t key_len,
921                          const u8 *mac_addr,
922                          struct ieee80211_key_conf *keyconf)
923 {
924         int i;
925         int pairwise_keys_start;
926
927         /* For ALG_TKIP the key is encoded as a 256-bit (32 byte) data block:
928          *      - Temporal Encryption Key (128 bits)
929          *      - Temporal Authenticator Tx MIC Key (64 bits)
930          *      - Temporal Authenticator Rx MIC Key (64 bits)
931          *
932          *      Hardware only store TEK
933          */
934         if (algorithm == B43_SEC_ALGO_TKIP && key_len == 32)
935                 key_len = 16;
936         if (key_len > B43_SEC_KEYSIZE)
937                 return -EINVAL;
938         for (i = 0; i < ARRAY_SIZE(dev->key); i++) {
939                 /* Check that we don't already have this key. */
940                 B43_WARN_ON(dev->key[i].keyconf == keyconf);
941         }
942         if (index < 0) {
943                 /* Pairwise key. Get an empty slot for the key. */
944                 if (b43_new_kidx_api(dev))
945                         pairwise_keys_start = B43_NR_GROUP_KEYS;
946                 else
947                         pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
948                 for (i = pairwise_keys_start;
949                      i < pairwise_keys_start + B43_NR_PAIRWISE_KEYS;
950                      i++) {
951                         B43_WARN_ON(i >= ARRAY_SIZE(dev->key));
952                         if (!dev->key[i].keyconf) {
953                                 /* found empty */
954                                 index = i;
955                                 break;
956                         }
957                 }
958                 if (index < 0) {
959                         b43warn(dev->wl, "Out of hardware key memory\n");
960                         return -ENOSPC;
961                 }
962         } else
963                 B43_WARN_ON(index > 3);
964
965         do_key_write(dev, index, algorithm, key, key_len, mac_addr);
966         if ((index <= 3) && !b43_new_kidx_api(dev)) {
967                 /* Default RX key */
968                 B43_WARN_ON(mac_addr);
969                 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
970         }
971         keyconf->hw_key_idx = index;
972         dev->key[index].keyconf = keyconf;
973
974         return 0;
975 }
976
977 static int b43_key_clear(struct b43_wldev *dev, int index)
978 {
979         if (B43_WARN_ON((index < 0) || (index >= ARRAY_SIZE(dev->key))))
980                 return -EINVAL;
981         do_key_write(dev, index, B43_SEC_ALGO_NONE,
982                      NULL, B43_SEC_KEYSIZE, NULL);
983         if ((index <= 3) && !b43_new_kidx_api(dev)) {
984                 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
985                              NULL, B43_SEC_KEYSIZE, NULL);
986         }
987         dev->key[index].keyconf = NULL;
988
989         return 0;
990 }
991
992 static void b43_clear_keys(struct b43_wldev *dev)
993 {
994         int i, count;
995
996         if (b43_new_kidx_api(dev))
997                 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
998         else
999                 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1000         for (i = 0; i < count; i++)
1001                 b43_key_clear(dev, i);
1002 }
1003
1004 static void b43_dump_keymemory(struct b43_wldev *dev)
1005 {
1006         unsigned int i, index, count, offset, pairwise_keys_start;
1007         u8 mac[ETH_ALEN];
1008         u16 algo;
1009         u32 rcmta0;
1010         u16 rcmta1;
1011         u64 hf;
1012         struct b43_key *key;
1013
1014         if (!b43_debug(dev, B43_DBG_KEYS))
1015                 return;
1016
1017         hf = b43_hf_read(dev);
1018         b43dbg(dev->wl, "Hardware key memory dump:  USEDEFKEYS=%u\n",
1019                !!(hf & B43_HF_USEDEFKEYS));
1020         if (b43_new_kidx_api(dev)) {
1021                 pairwise_keys_start = B43_NR_GROUP_KEYS;
1022                 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1023         } else {
1024                 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1025                 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1026         }
1027         for (index = 0; index < count; index++) {
1028                 key = &(dev->key[index]);
1029                 printk(KERN_DEBUG "Key slot %02u: %s",
1030                        index, (key->keyconf == NULL) ? " " : "*");
1031                 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
1032                 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
1033                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1034                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1035                 }
1036
1037                 algo = b43_shm_read16(dev, B43_SHM_SHARED,
1038                                       B43_SHM_SH_KEYIDXBLOCK + (index * 2));
1039                 printk("   Algo: %04X/%02X", algo, key->algorithm);
1040
1041                 if (index >= pairwise_keys_start) {
1042                         if (key->algorithm == B43_SEC_ALGO_TKIP) {
1043                                 printk("   TKIP: ");
1044                                 offset = B43_SHM_SH_TKIPTSCTTAK + (index - 4) * (10 + 4);
1045                                 for (i = 0; i < 14; i += 2) {
1046                                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1047                                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1048                                 }
1049                         }
1050                         rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
1051                                                 ((index - pairwise_keys_start) * 2) + 0);
1052                         rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
1053                                                 ((index - pairwise_keys_start) * 2) + 1);
1054                         *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
1055                         *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
1056                         printk("   MAC: %pM", mac);
1057                 } else
1058                         printk("   DEFAULT KEY");
1059                 printk("\n");
1060         }
1061 }
1062
1063 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1064 {
1065         u32 macctl;
1066         u16 ucstat;
1067         bool hwps;
1068         bool awake;
1069         int i;
1070
1071         B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1072                     (ps_flags & B43_PS_DISABLED));
1073         B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1074
1075         if (ps_flags & B43_PS_ENABLED) {
1076                 hwps = 1;
1077         } else if (ps_flags & B43_PS_DISABLED) {
1078                 hwps = 0;
1079         } else {
1080                 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1081                 //      and thus is not an AP and we are associated, set bit 25
1082         }
1083         if (ps_flags & B43_PS_AWAKE) {
1084                 awake = 1;
1085         } else if (ps_flags & B43_PS_ASLEEP) {
1086                 awake = 0;
1087         } else {
1088                 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1089                 //      or we are associated, or FIXME, or the latest PS-Poll packet sent was
1090                 //      successful, set bit26
1091         }
1092
1093 /* FIXME: For now we force awake-on and hwps-off */
1094         hwps = 0;
1095         awake = 1;
1096
1097         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1098         if (hwps)
1099                 macctl |= B43_MACCTL_HWPS;
1100         else
1101                 macctl &= ~B43_MACCTL_HWPS;
1102         if (awake)
1103                 macctl |= B43_MACCTL_AWAKE;
1104         else
1105                 macctl &= ~B43_MACCTL_AWAKE;
1106         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1107         /* Commit write */
1108         b43_read32(dev, B43_MMIO_MACCTL);
1109         if (awake && dev->dev->id.revision >= 5) {
1110                 /* Wait for the microcode to wake up. */
1111                 for (i = 0; i < 100; i++) {
1112                         ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1113                                                 B43_SHM_SH_UCODESTAT);
1114                         if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1115                                 break;
1116                         udelay(10);
1117                 }
1118         }
1119 }
1120
1121 void b43_wireless_core_reset(struct b43_wldev *dev, u32 flags)
1122 {
1123         u32 tmslow;
1124         u32 macctl;
1125
1126         flags |= B43_TMSLOW_PHYCLKEN;
1127         flags |= B43_TMSLOW_PHYRESET;
1128         ssb_device_enable(dev->dev, flags);
1129         msleep(2);              /* Wait for the PLL to turn on. */
1130
1131         /* Now take the PHY out of Reset again */
1132         tmslow = ssb_read32(dev->dev, SSB_TMSLOW);
1133         tmslow |= SSB_TMSLOW_FGC;
1134         tmslow &= ~B43_TMSLOW_PHYRESET;
1135         ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1136         ssb_read32(dev->dev, SSB_TMSLOW);       /* flush */
1137         msleep(1);
1138         tmslow &= ~SSB_TMSLOW_FGC;
1139         ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1140         ssb_read32(dev->dev, SSB_TMSLOW);       /* flush */
1141         msleep(1);
1142
1143         /* Turn Analog ON, but only if we already know the PHY-type.
1144          * This protects against very early setup where we don't know the
1145          * PHY-type, yet. wireless_core_reset will be called once again later,
1146          * when we know the PHY-type. */
1147         if (dev->phy.ops)
1148                 dev->phy.ops->switch_analog(dev, 1);
1149
1150         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1151         macctl &= ~B43_MACCTL_GMODE;
1152         if (flags & B43_TMSLOW_GMODE)
1153                 macctl |= B43_MACCTL_GMODE;
1154         macctl |= B43_MACCTL_IHR_ENABLED;
1155         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1156 }
1157
1158 static void handle_irq_transmit_status(struct b43_wldev *dev)
1159 {
1160         u32 v0, v1;
1161         u16 tmp;
1162         struct b43_txstatus stat;
1163
1164         while (1) {
1165                 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1166                 if (!(v0 & 0x00000001))
1167                         break;
1168                 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1169
1170                 stat.cookie = (v0 >> 16);
1171                 stat.seq = (v1 & 0x0000FFFF);
1172                 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1173                 tmp = (v0 & 0x0000FFFF);
1174                 stat.frame_count = ((tmp & 0xF000) >> 12);
1175                 stat.rts_count = ((tmp & 0x0F00) >> 8);
1176                 stat.supp_reason = ((tmp & 0x001C) >> 2);
1177                 stat.pm_indicated = !!(tmp & 0x0080);
1178                 stat.intermediate = !!(tmp & 0x0040);
1179                 stat.for_ampdu = !!(tmp & 0x0020);
1180                 stat.acked = !!(tmp & 0x0002);
1181
1182                 b43_handle_txstatus(dev, &stat);
1183         }
1184 }
1185
1186 static void drain_txstatus_queue(struct b43_wldev *dev)
1187 {
1188         u32 dummy;
1189
1190         if (dev->dev->id.revision < 5)
1191                 return;
1192         /* Read all entries from the microcode TXstatus FIFO
1193          * and throw them away.
1194          */
1195         while (1) {
1196                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1197                 if (!(dummy & 0x00000001))
1198                         break;
1199                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1200         }
1201 }
1202
1203 static u32 b43_jssi_read(struct b43_wldev *dev)
1204 {
1205         u32 val = 0;
1206
1207         val = b43_shm_read16(dev, B43_SHM_SHARED, 0x08A);
1208         val <<= 16;
1209         val |= b43_shm_read16(dev, B43_SHM_SHARED, 0x088);
1210
1211         return val;
1212 }
1213
1214 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1215 {
1216         b43_shm_write16(dev, B43_SHM_SHARED, 0x088, (jssi & 0x0000FFFF));
1217         b43_shm_write16(dev, B43_SHM_SHARED, 0x08A, (jssi & 0xFFFF0000) >> 16);
1218 }
1219
1220 static void b43_generate_noise_sample(struct b43_wldev *dev)
1221 {
1222         b43_jssi_write(dev, 0x7F7F7F7F);
1223         b43_write32(dev, B43_MMIO_MACCMD,
1224                     b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1225 }
1226
1227 static void b43_calculate_link_quality(struct b43_wldev *dev)
1228 {
1229         /* Top half of Link Quality calculation. */
1230
1231         if (dev->phy.type != B43_PHYTYPE_G)
1232                 return;
1233         if (dev->noisecalc.calculation_running)
1234                 return;
1235         dev->noisecalc.calculation_running = 1;
1236         dev->noisecalc.nr_samples = 0;
1237
1238         b43_generate_noise_sample(dev);
1239 }
1240
1241 static void handle_irq_noise(struct b43_wldev *dev)
1242 {
1243         struct b43_phy_g *phy = dev->phy.g;
1244         u16 tmp;
1245         u8 noise[4];
1246         u8 i, j;
1247         s32 average;
1248
1249         /* Bottom half of Link Quality calculation. */
1250
1251         if (dev->phy.type != B43_PHYTYPE_G)
1252                 return;
1253
1254         /* Possible race condition: It might be possible that the user
1255          * changed to a different channel in the meantime since we
1256          * started the calculation. We ignore that fact, since it's
1257          * not really that much of a problem. The background noise is
1258          * an estimation only anyway. Slightly wrong results will get damped
1259          * by the averaging of the 8 sample rounds. Additionally the
1260          * value is shortlived. So it will be replaced by the next noise
1261          * calculation round soon. */
1262
1263         B43_WARN_ON(!dev->noisecalc.calculation_running);
1264         *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1265         if (noise[0] == 0x7F || noise[1] == 0x7F ||
1266             noise[2] == 0x7F || noise[3] == 0x7F)
1267                 goto generate_new;
1268
1269         /* Get the noise samples. */
1270         B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1271         i = dev->noisecalc.nr_samples;
1272         noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1273         noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1274         noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1275         noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1276         dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1277         dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1278         dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1279         dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1280         dev->noisecalc.nr_samples++;
1281         if (dev->noisecalc.nr_samples == 8) {
1282                 /* Calculate the Link Quality by the noise samples. */
1283                 average = 0;
1284                 for (i = 0; i < 8; i++) {
1285                         for (j = 0; j < 4; j++)
1286                                 average += dev->noisecalc.samples[i][j];
1287                 }
1288                 average /= (8 * 4);
1289                 average *= 125;
1290                 average += 64;
1291                 average /= 128;
1292                 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1293                 tmp = (tmp / 128) & 0x1F;
1294                 if (tmp >= 8)
1295                         average += 2;
1296                 else
1297                         average -= 25;
1298                 if (tmp == 8)
1299                         average -= 72;
1300                 else
1301                         average -= 48;
1302
1303                 dev->stats.link_noise = average;
1304                 dev->noisecalc.calculation_running = 0;
1305                 return;
1306         }
1307 generate_new:
1308         b43_generate_noise_sample(dev);
1309 }
1310
1311 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1312 {
1313         if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1314                 ///TODO: PS TBTT
1315         } else {
1316                 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1317                         b43_power_saving_ctl_bits(dev, 0);
1318         }
1319         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1320                 dev->dfq_valid = 1;
1321 }
1322
1323 static void handle_irq_atim_end(struct b43_wldev *dev)
1324 {
1325         if (dev->dfq_valid) {
1326                 b43_write32(dev, B43_MMIO_MACCMD,
1327                             b43_read32(dev, B43_MMIO_MACCMD)
1328                             | B43_MACCMD_DFQ_VALID);
1329                 dev->dfq_valid = 0;
1330         }
1331 }
1332
1333 static void handle_irq_pmq(struct b43_wldev *dev)
1334 {
1335         u32 tmp;
1336
1337         //TODO: AP mode.
1338
1339         while (1) {
1340                 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1341                 if (!(tmp & 0x00000008))
1342                         break;
1343         }
1344         /* 16bit write is odd, but correct. */
1345         b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1346 }
1347
1348 static void b43_write_template_common(struct b43_wldev *dev,
1349                                       const u8 *data, u16 size,
1350                                       u16 ram_offset,
1351                                       u16 shm_size_offset, u8 rate)
1352 {
1353         u32 i, tmp;
1354         struct b43_plcp_hdr4 plcp;
1355
1356         plcp.data = 0;
1357         b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1358         b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1359         ram_offset += sizeof(u32);
1360         /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1361          * So leave the first two bytes of the next write blank.
1362          */
1363         tmp = (u32) (data[0]) << 16;
1364         tmp |= (u32) (data[1]) << 24;
1365         b43_ram_write(dev, ram_offset, tmp);
1366         ram_offset += sizeof(u32);
1367         for (i = 2; i < size; i += sizeof(u32)) {
1368                 tmp = (u32) (data[i + 0]);
1369                 if (i + 1 < size)
1370                         tmp |= (u32) (data[i + 1]) << 8;
1371                 if (i + 2 < size)
1372                         tmp |= (u32) (data[i + 2]) << 16;
1373                 if (i + 3 < size)
1374                         tmp |= (u32) (data[i + 3]) << 24;
1375                 b43_ram_write(dev, ram_offset + i - 2, tmp);
1376         }
1377         b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1378                         size + sizeof(struct b43_plcp_hdr6));
1379 }
1380
1381 /* Check if the use of the antenna that ieee80211 told us to
1382  * use is possible. This will fall back to DEFAULT.
1383  * "antenna_nr" is the antenna identifier we got from ieee80211. */
1384 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1385                                   u8 antenna_nr)
1386 {
1387         u8 antenna_mask;
1388
1389         if (antenna_nr == 0) {
1390                 /* Zero means "use default antenna". That's always OK. */
1391                 return 0;
1392         }
1393
1394         /* Get the mask of available antennas. */
1395         if (dev->phy.gmode)
1396                 antenna_mask = dev->dev->bus->sprom.ant_available_bg;
1397         else
1398                 antenna_mask = dev->dev->bus->sprom.ant_available_a;
1399
1400         if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1401                 /* This antenna is not available. Fall back to default. */
1402                 return 0;
1403         }
1404
1405         return antenna_nr;
1406 }
1407
1408 /* Convert a b43 antenna number value to the PHY TX control value. */
1409 static u16 b43_antenna_to_phyctl(int antenna)
1410 {
1411         switch (antenna) {
1412         case B43_ANTENNA0:
1413                 return B43_TXH_PHY_ANT0;
1414         case B43_ANTENNA1:
1415                 return B43_TXH_PHY_ANT1;
1416         case B43_ANTENNA2:
1417                 return B43_TXH_PHY_ANT2;
1418         case B43_ANTENNA3:
1419                 return B43_TXH_PHY_ANT3;
1420         case B43_ANTENNA_AUTO0:
1421         case B43_ANTENNA_AUTO1:
1422                 return B43_TXH_PHY_ANT01AUTO;
1423         }
1424         B43_WARN_ON(1);
1425         return 0;
1426 }
1427
1428 static void b43_write_beacon_template(struct b43_wldev *dev,
1429                                       u16 ram_offset,
1430                                       u16 shm_size_offset)
1431 {
1432         unsigned int i, len, variable_len;
1433         const struct ieee80211_mgmt *bcn;
1434         const u8 *ie;
1435         bool tim_found = 0;
1436         unsigned int rate;
1437         u16 ctl;
1438         int antenna;
1439         struct ieee80211_tx_info *info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1440
1441         bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1442         len = min((size_t) dev->wl->current_beacon->len,
1443                   0x200 - sizeof(struct b43_plcp_hdr6));
1444         rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1445
1446         b43_write_template_common(dev, (const u8 *)bcn,
1447                                   len, ram_offset, shm_size_offset, rate);
1448
1449         /* Write the PHY TX control parameters. */
1450         antenna = B43_ANTENNA_DEFAULT;
1451         antenna = b43_antenna_to_phyctl(antenna);
1452         ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1453         /* We can't send beacons with short preamble. Would get PHY errors. */
1454         ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1455         ctl &= ~B43_TXH_PHY_ANT;
1456         ctl &= ~B43_TXH_PHY_ENC;
1457         ctl |= antenna;
1458         if (b43_is_cck_rate(rate))
1459                 ctl |= B43_TXH_PHY_ENC_CCK;
1460         else
1461                 ctl |= B43_TXH_PHY_ENC_OFDM;
1462         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1463
1464         /* Find the position of the TIM and the DTIM_period value
1465          * and write them to SHM. */
1466         ie = bcn->u.beacon.variable;
1467         variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1468         for (i = 0; i < variable_len - 2; ) {
1469                 uint8_t ie_id, ie_len;
1470
1471                 ie_id = ie[i];
1472                 ie_len = ie[i + 1];
1473                 if (ie_id == 5) {
1474                         u16 tim_position;
1475                         u16 dtim_period;
1476                         /* This is the TIM Information Element */
1477
1478                         /* Check whether the ie_len is in the beacon data range. */
1479                         if (variable_len < ie_len + 2 + i)
1480                                 break;
1481                         /* A valid TIM is at least 4 bytes long. */
1482                         if (ie_len < 4)
1483                                 break;
1484                         tim_found = 1;
1485
1486                         tim_position = sizeof(struct b43_plcp_hdr6);
1487                         tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1488                         tim_position += i;
1489
1490                         dtim_period = ie[i + 3];
1491
1492                         b43_shm_write16(dev, B43_SHM_SHARED,
1493                                         B43_SHM_SH_TIMBPOS, tim_position);
1494                         b43_shm_write16(dev, B43_SHM_SHARED,
1495                                         B43_SHM_SH_DTIMPER, dtim_period);
1496                         break;
1497                 }
1498                 i += ie_len + 2;
1499         }
1500         if (!tim_found) {
1501                 /*
1502                  * If ucode wants to modify TIM do it behind the beacon, this
1503                  * will happen, for example, when doing mesh networking.
1504                  */
1505                 b43_shm_write16(dev, B43_SHM_SHARED,
1506                                 B43_SHM_SH_TIMBPOS,
1507                                 len + sizeof(struct b43_plcp_hdr6));
1508                 b43_shm_write16(dev, B43_SHM_SHARED,
1509                                 B43_SHM_SH_DTIMPER, 0);
1510         }
1511         b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1512 }
1513
1514 static void b43_upload_beacon0(struct b43_wldev *dev)
1515 {
1516         struct b43_wl *wl = dev->wl;
1517
1518         if (wl->beacon0_uploaded)
1519                 return;
1520         b43_write_beacon_template(dev, 0x68, 0x18);
1521         wl->beacon0_uploaded = 1;
1522 }
1523
1524 static void b43_upload_beacon1(struct b43_wldev *dev)
1525 {
1526         struct b43_wl *wl = dev->wl;
1527
1528         if (wl->beacon1_uploaded)
1529                 return;
1530         b43_write_beacon_template(dev, 0x468, 0x1A);
1531         wl->beacon1_uploaded = 1;
1532 }
1533
1534 static void handle_irq_beacon(struct b43_wldev *dev)
1535 {
1536         struct b43_wl *wl = dev->wl;
1537         u32 cmd, beacon0_valid, beacon1_valid;
1538
1539         if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1540             !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
1541                 return;
1542
1543         /* This is the bottom half of the asynchronous beacon update. */
1544
1545         /* Ignore interrupt in the future. */
1546         dev->irq_mask &= ~B43_IRQ_BEACON;
1547
1548         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1549         beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1550         beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1551
1552         /* Schedule interrupt manually, if busy. */
1553         if (beacon0_valid && beacon1_valid) {
1554                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1555                 dev->irq_mask |= B43_IRQ_BEACON;
1556                 return;
1557         }
1558
1559         if (unlikely(wl->beacon_templates_virgin)) {
1560                 /* We never uploaded a beacon before.
1561                  * Upload both templates now, but only mark one valid. */
1562                 wl->beacon_templates_virgin = 0;
1563                 b43_upload_beacon0(dev);
1564                 b43_upload_beacon1(dev);
1565                 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1566                 cmd |= B43_MACCMD_BEACON0_VALID;
1567                 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1568         } else {
1569                 if (!beacon0_valid) {
1570                         b43_upload_beacon0(dev);
1571                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1572                         cmd |= B43_MACCMD_BEACON0_VALID;
1573                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1574                 } else if (!beacon1_valid) {
1575                         b43_upload_beacon1(dev);
1576                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1577                         cmd |= B43_MACCMD_BEACON1_VALID;
1578                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1579                 }
1580         }
1581 }
1582
1583 static void b43_do_beacon_update_trigger_work(struct b43_wldev *dev)
1584 {
1585         u32 old_irq_mask = dev->irq_mask;
1586
1587         /* update beacon right away or defer to irq */
1588         handle_irq_beacon(dev);
1589         if (old_irq_mask != dev->irq_mask) {
1590                 /* The handler updated the IRQ mask. */
1591                 B43_WARN_ON(!dev->irq_mask);
1592                 if (b43_read32(dev, B43_MMIO_GEN_IRQ_MASK)) {
1593                         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1594                 } else {
1595                         /* Device interrupts are currently disabled. That means
1596                          * we just ran the hardirq handler and scheduled the
1597                          * IRQ thread. The thread will write the IRQ mask when
1598                          * it finished, so there's nothing to do here. Writing
1599                          * the mask _here_ would incorrectly re-enable IRQs. */
1600                 }
1601         }
1602 }
1603
1604 static void b43_beacon_update_trigger_work(struct work_struct *work)
1605 {
1606         struct b43_wl *wl = container_of(work, struct b43_wl,
1607                                          beacon_update_trigger);
1608         struct b43_wldev *dev;
1609
1610         mutex_lock(&wl->mutex);
1611         dev = wl->current_dev;
1612         if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1613                 if (dev->dev->bus->bustype == SSB_BUSTYPE_SDIO) {
1614                         /* wl->mutex is enough. */
1615                         b43_do_beacon_update_trigger_work(dev);
1616                         mmiowb();
1617                 } else {
1618                         spin_lock_irq(&wl->hardirq_lock);
1619                         b43_do_beacon_update_trigger_work(dev);
1620                         mmiowb();
1621                         spin_unlock_irq(&wl->hardirq_lock);
1622                 }
1623         }
1624         mutex_unlock(&wl->mutex);
1625 }
1626
1627 /* Asynchronously update the packet templates in template RAM.
1628  * Locking: Requires wl->mutex to be locked. */
1629 static void b43_update_templates(struct b43_wl *wl)
1630 {
1631         struct sk_buff *beacon;
1632
1633         /* This is the top half of the ansynchronous beacon update.
1634          * The bottom half is the beacon IRQ.
1635          * Beacon update must be asynchronous to avoid sending an
1636          * invalid beacon. This can happen for example, if the firmware
1637          * transmits a beacon while we are updating it. */
1638
1639         /* We could modify the existing beacon and set the aid bit in
1640          * the TIM field, but that would probably require resizing and
1641          * moving of data within the beacon template.
1642          * Simply request a new beacon and let mac80211 do the hard work. */
1643         beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1644         if (unlikely(!beacon))
1645                 return;
1646
1647         if (wl->current_beacon)
1648                 dev_kfree_skb_any(wl->current_beacon);
1649         wl->current_beacon = beacon;
1650         wl->beacon0_uploaded = 0;
1651         wl->beacon1_uploaded = 0;
1652         ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1653 }
1654
1655 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1656 {
1657         b43_time_lock(dev);
1658         if (dev->dev->id.revision >= 3) {
1659                 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1660                 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1661         } else {
1662                 b43_write16(dev, 0x606, (beacon_int >> 6));
1663                 b43_write16(dev, 0x610, beacon_int);
1664         }
1665         b43_time_unlock(dev);
1666         b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1667 }
1668
1669 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1670 {
1671         u16 reason;
1672
1673         /* Read the register that contains the reason code for the panic. */
1674         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1675         b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1676
1677         switch (reason) {
1678         default:
1679                 b43dbg(dev->wl, "The panic reason is unknown.\n");
1680                 /* fallthrough */
1681         case B43_FWPANIC_DIE:
1682                 /* Do not restart the controller or firmware.
1683                  * The device is nonfunctional from now on.
1684                  * Restarting would result in this panic to trigger again,
1685                  * so we avoid that recursion. */
1686                 break;
1687         case B43_FWPANIC_RESTART:
1688                 b43_controller_restart(dev, "Microcode panic");
1689                 break;
1690         }
1691 }
1692
1693 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1694 {
1695         unsigned int i, cnt;
1696         u16 reason, marker_id, marker_line;
1697         __le16 *buf;
1698
1699         /* The proprietary firmware doesn't have this IRQ. */
1700         if (!dev->fw.opensource)
1701                 return;
1702
1703         /* Read the register that contains the reason code for this IRQ. */
1704         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1705
1706         switch (reason) {
1707         case B43_DEBUGIRQ_PANIC:
1708                 b43_handle_firmware_panic(dev);
1709                 break;
1710         case B43_DEBUGIRQ_DUMP_SHM:
1711                 if (!B43_DEBUG)
1712                         break; /* Only with driver debugging enabled. */
1713                 buf = kmalloc(4096, GFP_ATOMIC);
1714                 if (!buf) {
1715                         b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1716                         goto out;
1717                 }
1718                 for (i = 0; i < 4096; i += 2) {
1719                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1720                         buf[i / 2] = cpu_to_le16(tmp);
1721                 }
1722                 b43info(dev->wl, "Shared memory dump:\n");
1723                 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1724                                16, 2, buf, 4096, 1);
1725                 kfree(buf);
1726                 break;
1727         case B43_DEBUGIRQ_DUMP_REGS:
1728                 if (!B43_DEBUG)
1729                         break; /* Only with driver debugging enabled. */
1730                 b43info(dev->wl, "Microcode register dump:\n");
1731                 for (i = 0, cnt = 0; i < 64; i++) {
1732                         u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1733                         if (cnt == 0)
1734                                 printk(KERN_INFO);
1735                         printk("r%02u: 0x%04X  ", i, tmp);
1736                         cnt++;
1737                         if (cnt == 6) {
1738                                 printk("\n");
1739                                 cnt = 0;
1740                         }
1741                 }
1742                 printk("\n");
1743                 break;
1744         case B43_DEBUGIRQ_MARKER:
1745                 if (!B43_DEBUG)
1746                         break; /* Only with driver debugging enabled. */
1747                 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1748                                            B43_MARKER_ID_REG);
1749                 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1750                                              B43_MARKER_LINE_REG);
1751                 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1752                         "at line number %u\n",
1753                         marker_id, marker_line);
1754                 break;
1755         default:
1756                 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1757                        reason);
1758         }
1759 out:
1760         /* Acknowledge the debug-IRQ, so the firmware can continue. */
1761         b43_shm_write16(dev, B43_SHM_SCRATCH,
1762                         B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1763 }
1764
1765 static void b43_do_interrupt_thread(struct b43_wldev *dev)
1766 {
1767         u32 reason;
1768         u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1769         u32 merged_dma_reason = 0;
1770         int i;
1771
1772         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
1773                 return;
1774
1775         reason = dev->irq_reason;
1776         for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1777                 dma_reason[i] = dev->dma_reason[i];
1778                 merged_dma_reason |= dma_reason[i];
1779         }
1780
1781         if (unlikely(reason & B43_IRQ_MAC_TXERR))
1782                 b43err(dev->wl, "MAC transmission error\n");
1783
1784         if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1785                 b43err(dev->wl, "PHY transmission error\n");
1786                 rmb();
1787                 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1788                         atomic_set(&dev->phy.txerr_cnt,
1789                                    B43_PHY_TX_BADNESS_LIMIT);
1790                         b43err(dev->wl, "Too many PHY TX errors, "
1791                                         "restarting the controller\n");
1792                         b43_controller_restart(dev, "PHY TX errors");
1793                 }
1794         }
1795
1796         if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK |
1797                                           B43_DMAIRQ_NONFATALMASK))) {
1798                 if (merged_dma_reason & B43_DMAIRQ_FATALMASK) {
1799                         b43err(dev->wl, "Fatal DMA error: "
1800                                "0x%08X, 0x%08X, 0x%08X, "
1801                                "0x%08X, 0x%08X, 0x%08X\n",
1802                                dma_reason[0], dma_reason[1],
1803                                dma_reason[2], dma_reason[3],
1804                                dma_reason[4], dma_reason[5]);
1805                         b43err(dev->wl, "This device does not support DMA "
1806                                "on your system. Please use PIO instead.\n");
1807                         /* Fall back to PIO transfers if we get fatal DMA errors! */
1808                         dev->use_pio = 1;
1809                         b43_controller_restart(dev, "DMA error");
1810                         return;
1811                 }
1812                 if (merged_dma_reason & B43_DMAIRQ_NONFATALMASK) {
1813                         b43err(dev->wl, "DMA error: "
1814                                "0x%08X, 0x%08X, 0x%08X, "
1815                                "0x%08X, 0x%08X, 0x%08X\n",
1816                                dma_reason[0], dma_reason[1],
1817                                dma_reason[2], dma_reason[3],
1818                                dma_reason[4], dma_reason[5]);
1819                 }
1820         }
1821
1822         if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1823                 handle_irq_ucode_debug(dev);
1824         if (reason & B43_IRQ_TBTT_INDI)
1825                 handle_irq_tbtt_indication(dev);
1826         if (reason & B43_IRQ_ATIM_END)
1827                 handle_irq_atim_end(dev);
1828         if (reason & B43_IRQ_BEACON)
1829                 handle_irq_beacon(dev);
1830         if (reason & B43_IRQ_PMQ)
1831                 handle_irq_pmq(dev);
1832         if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1833                 ;/* TODO */
1834         if (reason & B43_IRQ_NOISESAMPLE_OK)
1835                 handle_irq_noise(dev);
1836
1837         /* Check the DMA reason registers for received data. */
1838         if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
1839                 if (b43_using_pio_transfers(dev))
1840                         b43_pio_rx(dev->pio.rx_queue);
1841                 else
1842                         b43_dma_rx(dev->dma.rx_ring);
1843         }
1844         B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1845         B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
1846         B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
1847         B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1848         B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1849
1850         if (reason & B43_IRQ_TX_OK)
1851                 handle_irq_transmit_status(dev);
1852
1853         /* Re-enable interrupts on the device by restoring the current interrupt mask. */
1854         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1855
1856 #if B43_DEBUG
1857         if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
1858                 dev->irq_count++;
1859                 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
1860                         if (reason & (1 << i))
1861                                 dev->irq_bit_count[i]++;
1862                 }
1863         }
1864 #endif
1865 }
1866
1867 /* Interrupt thread handler. Handles device interrupts in thread context. */
1868 static irqreturn_t b43_interrupt_thread_handler(int irq, void *dev_id)
1869 {
1870         struct b43_wldev *dev = dev_id;
1871
1872         mutex_lock(&dev->wl->mutex);
1873         b43_do_interrupt_thread(dev);
1874         mmiowb();
1875         mutex_unlock(&dev->wl->mutex);
1876
1877         return IRQ_HANDLED;
1878 }
1879
1880 static irqreturn_t b43_do_interrupt(struct b43_wldev *dev)
1881 {
1882         u32 reason;
1883
1884         /* This code runs under wl->hardirq_lock, but _only_ on non-SDIO busses.
1885          * On SDIO, this runs under wl->mutex. */
1886
1887         reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1888         if (reason == 0xffffffff)       /* shared IRQ */
1889                 return IRQ_NONE;
1890         reason &= dev->irq_mask;
1891         if (!reason)
1892                 return IRQ_HANDLED;
1893
1894         dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
1895             & 0x0001DC00;
1896         dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
1897             & 0x0000DC00;
1898         dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
1899             & 0x0000DC00;
1900         dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
1901             & 0x0001DC00;
1902         dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
1903             & 0x0000DC00;
1904 /* Unused ring
1905         dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
1906             & 0x0000DC00;
1907 */
1908
1909         /* ACK the interrupt. */
1910         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
1911         b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
1912         b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
1913         b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
1914         b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
1915         b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
1916 /* Unused ring
1917         b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
1918 */
1919
1920         /* Disable IRQs on the device. The IRQ thread handler will re-enable them. */
1921         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
1922         /* Save the reason bitmasks for the IRQ thread handler. */
1923         dev->irq_reason = reason;
1924
1925         return IRQ_WAKE_THREAD;
1926 }
1927
1928 /* Interrupt handler top-half. This runs with interrupts disabled. */
1929 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
1930 {
1931         struct b43_wldev *dev = dev_id;
1932         irqreturn_t ret;
1933
1934         if (unlikely(b43_status(dev) < B43_STAT_STARTED))
1935                 return IRQ_NONE;
1936
1937         spin_lock(&dev->wl->hardirq_lock);
1938         ret = b43_do_interrupt(dev);
1939         mmiowb();
1940         spin_unlock(&dev->wl->hardirq_lock);
1941
1942         return ret;
1943 }
1944
1945 /* SDIO interrupt handler. This runs in process context. */
1946 static void b43_sdio_interrupt_handler(struct b43_wldev *dev)
1947 {
1948         struct b43_wl *wl = dev->wl;
1949         irqreturn_t ret;
1950
1951         mutex_lock(&wl->mutex);
1952
1953         ret = b43_do_interrupt(dev);
1954         if (ret == IRQ_WAKE_THREAD)
1955                 b43_do_interrupt_thread(dev);
1956
1957         mutex_unlock(&wl->mutex);
1958 }
1959
1960 void b43_do_release_fw(struct b43_firmware_file *fw)
1961 {
1962         release_firmware(fw->data);
1963         fw->data = NULL;
1964         fw->filename = NULL;
1965 }
1966
1967 static void b43_release_firmware(struct b43_wldev *dev)
1968 {
1969         b43_do_release_fw(&dev->fw.ucode);
1970         b43_do_release_fw(&dev->fw.pcm);
1971         b43_do_release_fw(&dev->fw.initvals);
1972         b43_do_release_fw(&dev->fw.initvals_band);
1973 }
1974
1975 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
1976 {
1977         const char text[] =
1978                 "You must go to " \
1979                 "http://wireless.kernel.org/en/users/Drivers/b43#devicefirmware " \
1980                 "and download the correct firmware for this driver version. " \
1981                 "Please carefully read all instructions on this website.\n";
1982
1983         if (error)
1984                 b43err(wl, text);
1985         else
1986                 b43warn(wl, text);
1987 }
1988
1989 int b43_do_request_fw(struct b43_request_fw_context *ctx,
1990                       const char *name,
1991                       struct b43_firmware_file *fw)
1992 {
1993         const struct firmware *blob;
1994         struct b43_fw_header *hdr;
1995         u32 size;
1996         int err;
1997
1998         if (!name) {
1999                 /* Don't fetch anything. Free possibly cached firmware. */
2000                 /* FIXME: We should probably keep it anyway, to save some headache
2001                  * on suspend/resume with multiband devices. */
2002                 b43_do_release_fw(fw);
2003                 return 0;
2004         }
2005         if (fw->filename) {
2006                 if ((fw->type == ctx->req_type) &&
2007                     (strcmp(fw->filename, name) == 0))
2008                         return 0; /* Already have this fw. */
2009                 /* Free the cached firmware first. */
2010                 /* FIXME: We should probably do this later after we successfully
2011                  * got the new fw. This could reduce headache with multiband devices.
2012                  * We could also redesign this to cache the firmware for all possible
2013                  * bands all the time. */
2014                 b43_do_release_fw(fw);
2015         }
2016
2017         switch (ctx->req_type) {
2018         case B43_FWTYPE_PROPRIETARY:
2019                 snprintf(ctx->fwname, sizeof(ctx->fwname),
2020                          "b43%s/%s.fw",
2021                          modparam_fwpostfix, name);
2022                 break;
2023         case B43_FWTYPE_OPENSOURCE:
2024                 snprintf(ctx->fwname, sizeof(ctx->fwname),
2025                          "b43-open%s/%s.fw",
2026                          modparam_fwpostfix, name);
2027                 break;
2028         default:
2029                 B43_WARN_ON(1);
2030                 return -ENOSYS;
2031         }
2032         err = request_firmware(&blob, ctx->fwname, ctx->dev->dev->dev);
2033         if (err == -ENOENT) {
2034                 snprintf(ctx->errors[ctx->req_type],
2035                          sizeof(ctx->errors[ctx->req_type]),
2036                          "Firmware file \"%s\" not found\n", ctx->fwname);
2037                 return err;
2038         } else if (err) {
2039                 snprintf(ctx->errors[ctx->req_type],
2040                          sizeof(ctx->errors[ctx->req_type]),
2041                          "Firmware file \"%s\" request failed (err=%d)\n",
2042                          ctx->fwname, err);
2043                 return err;
2044         }
2045         if (blob->size < sizeof(struct b43_fw_header))
2046                 goto err_format;
2047         hdr = (struct b43_fw_header *)(blob->data);
2048         switch (hdr->type) {
2049         case B43_FW_TYPE_UCODE:
2050         case B43_FW_TYPE_PCM:
2051                 size = be32_to_cpu(hdr->size);
2052                 if (size != blob->size - sizeof(struct b43_fw_header))
2053                         goto err_format;
2054                 /* fallthrough */
2055         case B43_FW_TYPE_IV:
2056                 if (hdr->ver != 1)
2057                         goto err_format;
2058                 break;
2059         default:
2060                 goto err_format;
2061         }
2062
2063         fw->data = blob;
2064         fw->filename = name;
2065         fw->type = ctx->req_type;
2066
2067         return 0;
2068
2069 err_format:
2070         snprintf(ctx->errors[ctx->req_type],
2071                  sizeof(ctx->errors[ctx->req_type]),
2072                  "Firmware file \"%s\" format error.\n", ctx->fwname);
2073         release_firmware(blob);
2074
2075         return -EPROTO;
2076 }
2077
2078 static int b43_try_request_fw(struct b43_request_fw_context *ctx)
2079 {
2080         struct b43_wldev *dev = ctx->dev;
2081         struct b43_firmware *fw = &ctx->dev->fw;
2082         const u8 rev = ctx->dev->dev->id.revision;
2083         const char *filename;
2084         u32 tmshigh;
2085         int err;
2086
2087         /* Get microcode */
2088         tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
2089         if ((rev >= 5) && (rev <= 10))
2090                 filename = "ucode5";
2091         else if ((rev >= 11) && (rev <= 12))
2092                 filename = "ucode11";
2093         else if (rev == 13)
2094                 filename = "ucode13";
2095         else if (rev == 14)
2096                 filename = "ucode14";
2097         else if (rev >= 15)
2098                 filename = "ucode15";
2099         else
2100                 goto err_no_ucode;
2101         err = b43_do_request_fw(ctx, filename, &fw->ucode);
2102         if (err)
2103                 goto err_load;
2104
2105         /* Get PCM code */
2106         if ((rev >= 5) && (rev <= 10))
2107                 filename = "pcm5";
2108         else if (rev >= 11)
2109                 filename = NULL;
2110         else
2111                 goto err_no_pcm;
2112         fw->pcm_request_failed = 0;
2113         err = b43_do_request_fw(ctx, filename, &fw->pcm);
2114         if (err == -ENOENT) {
2115                 /* We did not find a PCM file? Not fatal, but
2116                  * core rev <= 10 must do without hwcrypto then. */
2117                 fw->pcm_request_failed = 1;
2118         } else if (err)
2119                 goto err_load;
2120
2121         /* Get initvals */
2122         switch (dev->phy.type) {
2123         case B43_PHYTYPE_A:
2124                 if ((rev >= 5) && (rev <= 10)) {
2125                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2126                                 filename = "a0g1initvals5";
2127                         else
2128                                 filename = "a0g0initvals5";
2129                 } else
2130                         goto err_no_initvals;
2131                 break;
2132         case B43_PHYTYPE_G:
2133                 if ((rev >= 5) && (rev <= 10))
2134                         filename = "b0g0initvals5";
2135                 else if (rev >= 13)
2136                         filename = "b0g0initvals13";
2137                 else
2138                         goto err_no_initvals;
2139                 break;
2140         case B43_PHYTYPE_N:
2141                 if ((rev >= 11) && (rev <= 12))
2142                         filename = "n0initvals11";
2143                 else
2144                         goto err_no_initvals;
2145                 break;
2146         case B43_PHYTYPE_LP:
2147                 if (rev == 13)
2148                         filename = "lp0initvals13";
2149                 else if (rev == 14)
2150                         filename = "lp0initvals14";
2151                 else if (rev >= 15)
2152                         filename = "lp0initvals15";
2153                 else
2154                         goto err_no_initvals;
2155                 break;
2156         default:
2157                 goto err_no_initvals;
2158         }
2159         err = b43_do_request_fw(ctx, filename, &fw->initvals);
2160         if (err)
2161                 goto err_load;
2162
2163         /* Get bandswitch initvals */
2164         switch (dev->phy.type) {
2165         case B43_PHYTYPE_A:
2166                 if ((rev >= 5) && (rev <= 10)) {
2167                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2168                                 filename = "a0g1bsinitvals5";
2169                         else
2170                                 filename = "a0g0bsinitvals5";
2171                 } else if (rev >= 11)
2172                         filename = NULL;
2173                 else
2174                         goto err_no_initvals;
2175                 break;
2176         case B43_PHYTYPE_G:
2177                 if ((rev >= 5) && (rev <= 10))
2178                         filename = "b0g0bsinitvals5";
2179                 else if (rev >= 11)
2180                         filename = NULL;
2181                 else
2182                         goto err_no_initvals;
2183                 break;
2184         case B43_PHYTYPE_N:
2185                 if ((rev >= 11) && (rev <= 12))
2186                         filename = "n0bsinitvals11";
2187                 else
2188                         goto err_no_initvals;
2189                 break;
2190         case B43_PHYTYPE_LP:
2191                 if (rev == 13)
2192                         filename = "lp0bsinitvals13";
2193                 else if (rev == 14)
2194                         filename = "lp0bsinitvals14";
2195                 else if (rev >= 15)
2196                         filename = "lp0bsinitvals15";
2197                 else
2198                         goto err_no_initvals;
2199                 break;
2200         default:
2201                 goto err_no_initvals;
2202         }
2203         err = b43_do_request_fw(ctx, filename, &fw->initvals_band);
2204         if (err)
2205                 goto err_load;
2206
2207         return 0;
2208
2209 err_no_ucode:
2210         err = ctx->fatal_failure = -EOPNOTSUPP;
2211         b43err(dev->wl, "The driver does not know which firmware (ucode) "
2212                "is required for your device (wl-core rev %u)\n", rev);
2213         goto error;
2214
2215 err_no_pcm:
2216         err = ctx->fatal_failure = -EOPNOTSUPP;
2217         b43err(dev->wl, "The driver does not know which firmware (PCM) "
2218                "is required for your device (wl-core rev %u)\n", rev);
2219         goto error;
2220
2221 err_no_initvals:
2222         err = ctx->fatal_failure = -EOPNOTSUPP;
2223         b43err(dev->wl, "The driver does not know which firmware (initvals) "
2224                "is required for your device (wl-core rev %u)\n", rev);
2225         goto error;
2226
2227 err_load:
2228         /* We failed to load this firmware image. The error message
2229          * already is in ctx->errors. Return and let our caller decide
2230          * what to do. */
2231         goto error;
2232
2233 error:
2234         b43_release_firmware(dev);
2235         return err;
2236 }
2237
2238 static int b43_request_firmware(struct b43_wldev *dev)
2239 {
2240         struct b43_request_fw_context *ctx;
2241         unsigned int i;
2242         int err;
2243         const char *errmsg;
2244
2245         ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2246         if (!ctx)
2247                 return -ENOMEM;
2248         ctx->dev = dev;
2249
2250         ctx->req_type = B43_FWTYPE_PROPRIETARY;
2251         err = b43_try_request_fw(ctx);
2252         if (!err)
2253                 goto out; /* Successfully loaded it. */
2254         err = ctx->fatal_failure;
2255         if (err)
2256                 goto out;
2257
2258         ctx->req_type = B43_FWTYPE_OPENSOURCE;
2259         err = b43_try_request_fw(ctx);
2260         if (!err)
2261                 goto out; /* Successfully loaded it. */
2262         err = ctx->fatal_failure;
2263         if (err)
2264                 goto out;
2265
2266         /* Could not find a usable firmware. Print the errors. */
2267         for (i = 0; i < B43_NR_FWTYPES; i++) {
2268                 errmsg = ctx->errors[i];
2269                 if (strlen(errmsg))
2270                         b43err(dev->wl, errmsg);
2271         }
2272         b43_print_fw_helptext(dev->wl, 1);
2273         err = -ENOENT;
2274
2275 out:
2276         kfree(ctx);
2277         return err;
2278 }
2279
2280 static int b43_upload_microcode(struct b43_wldev *dev)
2281 {
2282         const size_t hdr_len = sizeof(struct b43_fw_header);
2283         const __be32 *data;
2284         unsigned int i, len;
2285         u16 fwrev, fwpatch, fwdate, fwtime;
2286         u32 tmp, macctl;
2287         int err = 0;
2288
2289         /* Jump the microcode PSM to offset 0 */
2290         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2291         B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2292         macctl |= B43_MACCTL_PSM_JMP0;
2293         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2294         /* Zero out all microcode PSM registers and shared memory. */
2295         for (i = 0; i < 64; i++)
2296                 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2297         for (i = 0; i < 4096; i += 2)
2298                 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2299
2300         /* Upload Microcode. */
2301         data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2302         len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2303         b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2304         for (i = 0; i < len; i++) {
2305                 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2306                 udelay(10);
2307         }
2308
2309         if (dev->fw.pcm.data) {
2310                 /* Upload PCM data. */
2311                 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2312                 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2313                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2314                 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2315                 /* No need for autoinc bit in SHM_HW */
2316                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2317                 for (i = 0; i < len; i++) {
2318                         b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2319                         udelay(10);
2320                 }
2321         }
2322
2323         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2324
2325         /* Start the microcode PSM */
2326         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2327         macctl &= ~B43_MACCTL_PSM_JMP0;
2328         macctl |= B43_MACCTL_PSM_RUN;
2329         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2330
2331         /* Wait for the microcode to load and respond */
2332         i = 0;
2333         while (1) {
2334                 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2335                 if (tmp == B43_IRQ_MAC_SUSPENDED)
2336                         break;
2337                 i++;
2338                 if (i >= 20) {
2339                         b43err(dev->wl, "Microcode not responding\n");
2340                         b43_print_fw_helptext(dev->wl, 1);
2341                         err = -ENODEV;
2342                         goto error;
2343                 }
2344                 msleep(50);
2345         }
2346         b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);       /* dummy read */
2347
2348         /* Get and check the revisions. */
2349         fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2350         fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2351         fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2352         fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2353
2354         if (fwrev <= 0x128) {
2355                 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2356                        "binary drivers older than version 4.x is unsupported. "
2357                        "You must upgrade your firmware files.\n");
2358                 b43_print_fw_helptext(dev->wl, 1);
2359                 err = -EOPNOTSUPP;
2360                 goto error;
2361         }
2362         dev->fw.rev = fwrev;
2363         dev->fw.patch = fwpatch;
2364         dev->fw.opensource = (fwdate == 0xFFFF);
2365
2366         /* Default to use-all-queues. */
2367         dev->wl->hw->queues = dev->wl->mac80211_initially_registered_queues;
2368         dev->qos_enabled = !!modparam_qos;
2369         /* Default to firmware/hardware crypto acceleration. */
2370         dev->hwcrypto_enabled = 1;
2371
2372         if (dev->fw.opensource) {
2373                 u16 fwcapa;
2374
2375                 /* Patchlevel info is encoded in the "time" field. */
2376                 dev->fw.patch = fwtime;
2377                 b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2378                         dev->fw.rev, dev->fw.patch);
2379
2380                 fwcapa = b43_fwcapa_read(dev);
2381                 if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2382                         b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2383                         /* Disable hardware crypto and fall back to software crypto. */
2384                         dev->hwcrypto_enabled = 0;
2385                 }
2386                 if (!(fwcapa & B43_FWCAPA_QOS)) {
2387                         b43info(dev->wl, "QoS not supported by firmware\n");
2388                         /* Disable QoS. Tweak hw->queues to 1. It will be restored before
2389                          * ieee80211_unregister to make sure the networking core can
2390                          * properly free possible resources. */
2391                         dev->wl->hw->queues = 1;
2392                         dev->qos_enabled = 0;
2393                 }
2394         } else {
2395                 b43info(dev->wl, "Loading firmware version %u.%u "
2396                         "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2397                         fwrev, fwpatch,
2398                         (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2399                         (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2400                 if (dev->fw.pcm_request_failed) {
2401                         b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2402                                 "Hardware accelerated cryptography is disabled.\n");
2403                         b43_print_fw_helptext(dev->wl, 0);
2404                 }
2405         }
2406
2407         if (b43_is_old_txhdr_format(dev)) {
2408                 /* We're over the deadline, but we keep support for old fw
2409                  * until it turns out to be in major conflict with something new. */
2410                 b43warn(dev->wl, "You are using an old firmware image. "
2411                         "Support for old firmware will be removed soon "
2412                         "(official deadline was July 2008).\n");
2413                 b43_print_fw_helptext(dev->wl, 0);
2414         }
2415
2416         return 0;
2417
2418 error:
2419         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2420         macctl &= ~B43_MACCTL_PSM_RUN;
2421         macctl |= B43_MACCTL_PSM_JMP0;
2422         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2423
2424         return err;
2425 }
2426
2427 static int b43_write_initvals(struct b43_wldev *dev,
2428                               const struct b43_iv *ivals,
2429                               size_t count,
2430                               size_t array_size)
2431 {
2432         const struct b43_iv *iv;
2433         u16 offset;
2434         size_t i;
2435         bool bit32;
2436
2437         BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2438         iv = ivals;
2439         for (i = 0; i < count; i++) {
2440                 if (array_size < sizeof(iv->offset_size))
2441                         goto err_format;
2442                 array_size -= sizeof(iv->offset_size);
2443                 offset = be16_to_cpu(iv->offset_size);
2444                 bit32 = !!(offset & B43_IV_32BIT);
2445                 offset &= B43_IV_OFFSET_MASK;
2446                 if (offset >= 0x1000)
2447                         goto err_format;
2448                 if (bit32) {
2449                         u32 value;
2450
2451                         if (array_size < sizeof(iv->data.d32))
2452                                 goto err_format;
2453                         array_size -= sizeof(iv->data.d32);
2454
2455                         value = get_unaligned_be32(&iv->data.d32);
2456                         b43_write32(dev, offset, value);
2457
2458                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2459                                                         sizeof(__be16) +
2460                                                         sizeof(__be32));
2461                 } else {
2462                         u16 value;
2463
2464                         if (array_size < sizeof(iv->data.d16))
2465                                 goto err_format;
2466                         array_size -= sizeof(iv->data.d16);
2467
2468                         value = be16_to_cpu(iv->data.d16);
2469                         b43_write16(dev, offset, value);
2470
2471                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2472                                                         sizeof(__be16) +
2473                                                         sizeof(__be16));
2474                 }
2475         }
2476         if (array_size)
2477                 goto err_format;
2478
2479         return 0;
2480
2481 err_format:
2482         b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2483         b43_print_fw_helptext(dev->wl, 1);
2484
2485         return -EPROTO;
2486 }
2487
2488 static int b43_upload_initvals(struct b43_wldev *dev)
2489 {
2490         const size_t hdr_len = sizeof(struct b43_fw_header);
2491         const struct b43_fw_header *hdr;
2492         struct b43_firmware *fw = &dev->fw;
2493         const struct b43_iv *ivals;
2494         size_t count;
2495         int err;
2496
2497         hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2498         ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2499         count = be32_to_cpu(hdr->size);
2500         err = b43_write_initvals(dev, ivals, count,
2501                                  fw->initvals.data->size - hdr_len);
2502         if (err)
2503                 goto out;
2504         if (fw->initvals_band.data) {
2505                 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2506                 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2507                 count = be32_to_cpu(hdr->size);
2508                 err = b43_write_initvals(dev, ivals, count,
2509                                          fw->initvals_band.data->size - hdr_len);
2510                 if (err)
2511                         goto out;
2512         }
2513 out:
2514
2515         return err;
2516 }
2517
2518 /* Initialize the GPIOs
2519  * http://bcm-specs.sipsolutions.net/GPIO
2520  */
2521 static int b43_gpio_init(struct b43_wldev *dev)
2522 {
2523         struct ssb_bus *bus = dev->dev->bus;
2524         struct ssb_device *gpiodev, *pcidev = NULL;
2525         u32 mask, set;
2526
2527         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2528                     & ~B43_MACCTL_GPOUTSMSK);
2529
2530         b43_write16(dev, B43_MMIO_GPIO_MASK, b43_read16(dev, B43_MMIO_GPIO_MASK)
2531                     | 0x000F);
2532
2533         mask = 0x0000001F;
2534         set = 0x0000000F;
2535         if (dev->dev->bus->chip_id == 0x4301) {
2536                 mask |= 0x0060;
2537                 set |= 0x0060;
2538         }
2539         if (0 /* FIXME: conditional unknown */ ) {
2540                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2541                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2542                             | 0x0100);
2543                 mask |= 0x0180;
2544                 set |= 0x0180;
2545         }
2546         if (dev->dev->bus->sprom.boardflags_lo & B43_BFL_PACTRL) {
2547                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2548                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2549                             | 0x0200);
2550                 mask |= 0x0200;
2551                 set |= 0x0200;
2552         }
2553         if (dev->dev->id.revision >= 2)
2554                 mask |= 0x0010; /* FIXME: This is redundant. */
2555
2556 #ifdef CONFIG_SSB_DRIVER_PCICORE
2557         pcidev = bus->pcicore.dev;
2558 #endif
2559         gpiodev = bus->chipco.dev ? : pcidev;
2560         if (!gpiodev)
2561                 return 0;
2562         ssb_write32(gpiodev, B43_GPIO_CONTROL,
2563                     (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2564                      & mask) | set);
2565
2566         return 0;
2567 }
2568
2569 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2570 static void b43_gpio_cleanup(struct b43_wldev *dev)
2571 {
2572         struct ssb_bus *bus = dev->dev->bus;
2573         struct ssb_device *gpiodev, *pcidev = NULL;
2574
2575 #ifdef CONFIG_SSB_DRIVER_PCICORE
2576         pcidev = bus->pcicore.dev;
2577 #endif
2578         gpiodev = bus->chipco.dev ? : pcidev;
2579         if (!gpiodev)
2580                 return;
2581         ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2582 }
2583
2584 /* http://bcm-specs.sipsolutions.net/EnableMac */
2585 void b43_mac_enable(struct b43_wldev *dev)
2586 {
2587         if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2588                 u16 fwstate;
2589
2590                 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2591                                          B43_SHM_SH_UCODESTAT);
2592                 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2593                     (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2594                         b43err(dev->wl, "b43_mac_enable(): The firmware "
2595                                "should be suspended, but current state is %u\n",
2596                                fwstate);
2597                 }
2598         }
2599
2600         dev->mac_suspended--;
2601         B43_WARN_ON(dev->mac_suspended < 0);
2602         if (dev->mac_suspended == 0) {
2603                 b43_write32(dev, B43_MMIO_MACCTL,
2604                             b43_read32(dev, B43_MMIO_MACCTL)
2605                             | B43_MACCTL_ENABLED);
2606                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2607                             B43_IRQ_MAC_SUSPENDED);
2608                 /* Commit writes */
2609                 b43_read32(dev, B43_MMIO_MACCTL);
2610                 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2611                 b43_power_saving_ctl_bits(dev, 0);
2612         }
2613 }
2614
2615 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2616 void b43_mac_suspend(struct b43_wldev *dev)
2617 {
2618         int i;
2619         u32 tmp;
2620
2621         might_sleep();
2622         B43_WARN_ON(dev->mac_suspended < 0);
2623
2624         if (dev->mac_suspended == 0) {
2625                 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2626                 b43_write32(dev, B43_MMIO_MACCTL,
2627                             b43_read32(dev, B43_MMIO_MACCTL)
2628                             & ~B43_MACCTL_ENABLED);
2629                 /* force pci to flush the write */
2630                 b43_read32(dev, B43_MMIO_MACCTL);
2631                 for (i = 35; i; i--) {
2632                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2633                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2634                                 goto out;
2635                         udelay(10);
2636                 }
2637                 /* Hm, it seems this will take some time. Use msleep(). */
2638                 for (i = 40; i; i--) {
2639                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2640                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2641                                 goto out;
2642                         msleep(1);
2643                 }
2644                 b43err(dev->wl, "MAC suspend failed\n");
2645         }
2646 out:
2647         dev->mac_suspended++;
2648 }
2649
2650 static void b43_adjust_opmode(struct b43_wldev *dev)
2651 {
2652         struct b43_wl *wl = dev->wl;
2653         u32 ctl;
2654         u16 cfp_pretbtt;
2655
2656         ctl = b43_read32(dev, B43_MMIO_MACCTL);
2657         /* Reset status to STA infrastructure mode. */
2658         ctl &= ~B43_MACCTL_AP;
2659         ctl &= ~B43_MACCTL_KEEP_CTL;
2660         ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2661         ctl &= ~B43_MACCTL_KEEP_BAD;
2662         ctl &= ~B43_MACCTL_PROMISC;
2663         ctl &= ~B43_MACCTL_BEACPROMISC;
2664         ctl |= B43_MACCTL_INFRA;
2665
2666         if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
2667             b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
2668                 ctl |= B43_MACCTL_AP;
2669         else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
2670                 ctl &= ~B43_MACCTL_INFRA;
2671
2672         if (wl->filter_flags & FIF_CONTROL)
2673                 ctl |= B43_MACCTL_KEEP_CTL;
2674         if (wl->filter_flags & FIF_FCSFAIL)
2675                 ctl |= B43_MACCTL_KEEP_BAD;
2676         if (wl->filter_flags & FIF_PLCPFAIL)
2677                 ctl |= B43_MACCTL_KEEP_BADPLCP;
2678         if (wl->filter_flags & FIF_PROMISC_IN_BSS)
2679                 ctl |= B43_MACCTL_PROMISC;
2680         if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2681                 ctl |= B43_MACCTL_BEACPROMISC;
2682
2683         /* Workaround: On old hardware the HW-MAC-address-filter
2684          * doesn't work properly, so always run promisc in filter
2685          * it in software. */
2686         if (dev->dev->id.revision <= 4)
2687                 ctl |= B43_MACCTL_PROMISC;
2688
2689         b43_write32(dev, B43_MMIO_MACCTL, ctl);
2690
2691         cfp_pretbtt = 2;
2692         if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2693                 if (dev->dev->bus->chip_id == 0x4306 &&
2694                     dev->dev->bus->chip_rev == 3)
2695                         cfp_pretbtt = 100;
2696                 else
2697                         cfp_pretbtt = 50;
2698         }
2699         b43_write16(dev, 0x612, cfp_pretbtt);
2700
2701         /* FIXME: We don't currently implement the PMQ mechanism,
2702          *        so always disable it. If we want to implement PMQ,
2703          *        we need to enable it here (clear DISCPMQ) in AP mode.
2704          */
2705         if (0  /* ctl & B43_MACCTL_AP */) {
2706                 b43_write32(dev, B43_MMIO_MACCTL,
2707                             b43_read32(dev, B43_MMIO_MACCTL)
2708                             & ~B43_MACCTL_DISCPMQ);
2709         } else {
2710                 b43_write32(dev, B43_MMIO_MACCTL,
2711                             b43_read32(dev, B43_MMIO_MACCTL)
2712                             | B43_MACCTL_DISCPMQ);
2713         }
2714 }
2715
2716 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
2717 {
2718         u16 offset;
2719
2720         if (is_ofdm) {
2721                 offset = 0x480;
2722                 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
2723         } else {
2724                 offset = 0x4C0;
2725                 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
2726         }
2727         b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
2728                         b43_shm_read16(dev, B43_SHM_SHARED, offset));
2729 }
2730
2731 static void b43_rate_memory_init(struct b43_wldev *dev)
2732 {
2733         switch (dev->phy.type) {
2734         case B43_PHYTYPE_A:
2735         case B43_PHYTYPE_G:
2736         case B43_PHYTYPE_N:
2737         case B43_PHYTYPE_LP:
2738                 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
2739                 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
2740                 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
2741                 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
2742                 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
2743                 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
2744                 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
2745                 if (dev->phy.type == B43_PHYTYPE_A)
2746                         break;
2747                 /* fallthrough */
2748         case B43_PHYTYPE_B:
2749                 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
2750                 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
2751                 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
2752                 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
2753                 break;
2754         default:
2755                 B43_WARN_ON(1);
2756         }
2757 }
2758
2759 /* Set the default values for the PHY TX Control Words. */
2760 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
2761 {
2762         u16 ctl = 0;
2763
2764         ctl |= B43_TXH_PHY_ENC_CCK;
2765         ctl |= B43_TXH_PHY_ANT01AUTO;
2766         ctl |= B43_TXH_PHY_TXPWR;
2767
2768         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
2769         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
2770         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
2771 }
2772
2773 /* Set the TX-Antenna for management frames sent by firmware. */
2774 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
2775 {
2776         u16 ant;
2777         u16 tmp;
2778
2779         ant = b43_antenna_to_phyctl(antenna);
2780
2781         /* For ACK/CTS */
2782         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
2783         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2784         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
2785         /* For Probe Resposes */
2786         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
2787         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2788         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
2789 }
2790
2791 /* This is the opposite of b43_chip_init() */
2792 static void b43_chip_exit(struct b43_wldev *dev)
2793 {
2794         b43_phy_exit(dev);
2795         b43_gpio_cleanup(dev);
2796         /* firmware is released later */
2797 }
2798
2799 /* Initialize the chip
2800  * http://bcm-specs.sipsolutions.net/ChipInit
2801  */
2802 static int b43_chip_init(struct b43_wldev *dev)
2803 {
2804         struct b43_phy *phy = &dev->phy;
2805         int err;
2806         u32 value32, macctl;
2807         u16 value16;
2808
2809         /* Initialize the MAC control */
2810         macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
2811         if (dev->phy.gmode)
2812                 macctl |= B43_MACCTL_GMODE;
2813         macctl |= B43_MACCTL_INFRA;
2814         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2815
2816         err = b43_request_firmware(dev);
2817         if (err)
2818                 goto out;
2819         err = b43_upload_microcode(dev);
2820         if (err)
2821                 goto out;       /* firmware is released later */
2822
2823         err = b43_gpio_init(dev);
2824         if (err)
2825                 goto out;       /* firmware is released later */
2826
2827         err = b43_upload_initvals(dev);
2828         if (err)
2829                 goto err_gpio_clean;
2830
2831         /* Turn the Analog on and initialize the PHY. */
2832         phy->ops->switch_analog(dev, 1);
2833         err = b43_phy_init(dev);
2834         if (err)
2835                 goto err_gpio_clean;
2836
2837         /* Disable Interference Mitigation. */
2838         if (phy->ops->interf_mitigation)
2839                 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
2840
2841         /* Select the antennae */
2842         if (phy->ops->set_rx_antenna)
2843                 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
2844         b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
2845
2846         if (phy->type == B43_PHYTYPE_B) {
2847                 value16 = b43_read16(dev, 0x005E);
2848                 value16 |= 0x0004;
2849                 b43_write16(dev, 0x005E, value16);
2850         }
2851         b43_write32(dev, 0x0100, 0x01000000);
2852         if (dev->dev->id.revision < 5)
2853                 b43_write32(dev, 0x010C, 0x01000000);
2854
2855         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2856                     & ~B43_MACCTL_INFRA);
2857         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2858                     | B43_MACCTL_INFRA);
2859
2860         /* Probe Response Timeout value */
2861         /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
2862         b43_shm_write16(dev, B43_SHM_SHARED, 0x0074, 0x0000);
2863
2864         /* Initially set the wireless operation mode. */
2865         b43_adjust_opmode(dev);
2866
2867         if (dev->dev->id.revision < 3) {
2868                 b43_write16(dev, 0x060E, 0x0000);
2869                 b43_write16(dev, 0x0610, 0x8000);
2870                 b43_write16(dev, 0x0604, 0x0000);
2871                 b43_write16(dev, 0x0606, 0x0200);
2872         } else {
2873                 b43_write32(dev, 0x0188, 0x80000000);
2874                 b43_write32(dev, 0x018C, 0x02000000);
2875         }
2876         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
2877         b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001DC00);
2878         b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
2879         b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
2880         b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
2881         b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
2882         b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
2883
2884         value32 = ssb_read32(dev->dev, SSB_TMSLOW);
2885         value32 |= 0x00100000;
2886         ssb_write32(dev->dev, SSB_TMSLOW, value32);
2887
2888         b43_write16(dev, B43_MMIO_POWERUP_DELAY,
2889                     dev->dev->bus->chipco.fast_pwrup_delay);
2890
2891         err = 0;
2892         b43dbg(dev->wl, "Chip initialized\n");
2893 out:
2894         return err;
2895
2896 err_gpio_clean:
2897         b43_gpio_cleanup(dev);
2898         return err;
2899 }
2900
2901 static void b43_periodic_every60sec(struct b43_wldev *dev)
2902 {
2903         const struct b43_phy_operations *ops = dev->phy.ops;
2904
2905         if (ops->pwork_60sec)
2906                 ops->pwork_60sec(dev);
2907
2908         /* Force check the TX power emission now. */
2909         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
2910 }
2911
2912 static void b43_periodic_every30sec(struct b43_wldev *dev)
2913 {
2914         /* Update device statistics. */
2915         b43_calculate_link_quality(dev);
2916 }
2917
2918 static void b43_periodic_every15sec(struct b43_wldev *dev)
2919 {
2920         struct b43_phy *phy = &dev->phy;
2921         u16 wdr;
2922
2923         if (dev->fw.opensource) {
2924                 /* Check if the firmware is still alive.
2925                  * It will reset the watchdog counter to 0 in its idle loop. */
2926                 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
2927                 if (unlikely(wdr)) {
2928                         b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
2929                         b43_controller_restart(dev, "Firmware watchdog");
2930                         return;
2931                 } else {
2932                         b43_shm_write16(dev, B43_SHM_SCRATCH,
2933                                         B43_WATCHDOG_REG, 1);
2934                 }
2935         }
2936
2937         if (phy->ops->pwork_15sec)
2938                 phy->ops->pwork_15sec(dev);
2939
2940         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
2941         wmb();
2942
2943 #if B43_DEBUG
2944         if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
2945                 unsigned int i;
2946
2947                 b43dbg(dev->wl, "Stats: %7u IRQs/sec, %7u TX/sec, %7u RX/sec\n",
2948                        dev->irq_count / 15,
2949                        dev->tx_count / 15,
2950                        dev->rx_count / 15);
2951                 dev->irq_count = 0;
2952                 dev->tx_count = 0;
2953                 dev->rx_count = 0;
2954                 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
2955                         if (dev->irq_bit_count[i]) {
2956                                 b43dbg(dev->wl, "Stats: %7u IRQ-%02u/sec (0x%08X)\n",
2957                                        dev->irq_bit_count[i] / 15, i, (1 << i));
2958                                 dev->irq_bit_count[i] = 0;
2959                         }
2960                 }
2961         }
2962 #endif
2963 }
2964
2965 static void do_periodic_work(struct b43_wldev *dev)
2966 {
2967         unsigned int state;
2968
2969         state = dev->periodic_state;
2970         if (state % 4 == 0)
2971                 b43_periodic_every60sec(dev);
2972         if (state % 2 == 0)
2973                 b43_periodic_every30sec(dev);
2974         b43_periodic_every15sec(dev);
2975 }
2976
2977 /* Periodic work locking policy:
2978  *      The whole periodic work handler is protected by
2979  *      wl->mutex. If another lock is needed somewhere in the
2980  *      pwork callchain, it's acquired in-place, where it's needed.
2981  */
2982 static void b43_periodic_work_handler(struct work_struct *work)
2983 {
2984         struct b43_wldev *dev = container_of(work, struct b43_wldev,
2985                                              periodic_work.work);
2986         struct b43_wl *wl = dev->wl;
2987         unsigned long delay;
2988
2989         mutex_lock(&wl->mutex);
2990
2991         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
2992                 goto out;
2993         if (b43_debug(dev, B43_DBG_PWORK_STOP))
2994                 goto out_requeue;
2995
2996         do_periodic_work(dev);
2997
2998         dev->periodic_state++;
2999 out_requeue:
3000         if (b43_debug(dev, B43_DBG_PWORK_FAST))
3001                 delay = msecs_to_jiffies(50);
3002         else
3003                 delay = round_jiffies_relative(HZ * 15);
3004         ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
3005 out:
3006         mutex_unlock(&wl->mutex);
3007 }
3008
3009 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
3010 {
3011         struct delayed_work *work = &dev->periodic_work;
3012
3013         dev->periodic_state = 0;
3014         INIT_DELAYED_WORK(work, b43_periodic_work_handler);
3015         ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
3016 }
3017
3018 /* Check if communication with the device works correctly. */
3019 static int b43_validate_chipaccess(struct b43_wldev *dev)
3020 {
3021         u32 v, backup0, backup4;
3022
3023         backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
3024         backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
3025
3026         /* Check for read/write and endianness problems. */
3027         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
3028         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
3029                 goto error;
3030         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
3031         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
3032                 goto error;
3033
3034         /* Check if unaligned 32bit SHM_SHARED access works properly.
3035          * However, don't bail out on failure, because it's noncritical. */
3036         b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
3037         b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
3038         b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
3039         b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
3040         if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
3041                 b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
3042         b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
3043         if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
3044             b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
3045             b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
3046             b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
3047                 b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
3048
3049         b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
3050         b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
3051
3052         if ((dev->dev->id.revision >= 3) && (dev->dev->id.revision <= 10)) {
3053                 /* The 32bit register shadows the two 16bit registers
3054                  * with update sideeffects. Validate this. */
3055                 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
3056                 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
3057                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
3058                         goto error;
3059                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
3060                         goto error;
3061         }
3062         b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
3063
3064         v = b43_read32(dev, B43_MMIO_MACCTL);
3065         v |= B43_MACCTL_GMODE;
3066         if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
3067                 goto error;
3068
3069         return 0;
3070 error:
3071         b43err(dev->wl, "Failed to validate the chipaccess\n");
3072         return -ENODEV;
3073 }
3074
3075 static void b43_security_init(struct b43_wldev *dev)
3076 {
3077         dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
3078         /* KTP is a word address, but we address SHM bytewise.
3079          * So multiply by two.
3080          */
3081         dev->ktp *= 2;
3082         /* Number of RCMTA address slots */
3083         b43_write16(dev, B43_MMIO_RCMTA_COUNT, B43_NR_PAIRWISE_KEYS);
3084         /* Clear the key memory. */
3085         b43_clear_keys(dev);
3086 }
3087
3088 #ifdef CONFIG_B43_HWRNG
3089 static int b43_rng_read(struct hwrng *rng, u32 *data)
3090 {
3091         struct b43_wl *wl = (struct b43_wl *)rng->priv;
3092         struct b43_wldev *dev;
3093         int count = -ENODEV;
3094
3095         mutex_lock(&wl->mutex);
3096         dev = wl->current_dev;
3097         if (likely(dev && b43_status(dev) >= B43_STAT_INITIALIZED)) {
3098                 *data = b43_read16(dev, B43_MMIO_RNG);
3099                 count = sizeof(u16);
3100         }
3101         mutex_unlock(&wl->mutex);
3102
3103         return count;
3104 }
3105 #endif /* CONFIG_B43_HWRNG */
3106
3107 static void b43_rng_exit(struct b43_wl *wl)
3108 {
3109 #ifdef CONFIG_B43_HWRNG
3110         if (wl->rng_initialized)
3111                 hwrng_unregister(&wl->rng);
3112 #endif /* CONFIG_B43_HWRNG */
3113 }
3114
3115 static int b43_rng_init(struct b43_wl *wl)
3116 {
3117         int err = 0;
3118
3119 #ifdef CONFIG_B43_HWRNG
3120         snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3121                  "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3122         wl->rng.name = wl->rng_name;
3123         wl->rng.data_read = b43_rng_read;
3124         wl->rng.priv = (unsigned long)wl;
3125         wl->rng_initialized = 1;
3126         err = hwrng_register(&wl->rng);
3127         if (err) {
3128                 wl->rng_initialized = 0;
3129                 b43err(wl, "Failed to register the random "
3130                        "number generator (%d)\n", err);
3131         }
3132 #endif /* CONFIG_B43_HWRNG */
3133
3134         return err;
3135 }
3136
3137 static void b43_tx_work(struct work_struct *work)
3138 {
3139         struct b43_wl *wl = container_of(work, struct b43_wl, tx_work);
3140         struct b43_wldev *dev;
3141         struct sk_buff *skb;
3142         int err = 0;
3143
3144         mutex_lock(&wl->mutex);
3145         dev = wl->current_dev;
3146         if (unlikely(!dev || b43_status(dev) < B43_STAT_STARTED)) {
3147                 mutex_unlock(&wl->mutex);
3148                 return;
3149         }
3150
3151         while (skb_queue_len(&wl->tx_queue)) {
3152                 skb = skb_dequeue(&wl->tx_queue);
3153
3154                 if (b43_using_pio_transfers(dev))
3155                         err = b43_pio_tx(dev, skb);
3156                 else
3157                         err = b43_dma_tx(dev, skb);
3158                 if (unlikely(err))
3159                         dev_kfree_skb(skb); /* Drop it */
3160         }
3161
3162 #if B43_DEBUG
3163         dev->tx_count++;
3164 #endif
3165         mutex_unlock(&wl->mutex);
3166 }
3167
3168 static int b43_op_tx(struct ieee80211_hw *hw,
3169                      struct sk_buff *skb)
3170 {
3171         struct b43_wl *wl = hw_to_b43_wl(hw);
3172
3173         if (unlikely(skb->len < 2 + 2 + 6)) {
3174                 /* Too short, this can't be a valid frame. */
3175                 dev_kfree_skb_any(skb);
3176                 return NETDEV_TX_OK;
3177         }
3178         B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3179
3180         skb_queue_tail(&wl->tx_queue, skb);
3181         ieee80211_queue_work(wl->hw, &wl->tx_work);
3182
3183         return NETDEV_TX_OK;
3184 }
3185
3186 static void b43_qos_params_upload(struct b43_wldev *dev,
3187                                   const struct ieee80211_tx_queue_params *p,
3188                                   u16 shm_offset)
3189 {
3190         u16 params[B43_NR_QOSPARAMS];
3191         int bslots, tmp;
3192         unsigned int i;
3193
3194         if (!dev->qos_enabled)
3195                 return;
3196
3197         bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3198
3199         memset(&params, 0, sizeof(params));
3200
3201         params[B43_QOSPARAM_TXOP] = p->txop * 32;
3202         params[B43_QOSPARAM_CWMIN] = p->cw_min;
3203         params[B43_QOSPARAM_CWMAX] = p->cw_max;
3204         params[B43_QOSPARAM_CWCUR] = p->cw_min;
3205         params[B43_QOSPARAM_AIFS] = p->aifs;
3206         params[B43_QOSPARAM_BSLOTS] = bslots;
3207         params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3208
3209         for (i = 0; i < ARRAY_SIZE(params); i++) {
3210                 if (i == B43_QOSPARAM_STATUS) {
3211                         tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3212                                              shm_offset + (i * 2));
3213                         /* Mark the parameters as updated. */
3214                         tmp |= 0x100;
3215                         b43_shm_write16(dev, B43_SHM_SHARED,
3216                                         shm_offset + (i * 2),
3217                                         tmp);
3218                 } else {
3219                         b43_shm_write16(dev, B43_SHM_SHARED,
3220                                         shm_offset + (i * 2),
3221                                         params[i]);
3222                 }
3223         }
3224 }
3225
3226 /* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3227 static const u16 b43_qos_shm_offsets[] = {
3228         /* [mac80211-queue-nr] = SHM_OFFSET, */
3229         [0] = B43_QOS_VOICE,
3230         [1] = B43_QOS_VIDEO,
3231         [2] = B43_QOS_BESTEFFORT,
3232         [3] = B43_QOS_BACKGROUND,
3233 };
3234
3235 /* Update all QOS parameters in hardware. */
3236 static void b43_qos_upload_all(struct b43_wldev *dev)
3237 {
3238         struct b43_wl *wl = dev->wl;
3239         struct b43_qos_params *params;
3240         unsigned int i;
3241
3242         if (!dev->qos_enabled)
3243                 return;
3244
3245         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3246                      ARRAY_SIZE(wl->qos_params));
3247
3248         b43_mac_suspend(dev);
3249         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3250                 params = &(wl->qos_params[i]);
3251                 b43_qos_params_upload(dev, &(params->p),
3252                                       b43_qos_shm_offsets[i]);
3253         }
3254         b43_mac_enable(dev);
3255 }
3256
3257 static void b43_qos_clear(struct b43_wl *wl)
3258 {
3259         struct b43_qos_params *params;
3260         unsigned int i;
3261
3262         /* Initialize QoS parameters to sane defaults. */
3263
3264         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3265                      ARRAY_SIZE(wl->qos_params));
3266
3267         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3268                 params = &(wl->qos_params[i]);
3269
3270                 switch (b43_qos_shm_offsets[i]) {
3271                 case B43_QOS_VOICE:
3272                         params->p.txop = 0;
3273                         params->p.aifs = 2;
3274                         params->p.cw_min = 0x0001;
3275                         params->p.cw_max = 0x0001;
3276                         break;
3277                 case B43_QOS_VIDEO:
3278                         params->p.txop = 0;
3279                         params->p.aifs = 2;
3280                         params->p.cw_min = 0x0001;
3281                         params->p.cw_max = 0x0001;
3282                         break;
3283                 case B43_QOS_BESTEFFORT:
3284                         params->p.txop = 0;
3285                         params->p.aifs = 3;
3286                         params->p.cw_min = 0x0001;
3287                         params->p.cw_max = 0x03FF;
3288                         break;
3289                 case B43_QOS_BACKGROUND:
3290                         params->p.txop = 0;
3291                         params->p.aifs = 7;
3292                         params->p.cw_min = 0x0001;
3293                         params->p.cw_max = 0x03FF;
3294                         break;
3295                 default:
3296                         B43_WARN_ON(1);
3297                 }
3298         }
3299 }
3300
3301 /* Initialize the core's QOS capabilities */
3302 static void b43_qos_init(struct b43_wldev *dev)
3303 {
3304         if (!dev->qos_enabled) {
3305                 /* Disable QOS support. */
3306                 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_EDCF);
3307                 b43_write16(dev, B43_MMIO_IFSCTL,
3308                             b43_read16(dev, B43_MMIO_IFSCTL)
3309                             & ~B43_MMIO_IFSCTL_USE_EDCF);
3310                 b43dbg(dev->wl, "QoS disabled\n");
3311                 return;
3312         }
3313
3314         /* Upload the current QOS parameters. */
3315         b43_qos_upload_all(dev);
3316
3317         /* Enable QOS support. */
3318         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3319         b43_write16(dev, B43_MMIO_IFSCTL,
3320                     b43_read16(dev, B43_MMIO_IFSCTL)
3321                     | B43_MMIO_IFSCTL_USE_EDCF);
3322         b43dbg(dev->wl, "QoS enabled\n");
3323 }
3324
3325 static int b43_op_conf_tx(struct ieee80211_hw *hw, u16 _queue,
3326                           const struct ieee80211_tx_queue_params *params)
3327 {
3328         struct b43_wl *wl = hw_to_b43_wl(hw);
3329         struct b43_wldev *dev;
3330         unsigned int queue = (unsigned int)_queue;
3331         int err = -ENODEV;
3332
3333         if (queue >= ARRAY_SIZE(wl->qos_params)) {
3334                 /* Queue not available or don't support setting
3335                  * params on this queue. Return success to not
3336                  * confuse mac80211. */
3337                 return 0;
3338         }
3339         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3340                      ARRAY_SIZE(wl->qos_params));
3341
3342         mutex_lock(&wl->mutex);
3343         dev = wl->current_dev;
3344         if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3345                 goto out_unlock;
3346
3347         memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3348         b43_mac_suspend(dev);
3349         b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3350                               b43_qos_shm_offsets[queue]);
3351         b43_mac_enable(dev);
3352         err = 0;
3353
3354 out_unlock:
3355         mutex_unlock(&wl->mutex);
3356
3357         return err;
3358 }
3359
3360 static int b43_op_get_stats(struct ieee80211_hw *hw,
3361                             struct ieee80211_low_level_stats *stats)
3362 {
3363         struct b43_wl *wl = hw_to_b43_wl(hw);
3364
3365         mutex_lock(&wl->mutex);
3366         memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3367         mutex_unlock(&wl->mutex);
3368
3369         return 0;
3370 }
3371
3372 static u64 b43_op_get_tsf(struct ieee80211_hw *hw)
3373 {
3374         struct b43_wl *wl = hw_to_b43_wl(hw);
3375         struct b43_wldev *dev;
3376         u64 tsf;
3377
3378         mutex_lock(&wl->mutex);
3379         dev = wl->current_dev;
3380
3381         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3382                 b43_tsf_read(dev, &tsf);
3383         else
3384                 tsf = 0;
3385
3386         mutex_unlock(&wl->mutex);
3387
3388         return tsf;
3389 }
3390
3391 static void b43_op_set_tsf(struct ieee80211_hw *hw, u64 tsf)
3392 {
3393         struct b43_wl *wl = hw_to_b43_wl(hw);
3394         struct b43_wldev *dev;
3395
3396         mutex_lock(&wl->mutex);
3397         dev = wl->current_dev;
3398
3399         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3400                 b43_tsf_write(dev, tsf);
3401
3402         mutex_unlock(&wl->mutex);
3403 }
3404
3405 static void b43_put_phy_into_reset(struct b43_wldev *dev)
3406 {
3407         struct ssb_device *sdev = dev->dev;
3408         u32 tmslow;
3409
3410         tmslow = ssb_read32(sdev, SSB_TMSLOW);
3411         tmslow &= ~B43_TMSLOW_GMODE;
3412         tmslow |= B43_TMSLOW_PHYRESET;
3413         tmslow |= SSB_TMSLOW_FGC;
3414         ssb_write32(sdev, SSB_TMSLOW, tmslow);
3415         msleep(1);
3416
3417         tmslow = ssb_read32(sdev, SSB_TMSLOW);
3418         tmslow &= ~SSB_TMSLOW_FGC;
3419         tmslow |= B43_TMSLOW_PHYRESET;
3420         ssb_write32(sdev, SSB_TMSLOW, tmslow);
3421         msleep(1);
3422 }
3423
3424 static const char *band_to_string(enum ieee80211_band band)
3425 {
3426         switch (band) {
3427         case IEEE80211_BAND_5GHZ:
3428                 return "5";
3429         case IEEE80211_BAND_2GHZ:
3430                 return "2.4";
3431         default:
3432                 break;
3433         }
3434         B43_WARN_ON(1);
3435         return "";
3436 }
3437
3438 /* Expects wl->mutex locked */
3439 static int b43_switch_band(struct b43_wl *wl, struct ieee80211_channel *chan)
3440 {
3441         struct b43_wldev *up_dev = NULL;
3442         struct b43_wldev *down_dev;
3443         struct b43_wldev *d;
3444         int err;
3445         bool uninitialized_var(gmode);
3446         int prev_status;
3447
3448         /* Find a device and PHY which supports the band. */
3449         list_for_each_entry(d, &wl->devlist, list) {
3450                 switch (chan->band) {
3451                 case IEEE80211_BAND_5GHZ:
3452                         if (d->phy.supports_5ghz) {
3453                                 up_dev = d;
3454                                 gmode = 0;
3455                         }
3456                         break;
3457                 case IEEE80211_BAND_2GHZ:
3458                         if (d->phy.supports_2ghz) {
3459                                 up_dev = d;
3460                                 gmode = 1;
3461                         }
3462                         break;
3463                 default:
3464                         B43_WARN_ON(1);
3465                         return -EINVAL;
3466                 }
3467                 if (up_dev)
3468                         break;
3469         }
3470         if (!up_dev) {
3471                 b43err(wl, "Could not find a device for %s-GHz band operation\n",
3472                        band_to_string(chan->band));
3473                 return -ENODEV;
3474         }
3475         if ((up_dev == wl->current_dev) &&
3476             (!!wl->current_dev->phy.gmode == !!gmode)) {
3477                 /* This device is already running. */
3478                 return 0;
3479         }
3480         b43dbg(wl, "Switching to %s-GHz band\n",
3481                band_to_string(chan->band));
3482         down_dev = wl->current_dev;
3483
3484         prev_status = b43_status(down_dev);
3485         /* Shutdown the currently running core. */
3486         if (prev_status >= B43_STAT_STARTED)
3487                 down_dev = b43_wireless_core_stop(down_dev);
3488         if (prev_status >= B43_STAT_INITIALIZED)
3489                 b43_wireless_core_exit(down_dev);
3490
3491         if (down_dev != up_dev) {
3492                 /* We switch to a different core, so we put PHY into
3493                  * RESET on the old core. */
3494                 b43_put_phy_into_reset(down_dev);
3495         }
3496
3497         /* Now start the new core. */
3498         up_dev->phy.gmode = gmode;
3499         if (prev_status >= B43_STAT_INITIALIZED) {
3500                 err = b43_wireless_core_init(up_dev);
3501                 if (err) {
3502                         b43err(wl, "Fatal: Could not initialize device for "
3503                                "selected %s-GHz band\n",
3504                                band_to_string(chan->band));
3505                         goto init_failure;
3506                 }
3507         }
3508         if (prev_status >= B43_STAT_STARTED) {
3509                 err = b43_wireless_core_start(up_dev);
3510                 if (err) {
3511                         b43err(wl, "Fatal: Coult not start device for "
3512                                "selected %s-GHz band\n",
3513                                band_to_string(chan->band));
3514                         b43_wireless_core_exit(up_dev);
3515                         goto init_failure;
3516                 }
3517         }
3518         B43_WARN_ON(b43_status(up_dev) != prev_status);
3519
3520         wl->current_dev = up_dev;
3521
3522         return 0;
3523 init_failure:
3524         /* Whoops, failed to init the new core. No core is operating now. */
3525         wl->current_dev = NULL;
3526         return err;
3527 }
3528
3529 /* Write the short and long frame retry limit values. */
3530 static void b43_set_retry_limits(struct b43_wldev *dev,
3531                                  unsigned int short_retry,
3532                                  unsigned int long_retry)
3533 {
3534         /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3535          * the chip-internal counter. */
3536         short_retry = min(short_retry, (unsigned int)0xF);
3537         long_retry = min(long_retry, (unsigned int)0xF);
3538
3539         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3540                         short_retry);
3541         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3542                         long_retry);
3543 }
3544
3545 static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3546 {
3547         struct b43_wl *wl = hw_to_b43_wl(hw);
3548         struct b43_wldev *dev;
3549         struct b43_phy *phy;
3550         struct ieee80211_conf *conf = &hw->conf;
3551         int antenna;
3552         int err = 0;
3553
3554         mutex_lock(&wl->mutex);
3555
3556         /* Switch the band (if necessary). This might change the active core. */
3557         err = b43_switch_band(wl, conf->channel);
3558         if (err)
3559                 goto out_unlock_mutex;
3560         dev = wl->current_dev;
3561         phy = &dev->phy;
3562
3563         if (conf_is_ht(conf))
3564                 phy->is_40mhz =
3565                         (conf_is_ht40_minus(conf) || conf_is_ht40_plus(conf));
3566         else
3567                 phy->is_40mhz = false;
3568
3569         b43_mac_suspend(dev);
3570
3571         if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
3572                 b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
3573                                           conf->long_frame_max_tx_count);
3574         changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
3575         if (!changed)
3576                 goto out_mac_enable;
3577
3578         /* Switch to the requested channel.
3579          * The firmware takes care of races with the TX handler. */
3580         if (conf->channel->hw_value != phy->channel)
3581                 b43_switch_channel(dev, conf->channel->hw_value);
3582
3583         dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_MONITOR);
3584
3585         /* Adjust the desired TX power level. */
3586         if (conf->power_level != 0) {
3587                 if (conf->power_level != phy->desired_txpower) {
3588                         phy->desired_txpower = conf->power_level;
3589                         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
3590                                                    B43_TXPWR_IGNORE_TSSI);
3591                 }
3592         }
3593
3594         /* Antennas for RX and management frame TX. */
3595         antenna = B43_ANTENNA_DEFAULT;
3596         b43_mgmtframe_txantenna(dev, antenna);
3597         antenna = B43_ANTENNA_DEFAULT;
3598         if (phy->ops->set_rx_antenna)
3599                 phy->ops->set_rx_antenna(dev, antenna);
3600
3601         if (wl->radio_enabled != phy->radio_on) {
3602                 if (wl->radio_enabled) {
3603                         b43_software_rfkill(dev, false);
3604                         b43info(dev->wl, "Radio turned on by software\n");
3605                         if (!dev->radio_hw_enable) {
3606                                 b43info(dev->wl, "The hardware RF-kill button "
3607                                         "still turns the radio physically off. "
3608                                         "Press the button to turn it on.\n");
3609                         }
3610                 } else {
3611                         b43_software_rfkill(dev, true);
3612                         b43info(dev->wl, "Radio turned off by software\n");
3613                 }
3614         }
3615
3616 out_mac_enable:
3617         b43_mac_enable(dev);
3618 out_unlock_mutex:
3619         mutex_unlock(&wl->mutex);
3620
3621         return err;
3622 }
3623
3624 static void b43_update_basic_rates(struct b43_wldev *dev, u32 brates)
3625 {
3626         struct ieee80211_supported_band *sband =
3627                 dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
3628         struct ieee80211_rate *rate;
3629         int i;
3630         u16 basic, direct, offset, basic_offset, rateptr;
3631
3632         for (i = 0; i < sband->n_bitrates; i++) {
3633                 rate = &sband->bitrates[i];
3634
3635                 if (b43_is_cck_rate(rate->hw_value)) {
3636                         direct = B43_SHM_SH_CCKDIRECT;
3637                         basic = B43_SHM_SH_CCKBASIC;
3638                         offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3639                         offset &= 0xF;
3640                 } else {
3641                         direct = B43_SHM_SH_OFDMDIRECT;
3642                         basic = B43_SHM_SH_OFDMBASIC;
3643                         offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3644                         offset &= 0xF;
3645                 }
3646
3647                 rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
3648
3649                 if (b43_is_cck_rate(rate->hw_value)) {
3650                         basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3651                         basic_offset &= 0xF;
3652                 } else {
3653                         basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3654                         basic_offset &= 0xF;
3655                 }
3656
3657                 /*
3658                  * Get the pointer that we need to point to
3659                  * from the direct map
3660                  */
3661                 rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
3662                                          direct + 2 * basic_offset);
3663                 /* and write it to the basic map */
3664                 b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
3665                                 rateptr);
3666         }
3667 }
3668
3669 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
3670                                     struct ieee80211_vif *vif,
3671                                     struct ieee80211_bss_conf *conf,
3672                                     u32 changed)
3673 {
3674         struct b43_wl *wl = hw_to_b43_wl(hw);
3675         struct b43_wldev *dev;
3676
3677         mutex_lock(&wl->mutex);
3678
3679         dev = wl->current_dev;
3680         if (!dev || b43_status(dev) < B43_STAT_STARTED)
3681                 goto out_unlock_mutex;
3682
3683         B43_WARN_ON(wl->vif != vif);
3684
3685         if (changed & BSS_CHANGED_BSSID) {
3686                 if (conf->bssid)
3687                         memcpy(wl->bssid, conf->bssid, ETH_ALEN);
3688                 else
3689                         memset(wl->bssid, 0, ETH_ALEN);
3690         }
3691
3692         if (b43_status(dev) >= B43_STAT_INITIALIZED) {
3693                 if (changed & BSS_CHANGED_BEACON &&
3694                     (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3695                      b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
3696                      b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
3697                         b43_update_templates(wl);
3698
3699                 if (changed & BSS_CHANGED_BSSID)
3700                         b43_write_mac_bssid_templates(dev);
3701         }
3702
3703         b43_mac_suspend(dev);
3704
3705         /* Update templates for AP/mesh mode. */
3706         if (changed & BSS_CHANGED_BEACON_INT &&
3707             (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3708              b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
3709              b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
3710                 b43_set_beacon_int(dev, conf->beacon_int);
3711
3712         if (changed & BSS_CHANGED_BASIC_RATES)
3713                 b43_update_basic_rates(dev, conf->basic_rates);
3714
3715         if (changed & BSS_CHANGED_ERP_SLOT) {
3716                 if (conf->use_short_slot)
3717                         b43_short_slot_timing_enable(dev);
3718                 else
3719                         b43_short_slot_timing_disable(dev);
3720         }
3721
3722         b43_mac_enable(dev);
3723 out_unlock_mutex:
3724         mutex_unlock(&wl->mutex);
3725 }
3726
3727 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
3728                           struct ieee80211_vif *vif, struct ieee80211_sta *sta,
3729                           struct ieee80211_key_conf *key)
3730 {
3731         struct b43_wl *wl = hw_to_b43_wl(hw);
3732         struct b43_wldev *dev;
3733         u8 algorithm;
3734         u8 index;
3735         int err;
3736         static const u8 bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
3737
3738         if (modparam_nohwcrypt)
3739                 return -ENOSPC; /* User disabled HW-crypto */
3740
3741         mutex_lock(&wl->mutex);
3742
3743         dev = wl->current_dev;
3744         err = -ENODEV;
3745         if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
3746                 goto out_unlock;
3747
3748         if (dev->fw.pcm_request_failed || !dev->hwcrypto_enabled) {
3749                 /* We don't have firmware for the crypto engine.
3750                  * Must use software-crypto. */
3751                 err = -EOPNOTSUPP;
3752                 goto out_unlock;
3753         }
3754
3755         err = -EINVAL;
3756         switch (key->alg) {
3757         case ALG_WEP:
3758                 if (key->keylen == WLAN_KEY_LEN_WEP40)
3759                         algorithm = B43_SEC_ALGO_WEP40;
3760                 else
3761                         algorithm = B43_SEC_ALGO_WEP104;
3762                 break;
3763         case ALG_TKIP:
3764                 algorithm = B43_SEC_ALGO_TKIP;
3765                 break;
3766         case ALG_CCMP:
3767                 algorithm = B43_SEC_ALGO_AES;
3768                 break;
3769         default:
3770                 B43_WARN_ON(1);
3771                 goto out_unlock;
3772         }
3773         index = (u8) (key->keyidx);
3774         if (index > 3)
3775                 goto out_unlock;
3776
3777         switch (cmd) {
3778         case SET_KEY:
3779                 if (algorithm == B43_SEC_ALGO_TKIP &&
3780                     (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE) ||
3781                     !modparam_hwtkip)) {
3782                         /* We support only pairwise key */
3783                         err = -EOPNOTSUPP;
3784                         goto out_unlock;
3785                 }
3786
3787                 if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
3788                         if (WARN_ON(!sta)) {
3789                                 err = -EOPNOTSUPP;
3790                                 goto out_unlock;
3791                         }
3792                         /* Pairwise key with an assigned MAC address. */
3793                         err = b43_key_write(dev, -1, algorithm,
3794                                             key->key, key->keylen,
3795                                             sta->addr, key);
3796                 } else {
3797                         /* Group key */
3798                         err = b43_key_write(dev, index, algorithm,
3799                                             key->key, key->keylen, NULL, key);
3800                 }
3801                 if (err)
3802                         goto out_unlock;
3803
3804                 if (algorithm == B43_SEC_ALGO_WEP40 ||
3805                     algorithm == B43_SEC_ALGO_WEP104) {
3806                         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
3807                 } else {
3808                         b43_hf_write(dev,
3809                                      b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
3810                 }
3811                 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
3812                 if (algorithm == B43_SEC_ALGO_TKIP)
3813                         key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
3814                 break;
3815         case DISABLE_KEY: {
3816                 err = b43_key_clear(dev, key->hw_key_idx);
3817                 if (err)
3818                         goto out_unlock;
3819                 break;
3820         }
3821         default:
3822                 B43_WARN_ON(1);
3823         }
3824
3825 out_unlock:
3826         if (!err) {
3827                 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
3828                        "mac: %pM\n",
3829                        cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
3830                        sta ? sta->addr : bcast_addr);
3831                 b43_dump_keymemory(dev);
3832         }
3833         mutex_unlock(&wl->mutex);
3834
3835         return err;
3836 }
3837
3838 static void b43_op_configure_filter(struct ieee80211_hw *hw,
3839                                     unsigned int changed, unsigned int *fflags,
3840                                     u64 multicast)
3841 {
3842         struct b43_wl *wl = hw_to_b43_wl(hw);
3843         struct b43_wldev *dev;
3844
3845         mutex_lock(&wl->mutex);
3846         dev = wl->current_dev;
3847         if (!dev) {
3848                 *fflags = 0;
3849                 goto out_unlock;
3850         }
3851
3852         *fflags &= FIF_PROMISC_IN_BSS |
3853                   FIF_ALLMULTI |
3854                   FIF_FCSFAIL |
3855                   FIF_PLCPFAIL |
3856                   FIF_CONTROL |
3857                   FIF_OTHER_BSS |
3858                   FIF_BCN_PRBRESP_PROMISC;
3859
3860         changed &= FIF_PROMISC_IN_BSS |
3861                    FIF_ALLMULTI |
3862                    FIF_FCSFAIL |
3863                    FIF_PLCPFAIL |
3864                    FIF_CONTROL |
3865                    FIF_OTHER_BSS |
3866                    FIF_BCN_PRBRESP_PROMISC;
3867
3868         wl->filter_flags = *fflags;
3869
3870         if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
3871                 b43_adjust_opmode(dev);
3872
3873 out_unlock:
3874         mutex_unlock(&wl->mutex);
3875 }
3876
3877 /* Locking: wl->mutex
3878  * Returns the current dev. This might be different from the passed in dev,
3879  * because the core might be gone away while we unlocked the mutex. */
3880 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev)
3881 {
3882         struct b43_wl *wl = dev->wl;
3883         struct b43_wldev *orig_dev;
3884         u32 mask;
3885
3886 redo:
3887         if (!dev || b43_status(dev) < B43_STAT_STARTED)
3888                 return dev;
3889
3890         /* Cancel work. Unlock to avoid deadlocks. */
3891         mutex_unlock(&wl->mutex);
3892         cancel_delayed_work_sync(&dev->periodic_work);
3893         cancel_work_sync(&wl->tx_work);
3894         mutex_lock(&wl->mutex);
3895         dev = wl->current_dev;
3896         if (!dev || b43_status(dev) < B43_STAT_STARTED) {
3897                 /* Whoops, aliens ate up the device while we were unlocked. */
3898                 return dev;
3899         }
3900
3901         /* Disable interrupts on the device. */
3902         b43_set_status(dev, B43_STAT_INITIALIZED);
3903         if (dev->dev->bus->bustype == SSB_BUSTYPE_SDIO) {
3904                 /* wl->mutex is locked. That is enough. */
3905                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
3906                 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
3907         } else {
3908                 spin_lock_irq(&wl->hardirq_lock);
3909                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
3910                 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
3911                 spin_unlock_irq(&wl->hardirq_lock);
3912         }
3913         /* Synchronize and free the interrupt handlers. Unlock to avoid deadlocks. */
3914         orig_dev = dev;
3915         mutex_unlock(&wl->mutex);
3916         if (dev->dev->bus->bustype == SSB_BUSTYPE_SDIO) {
3917                 b43_sdio_free_irq(dev);
3918         } else {
3919                 synchronize_irq(dev->dev->irq);
3920                 free_irq(dev->dev->irq, dev);
3921         }
3922         mutex_lock(&wl->mutex);
3923         dev = wl->current_dev;
3924         if (!dev)
3925                 return dev;
3926         if (dev != orig_dev) {
3927                 if (b43_status(dev) >= B43_STAT_STARTED)
3928                         goto redo;
3929                 return dev;
3930         }
3931         mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
3932         B43_WARN_ON(mask != 0xFFFFFFFF && mask);
3933
3934         /* Drain the TX queue */
3935         while (skb_queue_len(&wl->tx_queue))
3936                 dev_kfree_skb(skb_dequeue(&wl->tx_queue));
3937
3938         b43_mac_suspend(dev);
3939         b43_leds_exit(dev);
3940         b43dbg(wl, "Wireless interface stopped\n");
3941
3942         return dev;
3943 }
3944
3945 /* Locking: wl->mutex */
3946 static int b43_wireless_core_start(struct b43_wldev *dev)
3947 {
3948         int err;
3949
3950         B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
3951
3952         drain_txstatus_queue(dev);
3953         if (dev->dev->bus->bustype == SSB_BUSTYPE_SDIO) {
3954                 err = b43_sdio_request_irq(dev, b43_sdio_interrupt_handler);
3955                 if (err) {
3956                         b43err(dev->wl, "Cannot request SDIO IRQ\n");
3957                         goto out;
3958                 }
3959         } else {
3960                 err = request_threaded_irq(dev->dev->irq, b43_interrupt_handler,
3961                                            b43_interrupt_thread_handler,
3962                                            IRQF_SHARED, KBUILD_MODNAME, dev);
3963                 if (err) {
3964                         b43err(dev->wl, "Cannot request IRQ-%d\n", dev->dev->irq);
3965                         goto out;
3966                 }
3967         }
3968
3969         /* We are ready to run. */
3970         ieee80211_wake_queues(dev->wl->hw);
3971         b43_set_status(dev, B43_STAT_STARTED);
3972
3973         /* Start data flow (TX/RX). */
3974         b43_mac_enable(dev);
3975         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
3976
3977         /* Start maintainance work */
3978         b43_periodic_tasks_setup(dev);
3979
3980         b43_leds_init(dev);
3981
3982         b43dbg(dev->wl, "Wireless interface started\n");
3983 out:
3984         return err;
3985 }
3986
3987 /* Get PHY and RADIO versioning numbers */
3988 static int b43_phy_versioning(struct b43_wldev *dev)
3989 {
3990         struct b43_phy *phy = &dev->phy;
3991         u32 tmp;
3992         u8 analog_type;
3993         u8 phy_type;
3994         u8 phy_rev;
3995         u16 radio_manuf;
3996         u16 radio_ver;
3997         u16 radio_rev;
3998         int unsupported = 0;
3999
4000         /* Get PHY versioning */
4001         tmp = b43_read16(dev, B43_MMIO_PHY_VER);
4002         analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
4003         phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
4004         phy_rev = (tmp & B43_PHYVER_VERSION);
4005         switch (phy_type) {
4006         case B43_PHYTYPE_A:
4007                 if (phy_rev >= 4)
4008                         unsupported = 1;
4009                 break;
4010         case B43_PHYTYPE_B:
4011                 if (phy_rev != 2 && phy_rev != 4 && phy_rev != 6
4012                     && phy_rev != 7)
4013                         unsupported = 1;
4014                 break;
4015         case B43_PHYTYPE_G:
4016                 if (phy_rev > 9)
4017                         unsupported = 1;
4018                 break;
4019 #ifdef CONFIG_B43_NPHY
4020         case B43_PHYTYPE_N:
4021                 if (phy_rev > 4)
4022                         unsupported = 1;
4023                 break;
4024 #endif
4025 #ifdef CONFIG_B43_PHY_LP
4026         case B43_PHYTYPE_LP:
4027                 if (phy_rev > 2)
4028                         unsupported = 1;
4029                 break;
4030 #endif
4031         default:
4032                 unsupported = 1;
4033         };
4034         if (unsupported) {
4035                 b43err(dev->wl, "FOUND UNSUPPORTED PHY "
4036                        "(Analog %u, Type %u, Revision %u)\n",
4037                        analog_type, phy_type, phy_rev);
4038                 return -EOPNOTSUPP;
4039         }
4040         b43dbg(dev->wl, "Found PHY: Analog %u, Type %u, Revision %u\n",
4041                analog_type, phy_type, phy_rev);
4042
4043         /* Get RADIO versioning */
4044         if (dev->dev->bus->chip_id == 0x4317) {
4045                 if (dev->dev->bus->chip_rev == 0)
4046                         tmp = 0x3205017F;
4047                 else if (dev->dev->bus->chip_rev == 1)
4048                         tmp = 0x4205017F;
4049                 else
4050                         tmp = 0x5205017F;
4051         } else {
4052                 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
4053                 tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
4054                 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
4055                 tmp |= (u32)b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH) << 16;
4056         }
4057         radio_manuf = (tmp & 0x00000FFF);
4058         radio_ver = (tmp & 0x0FFFF000) >> 12;
4059         radio_rev = (tmp & 0xF0000000) >> 28;
4060         if (radio_manuf != 0x17F /* Broadcom */)
4061                 unsupported = 1;
4062         switch (phy_type) {
4063         case B43_PHYTYPE_A:
4064                 if (radio_ver != 0x2060)
4065                         unsupported = 1;
4066                 if (radio_rev != 1)
4067                         unsupported = 1;
4068                 if (radio_manuf != 0x17F)
4069                         unsupported = 1;
4070                 break;
4071         case B43_PHYTYPE_B:
4072                 if ((radio_ver & 0xFFF0) != 0x2050)
4073                         unsupported = 1;
4074                 break;
4075         case B43_PHYTYPE_G:
4076                 if (radio_ver != 0x2050)
4077                         unsupported = 1;
4078                 break;
4079         case B43_PHYTYPE_N:
4080                 if (radio_ver != 0x2055 && radio_ver != 0x2056)
4081                         unsupported = 1;
4082                 break;
4083         case B43_PHYTYPE_LP:
4084                 if (radio_ver != 0x2062 && radio_ver != 0x2063)
4085                         unsupported = 1;
4086                 break;
4087         default:
4088                 B43_WARN_ON(1);
4089         }
4090         if (unsupported) {
4091                 b43err(dev->wl, "FOUND UNSUPPORTED RADIO "
4092                        "(Manuf 0x%X, Version 0x%X, Revision %u)\n",
4093                        radio_manuf, radio_ver, radio_rev);
4094                 return -EOPNOTSUPP;
4095         }
4096         b43dbg(dev->wl, "Found Radio: Manuf 0x%X, Version 0x%X, Revision %u\n",
4097                radio_manuf, radio_ver, radio_rev);
4098
4099         phy->radio_manuf = radio_manuf;
4100         phy->radio_ver = radio_ver;
4101         phy->radio_rev = radio_rev;
4102
4103         phy->analog = analog_type;
4104         phy->type = phy_type;
4105         phy->rev = phy_rev;
4106
4107         return 0;
4108 }
4109
4110 static void setup_struct_phy_for_init(struct b43_wldev *dev,
4111                                       struct b43_phy *phy)
4112 {
4113         phy->hardware_power_control = !!modparam_hwpctl;
4114         phy->next_txpwr_check_time = jiffies;
4115         /* PHY TX errors counter. */
4116         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
4117
4118 #if B43_DEBUG
4119         phy->phy_locked = 0;
4120         phy->radio_locked = 0;
4121 #endif
4122 }
4123
4124 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
4125 {
4126         dev->dfq_valid = 0;
4127
4128         /* Assume the radio is enabled. If it's not enabled, the state will
4129          * immediately get fixed on the first periodic work run. */
4130         dev->radio_hw_enable = 1;
4131
4132         /* Stats */
4133         memset(&dev->stats, 0, sizeof(dev->stats));
4134
4135         setup_struct_phy_for_init(dev, &dev->phy);
4136
4137         /* IRQ related flags */
4138         dev->irq_reason = 0;
4139         memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
4140         dev->irq_mask = B43_IRQ_MASKTEMPLATE;
4141         if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
4142                 dev->irq_mask &= ~B43_IRQ_PHY_TXERR;
4143
4144         dev->mac_suspended = 1;
4145
4146         /* Noise calculation context */
4147         memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
4148 }
4149
4150 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
4151 {
4152         struct ssb_sprom *sprom = &dev->dev->bus->sprom;
4153         u64 hf;
4154
4155         if (!modparam_btcoex)
4156                 return;
4157         if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
4158                 return;
4159         if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
4160                 return;
4161
4162         hf = b43_hf_read(dev);
4163         if (sprom->boardflags_lo & B43_BFL_BTCMOD)
4164                 hf |= B43_HF_BTCOEXALT;
4165         else
4166                 hf |= B43_HF_BTCOEX;
4167         b43_hf_write(dev, hf);
4168 }
4169
4170 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
4171 {
4172         if (!modparam_btcoex)
4173                 return;
4174         //TODO
4175 }
4176
4177 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
4178 {
4179 #ifdef CONFIG_SSB_DRIVER_PCICORE
4180         struct ssb_bus *bus = dev->dev->bus;
4181         u32 tmp;
4182
4183         if (bus->pcicore.dev &&
4184             bus->pcicore.dev->id.coreid == SSB_DEV_PCI &&
4185             bus->pcicore.dev->id.revision <= 5) {
4186                 /* IMCFGLO timeouts workaround. */
4187                 tmp = ssb_read32(dev->dev, SSB_IMCFGLO);
4188                 switch (bus->bustype) {
4189                 case SSB_BUSTYPE_PCI:
4190                 case SSB_BUSTYPE_PCMCIA:
4191                         tmp &= ~SSB_IMCFGLO_REQTO;
4192                         tmp &= ~SSB_IMCFGLO_SERTO;
4193                         tmp |= 0x32;
4194                         break;
4195                 case SSB_BUSTYPE_SSB:
4196                         tmp &= ~SSB_IMCFGLO_REQTO;
4197                         tmp &= ~SSB_IMCFGLO_SERTO;
4198                         tmp |= 0x53;
4199                         break;
4200                 default:
4201                         break;
4202                 }
4203                 ssb_write32(dev->dev, SSB_IMCFGLO, tmp);
4204         }
4205 #endif /* CONFIG_SSB_DRIVER_PCICORE */
4206 }
4207
4208 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
4209 {
4210         u16 pu_delay;
4211
4212         /* The time value is in microseconds. */
4213         if (dev->phy.type == B43_PHYTYPE_A)
4214                 pu_delay = 3700;
4215         else
4216                 pu_delay = 1050;
4217         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
4218                 pu_delay = 500;
4219         if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
4220                 pu_delay = max(pu_delay, (u16)2400);
4221
4222         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
4223 }
4224
4225 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
4226 static void b43_set_pretbtt(struct b43_wldev *dev)
4227 {
4228         u16 pretbtt;
4229
4230         /* The time value is in microseconds. */
4231         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC)) {
4232                 pretbtt = 2;
4233         } else {
4234                 if (dev->phy.type == B43_PHYTYPE_A)
4235                         pretbtt = 120;
4236                 else
4237                         pretbtt = 250;
4238         }
4239         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
4240         b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
4241 }
4242
4243 /* Shutdown a wireless core */
4244 /* Locking: wl->mutex */
4245 static void b43_wireless_core_exit(struct b43_wldev *dev)
4246 {
4247         u32 macctl;
4248
4249         B43_WARN_ON(dev && b43_status(dev) > B43_STAT_INITIALIZED);
4250         if (!dev || b43_status(dev) != B43_STAT_INITIALIZED)
4251                 return;
4252         b43_set_status(dev, B43_STAT_UNINIT);
4253
4254         /* Stop the microcode PSM. */
4255         macctl = b43_read32(dev, B43_MMIO_MACCTL);
4256         macctl &= ~B43_MACCTL_PSM_RUN;
4257         macctl |= B43_MACCTL_PSM_JMP0;
4258         b43_write32(dev, B43_MMIO_MACCTL, macctl);
4259
4260         b43_dma_free(dev);
4261         b43_pio_free(dev);
4262         b43_chip_exit(dev);
4263         dev->phy.ops->switch_analog(dev, 0);
4264         if (dev->wl->current_beacon) {
4265                 dev_kfree_skb_any(dev->wl->current_beacon);
4266                 dev->wl->current_beacon = NULL;
4267         }
4268
4269         ssb_device_disable(dev->dev, 0);
4270         ssb_bus_may_powerdown(dev->dev->bus);
4271 }
4272
4273 /* Initialize a wireless core */
4274 static int b43_wireless_core_init(struct b43_wldev *dev)
4275 {
4276         struct ssb_bus *bus = dev->dev->bus;
4277         struct ssb_sprom *sprom = &bus->sprom;
4278         struct b43_phy *phy = &dev->phy;
4279         int err;
4280         u64 hf;
4281         u32 tmp;
4282
4283         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4284
4285         err = ssb_bus_powerup(bus, 0);
4286         if (err)
4287                 goto out;
4288         if (!ssb_device_is_enabled(dev->dev)) {
4289                 tmp = phy->gmode ? B43_TMSLOW_GMODE : 0;
4290                 b43_wireless_core_reset(dev, tmp);
4291         }
4292
4293         /* Reset all data structures. */
4294         setup_struct_wldev_for_init(dev);
4295         phy->ops->prepare_structs(dev);
4296
4297         /* Enable IRQ routing to this device. */
4298         ssb_pcicore_dev_irqvecs_enable(&bus->pcicore, dev->dev);
4299
4300         b43_imcfglo_timeouts_workaround(dev);
4301         b43_bluetooth_coext_disable(dev);
4302         if (phy->ops->prepare_hardware) {
4303                 err = phy->ops->prepare_hardware(dev);
4304                 if (err)
4305                         goto err_busdown;
4306         }
4307         err = b43_chip_init(dev);
4308         if (err)
4309                 goto err_busdown;
4310         b43_shm_write16(dev, B43_SHM_SHARED,
4311                         B43_SHM_SH_WLCOREREV, dev->dev->id.revision);
4312         hf = b43_hf_read(dev);
4313         if (phy->type == B43_PHYTYPE_G) {
4314                 hf |= B43_HF_SYMW;
4315                 if (phy->rev == 1)
4316                         hf |= B43_HF_GDCW;
4317                 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4318                         hf |= B43_HF_OFDMPABOOST;
4319         }
4320         if (phy->radio_ver == 0x2050) {
4321                 if (phy->radio_rev == 6)
4322                         hf |= B43_HF_4318TSSI;
4323                 if (phy->radio_rev < 6)
4324                         hf |= B43_HF_VCORECALC;
4325         }
4326         if (sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW)
4327                 hf |= B43_HF_DSCRQ; /* Disable slowclock requests from ucode. */
4328 #ifdef CONFIG_SSB_DRIVER_PCICORE
4329         if ((bus->bustype == SSB_BUSTYPE_PCI) &&
4330             (bus->pcicore.dev->id.revision <= 10))
4331                 hf |= B43_HF_PCISCW; /* PCI slow clock workaround. */
4332 #endif
4333         hf &= ~B43_HF_SKCFPUP;
4334         b43_hf_write(dev, hf);
4335
4336         b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4337                              B43_DEFAULT_LONG_RETRY_LIMIT);
4338         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4339         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4340
4341         /* Disable sending probe responses from firmware.
4342          * Setting the MaxTime to one usec will always trigger
4343          * a timeout, so we never send any probe resp.
4344          * A timeout of zero is infinite. */
4345         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4346
4347         b43_rate_memory_init(dev);
4348         b43_set_phytxctl_defaults(dev);
4349
4350         /* Minimum Contention Window */
4351         if (phy->type == B43_PHYTYPE_B) {
4352                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4353         } else {
4354                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4355         }
4356         /* Maximum Contention Window */
4357         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4358
4359         if ((dev->dev->bus->bustype == SSB_BUSTYPE_PCMCIA) ||
4360             (dev->dev->bus->bustype == SSB_BUSTYPE_SDIO) ||
4361             dev->use_pio) {
4362                 dev->__using_pio_transfers = 1;
4363                 err = b43_pio_init(dev);
4364         } else {
4365                 dev->__using_pio_transfers = 0;
4366                 err = b43_dma_init(dev);
4367         }
4368         if (err)
4369                 goto err_chip_exit;
4370         b43_qos_init(dev);
4371         b43_set_synth_pu_delay(dev, 1);
4372         b43_bluetooth_coext_enable(dev);
4373
4374         ssb_bus_powerup(bus, !(sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW));
4375         b43_upload_card_macaddress(dev);
4376         b43_security_init(dev);
4377
4378         ieee80211_wake_queues(dev->wl->hw);
4379
4380         b43_set_status(dev, B43_STAT_INITIALIZED);
4381
4382 out:
4383         return err;
4384
4385 err_chip_exit:
4386         b43_chip_exit(dev);
4387 err_busdown:
4388         ssb_bus_may_powerdown(bus);
4389         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4390         return err;
4391 }
4392
4393 static int b43_op_add_interface(struct ieee80211_hw *hw,
4394                                 struct ieee80211_vif *vif)
4395 {
4396         struct b43_wl *wl = hw_to_b43_wl(hw);
4397         struct b43_wldev *dev;
4398         int err = -EOPNOTSUPP;
4399
4400         /* TODO: allow WDS/AP devices to coexist */
4401
4402         if (vif->type != NL80211_IFTYPE_AP &&
4403             vif->type != NL80211_IFTYPE_MESH_POINT &&
4404             vif->type != NL80211_IFTYPE_STATION &&
4405             vif->type != NL80211_IFTYPE_WDS &&
4406             vif->type != NL80211_IFTYPE_ADHOC)
4407                 return -EOPNOTSUPP;
4408
4409         mutex_lock(&wl->mutex);
4410         if (wl->operating)
4411                 goto out_mutex_unlock;
4412
4413         b43dbg(wl, "Adding Interface type %d\n", vif->type);
4414
4415         dev = wl->current_dev;
4416         wl->operating = 1;
4417         wl->vif = vif;
4418         wl->if_type = vif->type;
4419         memcpy(wl->mac_addr, vif->addr, ETH_ALEN);
4420
4421         b43_adjust_opmode(dev);
4422         b43_set_pretbtt(dev);
4423         b43_set_synth_pu_delay(dev, 0);
4424         b43_upload_card_macaddress(dev);
4425
4426         err = 0;
4427  out_mutex_unlock:
4428         mutex_unlock(&wl->mutex);
4429
4430         return err;
4431 }
4432
4433 static void b43_op_remove_interface(struct ieee80211_hw *hw,
4434                                     struct ieee80211_vif *vif)
4435 {
4436         struct b43_wl *wl = hw_to_b43_wl(hw);
4437         struct b43_wldev *dev = wl->current_dev;
4438
4439         b43dbg(wl, "Removing Interface type %d\n", vif->type);
4440
4441         mutex_lock(&wl->mutex);
4442
4443         B43_WARN_ON(!wl->operating);
4444         B43_WARN_ON(wl->vif != vif);
4445         wl->vif = NULL;
4446
4447         wl->operating = 0;
4448
4449         b43_adjust_opmode(dev);
4450         memset(wl->mac_addr, 0, ETH_ALEN);
4451         b43_upload_card_macaddress(dev);
4452
4453         mutex_unlock(&wl->mutex);
4454 }
4455
4456 static int b43_op_start(struct ieee80211_hw *hw)
4457 {
4458         struct b43_wl *wl = hw_to_b43_wl(hw);
4459         struct b43_wldev *dev = wl->current_dev;
4460         int did_init = 0;
4461         int err = 0;
4462
4463         /* Kill all old instance specific information to make sure
4464          * the card won't use it in the short timeframe between start
4465          * and mac80211 reconfiguring it. */
4466         memset(wl->bssid, 0, ETH_ALEN);
4467         memset(wl->mac_addr, 0, ETH_ALEN);
4468         wl->filter_flags = 0;
4469         wl->radiotap_enabled = 0;
4470         b43_qos_clear(wl);
4471         wl->beacon0_uploaded = 0;
4472         wl->beacon1_uploaded = 0;
4473         wl->beacon_templates_virgin = 1;
4474         wl->radio_enabled = 1;
4475
4476         mutex_lock(&wl->mutex);
4477
4478         if (b43_status(dev) < B43_STAT_INITIALIZED) {
4479                 err = b43_wireless_core_init(dev);
4480                 if (err)
4481                         goto out_mutex_unlock;
4482                 did_init = 1;
4483         }
4484
4485         if (b43_status(dev) < B43_STAT_STARTED) {
4486                 err = b43_wireless_core_start(dev);
4487                 if (err) {
4488                         if (did_init)
4489                                 b43_wireless_core_exit(dev);
4490                         goto out_mutex_unlock;
4491                 }
4492         }
4493
4494         /* XXX: only do if device doesn't support rfkill irq */
4495         wiphy_rfkill_start_polling(hw->wiphy);
4496
4497  out_mutex_unlock:
4498         mutex_unlock(&wl->mutex);
4499
4500         return err;
4501 }
4502
4503 static void b43_op_stop(struct ieee80211_hw *hw)
4504 {
4505         struct b43_wl *wl = hw_to_b43_wl(hw);
4506         struct b43_wldev *dev = wl->current_dev;
4507
4508         cancel_work_sync(&(wl->beacon_update_trigger));
4509
4510         mutex_lock(&wl->mutex);
4511         if (b43_status(dev) >= B43_STAT_STARTED) {
4512                 dev = b43_wireless_core_stop(dev);
4513                 if (!dev)
4514                         goto out_unlock;
4515         }
4516         b43_wireless_core_exit(dev);
4517         wl->radio_enabled = 0;
4518
4519 out_unlock:
4520         mutex_unlock(&wl->mutex);
4521
4522         cancel_work_sync(&(wl->txpower_adjust_work));
4523 }
4524
4525 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
4526                                  struct ieee80211_sta *sta, bool set)
4527 {
4528         struct b43_wl *wl = hw_to_b43_wl(hw);
4529
4530         /* FIXME: add locking */
4531         b43_update_templates(wl);
4532
4533         return 0;
4534 }
4535
4536 static void b43_op_sta_notify(struct ieee80211_hw *hw,
4537                               struct ieee80211_vif *vif,
4538                               enum sta_notify_cmd notify_cmd,
4539                               struct ieee80211_sta *sta)
4540 {
4541         struct b43_wl *wl = hw_to_b43_wl(hw);
4542
4543         B43_WARN_ON(!vif || wl->vif != vif);
4544 }
4545
4546 static void b43_op_sw_scan_start_notifier(struct ieee80211_hw *hw)
4547 {
4548         struct b43_wl *wl = hw_to_b43_wl(hw);
4549         struct b43_wldev *dev;
4550
4551         mutex_lock(&wl->mutex);
4552         dev = wl->current_dev;
4553         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4554                 /* Disable CFP update during scan on other channels. */
4555                 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_SKCFPUP);
4556         }
4557         mutex_unlock(&wl->mutex);
4558 }
4559
4560 static void b43_op_sw_scan_complete_notifier(struct ieee80211_hw *hw)
4561 {
4562         struct b43_wl *wl = hw_to_b43_wl(hw);
4563         struct b43_wldev *dev;
4564
4565         mutex_lock(&wl->mutex);
4566         dev = wl->current_dev;
4567         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4568                 /* Re-enable CFP update. */
4569                 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_SKCFPUP);
4570         }
4571         mutex_unlock(&wl->mutex);
4572 }
4573
4574 static const struct ieee80211_ops b43_hw_ops = {
4575         .tx                     = b43_op_tx,
4576         .conf_tx                = b43_op_conf_tx,
4577         .add_interface          = b43_op_add_interface,
4578         .remove_interface       = b43_op_remove_interface,
4579         .config                 = b43_op_config,
4580         .bss_info_changed       = b43_op_bss_info_changed,
4581         .configure_filter       = b43_op_configure_filter,
4582         .set_key                = b43_op_set_key,
4583         .update_tkip_key        = b43_op_update_tkip_key,
4584         .get_stats              = b43_op_get_stats,
4585         .get_tsf                = b43_op_get_tsf,
4586         .set_tsf                = b43_op_set_tsf,
4587         .start                  = b43_op_start,
4588         .stop                   = b43_op_stop,
4589         .set_tim                = b43_op_beacon_set_tim,
4590         .sta_notify             = b43_op_sta_notify,
4591         .sw_scan_start          = b43_op_sw_scan_start_notifier,
4592         .sw_scan_complete       = b43_op_sw_scan_complete_notifier,
4593         .rfkill_poll            = b43_rfkill_poll,
4594 };
4595
4596 /* Hard-reset the chip. Do not call this directly.
4597  * Use b43_controller_restart()
4598  */
4599 static void b43_chip_reset(struct work_struct *work)
4600 {
4601         struct b43_wldev *dev =
4602             container_of(work, struct b43_wldev, restart_work);
4603         struct b43_wl *wl = dev->wl;
4604         int err = 0;
4605         int prev_status;
4606
4607         mutex_lock(&wl->mutex);
4608
4609         prev_status = b43_status(dev);
4610         /* Bring the device down... */
4611         if (prev_status >= B43_STAT_STARTED) {
4612                 dev = b43_wireless_core_stop(dev);
4613                 if (!dev) {
4614                         err = -ENODEV;
4615                         goto out;
4616                 }
4617         }
4618         if (prev_status >= B43_STAT_INITIALIZED)
4619                 b43_wireless_core_exit(dev);
4620
4621         /* ...and up again. */
4622         if (prev_status >= B43_STAT_INITIALIZED) {
4623                 err = b43_wireless_core_init(dev);
4624                 if (err)
4625                         goto out;
4626         }
4627         if (prev_status >= B43_STAT_STARTED) {
4628                 err = b43_wireless_core_start(dev);
4629                 if (err) {
4630                         b43_wireless_core_exit(dev);
4631                         goto out;
4632                 }
4633         }
4634 out:
4635         if (err)
4636                 wl->current_dev = NULL; /* Failed to init the dev. */
4637         mutex_unlock(&wl->mutex);
4638         if (err)
4639                 b43err(wl, "Controller restart FAILED\n");
4640         else
4641                 b43info(wl, "Controller restarted\n");
4642 }
4643
4644 static int b43_setup_bands(struct b43_wldev *dev,
4645                            bool have_2ghz_phy, bool have_5ghz_phy)
4646 {
4647         struct ieee80211_hw *hw = dev->wl->hw;
4648
4649         if (have_2ghz_phy)
4650                 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &b43_band_2GHz;
4651         if (dev->phy.type == B43_PHYTYPE_N) {
4652                 if (have_5ghz_phy)
4653                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_nphy;
4654         } else {
4655                 if (have_5ghz_phy)
4656                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
4657         }
4658
4659         dev->phy.supports_2ghz = have_2ghz_phy;
4660         dev->phy.supports_5ghz = have_5ghz_phy;
4661
4662         return 0;
4663 }
4664
4665 static void b43_wireless_core_detach(struct b43_wldev *dev)
4666 {
4667         /* We release firmware that late to not be required to re-request
4668          * is all the time when we reinit the core. */
4669         b43_release_firmware(dev);
4670         b43_phy_free(dev);
4671 }
4672
4673 static int b43_wireless_core_attach(struct b43_wldev *dev)
4674 {
4675         struct b43_wl *wl = dev->wl;
4676         struct ssb_bus *bus = dev->dev->bus;
4677         struct pci_dev *pdev = (bus->bustype == SSB_BUSTYPE_PCI) ? bus->host_pci : NULL;
4678         int err;
4679         bool have_2ghz_phy = 0, have_5ghz_phy = 0;
4680         u32 tmp;
4681
4682         /* Do NOT do any device initialization here.
4683          * Do it in wireless_core_init() instead.
4684          * This function is for gathering basic information about the HW, only.
4685          * Also some structs may be set up here. But most likely you want to have
4686          * that in core_init(), too.
4687          */
4688
4689         err = ssb_bus_powerup(bus, 0);
4690         if (err) {
4691                 b43err(wl, "Bus powerup failed\n");
4692                 goto out;
4693         }
4694         /* Get the PHY type. */
4695         if (dev->dev->id.revision >= 5) {
4696                 u32 tmshigh;
4697
4698                 tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
4699                 have_2ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY);
4700                 have_5ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_5GHZ_PHY);
4701         } else
4702                 B43_WARN_ON(1);
4703
4704         dev->phy.gmode = have_2ghz_phy;
4705         dev->phy.radio_on = 1;
4706         tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4707         b43_wireless_core_reset(dev, tmp);
4708
4709         err = b43_phy_versioning(dev);
4710         if (err)
4711                 goto err_powerdown;
4712         /* Check if this device supports multiband. */
4713         if (!pdev ||
4714             (pdev->device != 0x4312 &&
4715              pdev->device != 0x4319 && pdev->device != 0x4324)) {
4716                 /* No multiband support. */
4717                 have_2ghz_phy = 0;
4718                 have_5ghz_phy = 0;
4719                 switch (dev->phy.type) {
4720                 case B43_PHYTYPE_A:
4721                         have_5ghz_phy = 1;
4722                         break;
4723                 case B43_PHYTYPE_LP: //FIXME not always!
4724 #if 0 //FIXME enabling 5GHz causes a NULL pointer dereference
4725                         have_5ghz_phy = 1;
4726 #endif
4727                 case B43_PHYTYPE_G:
4728                 case B43_PHYTYPE_N:
4729                         have_2ghz_phy = 1;
4730                         break;
4731                 default:
4732                         B43_WARN_ON(1);
4733                 }
4734         }
4735         if (dev->phy.type == B43_PHYTYPE_A) {
4736                 /* FIXME */
4737                 b43err(wl, "IEEE 802.11a devices are unsupported\n");
4738                 err = -EOPNOTSUPP;
4739                 goto err_powerdown;
4740         }
4741         if (1 /* disable A-PHY */) {
4742                 /* FIXME: For now we disable the A-PHY on multi-PHY devices. */
4743                 if (dev->phy.type != B43_PHYTYPE_N &&
4744                     dev->phy.type != B43_PHYTYPE_LP) {
4745                         have_2ghz_phy = 1;
4746                         have_5ghz_phy = 0;
4747                 }
4748         }
4749
4750         err = b43_phy_allocate(dev);
4751         if (err)
4752                 goto err_powerdown;
4753
4754         dev->phy.gmode = have_2ghz_phy;
4755         tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4756         b43_wireless_core_reset(dev, tmp);
4757
4758         err = b43_validate_chipaccess(dev);
4759         if (err)
4760                 goto err_phy_free;
4761         err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
4762         if (err)
4763                 goto err_phy_free;
4764
4765         /* Now set some default "current_dev" */
4766         if (!wl->current_dev)
4767                 wl->current_dev = dev;
4768         INIT_WORK(&dev->restart_work, b43_chip_reset);
4769
4770         dev->phy.ops->switch_analog(dev, 0);
4771         ssb_device_disable(dev->dev, 0);
4772         ssb_bus_may_powerdown(bus);
4773
4774 out:
4775         return err;
4776
4777 err_phy_free:
4778         b43_phy_free(dev);
4779 err_powerdown:
4780         ssb_bus_may_powerdown(bus);
4781         return err;
4782 }
4783
4784 static void b43_one_core_detach(struct ssb_device *dev)
4785 {
4786         struct b43_wldev *wldev;
4787         struct b43_wl *wl;
4788
4789         /* Do not cancel ieee80211-workqueue based work here.
4790          * See comment in b43_remove(). */
4791
4792         wldev = ssb_get_drvdata(dev);
4793         wl = wldev->wl;
4794         b43_debugfs_remove_device(wldev);
4795         b43_wireless_core_detach(wldev);
4796         list_del(&wldev->list);
4797         wl->nr_devs--;
4798         ssb_set_drvdata(dev, NULL);
4799         kfree(wldev);
4800 }
4801
4802 static int b43_one_core_attach(struct ssb_device *dev, struct b43_wl *wl)
4803 {
4804         struct b43_wldev *wldev;
4805         struct pci_dev *pdev;
4806         int err = -ENOMEM;
4807
4808         if (!list_empty(&wl->devlist)) {
4809                 /* We are not the first core on this chip. */
4810                 pdev = (dev->bus->bustype == SSB_BUSTYPE_PCI) ? dev->bus->host_pci : NULL;
4811                 /* Only special chips support more than one wireless
4812                  * core, although some of the other chips have more than
4813                  * one wireless core as well. Check for this and
4814                  * bail out early.
4815                  */
4816                 if (!pdev ||
4817                     ((pdev->device != 0x4321) &&
4818                      (pdev->device != 0x4313) && (pdev->device != 0x431A))) {
4819                         b43dbg(wl, "Ignoring unconnected 802.11 core\n");
4820                         return -ENODEV;
4821                 }
4822         }
4823
4824         wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
4825         if (!wldev)
4826                 goto out;
4827
4828         wldev->use_pio = b43_modparam_pio;
4829         wldev->dev = dev;
4830         wldev->wl = wl;
4831         b43_set_status(wldev, B43_STAT_UNINIT);
4832         wldev->bad_frames_preempt = modparam_bad_frames_preempt;
4833         INIT_LIST_HEAD(&wldev->list);
4834
4835         err = b43_wireless_core_attach(wldev);
4836         if (err)
4837                 goto err_kfree_wldev;
4838
4839         list_add(&wldev->list, &wl->devlist);
4840         wl->nr_devs++;
4841         ssb_set_drvdata(dev, wldev);
4842         b43_debugfs_add_device(wldev);
4843
4844       out:
4845         return err;
4846
4847       err_kfree_wldev:
4848         kfree(wldev);
4849         return err;
4850 }
4851
4852 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice)         ( \
4853         (pdev->vendor == PCI_VENDOR_ID_##_vendor) &&                    \
4854         (pdev->device == _device) &&                                    \
4855         (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) &&       \
4856         (pdev->subsystem_device == _subdevice)                          )
4857
4858 static void b43_sprom_fixup(struct ssb_bus *bus)
4859 {
4860         struct pci_dev *pdev;
4861
4862         /* boardflags workarounds */
4863         if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
4864             bus->chip_id == 0x4301 && bus->boardinfo.rev == 0x74)
4865                 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
4866         if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
4867             bus->boardinfo.type == 0x4E && bus->boardinfo.rev > 0x40)
4868                 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
4869         if (bus->bustype == SSB_BUSTYPE_PCI) {
4870                 pdev = bus->host_pci;
4871                 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
4872                     IS_PDEV(pdev, BROADCOM, 0x4320,    DELL, 0x0003) ||
4873                     IS_PDEV(pdev, BROADCOM, 0x4320,      HP, 0x12f8) ||
4874                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
4875                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
4876                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
4877                     IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
4878                         bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
4879         }
4880 }
4881
4882 static void b43_wireless_exit(struct ssb_device *dev, struct b43_wl *wl)
4883 {
4884         struct ieee80211_hw *hw = wl->hw;
4885
4886         ssb_set_devtypedata(dev, NULL);
4887         ieee80211_free_hw(hw);
4888 }
4889
4890 static int b43_wireless_init(struct ssb_device *dev)
4891 {
4892         struct ssb_sprom *sprom = &dev->bus->sprom;
4893         struct ieee80211_hw *hw;
4894         struct b43_wl *wl;
4895         int err = -ENOMEM;
4896
4897         b43_sprom_fixup(dev->bus);
4898
4899         hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
4900         if (!hw) {
4901                 b43err(NULL, "Could not allocate ieee80211 device\n");
4902                 goto out;
4903         }
4904         wl = hw_to_b43_wl(hw);
4905
4906         /* fill hw info */
4907         hw->flags = IEEE80211_HW_RX_INCLUDES_FCS |
4908                     IEEE80211_HW_SIGNAL_DBM |
4909                     IEEE80211_HW_NOISE_DBM;
4910
4911         hw->wiphy->interface_modes =
4912                 BIT(NL80211_IFTYPE_AP) |
4913                 BIT(NL80211_IFTYPE_MESH_POINT) |
4914                 BIT(NL80211_IFTYPE_STATION) |
4915                 BIT(NL80211_IFTYPE_WDS) |
4916                 BIT(NL80211_IFTYPE_ADHOC);
4917
4918         hw->queues = modparam_qos ? 4 : 1;
4919         wl->mac80211_initially_registered_queues = hw->queues;
4920         hw->max_rates = 2;
4921         SET_IEEE80211_DEV(hw, dev->dev);
4922         if (is_valid_ether_addr(sprom->et1mac))
4923                 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
4924         else
4925                 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
4926
4927         /* Initialize struct b43_wl */
4928         wl->hw = hw;
4929         mutex_init(&wl->mutex);
4930         spin_lock_init(&wl->hardirq_lock);
4931         INIT_LIST_HEAD(&wl->devlist);
4932         INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
4933         INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
4934         INIT_WORK(&wl->tx_work, b43_tx_work);
4935         skb_queue_head_init(&wl->tx_queue);
4936
4937         ssb_set_devtypedata(dev, wl);
4938         b43info(wl, "Broadcom %04X WLAN found (core revision %u)\n",
4939                 dev->bus->chip_id, dev->id.revision);
4940         err = 0;
4941 out:
4942         return err;
4943 }
4944
4945 static int b43_probe(struct ssb_device *dev, const struct ssb_device_id *id)
4946 {
4947         struct b43_wl *wl;
4948         int err;
4949         int first = 0;
4950
4951         wl = ssb_get_devtypedata(dev);
4952         if (!wl) {
4953                 /* Probing the first core. Must setup common struct b43_wl */
4954                 first = 1;
4955                 err = b43_wireless_init(dev);
4956                 if (err)
4957                         goto out;
4958                 wl = ssb_get_devtypedata(dev);
4959                 B43_WARN_ON(!wl);
4960         }
4961         err = b43_one_core_attach(dev, wl);
4962         if (err)
4963                 goto err_wireless_exit;
4964
4965         if (first) {
4966                 err = ieee80211_register_hw(wl->hw);
4967                 if (err)
4968                         goto err_one_core_detach;
4969                 b43_leds_register(wl->current_dev);
4970                 b43_rng_init(wl);
4971         }
4972
4973       out:
4974         return err;
4975
4976       err_one_core_detach:
4977         b43_one_core_detach(dev);
4978       err_wireless_exit:
4979         if (first)
4980                 b43_wireless_exit(dev, wl);
4981         return err;
4982 }
4983
4984 static void b43_remove(struct ssb_device *dev)
4985 {
4986         struct b43_wl *wl = ssb_get_devtypedata(dev);
4987         struct b43_wldev *wldev = ssb_get_drvdata(dev);
4988
4989         /* We must cancel any work here before unregistering from ieee80211,
4990          * as the ieee80211 unreg will destroy the workqueue. */
4991         cancel_work_sync(&wldev->restart_work);
4992
4993         B43_WARN_ON(!wl);
4994         if (wl->current_dev == wldev) {
4995                 /* Restore the queues count before unregistering, because firmware detect
4996                  * might have modified it. Restoring is important, so the networking
4997                  * stack can properly free resources. */
4998                 wl->hw->queues = wl->mac80211_initially_registered_queues;
4999                 b43_leds_stop(wldev);
5000                 ieee80211_unregister_hw(wl->hw);
5001         }
5002
5003         b43_one_core_detach(dev);
5004
5005         if (list_empty(&wl->devlist)) {
5006                 b43_rng_exit(wl);
5007                 b43_leds_unregister(wl);
5008                 /* Last core on the chip unregistered.
5009                  * We can destroy common struct b43_wl.
5010                  */
5011                 b43_wireless_exit(dev, wl);
5012         }
5013 }
5014
5015 /* Perform a hardware reset. This can be called from any context. */
5016 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
5017 {
5018         /* Must avoid requeueing, if we are in shutdown. */
5019         if (b43_status(dev) < B43_STAT_INITIALIZED)
5020                 return;
5021         b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
5022         ieee80211_queue_work(dev->wl->hw, &dev->restart_work);
5023 }
5024
5025 static struct ssb_driver b43_ssb_driver = {
5026         .name           = KBUILD_MODNAME,
5027         .id_table       = b43_ssb_tbl,
5028         .probe          = b43_probe,
5029         .remove         = b43_remove,
5030 };
5031
5032 static void b43_print_driverinfo(void)
5033 {
5034         const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
5035                    *feat_leds = "", *feat_sdio = "";
5036
5037 #ifdef CONFIG_B43_PCI_AUTOSELECT
5038         feat_pci = "P";
5039 #endif
5040 #ifdef CONFIG_B43_PCMCIA
5041         feat_pcmcia = "M";
5042 #endif
5043 #ifdef CONFIG_B43_NPHY
5044         feat_nphy = "N";
5045 #endif
5046 #ifdef CONFIG_B43_LEDS
5047         feat_leds = "L";
5048 #endif
5049 #ifdef CONFIG_B43_SDIO
5050         feat_sdio = "S";
5051 #endif
5052         printk(KERN_INFO "Broadcom 43xx driver loaded "
5053                "[ Features: %s%s%s%s%s, Firmware-ID: "
5054                B43_SUPPORTED_FIRMWARE_ID " ]\n",
5055                feat_pci, feat_pcmcia, feat_nphy,
5056                feat_leds, feat_sdio);
5057 }
5058
5059 static int __init b43_init(void)
5060 {
5061         int err;
5062
5063         b43_debugfs_init();
5064         err = b43_pcmcia_init();
5065         if (err)
5066                 goto err_dfs_exit;
5067         err = b43_sdio_init();
5068         if (err)
5069                 goto err_pcmcia_exit;
5070         err = ssb_driver_register(&b43_ssb_driver);
5071         if (err)
5072                 goto err_sdio_exit;
5073         b43_print_driverinfo();
5074
5075         return err;
5076
5077 err_sdio_exit:
5078         b43_sdio_exit();
5079 err_pcmcia_exit:
5080         b43_pcmcia_exit();
5081 err_dfs_exit:
5082         b43_debugfs_exit();
5083         return err;
5084 }
5085
5086 static void __exit b43_exit(void)
5087 {
5088         ssb_driver_unregister(&b43_ssb_driver);
5089         b43_sdio_exit();
5090         b43_pcmcia_exit();
5091         b43_debugfs_exit();
5092 }
5093
5094 module_init(b43_init)
5095 module_exit(b43_exit)