libipw: initiate cfg80211 API conversion
[linux-3.10.git] / drivers / net / wireless / ipw2x00 / ipw2200.c
1 /******************************************************************************
2
3   Copyright(c) 2003 - 2006 Intel Corporation. All rights reserved.
4
5   802.11 status code portion of this file from ethereal-0.10.6:
6     Copyright 2000, Axis Communications AB
7     Ethereal - Network traffic analyzer
8     By Gerald Combs <gerald@ethereal.com>
9     Copyright 1998 Gerald Combs
10
11   This program is free software; you can redistribute it and/or modify it
12   under the terms of version 2 of the GNU General Public License as
13   published by the Free Software Foundation.
14
15   This program is distributed in the hope that it will be useful, but WITHOUT
16   ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
17   FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
18   more details.
19
20   You should have received a copy of the GNU General Public License along with
21   this program; if not, write to the Free Software Foundation, Inc., 59
22   Temple Place - Suite 330, Boston, MA  02111-1307, USA.
23
24   The full GNU General Public License is included in this distribution in the
25   file called LICENSE.
26
27   Contact Information:
28   Intel Linux Wireless <ilw@linux.intel.com>
29   Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
30
31 ******************************************************************************/
32
33 #include "ipw2200.h"
34
35
36 #ifndef KBUILD_EXTMOD
37 #define VK "k"
38 #else
39 #define VK
40 #endif
41
42 #ifdef CONFIG_IPW2200_DEBUG
43 #define VD "d"
44 #else
45 #define VD
46 #endif
47
48 #ifdef CONFIG_IPW2200_MONITOR
49 #define VM "m"
50 #else
51 #define VM
52 #endif
53
54 #ifdef CONFIG_IPW2200_PROMISCUOUS
55 #define VP "p"
56 #else
57 #define VP
58 #endif
59
60 #ifdef CONFIG_IPW2200_RADIOTAP
61 #define VR "r"
62 #else
63 #define VR
64 #endif
65
66 #ifdef CONFIG_IPW2200_QOS
67 #define VQ "q"
68 #else
69 #define VQ
70 #endif
71
72 #define IPW2200_VERSION "1.2.2" VK VD VM VP VR VQ
73 #define DRV_DESCRIPTION "Intel(R) PRO/Wireless 2200/2915 Network Driver"
74 #define DRV_COPYRIGHT   "Copyright(c) 2003-2006 Intel Corporation"
75 #define DRV_VERSION     IPW2200_VERSION
76
77 #define ETH_P_80211_STATS (ETH_P_80211_RAW + 1)
78
79 MODULE_DESCRIPTION(DRV_DESCRIPTION);
80 MODULE_VERSION(DRV_VERSION);
81 MODULE_AUTHOR(DRV_COPYRIGHT);
82 MODULE_LICENSE("GPL");
83
84 static int cmdlog = 0;
85 static int debug = 0;
86 static int default_channel = 0;
87 static int network_mode = 0;
88
89 static u32 ipw_debug_level;
90 static int associate;
91 static int auto_create = 1;
92 static int led_support = 0;
93 static int disable = 0;
94 static int bt_coexist = 0;
95 static int hwcrypto = 0;
96 static int roaming = 1;
97 static const char ipw_modes[] = {
98         'a', 'b', 'g', '?'
99 };
100 static int antenna = CFG_SYS_ANTENNA_BOTH;
101
102 #ifdef CONFIG_IPW2200_PROMISCUOUS
103 static int rtap_iface = 0;     /* def: 0 -- do not create rtap interface */
104 #endif
105
106 static struct ieee80211_rate ipw2200_rates[] = {
107         { .bitrate = 10 },
108         { .bitrate = 20, .flags = IEEE80211_RATE_SHORT_PREAMBLE },
109         { .bitrate = 55, .flags = IEEE80211_RATE_SHORT_PREAMBLE },
110         { .bitrate = 110, .flags = IEEE80211_RATE_SHORT_PREAMBLE },
111         { .bitrate = 60 },
112         { .bitrate = 90 },
113         { .bitrate = 120 },
114         { .bitrate = 180 },
115         { .bitrate = 240 },
116         { .bitrate = 360 },
117         { .bitrate = 480 },
118         { .bitrate = 540 }
119 };
120
121 #define ipw2200_a_rates         (ipw2200_rates + 4)
122 #define ipw2200_num_a_rates     8
123 #define ipw2200_bg_rates        (ipw2200_rates + 0)
124 #define ipw2200_num_bg_rates    12
125
126 #ifdef CONFIG_IPW2200_QOS
127 static int qos_enable = 0;
128 static int qos_burst_enable = 0;
129 static int qos_no_ack_mask = 0;
130 static int burst_duration_CCK = 0;
131 static int burst_duration_OFDM = 0;
132
133 static struct libipw_qos_parameters def_qos_parameters_OFDM = {
134         {QOS_TX0_CW_MIN_OFDM, QOS_TX1_CW_MIN_OFDM, QOS_TX2_CW_MIN_OFDM,
135          QOS_TX3_CW_MIN_OFDM},
136         {QOS_TX0_CW_MAX_OFDM, QOS_TX1_CW_MAX_OFDM, QOS_TX2_CW_MAX_OFDM,
137          QOS_TX3_CW_MAX_OFDM},
138         {QOS_TX0_AIFS, QOS_TX1_AIFS, QOS_TX2_AIFS, QOS_TX3_AIFS},
139         {QOS_TX0_ACM, QOS_TX1_ACM, QOS_TX2_ACM, QOS_TX3_ACM},
140         {QOS_TX0_TXOP_LIMIT_OFDM, QOS_TX1_TXOP_LIMIT_OFDM,
141          QOS_TX2_TXOP_LIMIT_OFDM, QOS_TX3_TXOP_LIMIT_OFDM}
142 };
143
144 static struct libipw_qos_parameters def_qos_parameters_CCK = {
145         {QOS_TX0_CW_MIN_CCK, QOS_TX1_CW_MIN_CCK, QOS_TX2_CW_MIN_CCK,
146          QOS_TX3_CW_MIN_CCK},
147         {QOS_TX0_CW_MAX_CCK, QOS_TX1_CW_MAX_CCK, QOS_TX2_CW_MAX_CCK,
148          QOS_TX3_CW_MAX_CCK},
149         {QOS_TX0_AIFS, QOS_TX1_AIFS, QOS_TX2_AIFS, QOS_TX3_AIFS},
150         {QOS_TX0_ACM, QOS_TX1_ACM, QOS_TX2_ACM, QOS_TX3_ACM},
151         {QOS_TX0_TXOP_LIMIT_CCK, QOS_TX1_TXOP_LIMIT_CCK, QOS_TX2_TXOP_LIMIT_CCK,
152          QOS_TX3_TXOP_LIMIT_CCK}
153 };
154
155 static struct libipw_qos_parameters def_parameters_OFDM = {
156         {DEF_TX0_CW_MIN_OFDM, DEF_TX1_CW_MIN_OFDM, DEF_TX2_CW_MIN_OFDM,
157          DEF_TX3_CW_MIN_OFDM},
158         {DEF_TX0_CW_MAX_OFDM, DEF_TX1_CW_MAX_OFDM, DEF_TX2_CW_MAX_OFDM,
159          DEF_TX3_CW_MAX_OFDM},
160         {DEF_TX0_AIFS, DEF_TX1_AIFS, DEF_TX2_AIFS, DEF_TX3_AIFS},
161         {DEF_TX0_ACM, DEF_TX1_ACM, DEF_TX2_ACM, DEF_TX3_ACM},
162         {DEF_TX0_TXOP_LIMIT_OFDM, DEF_TX1_TXOP_LIMIT_OFDM,
163          DEF_TX2_TXOP_LIMIT_OFDM, DEF_TX3_TXOP_LIMIT_OFDM}
164 };
165
166 static struct libipw_qos_parameters def_parameters_CCK = {
167         {DEF_TX0_CW_MIN_CCK, DEF_TX1_CW_MIN_CCK, DEF_TX2_CW_MIN_CCK,
168          DEF_TX3_CW_MIN_CCK},
169         {DEF_TX0_CW_MAX_CCK, DEF_TX1_CW_MAX_CCK, DEF_TX2_CW_MAX_CCK,
170          DEF_TX3_CW_MAX_CCK},
171         {DEF_TX0_AIFS, DEF_TX1_AIFS, DEF_TX2_AIFS, DEF_TX3_AIFS},
172         {DEF_TX0_ACM, DEF_TX1_ACM, DEF_TX2_ACM, DEF_TX3_ACM},
173         {DEF_TX0_TXOP_LIMIT_CCK, DEF_TX1_TXOP_LIMIT_CCK, DEF_TX2_TXOP_LIMIT_CCK,
174          DEF_TX3_TXOP_LIMIT_CCK}
175 };
176
177 static u8 qos_oui[QOS_OUI_LEN] = { 0x00, 0x50, 0xF2 };
178
179 static int from_priority_to_tx_queue[] = {
180         IPW_TX_QUEUE_1, IPW_TX_QUEUE_2, IPW_TX_QUEUE_2, IPW_TX_QUEUE_1,
181         IPW_TX_QUEUE_3, IPW_TX_QUEUE_3, IPW_TX_QUEUE_4, IPW_TX_QUEUE_4
182 };
183
184 static u32 ipw_qos_get_burst_duration(struct ipw_priv *priv);
185
186 static int ipw_send_qos_params_command(struct ipw_priv *priv, struct libipw_qos_parameters
187                                        *qos_param);
188 static int ipw_send_qos_info_command(struct ipw_priv *priv, struct libipw_qos_information_element
189                                      *qos_param);
190 #endif                          /* CONFIG_IPW2200_QOS */
191
192 static struct iw_statistics *ipw_get_wireless_stats(struct net_device *dev);
193 static void ipw_remove_current_network(struct ipw_priv *priv);
194 static void ipw_rx(struct ipw_priv *priv);
195 static int ipw_queue_tx_reclaim(struct ipw_priv *priv,
196                                 struct clx2_tx_queue *txq, int qindex);
197 static int ipw_queue_reset(struct ipw_priv *priv);
198
199 static int ipw_queue_tx_hcmd(struct ipw_priv *priv, int hcmd, void *buf,
200                              int len, int sync);
201
202 static void ipw_tx_queue_free(struct ipw_priv *);
203
204 static struct ipw_rx_queue *ipw_rx_queue_alloc(struct ipw_priv *);
205 static void ipw_rx_queue_free(struct ipw_priv *, struct ipw_rx_queue *);
206 static void ipw_rx_queue_replenish(void *);
207 static int ipw_up(struct ipw_priv *);
208 static void ipw_bg_up(struct work_struct *work);
209 static void ipw_down(struct ipw_priv *);
210 static void ipw_bg_down(struct work_struct *work);
211 static int ipw_config(struct ipw_priv *);
212 static int init_supported_rates(struct ipw_priv *priv,
213                                 struct ipw_supported_rates *prates);
214 static void ipw_set_hwcrypto_keys(struct ipw_priv *);
215 static void ipw_send_wep_keys(struct ipw_priv *, int);
216
217 static int snprint_line(char *buf, size_t count,
218                         const u8 * data, u32 len, u32 ofs)
219 {
220         int out, i, j, l;
221         char c;
222
223         out = snprintf(buf, count, "%08X", ofs);
224
225         for (l = 0, i = 0; i < 2; i++) {
226                 out += snprintf(buf + out, count - out, " ");
227                 for (j = 0; j < 8 && l < len; j++, l++)
228                         out += snprintf(buf + out, count - out, "%02X ",
229                                         data[(i * 8 + j)]);
230                 for (; j < 8; j++)
231                         out += snprintf(buf + out, count - out, "   ");
232         }
233
234         out += snprintf(buf + out, count - out, " ");
235         for (l = 0, i = 0; i < 2; i++) {
236                 out += snprintf(buf + out, count - out, " ");
237                 for (j = 0; j < 8 && l < len; j++, l++) {
238                         c = data[(i * 8 + j)];
239                         if (!isascii(c) || !isprint(c))
240                                 c = '.';
241
242                         out += snprintf(buf + out, count - out, "%c", c);
243                 }
244
245                 for (; j < 8; j++)
246                         out += snprintf(buf + out, count - out, " ");
247         }
248
249         return out;
250 }
251
252 static void printk_buf(int level, const u8 * data, u32 len)
253 {
254         char line[81];
255         u32 ofs = 0;
256         if (!(ipw_debug_level & level))
257                 return;
258
259         while (len) {
260                 snprint_line(line, sizeof(line), &data[ofs],
261                              min(len, 16U), ofs);
262                 printk(KERN_DEBUG "%s\n", line);
263                 ofs += 16;
264                 len -= min(len, 16U);
265         }
266 }
267
268 static int snprintk_buf(u8 * output, size_t size, const u8 * data, size_t len)
269 {
270         size_t out = size;
271         u32 ofs = 0;
272         int total = 0;
273
274         while (size && len) {
275                 out = snprint_line(output, size, &data[ofs],
276                                    min_t(size_t, len, 16U), ofs);
277
278                 ofs += 16;
279                 output += out;
280                 size -= out;
281                 len -= min_t(size_t, len, 16U);
282                 total += out;
283         }
284         return total;
285 }
286
287 /* alias for 32-bit indirect read (for SRAM/reg above 4K), with debug wrapper */
288 static u32 _ipw_read_reg32(struct ipw_priv *priv, u32 reg);
289 #define ipw_read_reg32(a, b) _ipw_read_reg32(a, b)
290
291 /* alias for 8-bit indirect read (for SRAM/reg above 4K), with debug wrapper */
292 static u8 _ipw_read_reg8(struct ipw_priv *ipw, u32 reg);
293 #define ipw_read_reg8(a, b) _ipw_read_reg8(a, b)
294
295 /* 8-bit indirect write (for SRAM/reg above 4K), with debug wrapper */
296 static void _ipw_write_reg8(struct ipw_priv *priv, u32 reg, u8 value);
297 static inline void ipw_write_reg8(struct ipw_priv *a, u32 b, u8 c)
298 {
299         IPW_DEBUG_IO("%s %d: write_indirect8(0x%08X, 0x%08X)\n", __FILE__,
300                      __LINE__, (u32) (b), (u32) (c));
301         _ipw_write_reg8(a, b, c);
302 }
303
304 /* 16-bit indirect write (for SRAM/reg above 4K), with debug wrapper */
305 static void _ipw_write_reg16(struct ipw_priv *priv, u32 reg, u16 value);
306 static inline void ipw_write_reg16(struct ipw_priv *a, u32 b, u16 c)
307 {
308         IPW_DEBUG_IO("%s %d: write_indirect16(0x%08X, 0x%08X)\n", __FILE__,
309                      __LINE__, (u32) (b), (u32) (c));
310         _ipw_write_reg16(a, b, c);
311 }
312
313 /* 32-bit indirect write (for SRAM/reg above 4K), with debug wrapper */
314 static void _ipw_write_reg32(struct ipw_priv *priv, u32 reg, u32 value);
315 static inline void ipw_write_reg32(struct ipw_priv *a, u32 b, u32 c)
316 {
317         IPW_DEBUG_IO("%s %d: write_indirect32(0x%08X, 0x%08X)\n", __FILE__,
318                      __LINE__, (u32) (b), (u32) (c));
319         _ipw_write_reg32(a, b, c);
320 }
321
322 /* 8-bit direct write (low 4K) */
323 static inline void _ipw_write8(struct ipw_priv *ipw, unsigned long ofs,
324                 u8 val)
325 {
326         writeb(val, ipw->hw_base + ofs);
327 }
328
329 /* 8-bit direct write (for low 4K of SRAM/regs), with debug wrapper */
330 #define ipw_write8(ipw, ofs, val) do { \
331         IPW_DEBUG_IO("%s %d: write_direct8(0x%08X, 0x%08X)\n", __FILE__, \
332                         __LINE__, (u32)(ofs), (u32)(val)); \
333         _ipw_write8(ipw, ofs, val); \
334 } while (0)
335
336 /* 16-bit direct write (low 4K) */
337 static inline void _ipw_write16(struct ipw_priv *ipw, unsigned long ofs,
338                 u16 val)
339 {
340         writew(val, ipw->hw_base + ofs);
341 }
342
343 /* 16-bit direct write (for low 4K of SRAM/regs), with debug wrapper */
344 #define ipw_write16(ipw, ofs, val) do { \
345         IPW_DEBUG_IO("%s %d: write_direct16(0x%08X, 0x%08X)\n", __FILE__, \
346                         __LINE__, (u32)(ofs), (u32)(val)); \
347         _ipw_write16(ipw, ofs, val); \
348 } while (0)
349
350 /* 32-bit direct write (low 4K) */
351 static inline void _ipw_write32(struct ipw_priv *ipw, unsigned long ofs,
352                 u32 val)
353 {
354         writel(val, ipw->hw_base + ofs);
355 }
356
357 /* 32-bit direct write (for low 4K of SRAM/regs), with debug wrapper */
358 #define ipw_write32(ipw, ofs, val) do { \
359         IPW_DEBUG_IO("%s %d: write_direct32(0x%08X, 0x%08X)\n", __FILE__, \
360                         __LINE__, (u32)(ofs), (u32)(val)); \
361         _ipw_write32(ipw, ofs, val); \
362 } while (0)
363
364 /* 8-bit direct read (low 4K) */
365 static inline u8 _ipw_read8(struct ipw_priv *ipw, unsigned long ofs)
366 {
367         return readb(ipw->hw_base + ofs);
368 }
369
370 /* alias to 8-bit direct read (low 4K of SRAM/regs), with debug wrapper */
371 #define ipw_read8(ipw, ofs) ({ \
372         IPW_DEBUG_IO("%s %d: read_direct8(0x%08X)\n", __FILE__, __LINE__, \
373                         (u32)(ofs)); \
374         _ipw_read8(ipw, ofs); \
375 })
376
377 /* 16-bit direct read (low 4K) */
378 static inline u16 _ipw_read16(struct ipw_priv *ipw, unsigned long ofs)
379 {
380         return readw(ipw->hw_base + ofs);
381 }
382
383 /* alias to 16-bit direct read (low 4K of SRAM/regs), with debug wrapper */
384 #define ipw_read16(ipw, ofs) ({ \
385         IPW_DEBUG_IO("%s %d: read_direct16(0x%08X)\n", __FILE__, __LINE__, \
386                         (u32)(ofs)); \
387         _ipw_read16(ipw, ofs); \
388 })
389
390 /* 32-bit direct read (low 4K) */
391 static inline u32 _ipw_read32(struct ipw_priv *ipw, unsigned long ofs)
392 {
393         return readl(ipw->hw_base + ofs);
394 }
395
396 /* alias to 32-bit direct read (low 4K of SRAM/regs), with debug wrapper */
397 #define ipw_read32(ipw, ofs) ({ \
398         IPW_DEBUG_IO("%s %d: read_direct32(0x%08X)\n", __FILE__, __LINE__, \
399                         (u32)(ofs)); \
400         _ipw_read32(ipw, ofs); \
401 })
402
403 static void _ipw_read_indirect(struct ipw_priv *, u32, u8 *, int);
404 /* alias to multi-byte read (SRAM/regs above 4K), with debug wrapper */
405 #define ipw_read_indirect(a, b, c, d) ({ \
406         IPW_DEBUG_IO("%s %d: read_indirect(0x%08X) %u bytes\n", __FILE__, \
407                         __LINE__, (u32)(b), (u32)(d)); \
408         _ipw_read_indirect(a, b, c, d); \
409 })
410
411 /* alias to multi-byte read (SRAM/regs above 4K), with debug wrapper */
412 static void _ipw_write_indirect(struct ipw_priv *priv, u32 addr, u8 * data,
413                                 int num);
414 #define ipw_write_indirect(a, b, c, d) do { \
415         IPW_DEBUG_IO("%s %d: write_indirect(0x%08X) %u bytes\n", __FILE__, \
416                         __LINE__, (u32)(b), (u32)(d)); \
417         _ipw_write_indirect(a, b, c, d); \
418 } while (0)
419
420 /* 32-bit indirect write (above 4K) */
421 static void _ipw_write_reg32(struct ipw_priv *priv, u32 reg, u32 value)
422 {
423         IPW_DEBUG_IO(" %p : reg = 0x%8X : value = 0x%8X\n", priv, reg, value);
424         _ipw_write32(priv, IPW_INDIRECT_ADDR, reg);
425         _ipw_write32(priv, IPW_INDIRECT_DATA, value);
426 }
427
428 /* 8-bit indirect write (above 4K) */
429 static void _ipw_write_reg8(struct ipw_priv *priv, u32 reg, u8 value)
430 {
431         u32 aligned_addr = reg & IPW_INDIRECT_ADDR_MASK;        /* dword align */
432         u32 dif_len = reg - aligned_addr;
433
434         IPW_DEBUG_IO(" reg = 0x%8X : value = 0x%8X\n", reg, value);
435         _ipw_write32(priv, IPW_INDIRECT_ADDR, aligned_addr);
436         _ipw_write8(priv, IPW_INDIRECT_DATA + dif_len, value);
437 }
438
439 /* 16-bit indirect write (above 4K) */
440 static void _ipw_write_reg16(struct ipw_priv *priv, u32 reg, u16 value)
441 {
442         u32 aligned_addr = reg & IPW_INDIRECT_ADDR_MASK;        /* dword align */
443         u32 dif_len = (reg - aligned_addr) & (~0x1ul);
444
445         IPW_DEBUG_IO(" reg = 0x%8X : value = 0x%8X\n", reg, value);
446         _ipw_write32(priv, IPW_INDIRECT_ADDR, aligned_addr);
447         _ipw_write16(priv, IPW_INDIRECT_DATA + dif_len, value);
448 }
449
450 /* 8-bit indirect read (above 4K) */
451 static u8 _ipw_read_reg8(struct ipw_priv *priv, u32 reg)
452 {
453         u32 word;
454         _ipw_write32(priv, IPW_INDIRECT_ADDR, reg & IPW_INDIRECT_ADDR_MASK);
455         IPW_DEBUG_IO(" reg = 0x%8X : \n", reg);
456         word = _ipw_read32(priv, IPW_INDIRECT_DATA);
457         return (word >> ((reg & 0x3) * 8)) & 0xff;
458 }
459
460 /* 32-bit indirect read (above 4K) */
461 static u32 _ipw_read_reg32(struct ipw_priv *priv, u32 reg)
462 {
463         u32 value;
464
465         IPW_DEBUG_IO("%p : reg = 0x%08x\n", priv, reg);
466
467         _ipw_write32(priv, IPW_INDIRECT_ADDR, reg);
468         value = _ipw_read32(priv, IPW_INDIRECT_DATA);
469         IPW_DEBUG_IO(" reg = 0x%4X : value = 0x%4x \n", reg, value);
470         return value;
471 }
472
473 /* General purpose, no alignment requirement, iterative (multi-byte) read, */
474 /*    for area above 1st 4K of SRAM/reg space */
475 static void _ipw_read_indirect(struct ipw_priv *priv, u32 addr, u8 * buf,
476                                int num)
477 {
478         u32 aligned_addr = addr & IPW_INDIRECT_ADDR_MASK;       /* dword align */
479         u32 dif_len = addr - aligned_addr;
480         u32 i;
481
482         IPW_DEBUG_IO("addr = %i, buf = %p, num = %i\n", addr, buf, num);
483
484         if (num <= 0) {
485                 return;
486         }
487
488         /* Read the first dword (or portion) byte by byte */
489         if (unlikely(dif_len)) {
490                 _ipw_write32(priv, IPW_INDIRECT_ADDR, aligned_addr);
491                 /* Start reading at aligned_addr + dif_len */
492                 for (i = dif_len; ((i < 4) && (num > 0)); i++, num--)
493                         *buf++ = _ipw_read8(priv, IPW_INDIRECT_DATA + i);
494                 aligned_addr += 4;
495         }
496
497         /* Read all of the middle dwords as dwords, with auto-increment */
498         _ipw_write32(priv, IPW_AUTOINC_ADDR, aligned_addr);
499         for (; num >= 4; buf += 4, aligned_addr += 4, num -= 4)
500                 *(u32 *) buf = _ipw_read32(priv, IPW_AUTOINC_DATA);
501
502         /* Read the last dword (or portion) byte by byte */
503         if (unlikely(num)) {
504                 _ipw_write32(priv, IPW_INDIRECT_ADDR, aligned_addr);
505                 for (i = 0; num > 0; i++, num--)
506                         *buf++ = ipw_read8(priv, IPW_INDIRECT_DATA + i);
507         }
508 }
509
510 /* General purpose, no alignment requirement, iterative (multi-byte) write, */
511 /*    for area above 1st 4K of SRAM/reg space */
512 static void _ipw_write_indirect(struct ipw_priv *priv, u32 addr, u8 * buf,
513                                 int num)
514 {
515         u32 aligned_addr = addr & IPW_INDIRECT_ADDR_MASK;       /* dword align */
516         u32 dif_len = addr - aligned_addr;
517         u32 i;
518
519         IPW_DEBUG_IO("addr = %i, buf = %p, num = %i\n", addr, buf, num);
520
521         if (num <= 0) {
522                 return;
523         }
524
525         /* Write the first dword (or portion) byte by byte */
526         if (unlikely(dif_len)) {
527                 _ipw_write32(priv, IPW_INDIRECT_ADDR, aligned_addr);
528                 /* Start writing at aligned_addr + dif_len */
529                 for (i = dif_len; ((i < 4) && (num > 0)); i++, num--, buf++)
530                         _ipw_write8(priv, IPW_INDIRECT_DATA + i, *buf);
531                 aligned_addr += 4;
532         }
533
534         /* Write all of the middle dwords as dwords, with auto-increment */
535         _ipw_write32(priv, IPW_AUTOINC_ADDR, aligned_addr);
536         for (; num >= 4; buf += 4, aligned_addr += 4, num -= 4)
537                 _ipw_write32(priv, IPW_AUTOINC_DATA, *(u32 *) buf);
538
539         /* Write the last dword (or portion) byte by byte */
540         if (unlikely(num)) {
541                 _ipw_write32(priv, IPW_INDIRECT_ADDR, aligned_addr);
542                 for (i = 0; num > 0; i++, num--, buf++)
543                         _ipw_write8(priv, IPW_INDIRECT_DATA + i, *buf);
544         }
545 }
546
547 /* General purpose, no alignment requirement, iterative (multi-byte) write, */
548 /*    for 1st 4K of SRAM/regs space */
549 static void ipw_write_direct(struct ipw_priv *priv, u32 addr, void *buf,
550                              int num)
551 {
552         memcpy_toio((priv->hw_base + addr), buf, num);
553 }
554
555 /* Set bit(s) in low 4K of SRAM/regs */
556 static inline void ipw_set_bit(struct ipw_priv *priv, u32 reg, u32 mask)
557 {
558         ipw_write32(priv, reg, ipw_read32(priv, reg) | mask);
559 }
560
561 /* Clear bit(s) in low 4K of SRAM/regs */
562 static inline void ipw_clear_bit(struct ipw_priv *priv, u32 reg, u32 mask)
563 {
564         ipw_write32(priv, reg, ipw_read32(priv, reg) & ~mask);
565 }
566
567 static inline void __ipw_enable_interrupts(struct ipw_priv *priv)
568 {
569         if (priv->status & STATUS_INT_ENABLED)
570                 return;
571         priv->status |= STATUS_INT_ENABLED;
572         ipw_write32(priv, IPW_INTA_MASK_R, IPW_INTA_MASK_ALL);
573 }
574
575 static inline void __ipw_disable_interrupts(struct ipw_priv *priv)
576 {
577         if (!(priv->status & STATUS_INT_ENABLED))
578                 return;
579         priv->status &= ~STATUS_INT_ENABLED;
580         ipw_write32(priv, IPW_INTA_MASK_R, ~IPW_INTA_MASK_ALL);
581 }
582
583 static inline void ipw_enable_interrupts(struct ipw_priv *priv)
584 {
585         unsigned long flags;
586
587         spin_lock_irqsave(&priv->irq_lock, flags);
588         __ipw_enable_interrupts(priv);
589         spin_unlock_irqrestore(&priv->irq_lock, flags);
590 }
591
592 static inline void ipw_disable_interrupts(struct ipw_priv *priv)
593 {
594         unsigned long flags;
595
596         spin_lock_irqsave(&priv->irq_lock, flags);
597         __ipw_disable_interrupts(priv);
598         spin_unlock_irqrestore(&priv->irq_lock, flags);
599 }
600
601 static char *ipw_error_desc(u32 val)
602 {
603         switch (val) {
604         case IPW_FW_ERROR_OK:
605                 return "ERROR_OK";
606         case IPW_FW_ERROR_FAIL:
607                 return "ERROR_FAIL";
608         case IPW_FW_ERROR_MEMORY_UNDERFLOW:
609                 return "MEMORY_UNDERFLOW";
610         case IPW_FW_ERROR_MEMORY_OVERFLOW:
611                 return "MEMORY_OVERFLOW";
612         case IPW_FW_ERROR_BAD_PARAM:
613                 return "BAD_PARAM";
614         case IPW_FW_ERROR_BAD_CHECKSUM:
615                 return "BAD_CHECKSUM";
616         case IPW_FW_ERROR_NMI_INTERRUPT:
617                 return "NMI_INTERRUPT";
618         case IPW_FW_ERROR_BAD_DATABASE:
619                 return "BAD_DATABASE";
620         case IPW_FW_ERROR_ALLOC_FAIL:
621                 return "ALLOC_FAIL";
622         case IPW_FW_ERROR_DMA_UNDERRUN:
623                 return "DMA_UNDERRUN";
624         case IPW_FW_ERROR_DMA_STATUS:
625                 return "DMA_STATUS";
626         case IPW_FW_ERROR_DINO_ERROR:
627                 return "DINO_ERROR";
628         case IPW_FW_ERROR_EEPROM_ERROR:
629                 return "EEPROM_ERROR";
630         case IPW_FW_ERROR_SYSASSERT:
631                 return "SYSASSERT";
632         case IPW_FW_ERROR_FATAL_ERROR:
633                 return "FATAL_ERROR";
634         default:
635                 return "UNKNOWN_ERROR";
636         }
637 }
638
639 static void ipw_dump_error_log(struct ipw_priv *priv,
640                                struct ipw_fw_error *error)
641 {
642         u32 i;
643
644         if (!error) {
645                 IPW_ERROR("Error allocating and capturing error log.  "
646                           "Nothing to dump.\n");
647                 return;
648         }
649
650         IPW_ERROR("Start IPW Error Log Dump:\n");
651         IPW_ERROR("Status: 0x%08X, Config: %08X\n",
652                   error->status, error->config);
653
654         for (i = 0; i < error->elem_len; i++)
655                 IPW_ERROR("%s %i 0x%08x  0x%08x  0x%08x  0x%08x  0x%08x\n",
656                           ipw_error_desc(error->elem[i].desc),
657                           error->elem[i].time,
658                           error->elem[i].blink1,
659                           error->elem[i].blink2,
660                           error->elem[i].link1,
661                           error->elem[i].link2, error->elem[i].data);
662         for (i = 0; i < error->log_len; i++)
663                 IPW_ERROR("%i\t0x%08x\t%i\n",
664                           error->log[i].time,
665                           error->log[i].data, error->log[i].event);
666 }
667
668 static inline int ipw_is_init(struct ipw_priv *priv)
669 {
670         return (priv->status & STATUS_INIT) ? 1 : 0;
671 }
672
673 static int ipw_get_ordinal(struct ipw_priv *priv, u32 ord, void *val, u32 * len)
674 {
675         u32 addr, field_info, field_len, field_count, total_len;
676
677         IPW_DEBUG_ORD("ordinal = %i\n", ord);
678
679         if (!priv || !val || !len) {
680                 IPW_DEBUG_ORD("Invalid argument\n");
681                 return -EINVAL;
682         }
683
684         /* verify device ordinal tables have been initialized */
685         if (!priv->table0_addr || !priv->table1_addr || !priv->table2_addr) {
686                 IPW_DEBUG_ORD("Access ordinals before initialization\n");
687                 return -EINVAL;
688         }
689
690         switch (IPW_ORD_TABLE_ID_MASK & ord) {
691         case IPW_ORD_TABLE_0_MASK:
692                 /*
693                  * TABLE 0: Direct access to a table of 32 bit values
694                  *
695                  * This is a very simple table with the data directly
696                  * read from the table
697                  */
698
699                 /* remove the table id from the ordinal */
700                 ord &= IPW_ORD_TABLE_VALUE_MASK;
701
702                 /* boundary check */
703                 if (ord > priv->table0_len) {
704                         IPW_DEBUG_ORD("ordinal value (%i) longer then "
705                                       "max (%i)\n", ord, priv->table0_len);
706                         return -EINVAL;
707                 }
708
709                 /* verify we have enough room to store the value */
710                 if (*len < sizeof(u32)) {
711                         IPW_DEBUG_ORD("ordinal buffer length too small, "
712                                       "need %zd\n", sizeof(u32));
713                         return -EINVAL;
714                 }
715
716                 IPW_DEBUG_ORD("Reading TABLE0[%i] from offset 0x%08x\n",
717                               ord, priv->table0_addr + (ord << 2));
718
719                 *len = sizeof(u32);
720                 ord <<= 2;
721                 *((u32 *) val) = ipw_read32(priv, priv->table0_addr + ord);
722                 break;
723
724         case IPW_ORD_TABLE_1_MASK:
725                 /*
726                  * TABLE 1: Indirect access to a table of 32 bit values
727                  *
728                  * This is a fairly large table of u32 values each
729                  * representing starting addr for the data (which is
730                  * also a u32)
731                  */
732
733                 /* remove the table id from the ordinal */
734                 ord &= IPW_ORD_TABLE_VALUE_MASK;
735
736                 /* boundary check */
737                 if (ord > priv->table1_len) {
738                         IPW_DEBUG_ORD("ordinal value too long\n");
739                         return -EINVAL;
740                 }
741
742                 /* verify we have enough room to store the value */
743                 if (*len < sizeof(u32)) {
744                         IPW_DEBUG_ORD("ordinal buffer length too small, "
745                                       "need %zd\n", sizeof(u32));
746                         return -EINVAL;
747                 }
748
749                 *((u32 *) val) =
750                     ipw_read_reg32(priv, (priv->table1_addr + (ord << 2)));
751                 *len = sizeof(u32);
752                 break;
753
754         case IPW_ORD_TABLE_2_MASK:
755                 /*
756                  * TABLE 2: Indirect access to a table of variable sized values
757                  *
758                  * This table consist of six values, each containing
759                  *     - dword containing the starting offset of the data
760                  *     - dword containing the lengh in the first 16bits
761                  *       and the count in the second 16bits
762                  */
763
764                 /* remove the table id from the ordinal */
765                 ord &= IPW_ORD_TABLE_VALUE_MASK;
766
767                 /* boundary check */
768                 if (ord > priv->table2_len) {
769                         IPW_DEBUG_ORD("ordinal value too long\n");
770                         return -EINVAL;
771                 }
772
773                 /* get the address of statistic */
774                 addr = ipw_read_reg32(priv, priv->table2_addr + (ord << 3));
775
776                 /* get the second DW of statistics ;
777                  * two 16-bit words - first is length, second is count */
778                 field_info =
779                     ipw_read_reg32(priv,
780                                    priv->table2_addr + (ord << 3) +
781                                    sizeof(u32));
782
783                 /* get each entry length */
784                 field_len = *((u16 *) & field_info);
785
786                 /* get number of entries */
787                 field_count = *(((u16 *) & field_info) + 1);
788
789                 /* abort if not enought memory */
790                 total_len = field_len * field_count;
791                 if (total_len > *len) {
792                         *len = total_len;
793                         return -EINVAL;
794                 }
795
796                 *len = total_len;
797                 if (!total_len)
798                         return 0;
799
800                 IPW_DEBUG_ORD("addr = 0x%08x, total_len = %i, "
801                               "field_info = 0x%08x\n",
802                               addr, total_len, field_info);
803                 ipw_read_indirect(priv, addr, val, total_len);
804                 break;
805
806         default:
807                 IPW_DEBUG_ORD("Invalid ordinal!\n");
808                 return -EINVAL;
809
810         }
811
812         return 0;
813 }
814
815 static void ipw_init_ordinals(struct ipw_priv *priv)
816 {
817         priv->table0_addr = IPW_ORDINALS_TABLE_LOWER;
818         priv->table0_len = ipw_read32(priv, priv->table0_addr);
819
820         IPW_DEBUG_ORD("table 0 offset at 0x%08x, len = %i\n",
821                       priv->table0_addr, priv->table0_len);
822
823         priv->table1_addr = ipw_read32(priv, IPW_ORDINALS_TABLE_1);
824         priv->table1_len = ipw_read_reg32(priv, priv->table1_addr);
825
826         IPW_DEBUG_ORD("table 1 offset at 0x%08x, len = %i\n",
827                       priv->table1_addr, priv->table1_len);
828
829         priv->table2_addr = ipw_read32(priv, IPW_ORDINALS_TABLE_2);
830         priv->table2_len = ipw_read_reg32(priv, priv->table2_addr);
831         priv->table2_len &= 0x0000ffff; /* use first two bytes */
832
833         IPW_DEBUG_ORD("table 2 offset at 0x%08x, len = %i\n",
834                       priv->table2_addr, priv->table2_len);
835
836 }
837
838 static u32 ipw_register_toggle(u32 reg)
839 {
840         reg &= ~IPW_START_STANDBY;
841         if (reg & IPW_GATE_ODMA)
842                 reg &= ~IPW_GATE_ODMA;
843         if (reg & IPW_GATE_IDMA)
844                 reg &= ~IPW_GATE_IDMA;
845         if (reg & IPW_GATE_ADMA)
846                 reg &= ~IPW_GATE_ADMA;
847         return reg;
848 }
849
850 /*
851  * LED behavior:
852  * - On radio ON, turn on any LEDs that require to be on during start
853  * - On initialization, start unassociated blink
854  * - On association, disable unassociated blink
855  * - On disassociation, start unassociated blink
856  * - On radio OFF, turn off any LEDs started during radio on
857  *
858  */
859 #define LD_TIME_LINK_ON msecs_to_jiffies(300)
860 #define LD_TIME_LINK_OFF msecs_to_jiffies(2700)
861 #define LD_TIME_ACT_ON msecs_to_jiffies(250)
862
863 static void ipw_led_link_on(struct ipw_priv *priv)
864 {
865         unsigned long flags;
866         u32 led;
867
868         /* If configured to not use LEDs, or nic_type is 1,
869          * then we don't toggle a LINK led */
870         if (priv->config & CFG_NO_LED || priv->nic_type == EEPROM_NIC_TYPE_1)
871                 return;
872
873         spin_lock_irqsave(&priv->lock, flags);
874
875         if (!(priv->status & STATUS_RF_KILL_MASK) &&
876             !(priv->status & STATUS_LED_LINK_ON)) {
877                 IPW_DEBUG_LED("Link LED On\n");
878                 led = ipw_read_reg32(priv, IPW_EVENT_REG);
879                 led |= priv->led_association_on;
880
881                 led = ipw_register_toggle(led);
882
883                 IPW_DEBUG_LED("Reg: 0x%08X\n", led);
884                 ipw_write_reg32(priv, IPW_EVENT_REG, led);
885
886                 priv->status |= STATUS_LED_LINK_ON;
887
888                 /* If we aren't associated, schedule turning the LED off */
889                 if (!(priv->status & STATUS_ASSOCIATED))
890                         queue_delayed_work(priv->workqueue,
891                                            &priv->led_link_off,
892                                            LD_TIME_LINK_ON);
893         }
894
895         spin_unlock_irqrestore(&priv->lock, flags);
896 }
897
898 static void ipw_bg_led_link_on(struct work_struct *work)
899 {
900         struct ipw_priv *priv =
901                 container_of(work, struct ipw_priv, led_link_on.work);
902         mutex_lock(&priv->mutex);
903         ipw_led_link_on(priv);
904         mutex_unlock(&priv->mutex);
905 }
906
907 static void ipw_led_link_off(struct ipw_priv *priv)
908 {
909         unsigned long flags;
910         u32 led;
911
912         /* If configured not to use LEDs, or nic type is 1,
913          * then we don't goggle the LINK led. */
914         if (priv->config & CFG_NO_LED || priv->nic_type == EEPROM_NIC_TYPE_1)
915                 return;
916
917         spin_lock_irqsave(&priv->lock, flags);
918
919         if (priv->status & STATUS_LED_LINK_ON) {
920                 led = ipw_read_reg32(priv, IPW_EVENT_REG);
921                 led &= priv->led_association_off;
922                 led = ipw_register_toggle(led);
923
924                 IPW_DEBUG_LED("Reg: 0x%08X\n", led);
925                 ipw_write_reg32(priv, IPW_EVENT_REG, led);
926
927                 IPW_DEBUG_LED("Link LED Off\n");
928
929                 priv->status &= ~STATUS_LED_LINK_ON;
930
931                 /* If we aren't associated and the radio is on, schedule
932                  * turning the LED on (blink while unassociated) */
933                 if (!(priv->status & STATUS_RF_KILL_MASK) &&
934                     !(priv->status & STATUS_ASSOCIATED))
935                         queue_delayed_work(priv->workqueue, &priv->led_link_on,
936                                            LD_TIME_LINK_OFF);
937
938         }
939
940         spin_unlock_irqrestore(&priv->lock, flags);
941 }
942
943 static void ipw_bg_led_link_off(struct work_struct *work)
944 {
945         struct ipw_priv *priv =
946                 container_of(work, struct ipw_priv, led_link_off.work);
947         mutex_lock(&priv->mutex);
948         ipw_led_link_off(priv);
949         mutex_unlock(&priv->mutex);
950 }
951
952 static void __ipw_led_activity_on(struct ipw_priv *priv)
953 {
954         u32 led;
955
956         if (priv->config & CFG_NO_LED)
957                 return;
958
959         if (priv->status & STATUS_RF_KILL_MASK)
960                 return;
961
962         if (!(priv->status & STATUS_LED_ACT_ON)) {
963                 led = ipw_read_reg32(priv, IPW_EVENT_REG);
964                 led |= priv->led_activity_on;
965
966                 led = ipw_register_toggle(led);
967
968                 IPW_DEBUG_LED("Reg: 0x%08X\n", led);
969                 ipw_write_reg32(priv, IPW_EVENT_REG, led);
970
971                 IPW_DEBUG_LED("Activity LED On\n");
972
973                 priv->status |= STATUS_LED_ACT_ON;
974
975                 cancel_delayed_work(&priv->led_act_off);
976                 queue_delayed_work(priv->workqueue, &priv->led_act_off,
977                                    LD_TIME_ACT_ON);
978         } else {
979                 /* Reschedule LED off for full time period */
980                 cancel_delayed_work(&priv->led_act_off);
981                 queue_delayed_work(priv->workqueue, &priv->led_act_off,
982                                    LD_TIME_ACT_ON);
983         }
984 }
985
986 #if 0
987 void ipw_led_activity_on(struct ipw_priv *priv)
988 {
989         unsigned long flags;
990         spin_lock_irqsave(&priv->lock, flags);
991         __ipw_led_activity_on(priv);
992         spin_unlock_irqrestore(&priv->lock, flags);
993 }
994 #endif  /*  0  */
995
996 static void ipw_led_activity_off(struct ipw_priv *priv)
997 {
998         unsigned long flags;
999         u32 led;
1000
1001         if (priv->config & CFG_NO_LED)
1002                 return;
1003
1004         spin_lock_irqsave(&priv->lock, flags);
1005
1006         if (priv->status & STATUS_LED_ACT_ON) {
1007                 led = ipw_read_reg32(priv, IPW_EVENT_REG);
1008                 led &= priv->led_activity_off;
1009
1010                 led = ipw_register_toggle(led);
1011
1012                 IPW_DEBUG_LED("Reg: 0x%08X\n", led);
1013                 ipw_write_reg32(priv, IPW_EVENT_REG, led);
1014
1015                 IPW_DEBUG_LED("Activity LED Off\n");
1016
1017                 priv->status &= ~STATUS_LED_ACT_ON;
1018         }
1019
1020         spin_unlock_irqrestore(&priv->lock, flags);
1021 }
1022
1023 static void ipw_bg_led_activity_off(struct work_struct *work)
1024 {
1025         struct ipw_priv *priv =
1026                 container_of(work, struct ipw_priv, led_act_off.work);
1027         mutex_lock(&priv->mutex);
1028         ipw_led_activity_off(priv);
1029         mutex_unlock(&priv->mutex);
1030 }
1031
1032 static void ipw_led_band_on(struct ipw_priv *priv)
1033 {
1034         unsigned long flags;
1035         u32 led;
1036
1037         /* Only nic type 1 supports mode LEDs */
1038         if (priv->config & CFG_NO_LED ||
1039             priv->nic_type != EEPROM_NIC_TYPE_1 || !priv->assoc_network)
1040                 return;
1041
1042         spin_lock_irqsave(&priv->lock, flags);
1043
1044         led = ipw_read_reg32(priv, IPW_EVENT_REG);
1045         if (priv->assoc_network->mode == IEEE_A) {
1046                 led |= priv->led_ofdm_on;
1047                 led &= priv->led_association_off;
1048                 IPW_DEBUG_LED("Mode LED On: 802.11a\n");
1049         } else if (priv->assoc_network->mode == IEEE_G) {
1050                 led |= priv->led_ofdm_on;
1051                 led |= priv->led_association_on;
1052                 IPW_DEBUG_LED("Mode LED On: 802.11g\n");
1053         } else {
1054                 led &= priv->led_ofdm_off;
1055                 led |= priv->led_association_on;
1056                 IPW_DEBUG_LED("Mode LED On: 802.11b\n");
1057         }
1058
1059         led = ipw_register_toggle(led);
1060
1061         IPW_DEBUG_LED("Reg: 0x%08X\n", led);
1062         ipw_write_reg32(priv, IPW_EVENT_REG, led);
1063
1064         spin_unlock_irqrestore(&priv->lock, flags);
1065 }
1066
1067 static void ipw_led_band_off(struct ipw_priv *priv)
1068 {
1069         unsigned long flags;
1070         u32 led;
1071
1072         /* Only nic type 1 supports mode LEDs */
1073         if (priv->config & CFG_NO_LED || priv->nic_type != EEPROM_NIC_TYPE_1)
1074                 return;
1075
1076         spin_lock_irqsave(&priv->lock, flags);
1077
1078         led = ipw_read_reg32(priv, IPW_EVENT_REG);
1079         led &= priv->led_ofdm_off;
1080         led &= priv->led_association_off;
1081
1082         led = ipw_register_toggle(led);
1083
1084         IPW_DEBUG_LED("Reg: 0x%08X\n", led);
1085         ipw_write_reg32(priv, IPW_EVENT_REG, led);
1086
1087         spin_unlock_irqrestore(&priv->lock, flags);
1088 }
1089
1090 static void ipw_led_radio_on(struct ipw_priv *priv)
1091 {
1092         ipw_led_link_on(priv);
1093 }
1094
1095 static void ipw_led_radio_off(struct ipw_priv *priv)
1096 {
1097         ipw_led_activity_off(priv);
1098         ipw_led_link_off(priv);
1099 }
1100
1101 static void ipw_led_link_up(struct ipw_priv *priv)
1102 {
1103         /* Set the Link Led on for all nic types */
1104         ipw_led_link_on(priv);
1105 }
1106
1107 static void ipw_led_link_down(struct ipw_priv *priv)
1108 {
1109         ipw_led_activity_off(priv);
1110         ipw_led_link_off(priv);
1111
1112         if (priv->status & STATUS_RF_KILL_MASK)
1113                 ipw_led_radio_off(priv);
1114 }
1115
1116 static void ipw_led_init(struct ipw_priv *priv)
1117 {
1118         priv->nic_type = priv->eeprom[EEPROM_NIC_TYPE];
1119
1120         /* Set the default PINs for the link and activity leds */
1121         priv->led_activity_on = IPW_ACTIVITY_LED;
1122         priv->led_activity_off = ~(IPW_ACTIVITY_LED);
1123
1124         priv->led_association_on = IPW_ASSOCIATED_LED;
1125         priv->led_association_off = ~(IPW_ASSOCIATED_LED);
1126
1127         /* Set the default PINs for the OFDM leds */
1128         priv->led_ofdm_on = IPW_OFDM_LED;
1129         priv->led_ofdm_off = ~(IPW_OFDM_LED);
1130
1131         switch (priv->nic_type) {
1132         case EEPROM_NIC_TYPE_1:
1133                 /* In this NIC type, the LEDs are reversed.... */
1134                 priv->led_activity_on = IPW_ASSOCIATED_LED;
1135                 priv->led_activity_off = ~(IPW_ASSOCIATED_LED);
1136                 priv->led_association_on = IPW_ACTIVITY_LED;
1137                 priv->led_association_off = ~(IPW_ACTIVITY_LED);
1138
1139                 if (!(priv->config & CFG_NO_LED))
1140                         ipw_led_band_on(priv);
1141
1142                 /* And we don't blink link LEDs for this nic, so
1143                  * just return here */
1144                 return;
1145
1146         case EEPROM_NIC_TYPE_3:
1147         case EEPROM_NIC_TYPE_2:
1148         case EEPROM_NIC_TYPE_4:
1149         case EEPROM_NIC_TYPE_0:
1150                 break;
1151
1152         default:
1153                 IPW_DEBUG_INFO("Unknown NIC type from EEPROM: %d\n",
1154                                priv->nic_type);
1155                 priv->nic_type = EEPROM_NIC_TYPE_0;
1156                 break;
1157         }
1158
1159         if (!(priv->config & CFG_NO_LED)) {
1160                 if (priv->status & STATUS_ASSOCIATED)
1161                         ipw_led_link_on(priv);
1162                 else
1163                         ipw_led_link_off(priv);
1164         }
1165 }
1166
1167 static void ipw_led_shutdown(struct ipw_priv *priv)
1168 {
1169         ipw_led_activity_off(priv);
1170         ipw_led_link_off(priv);
1171         ipw_led_band_off(priv);
1172         cancel_delayed_work(&priv->led_link_on);
1173         cancel_delayed_work(&priv->led_link_off);
1174         cancel_delayed_work(&priv->led_act_off);
1175 }
1176
1177 /*
1178  * The following adds a new attribute to the sysfs representation
1179  * of this device driver (i.e. a new file in /sys/bus/pci/drivers/ipw/)
1180  * used for controling the debug level.
1181  *
1182  * See the level definitions in ipw for details.
1183  */
1184 static ssize_t show_debug_level(struct device_driver *d, char *buf)
1185 {
1186         return sprintf(buf, "0x%08X\n", ipw_debug_level);
1187 }
1188
1189 static ssize_t store_debug_level(struct device_driver *d, const char *buf,
1190                                  size_t count)
1191 {
1192         char *p = (char *)buf;
1193         u32 val;
1194
1195         if (p[1] == 'x' || p[1] == 'X' || p[0] == 'x' || p[0] == 'X') {
1196                 p++;
1197                 if (p[0] == 'x' || p[0] == 'X')
1198                         p++;
1199                 val = simple_strtoul(p, &p, 16);
1200         } else
1201                 val = simple_strtoul(p, &p, 10);
1202         if (p == buf)
1203                 printk(KERN_INFO DRV_NAME
1204                        ": %s is not in hex or decimal form.\n", buf);
1205         else
1206                 ipw_debug_level = val;
1207
1208         return strnlen(buf, count);
1209 }
1210
1211 static DRIVER_ATTR(debug_level, S_IWUSR | S_IRUGO,
1212                    show_debug_level, store_debug_level);
1213
1214 static inline u32 ipw_get_event_log_len(struct ipw_priv *priv)
1215 {
1216         /* length = 1st dword in log */
1217         return ipw_read_reg32(priv, ipw_read32(priv, IPW_EVENT_LOG));
1218 }
1219
1220 static void ipw_capture_event_log(struct ipw_priv *priv,
1221                                   u32 log_len, struct ipw_event *log)
1222 {
1223         u32 base;
1224
1225         if (log_len) {
1226                 base = ipw_read32(priv, IPW_EVENT_LOG);
1227                 ipw_read_indirect(priv, base + sizeof(base) + sizeof(u32),
1228                                   (u8 *) log, sizeof(*log) * log_len);
1229         }
1230 }
1231
1232 static struct ipw_fw_error *ipw_alloc_error_log(struct ipw_priv *priv)
1233 {
1234         struct ipw_fw_error *error;
1235         u32 log_len = ipw_get_event_log_len(priv);
1236         u32 base = ipw_read32(priv, IPW_ERROR_LOG);
1237         u32 elem_len = ipw_read_reg32(priv, base);
1238
1239         error = kmalloc(sizeof(*error) +
1240                         sizeof(*error->elem) * elem_len +
1241                         sizeof(*error->log) * log_len, GFP_ATOMIC);
1242         if (!error) {
1243                 IPW_ERROR("Memory allocation for firmware error log "
1244                           "failed.\n");
1245                 return NULL;
1246         }
1247         error->jiffies = jiffies;
1248         error->status = priv->status;
1249         error->config = priv->config;
1250         error->elem_len = elem_len;
1251         error->log_len = log_len;
1252         error->elem = (struct ipw_error_elem *)error->payload;
1253         error->log = (struct ipw_event *)(error->elem + elem_len);
1254
1255         ipw_capture_event_log(priv, log_len, error->log);
1256
1257         if (elem_len)
1258                 ipw_read_indirect(priv, base + sizeof(base), (u8 *) error->elem,
1259                                   sizeof(*error->elem) * elem_len);
1260
1261         return error;
1262 }
1263
1264 static ssize_t show_event_log(struct device *d,
1265                               struct device_attribute *attr, char *buf)
1266 {
1267         struct ipw_priv *priv = dev_get_drvdata(d);
1268         u32 log_len = ipw_get_event_log_len(priv);
1269         u32 log_size;
1270         struct ipw_event *log;
1271         u32 len = 0, i;
1272
1273         /* not using min() because of its strict type checking */
1274         log_size = PAGE_SIZE / sizeof(*log) > log_len ?
1275                         sizeof(*log) * log_len : PAGE_SIZE;
1276         log = kzalloc(log_size, GFP_KERNEL);
1277         if (!log) {
1278                 IPW_ERROR("Unable to allocate memory for log\n");
1279                 return 0;
1280         }
1281         log_len = log_size / sizeof(*log);
1282         ipw_capture_event_log(priv, log_len, log);
1283
1284         len += snprintf(buf + len, PAGE_SIZE - len, "%08X", log_len);
1285         for (i = 0; i < log_len; i++)
1286                 len += snprintf(buf + len, PAGE_SIZE - len,
1287                                 "\n%08X%08X%08X",
1288                                 log[i].time, log[i].event, log[i].data);
1289         len += snprintf(buf + len, PAGE_SIZE - len, "\n");
1290         kfree(log);
1291         return len;
1292 }
1293
1294 static DEVICE_ATTR(event_log, S_IRUGO, show_event_log, NULL);
1295
1296 static ssize_t show_error(struct device *d,
1297                           struct device_attribute *attr, char *buf)
1298 {
1299         struct ipw_priv *priv = dev_get_drvdata(d);
1300         u32 len = 0, i;
1301         if (!priv->error)
1302                 return 0;
1303         len += snprintf(buf + len, PAGE_SIZE - len,
1304                         "%08lX%08X%08X%08X",
1305                         priv->error->jiffies,
1306                         priv->error->status,
1307                         priv->error->config, priv->error->elem_len);
1308         for (i = 0; i < priv->error->elem_len; i++)
1309                 len += snprintf(buf + len, PAGE_SIZE - len,
1310                                 "\n%08X%08X%08X%08X%08X%08X%08X",
1311                                 priv->error->elem[i].time,
1312                                 priv->error->elem[i].desc,
1313                                 priv->error->elem[i].blink1,
1314                                 priv->error->elem[i].blink2,
1315                                 priv->error->elem[i].link1,
1316                                 priv->error->elem[i].link2,
1317                                 priv->error->elem[i].data);
1318
1319         len += snprintf(buf + len, PAGE_SIZE - len,
1320                         "\n%08X", priv->error->log_len);
1321         for (i = 0; i < priv->error->log_len; i++)
1322                 len += snprintf(buf + len, PAGE_SIZE - len,
1323                                 "\n%08X%08X%08X",
1324                                 priv->error->log[i].time,
1325                                 priv->error->log[i].event,
1326                                 priv->error->log[i].data);
1327         len += snprintf(buf + len, PAGE_SIZE - len, "\n");
1328         return len;
1329 }
1330
1331 static ssize_t clear_error(struct device *d,
1332                            struct device_attribute *attr,
1333                            const char *buf, size_t count)
1334 {
1335         struct ipw_priv *priv = dev_get_drvdata(d);
1336
1337         kfree(priv->error);
1338         priv->error = NULL;
1339         return count;
1340 }
1341
1342 static DEVICE_ATTR(error, S_IRUGO | S_IWUSR, show_error, clear_error);
1343
1344 static ssize_t show_cmd_log(struct device *d,
1345                             struct device_attribute *attr, char *buf)
1346 {
1347         struct ipw_priv *priv = dev_get_drvdata(d);
1348         u32 len = 0, i;
1349         if (!priv->cmdlog)
1350                 return 0;
1351         for (i = (priv->cmdlog_pos + 1) % priv->cmdlog_len;
1352              (i != priv->cmdlog_pos) && (PAGE_SIZE - len);
1353              i = (i + 1) % priv->cmdlog_len) {
1354                 len +=
1355                     snprintf(buf + len, PAGE_SIZE - len,
1356                              "\n%08lX%08X%08X%08X\n", priv->cmdlog[i].jiffies,
1357                              priv->cmdlog[i].retcode, priv->cmdlog[i].cmd.cmd,
1358                              priv->cmdlog[i].cmd.len);
1359                 len +=
1360                     snprintk_buf(buf + len, PAGE_SIZE - len,
1361                                  (u8 *) priv->cmdlog[i].cmd.param,
1362                                  priv->cmdlog[i].cmd.len);
1363                 len += snprintf(buf + len, PAGE_SIZE - len, "\n");
1364         }
1365         len += snprintf(buf + len, PAGE_SIZE - len, "\n");
1366         return len;
1367 }
1368
1369 static DEVICE_ATTR(cmd_log, S_IRUGO, show_cmd_log, NULL);
1370
1371 #ifdef CONFIG_IPW2200_PROMISCUOUS
1372 static void ipw_prom_free(struct ipw_priv *priv);
1373 static int ipw_prom_alloc(struct ipw_priv *priv);
1374 static ssize_t store_rtap_iface(struct device *d,
1375                          struct device_attribute *attr,
1376                          const char *buf, size_t count)
1377 {
1378         struct ipw_priv *priv = dev_get_drvdata(d);
1379         int rc = 0;
1380
1381         if (count < 1)
1382                 return -EINVAL;
1383
1384         switch (buf[0]) {
1385         case '0':
1386                 if (!rtap_iface)
1387                         return count;
1388
1389                 if (netif_running(priv->prom_net_dev)) {
1390                         IPW_WARNING("Interface is up.  Cannot unregister.\n");
1391                         return count;
1392                 }
1393
1394                 ipw_prom_free(priv);
1395                 rtap_iface = 0;
1396                 break;
1397
1398         case '1':
1399                 if (rtap_iface)
1400                         return count;
1401
1402                 rc = ipw_prom_alloc(priv);
1403                 if (!rc)
1404                         rtap_iface = 1;
1405                 break;
1406
1407         default:
1408                 return -EINVAL;
1409         }
1410
1411         if (rc) {
1412                 IPW_ERROR("Failed to register promiscuous network "
1413                           "device (error %d).\n", rc);
1414         }
1415
1416         return count;
1417 }
1418
1419 static ssize_t show_rtap_iface(struct device *d,
1420                         struct device_attribute *attr,
1421                         char *buf)
1422 {
1423         struct ipw_priv *priv = dev_get_drvdata(d);
1424         if (rtap_iface)
1425                 return sprintf(buf, "%s", priv->prom_net_dev->name);
1426         else {
1427                 buf[0] = '-';
1428                 buf[1] = '1';
1429                 buf[2] = '\0';
1430                 return 3;
1431         }
1432 }
1433
1434 static DEVICE_ATTR(rtap_iface, S_IWUSR | S_IRUSR, show_rtap_iface,
1435                    store_rtap_iface);
1436
1437 static ssize_t store_rtap_filter(struct device *d,
1438                          struct device_attribute *attr,
1439                          const char *buf, size_t count)
1440 {
1441         struct ipw_priv *priv = dev_get_drvdata(d);
1442
1443         if (!priv->prom_priv) {
1444                 IPW_ERROR("Attempting to set filter without "
1445                           "rtap_iface enabled.\n");
1446                 return -EPERM;
1447         }
1448
1449         priv->prom_priv->filter = simple_strtol(buf, NULL, 0);
1450
1451         IPW_DEBUG_INFO("Setting rtap filter to " BIT_FMT16 "\n",
1452                        BIT_ARG16(priv->prom_priv->filter));
1453
1454         return count;
1455 }
1456
1457 static ssize_t show_rtap_filter(struct device *d,
1458                         struct device_attribute *attr,
1459                         char *buf)
1460 {
1461         struct ipw_priv *priv = dev_get_drvdata(d);
1462         return sprintf(buf, "0x%04X",
1463                        priv->prom_priv ? priv->prom_priv->filter : 0);
1464 }
1465
1466 static DEVICE_ATTR(rtap_filter, S_IWUSR | S_IRUSR, show_rtap_filter,
1467                    store_rtap_filter);
1468 #endif
1469
1470 static ssize_t show_scan_age(struct device *d, struct device_attribute *attr,
1471                              char *buf)
1472 {
1473         struct ipw_priv *priv = dev_get_drvdata(d);
1474         return sprintf(buf, "%d\n", priv->ieee->scan_age);
1475 }
1476
1477 static ssize_t store_scan_age(struct device *d, struct device_attribute *attr,
1478                               const char *buf, size_t count)
1479 {
1480         struct ipw_priv *priv = dev_get_drvdata(d);
1481         struct net_device *dev = priv->net_dev;
1482         char buffer[] = "00000000";
1483         unsigned long len =
1484             (sizeof(buffer) - 1) > count ? count : sizeof(buffer) - 1;
1485         unsigned long val;
1486         char *p = buffer;
1487
1488         IPW_DEBUG_INFO("enter\n");
1489
1490         strncpy(buffer, buf, len);
1491         buffer[len] = 0;
1492
1493         if (p[1] == 'x' || p[1] == 'X' || p[0] == 'x' || p[0] == 'X') {
1494                 p++;
1495                 if (p[0] == 'x' || p[0] == 'X')
1496                         p++;
1497                 val = simple_strtoul(p, &p, 16);
1498         } else
1499                 val = simple_strtoul(p, &p, 10);
1500         if (p == buffer) {
1501                 IPW_DEBUG_INFO("%s: user supplied invalid value.\n", dev->name);
1502         } else {
1503                 priv->ieee->scan_age = val;
1504                 IPW_DEBUG_INFO("set scan_age = %u\n", priv->ieee->scan_age);
1505         }
1506
1507         IPW_DEBUG_INFO("exit\n");
1508         return len;
1509 }
1510
1511 static DEVICE_ATTR(scan_age, S_IWUSR | S_IRUGO, show_scan_age, store_scan_age);
1512
1513 static ssize_t show_led(struct device *d, struct device_attribute *attr,
1514                         char *buf)
1515 {
1516         struct ipw_priv *priv = dev_get_drvdata(d);
1517         return sprintf(buf, "%d\n", (priv->config & CFG_NO_LED) ? 0 : 1);
1518 }
1519
1520 static ssize_t store_led(struct device *d, struct device_attribute *attr,
1521                          const char *buf, size_t count)
1522 {
1523         struct ipw_priv *priv = dev_get_drvdata(d);
1524
1525         IPW_DEBUG_INFO("enter\n");
1526
1527         if (count == 0)
1528                 return 0;
1529
1530         if (*buf == 0) {
1531                 IPW_DEBUG_LED("Disabling LED control.\n");
1532                 priv->config |= CFG_NO_LED;
1533                 ipw_led_shutdown(priv);
1534         } else {
1535                 IPW_DEBUG_LED("Enabling LED control.\n");
1536                 priv->config &= ~CFG_NO_LED;
1537                 ipw_led_init(priv);
1538         }
1539
1540         IPW_DEBUG_INFO("exit\n");
1541         return count;
1542 }
1543
1544 static DEVICE_ATTR(led, S_IWUSR | S_IRUGO, show_led, store_led);
1545
1546 static ssize_t show_status(struct device *d,
1547                            struct device_attribute *attr, char *buf)
1548 {
1549         struct ipw_priv *p = dev_get_drvdata(d);
1550         return sprintf(buf, "0x%08x\n", (int)p->status);
1551 }
1552
1553 static DEVICE_ATTR(status, S_IRUGO, show_status, NULL);
1554
1555 static ssize_t show_cfg(struct device *d, struct device_attribute *attr,
1556                         char *buf)
1557 {
1558         struct ipw_priv *p = dev_get_drvdata(d);
1559         return sprintf(buf, "0x%08x\n", (int)p->config);
1560 }
1561
1562 static DEVICE_ATTR(cfg, S_IRUGO, show_cfg, NULL);
1563
1564 static ssize_t show_nic_type(struct device *d,
1565                              struct device_attribute *attr, char *buf)
1566 {
1567         struct ipw_priv *priv = dev_get_drvdata(d);
1568         return sprintf(buf, "TYPE: %d\n", priv->nic_type);
1569 }
1570
1571 static DEVICE_ATTR(nic_type, S_IRUGO, show_nic_type, NULL);
1572
1573 static ssize_t show_ucode_version(struct device *d,
1574                                   struct device_attribute *attr, char *buf)
1575 {
1576         u32 len = sizeof(u32), tmp = 0;
1577         struct ipw_priv *p = dev_get_drvdata(d);
1578
1579         if (ipw_get_ordinal(p, IPW_ORD_STAT_UCODE_VERSION, &tmp, &len))
1580                 return 0;
1581
1582         return sprintf(buf, "0x%08x\n", tmp);
1583 }
1584
1585 static DEVICE_ATTR(ucode_version, S_IWUSR | S_IRUGO, show_ucode_version, NULL);
1586
1587 static ssize_t show_rtc(struct device *d, struct device_attribute *attr,
1588                         char *buf)
1589 {
1590         u32 len = sizeof(u32), tmp = 0;
1591         struct ipw_priv *p = dev_get_drvdata(d);
1592
1593         if (ipw_get_ordinal(p, IPW_ORD_STAT_RTC, &tmp, &len))
1594                 return 0;
1595
1596         return sprintf(buf, "0x%08x\n", tmp);
1597 }
1598
1599 static DEVICE_ATTR(rtc, S_IWUSR | S_IRUGO, show_rtc, NULL);
1600
1601 /*
1602  * Add a device attribute to view/control the delay between eeprom
1603  * operations.
1604  */
1605 static ssize_t show_eeprom_delay(struct device *d,
1606                                  struct device_attribute *attr, char *buf)
1607 {
1608         struct ipw_priv *p = dev_get_drvdata(d);
1609         int n = p->eeprom_delay;
1610         return sprintf(buf, "%i\n", n);
1611 }
1612 static ssize_t store_eeprom_delay(struct device *d,
1613                                   struct device_attribute *attr,
1614                                   const char *buf, size_t count)
1615 {
1616         struct ipw_priv *p = dev_get_drvdata(d);
1617         sscanf(buf, "%i", &p->eeprom_delay);
1618         return strnlen(buf, count);
1619 }
1620
1621 static DEVICE_ATTR(eeprom_delay, S_IWUSR | S_IRUGO,
1622                    show_eeprom_delay, store_eeprom_delay);
1623
1624 static ssize_t show_command_event_reg(struct device *d,
1625                                       struct device_attribute *attr, char *buf)
1626 {
1627         u32 reg = 0;
1628         struct ipw_priv *p = dev_get_drvdata(d);
1629
1630         reg = ipw_read_reg32(p, IPW_INTERNAL_CMD_EVENT);
1631         return sprintf(buf, "0x%08x\n", reg);
1632 }
1633 static ssize_t store_command_event_reg(struct device *d,
1634                                        struct device_attribute *attr,
1635                                        const char *buf, size_t count)
1636 {
1637         u32 reg;
1638         struct ipw_priv *p = dev_get_drvdata(d);
1639
1640         sscanf(buf, "%x", &reg);
1641         ipw_write_reg32(p, IPW_INTERNAL_CMD_EVENT, reg);
1642         return strnlen(buf, count);
1643 }
1644
1645 static DEVICE_ATTR(command_event_reg, S_IWUSR | S_IRUGO,
1646                    show_command_event_reg, store_command_event_reg);
1647
1648 static ssize_t show_mem_gpio_reg(struct device *d,
1649                                  struct device_attribute *attr, char *buf)
1650 {
1651         u32 reg = 0;
1652         struct ipw_priv *p = dev_get_drvdata(d);
1653
1654         reg = ipw_read_reg32(p, 0x301100);
1655         return sprintf(buf, "0x%08x\n", reg);
1656 }
1657 static ssize_t store_mem_gpio_reg(struct device *d,
1658                                   struct device_attribute *attr,
1659                                   const char *buf, size_t count)
1660 {
1661         u32 reg;
1662         struct ipw_priv *p = dev_get_drvdata(d);
1663
1664         sscanf(buf, "%x", &reg);
1665         ipw_write_reg32(p, 0x301100, reg);
1666         return strnlen(buf, count);
1667 }
1668
1669 static DEVICE_ATTR(mem_gpio_reg, S_IWUSR | S_IRUGO,
1670                    show_mem_gpio_reg, store_mem_gpio_reg);
1671
1672 static ssize_t show_indirect_dword(struct device *d,
1673                                    struct device_attribute *attr, char *buf)
1674 {
1675         u32 reg = 0;
1676         struct ipw_priv *priv = dev_get_drvdata(d);
1677
1678         if (priv->status & STATUS_INDIRECT_DWORD)
1679                 reg = ipw_read_reg32(priv, priv->indirect_dword);
1680         else
1681                 reg = 0;
1682
1683         return sprintf(buf, "0x%08x\n", reg);
1684 }
1685 static ssize_t store_indirect_dword(struct device *d,
1686                                     struct device_attribute *attr,
1687                                     const char *buf, size_t count)
1688 {
1689         struct ipw_priv *priv = dev_get_drvdata(d);
1690
1691         sscanf(buf, "%x", &priv->indirect_dword);
1692         priv->status |= STATUS_INDIRECT_DWORD;
1693         return strnlen(buf, count);
1694 }
1695
1696 static DEVICE_ATTR(indirect_dword, S_IWUSR | S_IRUGO,
1697                    show_indirect_dword, store_indirect_dword);
1698
1699 static ssize_t show_indirect_byte(struct device *d,
1700                                   struct device_attribute *attr, char *buf)
1701 {
1702         u8 reg = 0;
1703         struct ipw_priv *priv = dev_get_drvdata(d);
1704
1705         if (priv->status & STATUS_INDIRECT_BYTE)
1706                 reg = ipw_read_reg8(priv, priv->indirect_byte);
1707         else
1708                 reg = 0;
1709
1710         return sprintf(buf, "0x%02x\n", reg);
1711 }
1712 static ssize_t store_indirect_byte(struct device *d,
1713                                    struct device_attribute *attr,
1714                                    const char *buf, size_t count)
1715 {
1716         struct ipw_priv *priv = dev_get_drvdata(d);
1717
1718         sscanf(buf, "%x", &priv->indirect_byte);
1719         priv->status |= STATUS_INDIRECT_BYTE;
1720         return strnlen(buf, count);
1721 }
1722
1723 static DEVICE_ATTR(indirect_byte, S_IWUSR | S_IRUGO,
1724                    show_indirect_byte, store_indirect_byte);
1725
1726 static ssize_t show_direct_dword(struct device *d,
1727                                  struct device_attribute *attr, char *buf)
1728 {
1729         u32 reg = 0;
1730         struct ipw_priv *priv = dev_get_drvdata(d);
1731
1732         if (priv->status & STATUS_DIRECT_DWORD)
1733                 reg = ipw_read32(priv, priv->direct_dword);
1734         else
1735                 reg = 0;
1736
1737         return sprintf(buf, "0x%08x\n", reg);
1738 }
1739 static ssize_t store_direct_dword(struct device *d,
1740                                   struct device_attribute *attr,
1741                                   const char *buf, size_t count)
1742 {
1743         struct ipw_priv *priv = dev_get_drvdata(d);
1744
1745         sscanf(buf, "%x", &priv->direct_dword);
1746         priv->status |= STATUS_DIRECT_DWORD;
1747         return strnlen(buf, count);
1748 }
1749
1750 static DEVICE_ATTR(direct_dword, S_IWUSR | S_IRUGO,
1751                    show_direct_dword, store_direct_dword);
1752
1753 static int rf_kill_active(struct ipw_priv *priv)
1754 {
1755         if (0 == (ipw_read32(priv, 0x30) & 0x10000))
1756                 priv->status |= STATUS_RF_KILL_HW;
1757         else
1758                 priv->status &= ~STATUS_RF_KILL_HW;
1759
1760         return (priv->status & STATUS_RF_KILL_HW) ? 1 : 0;
1761 }
1762
1763 static ssize_t show_rf_kill(struct device *d, struct device_attribute *attr,
1764                             char *buf)
1765 {
1766         /* 0 - RF kill not enabled
1767            1 - SW based RF kill active (sysfs)
1768            2 - HW based RF kill active
1769            3 - Both HW and SW baed RF kill active */
1770         struct ipw_priv *priv = dev_get_drvdata(d);
1771         int val = ((priv->status & STATUS_RF_KILL_SW) ? 0x1 : 0x0) |
1772             (rf_kill_active(priv) ? 0x2 : 0x0);
1773         return sprintf(buf, "%i\n", val);
1774 }
1775
1776 static int ipw_radio_kill_sw(struct ipw_priv *priv, int disable_radio)
1777 {
1778         if ((disable_radio ? 1 : 0) ==
1779             ((priv->status & STATUS_RF_KILL_SW) ? 1 : 0))
1780                 return 0;
1781
1782         IPW_DEBUG_RF_KILL("Manual SW RF Kill set to: RADIO  %s\n",
1783                           disable_radio ? "OFF" : "ON");
1784
1785         if (disable_radio) {
1786                 priv->status |= STATUS_RF_KILL_SW;
1787
1788                 if (priv->workqueue) {
1789                         cancel_delayed_work(&priv->request_scan);
1790                         cancel_delayed_work(&priv->request_direct_scan);
1791                         cancel_delayed_work(&priv->request_passive_scan);
1792                         cancel_delayed_work(&priv->scan_event);
1793                 }
1794                 queue_work(priv->workqueue, &priv->down);
1795         } else {
1796                 priv->status &= ~STATUS_RF_KILL_SW;
1797                 if (rf_kill_active(priv)) {
1798                         IPW_DEBUG_RF_KILL("Can not turn radio back on - "
1799                                           "disabled by HW switch\n");
1800                         /* Make sure the RF_KILL check timer is running */
1801                         cancel_delayed_work(&priv->rf_kill);
1802                         queue_delayed_work(priv->workqueue, &priv->rf_kill,
1803                                            round_jiffies_relative(2 * HZ));
1804                 } else
1805                         queue_work(priv->workqueue, &priv->up);
1806         }
1807
1808         return 1;
1809 }
1810
1811 static ssize_t store_rf_kill(struct device *d, struct device_attribute *attr,
1812                              const char *buf, size_t count)
1813 {
1814         struct ipw_priv *priv = dev_get_drvdata(d);
1815
1816         ipw_radio_kill_sw(priv, buf[0] == '1');
1817
1818         return count;
1819 }
1820
1821 static DEVICE_ATTR(rf_kill, S_IWUSR | S_IRUGO, show_rf_kill, store_rf_kill);
1822
1823 static ssize_t show_speed_scan(struct device *d, struct device_attribute *attr,
1824                                char *buf)
1825 {
1826         struct ipw_priv *priv = dev_get_drvdata(d);
1827         int pos = 0, len = 0;
1828         if (priv->config & CFG_SPEED_SCAN) {
1829                 while (priv->speed_scan[pos] != 0)
1830                         len += sprintf(&buf[len], "%d ",
1831                                        priv->speed_scan[pos++]);
1832                 return len + sprintf(&buf[len], "\n");
1833         }
1834
1835         return sprintf(buf, "0\n");
1836 }
1837
1838 static ssize_t store_speed_scan(struct device *d, struct device_attribute *attr,
1839                                 const char *buf, size_t count)
1840 {
1841         struct ipw_priv *priv = dev_get_drvdata(d);
1842         int channel, pos = 0;
1843         const char *p = buf;
1844
1845         /* list of space separated channels to scan, optionally ending with 0 */
1846         while ((channel = simple_strtol(p, NULL, 0))) {
1847                 if (pos == MAX_SPEED_SCAN - 1) {
1848                         priv->speed_scan[pos] = 0;
1849                         break;
1850                 }
1851
1852                 if (libipw_is_valid_channel(priv->ieee, channel))
1853                         priv->speed_scan[pos++] = channel;
1854                 else
1855                         IPW_WARNING("Skipping invalid channel request: %d\n",
1856                                     channel);
1857                 p = strchr(p, ' ');
1858                 if (!p)
1859                         break;
1860                 while (*p == ' ' || *p == '\t')
1861                         p++;
1862         }
1863
1864         if (pos == 0)
1865                 priv->config &= ~CFG_SPEED_SCAN;
1866         else {
1867                 priv->speed_scan_pos = 0;
1868                 priv->config |= CFG_SPEED_SCAN;
1869         }
1870
1871         return count;
1872 }
1873
1874 static DEVICE_ATTR(speed_scan, S_IWUSR | S_IRUGO, show_speed_scan,
1875                    store_speed_scan);
1876
1877 static ssize_t show_net_stats(struct device *d, struct device_attribute *attr,
1878                               char *buf)
1879 {
1880         struct ipw_priv *priv = dev_get_drvdata(d);
1881         return sprintf(buf, "%c\n", (priv->config & CFG_NET_STATS) ? '1' : '0');
1882 }
1883
1884 static ssize_t store_net_stats(struct device *d, struct device_attribute *attr,
1885                                const char *buf, size_t count)
1886 {
1887         struct ipw_priv *priv = dev_get_drvdata(d);
1888         if (buf[0] == '1')
1889                 priv->config |= CFG_NET_STATS;
1890         else
1891                 priv->config &= ~CFG_NET_STATS;
1892
1893         return count;
1894 }
1895
1896 static DEVICE_ATTR(net_stats, S_IWUSR | S_IRUGO,
1897                    show_net_stats, store_net_stats);
1898
1899 static ssize_t show_channels(struct device *d,
1900                              struct device_attribute *attr,
1901                              char *buf)
1902 {
1903         struct ipw_priv *priv = dev_get_drvdata(d);
1904         const struct libipw_geo *geo = libipw_get_geo(priv->ieee);
1905         int len = 0, i;
1906
1907         len = sprintf(&buf[len],
1908                       "Displaying %d channels in 2.4Ghz band "
1909                       "(802.11bg):\n", geo->bg_channels);
1910
1911         for (i = 0; i < geo->bg_channels; i++) {
1912                 len += sprintf(&buf[len], "%d: BSS%s%s, %s, Band %s.\n",
1913                                geo->bg[i].channel,
1914                                geo->bg[i].flags & LIBIPW_CH_RADAR_DETECT ?
1915                                " (radar spectrum)" : "",
1916                                ((geo->bg[i].flags & LIBIPW_CH_NO_IBSS) ||
1917                                 (geo->bg[i].flags & LIBIPW_CH_RADAR_DETECT))
1918                                ? "" : ", IBSS",
1919                                geo->bg[i].flags & LIBIPW_CH_PASSIVE_ONLY ?
1920                                "passive only" : "active/passive",
1921                                geo->bg[i].flags & LIBIPW_CH_B_ONLY ?
1922                                "B" : "B/G");
1923         }
1924
1925         len += sprintf(&buf[len],
1926                        "Displaying %d channels in 5.2Ghz band "
1927                        "(802.11a):\n", geo->a_channels);
1928         for (i = 0; i < geo->a_channels; i++) {
1929                 len += sprintf(&buf[len], "%d: BSS%s%s, %s.\n",
1930                                geo->a[i].channel,
1931                                geo->a[i].flags & LIBIPW_CH_RADAR_DETECT ?
1932                                " (radar spectrum)" : "",
1933                                ((geo->a[i].flags & LIBIPW_CH_NO_IBSS) ||
1934                                 (geo->a[i].flags & LIBIPW_CH_RADAR_DETECT))
1935                                ? "" : ", IBSS",
1936                                geo->a[i].flags & LIBIPW_CH_PASSIVE_ONLY ?
1937                                "passive only" : "active/passive");
1938         }
1939
1940         return len;
1941 }
1942
1943 static DEVICE_ATTR(channels, S_IRUSR, show_channels, NULL);
1944
1945 static void notify_wx_assoc_event(struct ipw_priv *priv)
1946 {
1947         union iwreq_data wrqu;
1948         wrqu.ap_addr.sa_family = ARPHRD_ETHER;
1949         if (priv->status & STATUS_ASSOCIATED)
1950                 memcpy(wrqu.ap_addr.sa_data, priv->bssid, ETH_ALEN);
1951         else
1952                 memset(wrqu.ap_addr.sa_data, 0, ETH_ALEN);
1953         wireless_send_event(priv->net_dev, SIOCGIWAP, &wrqu, NULL);
1954 }
1955
1956 static void ipw_irq_tasklet(struct ipw_priv *priv)
1957 {
1958         u32 inta, inta_mask, handled = 0;
1959         unsigned long flags;
1960         int rc = 0;
1961
1962         spin_lock_irqsave(&priv->irq_lock, flags);
1963
1964         inta = ipw_read32(priv, IPW_INTA_RW);
1965         inta_mask = ipw_read32(priv, IPW_INTA_MASK_R);
1966         inta &= (IPW_INTA_MASK_ALL & inta_mask);
1967
1968         /* Add any cached INTA values that need to be handled */
1969         inta |= priv->isr_inta;
1970
1971         spin_unlock_irqrestore(&priv->irq_lock, flags);
1972
1973         spin_lock_irqsave(&priv->lock, flags);
1974
1975         /* handle all the justifications for the interrupt */
1976         if (inta & IPW_INTA_BIT_RX_TRANSFER) {
1977                 ipw_rx(priv);
1978                 handled |= IPW_INTA_BIT_RX_TRANSFER;
1979         }
1980
1981         if (inta & IPW_INTA_BIT_TX_CMD_QUEUE) {
1982                 IPW_DEBUG_HC("Command completed.\n");
1983                 rc = ipw_queue_tx_reclaim(priv, &priv->txq_cmd, -1);
1984                 priv->status &= ~STATUS_HCMD_ACTIVE;
1985                 wake_up_interruptible(&priv->wait_command_queue);
1986                 handled |= IPW_INTA_BIT_TX_CMD_QUEUE;
1987         }
1988
1989         if (inta & IPW_INTA_BIT_TX_QUEUE_1) {
1990                 IPW_DEBUG_TX("TX_QUEUE_1\n");
1991                 rc = ipw_queue_tx_reclaim(priv, &priv->txq[0], 0);
1992                 handled |= IPW_INTA_BIT_TX_QUEUE_1;
1993         }
1994
1995         if (inta & IPW_INTA_BIT_TX_QUEUE_2) {
1996                 IPW_DEBUG_TX("TX_QUEUE_2\n");
1997                 rc = ipw_queue_tx_reclaim(priv, &priv->txq[1], 1);
1998                 handled |= IPW_INTA_BIT_TX_QUEUE_2;
1999         }
2000
2001         if (inta & IPW_INTA_BIT_TX_QUEUE_3) {
2002                 IPW_DEBUG_TX("TX_QUEUE_3\n");
2003                 rc = ipw_queue_tx_reclaim(priv, &priv->txq[2], 2);
2004                 handled |= IPW_INTA_BIT_TX_QUEUE_3;
2005         }
2006
2007         if (inta & IPW_INTA_BIT_TX_QUEUE_4) {
2008                 IPW_DEBUG_TX("TX_QUEUE_4\n");
2009                 rc = ipw_queue_tx_reclaim(priv, &priv->txq[3], 3);
2010                 handled |= IPW_INTA_BIT_TX_QUEUE_4;
2011         }
2012
2013         if (inta & IPW_INTA_BIT_STATUS_CHANGE) {
2014                 IPW_WARNING("STATUS_CHANGE\n");
2015                 handled |= IPW_INTA_BIT_STATUS_CHANGE;
2016         }
2017
2018         if (inta & IPW_INTA_BIT_BEACON_PERIOD_EXPIRED) {
2019                 IPW_WARNING("TX_PERIOD_EXPIRED\n");
2020                 handled |= IPW_INTA_BIT_BEACON_PERIOD_EXPIRED;
2021         }
2022
2023         if (inta & IPW_INTA_BIT_SLAVE_MODE_HOST_CMD_DONE) {
2024                 IPW_WARNING("HOST_CMD_DONE\n");
2025                 handled |= IPW_INTA_BIT_SLAVE_MODE_HOST_CMD_DONE;
2026         }
2027
2028         if (inta & IPW_INTA_BIT_FW_INITIALIZATION_DONE) {
2029                 IPW_WARNING("FW_INITIALIZATION_DONE\n");
2030                 handled |= IPW_INTA_BIT_FW_INITIALIZATION_DONE;
2031         }
2032
2033         if (inta & IPW_INTA_BIT_FW_CARD_DISABLE_PHY_OFF_DONE) {
2034                 IPW_WARNING("PHY_OFF_DONE\n");
2035                 handled |= IPW_INTA_BIT_FW_CARD_DISABLE_PHY_OFF_DONE;
2036         }
2037
2038         if (inta & IPW_INTA_BIT_RF_KILL_DONE) {
2039                 IPW_DEBUG_RF_KILL("RF_KILL_DONE\n");
2040                 priv->status |= STATUS_RF_KILL_HW;
2041                 wake_up_interruptible(&priv->wait_command_queue);
2042                 priv->status &= ~(STATUS_ASSOCIATED | STATUS_ASSOCIATING);
2043                 cancel_delayed_work(&priv->request_scan);
2044                 cancel_delayed_work(&priv->request_direct_scan);
2045                 cancel_delayed_work(&priv->request_passive_scan);
2046                 cancel_delayed_work(&priv->scan_event);
2047                 schedule_work(&priv->link_down);
2048                 queue_delayed_work(priv->workqueue, &priv->rf_kill, 2 * HZ);
2049                 handled |= IPW_INTA_BIT_RF_KILL_DONE;
2050         }
2051
2052         if (inta & IPW_INTA_BIT_FATAL_ERROR) {
2053                 IPW_WARNING("Firmware error detected.  Restarting.\n");
2054                 if (priv->error) {
2055                         IPW_DEBUG_FW("Sysfs 'error' log already exists.\n");
2056                         if (ipw_debug_level & IPW_DL_FW_ERRORS) {
2057                                 struct ipw_fw_error *error =
2058                                     ipw_alloc_error_log(priv);
2059                                 ipw_dump_error_log(priv, error);
2060                                 kfree(error);
2061                         }
2062                 } else {
2063                         priv->error = ipw_alloc_error_log(priv);
2064                         if (priv->error)
2065                                 IPW_DEBUG_FW("Sysfs 'error' log captured.\n");
2066                         else
2067                                 IPW_DEBUG_FW("Error allocating sysfs 'error' "
2068                                              "log.\n");
2069                         if (ipw_debug_level & IPW_DL_FW_ERRORS)
2070                                 ipw_dump_error_log(priv, priv->error);
2071                 }
2072
2073                 /* XXX: If hardware encryption is for WPA/WPA2,
2074                  * we have to notify the supplicant. */
2075                 if (priv->ieee->sec.encrypt) {
2076                         priv->status &= ~STATUS_ASSOCIATED;
2077                         notify_wx_assoc_event(priv);
2078                 }
2079
2080                 /* Keep the restart process from trying to send host
2081                  * commands by clearing the INIT status bit */
2082                 priv->status &= ~STATUS_INIT;
2083
2084                 /* Cancel currently queued command. */
2085                 priv->status &= ~STATUS_HCMD_ACTIVE;
2086                 wake_up_interruptible(&priv->wait_command_queue);
2087
2088                 queue_work(priv->workqueue, &priv->adapter_restart);
2089                 handled |= IPW_INTA_BIT_FATAL_ERROR;
2090         }
2091
2092         if (inta & IPW_INTA_BIT_PARITY_ERROR) {
2093                 IPW_ERROR("Parity error\n");
2094                 handled |= IPW_INTA_BIT_PARITY_ERROR;
2095         }
2096
2097         if (handled != inta) {
2098                 IPW_ERROR("Unhandled INTA bits 0x%08x\n", inta & ~handled);
2099         }
2100
2101         spin_unlock_irqrestore(&priv->lock, flags);
2102
2103         /* enable all interrupts */
2104         ipw_enable_interrupts(priv);
2105 }
2106
2107 #define IPW_CMD(x) case IPW_CMD_ ## x : return #x
2108 static char *get_cmd_string(u8 cmd)
2109 {
2110         switch (cmd) {
2111                 IPW_CMD(HOST_COMPLETE);
2112                 IPW_CMD(POWER_DOWN);
2113                 IPW_CMD(SYSTEM_CONFIG);
2114                 IPW_CMD(MULTICAST_ADDRESS);
2115                 IPW_CMD(SSID);
2116                 IPW_CMD(ADAPTER_ADDRESS);
2117                 IPW_CMD(PORT_TYPE);
2118                 IPW_CMD(RTS_THRESHOLD);
2119                 IPW_CMD(FRAG_THRESHOLD);
2120                 IPW_CMD(POWER_MODE);
2121                 IPW_CMD(WEP_KEY);
2122                 IPW_CMD(TGI_TX_KEY);
2123                 IPW_CMD(SCAN_REQUEST);
2124                 IPW_CMD(SCAN_REQUEST_EXT);
2125                 IPW_CMD(ASSOCIATE);
2126                 IPW_CMD(SUPPORTED_RATES);
2127                 IPW_CMD(SCAN_ABORT);
2128                 IPW_CMD(TX_FLUSH);
2129                 IPW_CMD(QOS_PARAMETERS);
2130                 IPW_CMD(DINO_CONFIG);
2131                 IPW_CMD(RSN_CAPABILITIES);
2132                 IPW_CMD(RX_KEY);
2133                 IPW_CMD(CARD_DISABLE);
2134                 IPW_CMD(SEED_NUMBER);
2135                 IPW_CMD(TX_POWER);
2136                 IPW_CMD(COUNTRY_INFO);
2137                 IPW_CMD(AIRONET_INFO);
2138                 IPW_CMD(AP_TX_POWER);
2139                 IPW_CMD(CCKM_INFO);
2140                 IPW_CMD(CCX_VER_INFO);
2141                 IPW_CMD(SET_CALIBRATION);
2142                 IPW_CMD(SENSITIVITY_CALIB);
2143                 IPW_CMD(RETRY_LIMIT);
2144                 IPW_CMD(IPW_PRE_POWER_DOWN);
2145                 IPW_CMD(VAP_BEACON_TEMPLATE);
2146                 IPW_CMD(VAP_DTIM_PERIOD);
2147                 IPW_CMD(EXT_SUPPORTED_RATES);
2148                 IPW_CMD(VAP_LOCAL_TX_PWR_CONSTRAINT);
2149                 IPW_CMD(VAP_QUIET_INTERVALS);
2150                 IPW_CMD(VAP_CHANNEL_SWITCH);
2151                 IPW_CMD(VAP_MANDATORY_CHANNELS);
2152                 IPW_CMD(VAP_CELL_PWR_LIMIT);
2153                 IPW_CMD(VAP_CF_PARAM_SET);
2154                 IPW_CMD(VAP_SET_BEACONING_STATE);
2155                 IPW_CMD(MEASUREMENT);
2156                 IPW_CMD(POWER_CAPABILITY);
2157                 IPW_CMD(SUPPORTED_CHANNELS);
2158                 IPW_CMD(TPC_REPORT);
2159                 IPW_CMD(WME_INFO);
2160                 IPW_CMD(PRODUCTION_COMMAND);
2161         default:
2162                 return "UNKNOWN";
2163         }
2164 }
2165
2166 #define HOST_COMPLETE_TIMEOUT HZ
2167
2168 static int __ipw_send_cmd(struct ipw_priv *priv, struct host_cmd *cmd)
2169 {
2170         int rc = 0;
2171         unsigned long flags;
2172
2173         spin_lock_irqsave(&priv->lock, flags);
2174         if (priv->status & STATUS_HCMD_ACTIVE) {
2175                 IPW_ERROR("Failed to send %s: Already sending a command.\n",
2176                           get_cmd_string(cmd->cmd));
2177                 spin_unlock_irqrestore(&priv->lock, flags);
2178                 return -EAGAIN;
2179         }
2180
2181         priv->status |= STATUS_HCMD_ACTIVE;
2182
2183         if (priv->cmdlog) {
2184                 priv->cmdlog[priv->cmdlog_pos].jiffies = jiffies;
2185                 priv->cmdlog[priv->cmdlog_pos].cmd.cmd = cmd->cmd;
2186                 priv->cmdlog[priv->cmdlog_pos].cmd.len = cmd->len;
2187                 memcpy(priv->cmdlog[priv->cmdlog_pos].cmd.param, cmd->param,
2188                        cmd->len);
2189                 priv->cmdlog[priv->cmdlog_pos].retcode = -1;
2190         }
2191
2192         IPW_DEBUG_HC("%s command (#%d) %d bytes: 0x%08X\n",
2193                      get_cmd_string(cmd->cmd), cmd->cmd, cmd->len,
2194                      priv->status);
2195
2196 #ifndef DEBUG_CMD_WEP_KEY
2197         if (cmd->cmd == IPW_CMD_WEP_KEY)
2198                 IPW_DEBUG_HC("WEP_KEY command masked out for secure.\n");
2199         else
2200 #endif
2201                 printk_buf(IPW_DL_HOST_COMMAND, (u8 *) cmd->param, cmd->len);
2202
2203         rc = ipw_queue_tx_hcmd(priv, cmd->cmd, cmd->param, cmd->len, 0);
2204         if (rc) {
2205                 priv->status &= ~STATUS_HCMD_ACTIVE;
2206                 IPW_ERROR("Failed to send %s: Reason %d\n",
2207                           get_cmd_string(cmd->cmd), rc);
2208                 spin_unlock_irqrestore(&priv->lock, flags);
2209                 goto exit;
2210         }
2211         spin_unlock_irqrestore(&priv->lock, flags);
2212
2213         rc = wait_event_interruptible_timeout(priv->wait_command_queue,
2214                                               !(priv->
2215                                                 status & STATUS_HCMD_ACTIVE),
2216                                               HOST_COMPLETE_TIMEOUT);
2217         if (rc == 0) {
2218                 spin_lock_irqsave(&priv->lock, flags);
2219                 if (priv->status & STATUS_HCMD_ACTIVE) {
2220                         IPW_ERROR("Failed to send %s: Command timed out.\n",
2221                                   get_cmd_string(cmd->cmd));
2222                         priv->status &= ~STATUS_HCMD_ACTIVE;
2223                         spin_unlock_irqrestore(&priv->lock, flags);
2224                         rc = -EIO;
2225                         goto exit;
2226                 }
2227                 spin_unlock_irqrestore(&priv->lock, flags);
2228         } else
2229                 rc = 0;
2230
2231         if (priv->status & STATUS_RF_KILL_HW) {
2232                 IPW_ERROR("Failed to send %s: Aborted due to RF kill switch.\n",
2233                           get_cmd_string(cmd->cmd));
2234                 rc = -EIO;
2235                 goto exit;
2236         }
2237
2238       exit:
2239         if (priv->cmdlog) {
2240                 priv->cmdlog[priv->cmdlog_pos++].retcode = rc;
2241                 priv->cmdlog_pos %= priv->cmdlog_len;
2242         }
2243         return rc;
2244 }
2245
2246 static int ipw_send_cmd_simple(struct ipw_priv *priv, u8 command)
2247 {
2248         struct host_cmd cmd = {
2249                 .cmd = command,
2250         };
2251
2252         return __ipw_send_cmd(priv, &cmd);
2253 }
2254
2255 static int ipw_send_cmd_pdu(struct ipw_priv *priv, u8 command, u8 len,
2256                             void *data)
2257 {
2258         struct host_cmd cmd = {
2259                 .cmd = command,
2260                 .len = len,
2261                 .param = data,
2262         };
2263
2264         return __ipw_send_cmd(priv, &cmd);
2265 }
2266
2267 static int ipw_send_host_complete(struct ipw_priv *priv)
2268 {
2269         if (!priv) {
2270                 IPW_ERROR("Invalid args\n");
2271                 return -1;
2272         }
2273
2274         return ipw_send_cmd_simple(priv, IPW_CMD_HOST_COMPLETE);
2275 }
2276
2277 static int ipw_send_system_config(struct ipw_priv *priv)
2278 {
2279         return ipw_send_cmd_pdu(priv, IPW_CMD_SYSTEM_CONFIG,
2280                                 sizeof(priv->sys_config),
2281                                 &priv->sys_config);
2282 }
2283
2284 static int ipw_send_ssid(struct ipw_priv *priv, u8 * ssid, int len)
2285 {
2286         if (!priv || !ssid) {
2287                 IPW_ERROR("Invalid args\n");
2288                 return -1;
2289         }
2290
2291         return ipw_send_cmd_pdu(priv, IPW_CMD_SSID, min(len, IW_ESSID_MAX_SIZE),
2292                                 ssid);
2293 }
2294
2295 static int ipw_send_adapter_address(struct ipw_priv *priv, u8 * mac)
2296 {
2297         if (!priv || !mac) {
2298                 IPW_ERROR("Invalid args\n");
2299                 return -1;
2300         }
2301
2302         IPW_DEBUG_INFO("%s: Setting MAC to %pM\n",
2303                        priv->net_dev->name, mac);
2304
2305         return ipw_send_cmd_pdu(priv, IPW_CMD_ADAPTER_ADDRESS, ETH_ALEN, mac);
2306 }
2307
2308 /*
2309  * NOTE: This must be executed from our workqueue as it results in udelay
2310  * being called which may corrupt the keyboard if executed on default
2311  * workqueue
2312  */
2313 static void ipw_adapter_restart(void *adapter)
2314 {
2315         struct ipw_priv *priv = adapter;
2316
2317         if (priv->status & STATUS_RF_KILL_MASK)
2318                 return;
2319
2320         ipw_down(priv);
2321
2322         if (priv->assoc_network &&
2323             (priv->assoc_network->capability & WLAN_CAPABILITY_IBSS))
2324                 ipw_remove_current_network(priv);
2325
2326         if (ipw_up(priv)) {
2327                 IPW_ERROR("Failed to up device\n");
2328                 return;
2329         }
2330 }
2331
2332 static void ipw_bg_adapter_restart(struct work_struct *work)
2333 {
2334         struct ipw_priv *priv =
2335                 container_of(work, struct ipw_priv, adapter_restart);
2336         mutex_lock(&priv->mutex);
2337         ipw_adapter_restart(priv);
2338         mutex_unlock(&priv->mutex);
2339 }
2340
2341 #define IPW_SCAN_CHECK_WATCHDOG (5 * HZ)
2342
2343 static void ipw_scan_check(void *data)
2344 {
2345         struct ipw_priv *priv = data;
2346         if (priv->status & (STATUS_SCANNING | STATUS_SCAN_ABORTING)) {
2347                 IPW_DEBUG_SCAN("Scan completion watchdog resetting "
2348                                "adapter after (%dms).\n",
2349                                jiffies_to_msecs(IPW_SCAN_CHECK_WATCHDOG));
2350                 queue_work(priv->workqueue, &priv->adapter_restart);
2351         }
2352 }
2353
2354 static void ipw_bg_scan_check(struct work_struct *work)
2355 {
2356         struct ipw_priv *priv =
2357                 container_of(work, struct ipw_priv, scan_check.work);
2358         mutex_lock(&priv->mutex);
2359         ipw_scan_check(priv);
2360         mutex_unlock(&priv->mutex);
2361 }
2362
2363 static int ipw_send_scan_request_ext(struct ipw_priv *priv,
2364                                      struct ipw_scan_request_ext *request)
2365 {
2366         return ipw_send_cmd_pdu(priv, IPW_CMD_SCAN_REQUEST_EXT,
2367                                 sizeof(*request), request);
2368 }
2369
2370 static int ipw_send_scan_abort(struct ipw_priv *priv)
2371 {
2372         if (!priv) {
2373                 IPW_ERROR("Invalid args\n");
2374                 return -1;
2375         }
2376
2377         return ipw_send_cmd_simple(priv, IPW_CMD_SCAN_ABORT);
2378 }
2379
2380 static int ipw_set_sensitivity(struct ipw_priv *priv, u16 sens)
2381 {
2382         struct ipw_sensitivity_calib calib = {
2383                 .beacon_rssi_raw = cpu_to_le16(sens),
2384         };
2385
2386         return ipw_send_cmd_pdu(priv, IPW_CMD_SENSITIVITY_CALIB, sizeof(calib),
2387                                 &calib);
2388 }
2389
2390 static int ipw_send_associate(struct ipw_priv *priv,
2391                               struct ipw_associate *associate)
2392 {
2393         if (!priv || !associate) {
2394                 IPW_ERROR("Invalid args\n");
2395                 return -1;
2396         }
2397
2398         return ipw_send_cmd_pdu(priv, IPW_CMD_ASSOCIATE, sizeof(*associate),
2399                                 associate);
2400 }
2401
2402 static int ipw_send_supported_rates(struct ipw_priv *priv,
2403                                     struct ipw_supported_rates *rates)
2404 {
2405         if (!priv || !rates) {
2406                 IPW_ERROR("Invalid args\n");
2407                 return -1;
2408         }
2409
2410         return ipw_send_cmd_pdu(priv, IPW_CMD_SUPPORTED_RATES, sizeof(*rates),
2411                                 rates);
2412 }
2413
2414 static int ipw_set_random_seed(struct ipw_priv *priv)
2415 {
2416         u32 val;
2417
2418         if (!priv) {
2419                 IPW_ERROR("Invalid args\n");
2420                 return -1;
2421         }
2422
2423         get_random_bytes(&val, sizeof(val));
2424
2425         return ipw_send_cmd_pdu(priv, IPW_CMD_SEED_NUMBER, sizeof(val), &val);
2426 }
2427
2428 static int ipw_send_card_disable(struct ipw_priv *priv, u32 phy_off)
2429 {
2430         __le32 v = cpu_to_le32(phy_off);
2431         if (!priv) {
2432                 IPW_ERROR("Invalid args\n");
2433                 return -1;
2434         }
2435
2436         return ipw_send_cmd_pdu(priv, IPW_CMD_CARD_DISABLE, sizeof(v), &v);
2437 }
2438
2439 static int ipw_send_tx_power(struct ipw_priv *priv, struct ipw_tx_power *power)
2440 {
2441         if (!priv || !power) {
2442                 IPW_ERROR("Invalid args\n");
2443                 return -1;
2444         }
2445
2446         return ipw_send_cmd_pdu(priv, IPW_CMD_TX_POWER, sizeof(*power), power);
2447 }
2448
2449 static int ipw_set_tx_power(struct ipw_priv *priv)
2450 {
2451         const struct libipw_geo *geo = libipw_get_geo(priv->ieee);
2452         struct ipw_tx_power tx_power;
2453         s8 max_power;
2454         int i;
2455
2456         memset(&tx_power, 0, sizeof(tx_power));
2457
2458         /* configure device for 'G' band */
2459         tx_power.ieee_mode = IPW_G_MODE;
2460         tx_power.num_channels = geo->bg_channels;
2461         for (i = 0; i < geo->bg_channels; i++) {
2462                 max_power = geo->bg[i].max_power;
2463                 tx_power.channels_tx_power[i].channel_number =
2464                     geo->bg[i].channel;
2465                 tx_power.channels_tx_power[i].tx_power = max_power ?
2466                     min(max_power, priv->tx_power) : priv->tx_power;
2467         }
2468         if (ipw_send_tx_power(priv, &tx_power))
2469                 return -EIO;
2470
2471         /* configure device to also handle 'B' band */
2472         tx_power.ieee_mode = IPW_B_MODE;
2473         if (ipw_send_tx_power(priv, &tx_power))
2474                 return -EIO;
2475
2476         /* configure device to also handle 'A' band */
2477         if (priv->ieee->abg_true) {
2478                 tx_power.ieee_mode = IPW_A_MODE;
2479                 tx_power.num_channels = geo->a_channels;
2480                 for (i = 0; i < tx_power.num_channels; i++) {
2481                         max_power = geo->a[i].max_power;
2482                         tx_power.channels_tx_power[i].channel_number =
2483                             geo->a[i].channel;
2484                         tx_power.channels_tx_power[i].tx_power = max_power ?
2485                             min(max_power, priv->tx_power) : priv->tx_power;
2486                 }
2487                 if (ipw_send_tx_power(priv, &tx_power))
2488                         return -EIO;
2489         }
2490         return 0;
2491 }
2492
2493 static int ipw_send_rts_threshold(struct ipw_priv *priv, u16 rts)
2494 {
2495         struct ipw_rts_threshold rts_threshold = {
2496                 .rts_threshold = cpu_to_le16(rts),
2497         };
2498
2499         if (!priv) {
2500                 IPW_ERROR("Invalid args\n");
2501                 return -1;
2502         }
2503
2504         return ipw_send_cmd_pdu(priv, IPW_CMD_RTS_THRESHOLD,
2505                                 sizeof(rts_threshold), &rts_threshold);
2506 }
2507
2508 static int ipw_send_frag_threshold(struct ipw_priv *priv, u16 frag)
2509 {
2510         struct ipw_frag_threshold frag_threshold = {
2511                 .frag_threshold = cpu_to_le16(frag),
2512         };
2513
2514         if (!priv) {
2515                 IPW_ERROR("Invalid args\n");
2516                 return -1;
2517         }
2518
2519         return ipw_send_cmd_pdu(priv, IPW_CMD_FRAG_THRESHOLD,
2520                                 sizeof(frag_threshold), &frag_threshold);
2521 }
2522
2523 static int ipw_send_power_mode(struct ipw_priv *priv, u32 mode)
2524 {
2525         __le32 param;
2526
2527         if (!priv) {
2528                 IPW_ERROR("Invalid args\n");
2529                 return -1;
2530         }
2531
2532         /* If on battery, set to 3, if AC set to CAM, else user
2533          * level */
2534         switch (mode) {
2535         case IPW_POWER_BATTERY:
2536                 param = cpu_to_le32(IPW_POWER_INDEX_3);
2537                 break;
2538         case IPW_POWER_AC:
2539                 param = cpu_to_le32(IPW_POWER_MODE_CAM);
2540                 break;
2541         default:
2542                 param = cpu_to_le32(mode);
2543                 break;
2544         }
2545
2546         return ipw_send_cmd_pdu(priv, IPW_CMD_POWER_MODE, sizeof(param),
2547                                 &param);
2548 }
2549
2550 static int ipw_send_retry_limit(struct ipw_priv *priv, u8 slimit, u8 llimit)
2551 {
2552         struct ipw_retry_limit retry_limit = {
2553                 .short_retry_limit = slimit,
2554                 .long_retry_limit = llimit
2555         };
2556
2557         if (!priv) {
2558                 IPW_ERROR("Invalid args\n");
2559                 return -1;
2560         }
2561
2562         return ipw_send_cmd_pdu(priv, IPW_CMD_RETRY_LIMIT, sizeof(retry_limit),
2563                                 &retry_limit);
2564 }
2565
2566 /*
2567  * The IPW device contains a Microwire compatible EEPROM that stores
2568  * various data like the MAC address.  Usually the firmware has exclusive
2569  * access to the eeprom, but during device initialization (before the
2570  * device driver has sent the HostComplete command to the firmware) the
2571  * device driver has read access to the EEPROM by way of indirect addressing
2572  * through a couple of memory mapped registers.
2573  *
2574  * The following is a simplified implementation for pulling data out of the
2575  * the eeprom, along with some helper functions to find information in
2576  * the per device private data's copy of the eeprom.
2577  *
2578  * NOTE: To better understand how these functions work (i.e what is a chip
2579  *       select and why do have to keep driving the eeprom clock?), read
2580  *       just about any data sheet for a Microwire compatible EEPROM.
2581  */
2582
2583 /* write a 32 bit value into the indirect accessor register */
2584 static inline void eeprom_write_reg(struct ipw_priv *p, u32 data)
2585 {
2586         ipw_write_reg32(p, FW_MEM_REG_EEPROM_ACCESS, data);
2587
2588         /* the eeprom requires some time to complete the operation */
2589         udelay(p->eeprom_delay);
2590
2591         return;
2592 }
2593
2594 /* perform a chip select operation */
2595 static void eeprom_cs(struct ipw_priv *priv)
2596 {
2597         eeprom_write_reg(priv, 0);
2598         eeprom_write_reg(priv, EEPROM_BIT_CS);
2599         eeprom_write_reg(priv, EEPROM_BIT_CS | EEPROM_BIT_SK);
2600         eeprom_write_reg(priv, EEPROM_BIT_CS);
2601 }
2602
2603 /* perform a chip select operation */
2604 static void eeprom_disable_cs(struct ipw_priv *priv)
2605 {
2606         eeprom_write_reg(priv, EEPROM_BIT_CS);
2607         eeprom_write_reg(priv, 0);
2608         eeprom_write_reg(priv, EEPROM_BIT_SK);
2609 }
2610
2611 /* push a single bit down to the eeprom */
2612 static inline void eeprom_write_bit(struct ipw_priv *p, u8 bit)
2613 {
2614         int d = (bit ? EEPROM_BIT_DI : 0);
2615         eeprom_write_reg(p, EEPROM_BIT_CS | d);
2616         eeprom_write_reg(p, EEPROM_BIT_CS | d | EEPROM_BIT_SK);
2617 }
2618
2619 /* push an opcode followed by an address down to the eeprom */
2620 static void eeprom_op(struct ipw_priv *priv, u8 op, u8 addr)
2621 {
2622         int i;
2623
2624         eeprom_cs(priv);
2625         eeprom_write_bit(priv, 1);
2626         eeprom_write_bit(priv, op & 2);
2627         eeprom_write_bit(priv, op & 1);
2628         for (i = 7; i >= 0; i--) {
2629                 eeprom_write_bit(priv, addr & (1 << i));
2630         }
2631 }
2632
2633 /* pull 16 bits off the eeprom, one bit at a time */
2634 static u16 eeprom_read_u16(struct ipw_priv *priv, u8 addr)
2635 {
2636         int i;
2637         u16 r = 0;
2638
2639         /* Send READ Opcode */
2640         eeprom_op(priv, EEPROM_CMD_READ, addr);
2641
2642         /* Send dummy bit */
2643         eeprom_write_reg(priv, EEPROM_BIT_CS);
2644
2645         /* Read the byte off the eeprom one bit at a time */
2646         for (i = 0; i < 16; i++) {
2647                 u32 data = 0;
2648                 eeprom_write_reg(priv, EEPROM_BIT_CS | EEPROM_BIT_SK);
2649                 eeprom_write_reg(priv, EEPROM_BIT_CS);
2650                 data = ipw_read_reg32(priv, FW_MEM_REG_EEPROM_ACCESS);
2651                 r = (r << 1) | ((data & EEPROM_BIT_DO) ? 1 : 0);
2652         }
2653
2654         /* Send another dummy bit */
2655         eeprom_write_reg(priv, 0);
2656         eeprom_disable_cs(priv);
2657
2658         return r;
2659 }
2660
2661 /* helper function for pulling the mac address out of the private */
2662 /* data's copy of the eeprom data                                 */
2663 static void eeprom_parse_mac(struct ipw_priv *priv, u8 * mac)
2664 {
2665         memcpy(mac, &priv->eeprom[EEPROM_MAC_ADDRESS], 6);
2666 }
2667
2668 /*
2669  * Either the device driver (i.e. the host) or the firmware can
2670  * load eeprom data into the designated region in SRAM.  If neither
2671  * happens then the FW will shutdown with a fatal error.
2672  *
2673  * In order to signal the FW to load the EEPROM, the EEPROM_LOAD_DISABLE
2674  * bit needs region of shared SRAM needs to be non-zero.
2675  */
2676 static void ipw_eeprom_init_sram(struct ipw_priv *priv)
2677 {
2678         int i;
2679         __le16 *eeprom = (__le16 *) priv->eeprom;
2680
2681         IPW_DEBUG_TRACE(">>\n");
2682
2683         /* read entire contents of eeprom into private buffer */
2684         for (i = 0; i < 128; i++)
2685                 eeprom[i] = cpu_to_le16(eeprom_read_u16(priv, (u8) i));
2686
2687         /*
2688            If the data looks correct, then copy it to our private
2689            copy.  Otherwise let the firmware know to perform the operation
2690            on its own.
2691          */
2692         if (priv->eeprom[EEPROM_VERSION] != 0) {
2693                 IPW_DEBUG_INFO("Writing EEPROM data into SRAM\n");
2694
2695                 /* write the eeprom data to sram */
2696                 for (i = 0; i < IPW_EEPROM_IMAGE_SIZE; i++)
2697                         ipw_write8(priv, IPW_EEPROM_DATA + i, priv->eeprom[i]);
2698
2699                 /* Do not load eeprom data on fatal error or suspend */
2700                 ipw_write32(priv, IPW_EEPROM_LOAD_DISABLE, 0);
2701         } else {
2702                 IPW_DEBUG_INFO("Enabling FW initializationg of SRAM\n");
2703
2704                 /* Load eeprom data on fatal error or suspend */
2705                 ipw_write32(priv, IPW_EEPROM_LOAD_DISABLE, 1);
2706         }
2707
2708         IPW_DEBUG_TRACE("<<\n");
2709 }
2710
2711 static void ipw_zero_memory(struct ipw_priv *priv, u32 start, u32 count)
2712 {
2713         count >>= 2;
2714         if (!count)
2715                 return;
2716         _ipw_write32(priv, IPW_AUTOINC_ADDR, start);
2717         while (count--)
2718                 _ipw_write32(priv, IPW_AUTOINC_DATA, 0);
2719 }
2720
2721 static inline void ipw_fw_dma_reset_command_blocks(struct ipw_priv *priv)
2722 {
2723         ipw_zero_memory(priv, IPW_SHARED_SRAM_DMA_CONTROL,
2724                         CB_NUMBER_OF_ELEMENTS_SMALL *
2725                         sizeof(struct command_block));
2726 }
2727
2728 static int ipw_fw_dma_enable(struct ipw_priv *priv)
2729 {                               /* start dma engine but no transfers yet */
2730
2731         IPW_DEBUG_FW(">> : \n");
2732
2733         /* Start the dma */
2734         ipw_fw_dma_reset_command_blocks(priv);
2735
2736         /* Write CB base address */
2737         ipw_write_reg32(priv, IPW_DMA_I_CB_BASE, IPW_SHARED_SRAM_DMA_CONTROL);
2738
2739         IPW_DEBUG_FW("<< : \n");
2740         return 0;
2741 }
2742
2743 static void ipw_fw_dma_abort(struct ipw_priv *priv)
2744 {
2745         u32 control = 0;
2746
2747         IPW_DEBUG_FW(">> :\n");
2748
2749         /* set the Stop and Abort bit */
2750         control = DMA_CONTROL_SMALL_CB_CONST_VALUE | DMA_CB_STOP_AND_ABORT;
2751         ipw_write_reg32(priv, IPW_DMA_I_DMA_CONTROL, control);
2752         priv->sram_desc.last_cb_index = 0;
2753
2754         IPW_DEBUG_FW("<< \n");
2755 }
2756
2757 static int ipw_fw_dma_write_command_block(struct ipw_priv *priv, int index,
2758                                           struct command_block *cb)
2759 {
2760         u32 address =
2761             IPW_SHARED_SRAM_DMA_CONTROL +
2762             (sizeof(struct command_block) * index);
2763         IPW_DEBUG_FW(">> :\n");
2764
2765         ipw_write_indirect(priv, address, (u8 *) cb,
2766                            (int)sizeof(struct command_block));
2767
2768         IPW_DEBUG_FW("<< :\n");
2769         return 0;
2770
2771 }
2772
2773 static int ipw_fw_dma_kick(struct ipw_priv *priv)
2774 {
2775         u32 control = 0;
2776         u32 index = 0;
2777
2778         IPW_DEBUG_FW(">> :\n");
2779
2780         for (index = 0; index < priv->sram_desc.last_cb_index; index++)
2781                 ipw_fw_dma_write_command_block(priv, index,
2782                                                &priv->sram_desc.cb_list[index]);
2783
2784         /* Enable the DMA in the CSR register */
2785         ipw_clear_bit(priv, IPW_RESET_REG,
2786                       IPW_RESET_REG_MASTER_DISABLED |
2787                       IPW_RESET_REG_STOP_MASTER);
2788
2789         /* Set the Start bit. */
2790         control = DMA_CONTROL_SMALL_CB_CONST_VALUE | DMA_CB_START;
2791         ipw_write_reg32(priv, IPW_DMA_I_DMA_CONTROL, control);
2792
2793         IPW_DEBUG_FW("<< :\n");
2794         return 0;
2795 }
2796
2797 static void ipw_fw_dma_dump_command_block(struct ipw_priv *priv)
2798 {
2799         u32 address;
2800         u32 register_value = 0;
2801         u32 cb_fields_address = 0;
2802
2803         IPW_DEBUG_FW(">> :\n");
2804         address = ipw_read_reg32(priv, IPW_DMA_I_CURRENT_CB);
2805         IPW_DEBUG_FW_INFO("Current CB is 0x%x \n", address);
2806
2807         /* Read the DMA Controlor register */
2808         register_value = ipw_read_reg32(priv, IPW_DMA_I_DMA_CONTROL);
2809         IPW_DEBUG_FW_INFO("IPW_DMA_I_DMA_CONTROL is 0x%x \n", register_value);
2810
2811         /* Print the CB values */
2812         cb_fields_address = address;
2813         register_value = ipw_read_reg32(priv, cb_fields_address);
2814         IPW_DEBUG_FW_INFO("Current CB ControlField is 0x%x \n", register_value);
2815
2816         cb_fields_address += sizeof(u32);
2817         register_value = ipw_read_reg32(priv, cb_fields_address);
2818         IPW_DEBUG_FW_INFO("Current CB Source Field is 0x%x \n", register_value);
2819
2820         cb_fields_address += sizeof(u32);
2821         register_value = ipw_read_reg32(priv, cb_fields_address);
2822         IPW_DEBUG_FW_INFO("Current CB Destination Field is 0x%x \n",
2823                           register_value);
2824
2825         cb_fields_address += sizeof(u32);
2826         register_value = ipw_read_reg32(priv, cb_fields_address);
2827         IPW_DEBUG_FW_INFO("Current CB Status Field is 0x%x \n", register_value);
2828
2829         IPW_DEBUG_FW(">> :\n");
2830 }
2831
2832 static int ipw_fw_dma_command_block_index(struct ipw_priv *priv)
2833 {
2834         u32 current_cb_address = 0;
2835         u32 current_cb_index = 0;
2836
2837         IPW_DEBUG_FW("<< :\n");
2838         current_cb_address = ipw_read_reg32(priv, IPW_DMA_I_CURRENT_CB);
2839
2840         current_cb_index = (current_cb_address - IPW_SHARED_SRAM_DMA_CONTROL) /
2841             sizeof(struct command_block);
2842
2843         IPW_DEBUG_FW_INFO("Current CB index 0x%x address = 0x%X \n",
2844                           current_cb_index, current_cb_address);
2845
2846         IPW_DEBUG_FW(">> :\n");
2847         return current_cb_index;
2848
2849 }
2850
2851 static int ipw_fw_dma_add_command_block(struct ipw_priv *priv,
2852                                         u32 src_address,
2853                                         u32 dest_address,
2854                                         u32 length,
2855                                         int interrupt_enabled, int is_last)
2856 {
2857
2858         u32 control = CB_VALID | CB_SRC_LE | CB_DEST_LE | CB_SRC_AUTOINC |
2859             CB_SRC_IO_GATED | CB_DEST_AUTOINC | CB_SRC_SIZE_LONG |
2860             CB_DEST_SIZE_LONG;
2861         struct command_block *cb;
2862         u32 last_cb_element = 0;
2863
2864         IPW_DEBUG_FW_INFO("src_address=0x%x dest_address=0x%x length=0x%x\n",
2865                           src_address, dest_address, length);
2866
2867         if (priv->sram_desc.last_cb_index >= CB_NUMBER_OF_ELEMENTS_SMALL)
2868                 return -1;
2869
2870         last_cb_element = priv->sram_desc.last_cb_index;
2871         cb = &priv->sram_desc.cb_list[last_cb_element];
2872         priv->sram_desc.last_cb_index++;
2873
2874         /* Calculate the new CB control word */
2875         if (interrupt_enabled)
2876                 control |= CB_INT_ENABLED;
2877
2878         if (is_last)
2879                 control |= CB_LAST_VALID;
2880
2881         control |= length;
2882
2883         /* Calculate the CB Element's checksum value */
2884         cb->status = control ^ src_address ^ dest_address;
2885
2886         /* Copy the Source and Destination addresses */
2887         cb->dest_addr = dest_address;
2888         cb->source_addr = src_address;
2889
2890         /* Copy the Control Word last */
2891         cb->control = control;
2892
2893         return 0;
2894 }
2895
2896 static int ipw_fw_dma_add_buffer(struct ipw_priv *priv,
2897                                  u32 src_phys, u32 dest_address, u32 length)
2898 {
2899         u32 bytes_left = length;
2900         u32 src_offset = 0;
2901         u32 dest_offset = 0;
2902         int status = 0;
2903         IPW_DEBUG_FW(">> \n");
2904         IPW_DEBUG_FW_INFO("src_phys=0x%x dest_address=0x%x length=0x%x\n",
2905                           src_phys, dest_address, length);
2906         while (bytes_left > CB_MAX_LENGTH) {
2907                 status = ipw_fw_dma_add_command_block(priv,
2908                                                       src_phys + src_offset,
2909                                                       dest_address +
2910                                                       dest_offset,
2911                                                       CB_MAX_LENGTH, 0, 0);
2912                 if (status) {
2913                         IPW_DEBUG_FW_INFO(": Failed\n");
2914                         return -1;
2915                 } else
2916                         IPW_DEBUG_FW_INFO(": Added new cb\n");
2917
2918                 src_offset += CB_MAX_LENGTH;
2919                 dest_offset += CB_MAX_LENGTH;
2920                 bytes_left -= CB_MAX_LENGTH;
2921         }
2922
2923         /* add the buffer tail */
2924         if (bytes_left > 0) {
2925                 status =
2926                     ipw_fw_dma_add_command_block(priv, src_phys + src_offset,
2927                                                  dest_address + dest_offset,
2928                                                  bytes_left, 0, 0);
2929                 if (status) {
2930                         IPW_DEBUG_FW_INFO(": Failed on the buffer tail\n");
2931                         return -1;
2932                 } else
2933                         IPW_DEBUG_FW_INFO
2934                             (": Adding new cb - the buffer tail\n");
2935         }
2936
2937         IPW_DEBUG_FW("<< \n");
2938         return 0;
2939 }
2940
2941 static int ipw_fw_dma_wait(struct ipw_priv *priv)
2942 {
2943         u32 current_index = 0, previous_index;
2944         u32 watchdog = 0;
2945
2946         IPW_DEBUG_FW(">> : \n");
2947
2948         current_index = ipw_fw_dma_command_block_index(priv);
2949         IPW_DEBUG_FW_INFO("sram_desc.last_cb_index:0x%08X\n",
2950                           (int)priv->sram_desc.last_cb_index);
2951
2952         while (current_index < priv->sram_desc.last_cb_index) {
2953                 udelay(50);
2954                 previous_index = current_index;
2955                 current_index = ipw_fw_dma_command_block_index(priv);
2956
2957                 if (previous_index < current_index) {
2958                         watchdog = 0;
2959                         continue;
2960                 }
2961                 if (++watchdog > 400) {
2962                         IPW_DEBUG_FW_INFO("Timeout\n");
2963                         ipw_fw_dma_dump_command_block(priv);
2964                         ipw_fw_dma_abort(priv);
2965                         return -1;
2966                 }
2967         }
2968
2969         ipw_fw_dma_abort(priv);
2970
2971         /*Disable the DMA in the CSR register */
2972         ipw_set_bit(priv, IPW_RESET_REG,
2973                     IPW_RESET_REG_MASTER_DISABLED | IPW_RESET_REG_STOP_MASTER);
2974
2975         IPW_DEBUG_FW("<< dmaWaitSync \n");
2976         return 0;
2977 }
2978
2979 static void ipw_remove_current_network(struct ipw_priv *priv)
2980 {
2981         struct list_head *element, *safe;
2982         struct libipw_network *network = NULL;
2983         unsigned long flags;
2984
2985         spin_lock_irqsave(&priv->ieee->lock, flags);
2986         list_for_each_safe(element, safe, &priv->ieee->network_list) {
2987                 network = list_entry(element, struct libipw_network, list);
2988                 if (!memcmp(network->bssid, priv->bssid, ETH_ALEN)) {
2989                         list_del(element);
2990                         list_add_tail(&network->list,
2991                                       &priv->ieee->network_free_list);
2992                 }
2993         }
2994         spin_unlock_irqrestore(&priv->ieee->lock, flags);
2995 }
2996
2997 /**
2998  * Check that card is still alive.
2999  * Reads debug register from domain0.
3000  * If card is present, pre-defined value should
3001  * be found there.
3002  *
3003  * @param priv
3004  * @return 1 if card is present, 0 otherwise
3005  */
3006 static inline int ipw_alive(struct ipw_priv *priv)
3007 {
3008         return ipw_read32(priv, 0x90) == 0xd55555d5;
3009 }
3010
3011 /* timeout in msec, attempted in 10-msec quanta */
3012 static int ipw_poll_bit(struct ipw_priv *priv, u32 addr, u32 mask,
3013                                int timeout)
3014 {
3015         int i = 0;
3016
3017         do {
3018                 if ((ipw_read32(priv, addr) & mask) == mask)
3019                         return i;
3020                 mdelay(10);
3021                 i += 10;
3022         } while (i < timeout);
3023
3024         return -ETIME;
3025 }
3026
3027 /* These functions load the firmware and micro code for the operation of
3028  * the ipw hardware.  It assumes the buffer has all the bits for the
3029  * image and the caller is handling the memory allocation and clean up.
3030  */
3031
3032 static int ipw_stop_master(struct ipw_priv *priv)
3033 {
3034         int rc;
3035
3036         IPW_DEBUG_TRACE(">> \n");
3037         /* stop master. typical delay - 0 */
3038         ipw_set_bit(priv, IPW_RESET_REG, IPW_RESET_REG_STOP_MASTER);
3039
3040         /* timeout is in msec, polled in 10-msec quanta */
3041         rc = ipw_poll_bit(priv, IPW_RESET_REG,
3042                           IPW_RESET_REG_MASTER_DISABLED, 100);
3043         if (rc < 0) {
3044                 IPW_ERROR("wait for stop master failed after 100ms\n");
3045                 return -1;
3046         }
3047
3048         IPW_DEBUG_INFO("stop master %dms\n", rc);
3049
3050         return rc;
3051 }
3052
3053 static void ipw_arc_release(struct ipw_priv *priv)
3054 {
3055         IPW_DEBUG_TRACE(">> \n");
3056         mdelay(5);
3057
3058         ipw_clear_bit(priv, IPW_RESET_REG, CBD_RESET_REG_PRINCETON_RESET);
3059
3060         /* no one knows timing, for safety add some delay */
3061         mdelay(5);
3062 }
3063
3064 struct fw_chunk {
3065         __le32 address;
3066         __le32 length;
3067 };
3068
3069 static int ipw_load_ucode(struct ipw_priv *priv, u8 * data, size_t len)
3070 {
3071         int rc = 0, i, addr;
3072         u8 cr = 0;
3073         __le16 *image;
3074
3075         image = (__le16 *) data;
3076
3077         IPW_DEBUG_TRACE(">> \n");
3078
3079         rc = ipw_stop_master(priv);
3080
3081         if (rc < 0)
3082                 return rc;
3083
3084         for (addr = IPW_SHARED_LOWER_BOUND;
3085              addr < IPW_REGISTER_DOMAIN1_END; addr += 4) {
3086                 ipw_write32(priv, addr, 0);
3087         }
3088
3089         /* no ucode (yet) */
3090         memset(&priv->dino_alive, 0, sizeof(priv->dino_alive));
3091         /* destroy DMA queues */
3092         /* reset sequence */
3093
3094         ipw_write_reg32(priv, IPW_MEM_HALT_AND_RESET, IPW_BIT_HALT_RESET_ON);
3095         ipw_arc_release(priv);
3096         ipw_write_reg32(priv, IPW_MEM_HALT_AND_RESET, IPW_BIT_HALT_RESET_OFF);
3097         mdelay(1);
3098
3099         /* reset PHY */
3100         ipw_write_reg32(priv, IPW_INTERNAL_CMD_EVENT, IPW_BASEBAND_POWER_DOWN);
3101         mdelay(1);
3102
3103         ipw_write_reg32(priv, IPW_INTERNAL_CMD_EVENT, 0);
3104         mdelay(1);
3105
3106         /* enable ucode store */
3107         ipw_write_reg8(priv, IPW_BASEBAND_CONTROL_STATUS, 0x0);
3108         ipw_write_reg8(priv, IPW_BASEBAND_CONTROL_STATUS, DINO_ENABLE_CS);
3109         mdelay(1);
3110
3111         /* write ucode */
3112         /**
3113          * @bug
3114          * Do NOT set indirect address register once and then
3115          * store data to indirect data register in the loop.
3116          * It seems very reasonable, but in this case DINO do not
3117          * accept ucode. It is essential to set address each time.
3118          */
3119         /* load new ipw uCode */
3120         for (i = 0; i < len / 2; i++)
3121                 ipw_write_reg16(priv, IPW_BASEBAND_CONTROL_STORE,
3122                                 le16_to_cpu(image[i]));
3123
3124         /* enable DINO */
3125         ipw_write_reg8(priv, IPW_BASEBAND_CONTROL_STATUS, 0);
3126         ipw_write_reg8(priv, IPW_BASEBAND_CONTROL_STATUS, DINO_ENABLE_SYSTEM);
3127
3128         /* this is where the igx / win driver deveates from the VAP driver. */
3129
3130         /* wait for alive response */
3131         for (i = 0; i < 100; i++) {
3132                 /* poll for incoming data */
3133                 cr = ipw_read_reg8(priv, IPW_BASEBAND_CONTROL_STATUS);
3134                 if (cr & DINO_RXFIFO_DATA)
3135                         break;
3136                 mdelay(1);
3137         }
3138
3139         if (cr & DINO_RXFIFO_DATA) {
3140                 /* alive_command_responce size is NOT multiple of 4 */
3141                 __le32 response_buffer[(sizeof(priv->dino_alive) + 3) / 4];
3142
3143                 for (i = 0; i < ARRAY_SIZE(response_buffer); i++)
3144                         response_buffer[i] =
3145                             cpu_to_le32(ipw_read_reg32(priv,
3146                                                        IPW_BASEBAND_RX_FIFO_READ));
3147                 memcpy(&priv->dino_alive, response_buffer,
3148                        sizeof(priv->dino_alive));
3149                 if (priv->dino_alive.alive_command == 1
3150                     && priv->dino_alive.ucode_valid == 1) {
3151                         rc = 0;
3152                         IPW_DEBUG_INFO
3153                             ("Microcode OK, rev. %d (0x%x) dev. %d (0x%x) "
3154                              "of %02d/%02d/%02d %02d:%02d\n",
3155                              priv->dino_alive.software_revision,
3156                              priv->dino_alive.software_revision,
3157                              priv->dino_alive.device_identifier,
3158                              priv->dino_alive.device_identifier,
3159                              priv->dino_alive.time_stamp[0],
3160                              priv->dino_alive.time_stamp[1],
3161                              priv->dino_alive.time_stamp[2],
3162                              priv->dino_alive.time_stamp[3],
3163                              priv->dino_alive.time_stamp[4]);
3164                 } else {
3165                         IPW_DEBUG_INFO("Microcode is not alive\n");
3166                         rc = -EINVAL;
3167                 }
3168         } else {
3169                 IPW_DEBUG_INFO("No alive response from DINO\n");
3170                 rc = -ETIME;
3171         }
3172
3173         /* disable DINO, otherwise for some reason
3174            firmware have problem getting alive resp. */
3175         ipw_write_reg8(priv, IPW_BASEBAND_CONTROL_STATUS, 0);
3176
3177         return rc;
3178 }
3179
3180 static int ipw_load_firmware(struct ipw_priv *priv, u8 * data, size_t len)
3181 {
3182         int rc = -1;
3183         int offset = 0;
3184         struct fw_chunk *chunk;
3185         dma_addr_t shared_phys;
3186         u8 *shared_virt;
3187
3188         IPW_DEBUG_TRACE("<< : \n");
3189         shared_virt = pci_alloc_consistent(priv->pci_dev, len, &shared_phys);
3190
3191         if (!shared_virt)
3192                 return -ENOMEM;
3193
3194         memmove(shared_virt, data, len);
3195
3196         /* Start the Dma */
3197         rc = ipw_fw_dma_enable(priv);
3198
3199         /* the DMA is already ready this would be a bug. */
3200         BUG_ON(priv->sram_desc.last_cb_index > 0);
3201
3202         do {
3203                 chunk = (struct fw_chunk *)(data + offset);
3204                 offset += sizeof(struct fw_chunk);
3205                 /* build DMA packet and queue up for sending */
3206                 /* dma to chunk->address, the chunk->length bytes from data +
3207                  * offeset*/
3208                 /* Dma loading */
3209                 rc = ipw_fw_dma_add_buffer(priv, shared_phys + offset,
3210                                            le32_to_cpu(chunk->address),
3211                                            le32_to_cpu(chunk->length));
3212                 if (rc) {
3213                         IPW_DEBUG_INFO("dmaAddBuffer Failed\n");
3214                         goto out;
3215                 }
3216
3217                 offset += le32_to_cpu(chunk->length);
3218         } while (offset < len);
3219
3220         /* Run the DMA and wait for the answer */
3221         rc = ipw_fw_dma_kick(priv);
3222         if (rc) {
3223                 IPW_ERROR("dmaKick Failed\n");
3224                 goto out;
3225         }
3226
3227         rc = ipw_fw_dma_wait(priv);
3228         if (rc) {
3229                 IPW_ERROR("dmaWaitSync Failed\n");
3230                 goto out;
3231         }
3232       out:
3233         pci_free_consistent(priv->pci_dev, len, shared_virt, shared_phys);
3234         return rc;
3235 }
3236
3237 /* stop nic */
3238 static int ipw_stop_nic(struct ipw_priv *priv)
3239 {
3240         int rc = 0;
3241
3242         /* stop */
3243         ipw_write32(priv, IPW_RESET_REG, IPW_RESET_REG_STOP_MASTER);
3244
3245         rc = ipw_poll_bit(priv, IPW_RESET_REG,
3246                           IPW_RESET_REG_MASTER_DISABLED, 500);
3247         if (rc < 0) {
3248                 IPW_ERROR("wait for reg master disabled failed after 500ms\n");
3249                 return rc;
3250         }
3251
3252         ipw_set_bit(priv, IPW_RESET_REG, CBD_RESET_REG_PRINCETON_RESET);
3253
3254         return rc;
3255 }
3256
3257 static void ipw_start_nic(struct ipw_priv *priv)
3258 {
3259         IPW_DEBUG_TRACE(">>\n");
3260
3261         /* prvHwStartNic  release ARC */
3262         ipw_clear_bit(priv, IPW_RESET_REG,
3263                       IPW_RESET_REG_MASTER_DISABLED |
3264                       IPW_RESET_REG_STOP_MASTER |
3265                       CBD_RESET_REG_PRINCETON_RESET);
3266
3267         /* enable power management */
3268         ipw_set_bit(priv, IPW_GP_CNTRL_RW,
3269                     IPW_GP_CNTRL_BIT_HOST_ALLOWS_STANDBY);
3270
3271         IPW_DEBUG_TRACE("<<\n");
3272 }
3273
3274 static int ipw_init_nic(struct ipw_priv *priv)
3275 {
3276         int rc;
3277
3278         IPW_DEBUG_TRACE(">>\n");
3279         /* reset */
3280         /*prvHwInitNic */
3281         /* set "initialization complete" bit to move adapter to D0 state */
3282         ipw_set_bit(priv, IPW_GP_CNTRL_RW, IPW_GP_CNTRL_BIT_INIT_DONE);
3283
3284         /* low-level PLL activation */
3285         ipw_write32(priv, IPW_READ_INT_REGISTER,
3286                     IPW_BIT_INT_HOST_SRAM_READ_INT_REGISTER);
3287
3288         /* wait for clock stabilization */
3289         rc = ipw_poll_bit(priv, IPW_GP_CNTRL_RW,
3290                           IPW_GP_CNTRL_BIT_CLOCK_READY, 250);
3291         if (rc < 0)
3292                 IPW_DEBUG_INFO("FAILED wait for clock stablization\n");
3293
3294         /* assert SW reset */
3295         ipw_set_bit(priv, IPW_RESET_REG, IPW_RESET_REG_SW_RESET);
3296
3297         udelay(10);
3298
3299         /* set "initialization complete" bit to move adapter to D0 state */
3300         ipw_set_bit(priv, IPW_GP_CNTRL_RW, IPW_GP_CNTRL_BIT_INIT_DONE);
3301
3302         IPW_DEBUG_TRACE(">>\n");
3303         return 0;
3304 }
3305
3306 /* Call this function from process context, it will sleep in request_firmware.
3307  * Probe is an ok place to call this from.
3308  */
3309 static int ipw_reset_nic(struct ipw_priv *priv)
3310 {
3311         int rc = 0;
3312         unsigned long flags;
3313
3314         IPW_DEBUG_TRACE(">>\n");
3315
3316         rc = ipw_init_nic(priv);
3317
3318         spin_lock_irqsave(&priv->lock, flags);
3319         /* Clear the 'host command active' bit... */
3320         priv->status &= ~STATUS_HCMD_ACTIVE;
3321         wake_up_interruptible(&priv->wait_command_queue);
3322         priv->status &= ~(STATUS_SCANNING | STATUS_SCAN_ABORTING);
3323         wake_up_interruptible(&priv->wait_state);
3324         spin_unlock_irqrestore(&priv->lock, flags);
3325
3326         IPW_DEBUG_TRACE("<<\n");
3327         return rc;
3328 }
3329
3330
3331 struct ipw_fw {
3332         __le32 ver;
3333         __le32 boot_size;
3334         __le32 ucode_size;
3335         __le32 fw_size;
3336         u8 data[0];
3337 };
3338
3339 static int ipw_get_fw(struct ipw_priv *priv,
3340                       const struct firmware **raw, const char *name)
3341 {
3342         struct ipw_fw *fw;
3343         int rc;
3344
3345         /* ask firmware_class module to get the boot firmware off disk */
3346         rc = request_firmware(raw, name, &priv->pci_dev->dev);
3347         if (rc < 0) {
3348                 IPW_ERROR("%s request_firmware failed: Reason %d\n", name, rc);
3349                 return rc;
3350         }
3351
3352         if ((*raw)->size < sizeof(*fw)) {
3353                 IPW_ERROR("%s is too small (%zd)\n", name, (*raw)->size);
3354                 return -EINVAL;
3355         }
3356
3357         fw = (void *)(*raw)->data;
3358
3359         if ((*raw)->size < sizeof(*fw) + le32_to_cpu(fw->boot_size) +
3360             le32_to_cpu(fw->ucode_size) + le32_to_cpu(fw->fw_size)) {
3361                 IPW_ERROR("%s is too small or corrupt (%zd)\n",
3362                           name, (*raw)->size);
3363                 return -EINVAL;
3364         }
3365
3366         IPW_DEBUG_INFO("Read firmware '%s' image v%d.%d (%zd bytes)\n",
3367                        name,
3368                        le32_to_cpu(fw->ver) >> 16,
3369                        le32_to_cpu(fw->ver) & 0xff,
3370                        (*raw)->size - sizeof(*fw));
3371         return 0;
3372 }
3373
3374 #define IPW_RX_BUF_SIZE (3000)
3375
3376 static void ipw_rx_queue_reset(struct ipw_priv *priv,
3377                                       struct ipw_rx_queue *rxq)
3378 {
3379         unsigned long flags;
3380         int i;
3381
3382         spin_lock_irqsave(&rxq->lock, flags);
3383
3384         INIT_LIST_HEAD(&rxq->rx_free);
3385         INIT_LIST_HEAD(&rxq->rx_used);
3386
3387         /* Fill the rx_used queue with _all_ of the Rx buffers */
3388         for (i = 0; i < RX_FREE_BUFFERS + RX_QUEUE_SIZE; i++) {
3389                 /* In the reset function, these buffers may have been allocated
3390                  * to an SKB, so we need to unmap and free potential storage */
3391                 if (rxq->pool[i].skb != NULL) {
3392                         pci_unmap_single(priv->pci_dev, rxq->pool[i].dma_addr,
3393                                          IPW_RX_BUF_SIZE, PCI_DMA_FROMDEVICE);
3394                         dev_kfree_skb(rxq->pool[i].skb);
3395                         rxq->pool[i].skb = NULL;
3396                 }
3397                 list_add_tail(&rxq->pool[i].list, &rxq->rx_used);
3398         }
3399
3400         /* Set us so that we have processed and used all buffers, but have
3401          * not restocked the Rx queue with fresh buffers */
3402         rxq->read = rxq->write = 0;
3403         rxq->free_count = 0;
3404         spin_unlock_irqrestore(&rxq->lock, flags);
3405 }
3406
3407 #ifdef CONFIG_PM
3408 static int fw_loaded = 0;
3409 static const struct firmware *raw = NULL;
3410
3411 static void free_firmware(void)
3412 {
3413         if (fw_loaded) {
3414                 release_firmware(raw);
3415                 raw = NULL;
3416                 fw_loaded = 0;
3417         }
3418 }
3419 #else
3420 #define free_firmware() do {} while (0)
3421 #endif
3422
3423 static int ipw_load(struct ipw_priv *priv)
3424 {
3425 #ifndef CONFIG_PM
3426         const struct firmware *raw = NULL;
3427 #endif
3428         struct ipw_fw *fw;
3429         u8 *boot_img, *ucode_img, *fw_img;
3430         u8 *name = NULL;
3431         int rc = 0, retries = 3;
3432
3433         switch (priv->ieee->iw_mode) {
3434         case IW_MODE_ADHOC:
3435                 name = "ipw2200-ibss.fw";
3436                 break;
3437 #ifdef CONFIG_IPW2200_MONITOR
3438         case IW_MODE_MONITOR:
3439                 name = "ipw2200-sniffer.fw";
3440                 break;
3441 #endif
3442         case IW_MODE_INFRA:
3443                 name = "ipw2200-bss.fw";
3444                 break;
3445         }
3446
3447         if (!name) {
3448                 rc = -EINVAL;
3449                 goto error;
3450         }
3451
3452 #ifdef CONFIG_PM
3453         if (!fw_loaded) {
3454 #endif
3455                 rc = ipw_get_fw(priv, &raw, name);
3456                 if (rc < 0)
3457                         goto error;
3458 #ifdef CONFIG_PM
3459         }
3460 #endif
3461
3462         fw = (void *)raw->data;
3463         boot_img = &fw->data[0];
3464         ucode_img = &fw->data[le32_to_cpu(fw->boot_size)];
3465         fw_img = &fw->data[le32_to_cpu(fw->boot_size) +
3466                            le32_to_cpu(fw->ucode_size)];
3467
3468         if (rc < 0)
3469                 goto error;
3470
3471         if (!priv->rxq)
3472                 priv->rxq = ipw_rx_queue_alloc(priv);
3473         else
3474                 ipw_rx_queue_reset(priv, priv->rxq);
3475         if (!priv->rxq) {
3476                 IPW_ERROR("Unable to initialize Rx queue\n");
3477                 goto error;
3478         }
3479
3480       retry:
3481         /* Ensure interrupts are disabled */
3482         ipw_write32(priv, IPW_INTA_MASK_R, ~IPW_INTA_MASK_ALL);
3483         priv->status &= ~STATUS_INT_ENABLED;
3484
3485         /* ack pending interrupts */
3486         ipw_write32(priv, IPW_INTA_RW, IPW_INTA_MASK_ALL);
3487
3488         ipw_stop_nic(priv);
3489
3490         rc = ipw_reset_nic(priv);
3491         if (rc < 0) {
3492                 IPW_ERROR("Unable to reset NIC\n");
3493                 goto error;
3494         }
3495
3496         ipw_zero_memory(priv, IPW_NIC_SRAM_LOWER_BOUND,
3497                         IPW_NIC_SRAM_UPPER_BOUND - IPW_NIC_SRAM_LOWER_BOUND);
3498
3499         /* DMA the initial boot firmware into the device */
3500         rc = ipw_load_firmware(priv, boot_img, le32_to_cpu(fw->boot_size));
3501         if (rc < 0) {
3502                 IPW_ERROR("Unable to load boot firmware: %d\n", rc);
3503                 goto error;
3504         }
3505
3506         /* kick start the device */
3507         ipw_start_nic(priv);
3508
3509         /* wait for the device to finish its initial startup sequence */
3510         rc = ipw_poll_bit(priv, IPW_INTA_RW,
3511                           IPW_INTA_BIT_FW_INITIALIZATION_DONE, 500);
3512         if (rc < 0) {
3513                 IPW_ERROR("device failed to boot initial fw image\n");
3514                 goto error;
3515         }
3516         IPW_DEBUG_INFO("initial device response after %dms\n", rc);
3517
3518         /* ack fw init done interrupt */
3519         ipw_write32(priv, IPW_INTA_RW, IPW_INTA_BIT_FW_INITIALIZATION_DONE);
3520
3521         /* DMA the ucode into the device */
3522         rc = ipw_load_ucode(priv, ucode_img, le32_to_cpu(fw->ucode_size));
3523         if (rc < 0) {
3524                 IPW_ERROR("Unable to load ucode: %d\n", rc);
3525                 goto error;
3526         }
3527
3528         /* stop nic */
3529         ipw_stop_nic(priv);
3530
3531         /* DMA bss firmware into the device */
3532         rc = ipw_load_firmware(priv, fw_img, le32_to_cpu(fw->fw_size));
3533         if (rc < 0) {
3534                 IPW_ERROR("Unable to load firmware: %d\n", rc);
3535                 goto error;
3536         }
3537 #ifdef CONFIG_PM
3538         fw_loaded = 1;
3539 #endif
3540
3541         ipw_write32(priv, IPW_EEPROM_LOAD_DISABLE, 0);
3542
3543         rc = ipw_queue_reset(priv);
3544         if (rc < 0) {
3545                 IPW_ERROR("Unable to initialize queues\n");
3546                 goto error;
3547         }
3548
3549         /* Ensure interrupts are disabled */
3550         ipw_write32(priv, IPW_INTA_MASK_R, ~IPW_INTA_MASK_ALL);
3551         /* ack pending interrupts */
3552         ipw_write32(priv, IPW_INTA_RW, IPW_INTA_MASK_ALL);
3553
3554         /* kick start the device */
3555         ipw_start_nic(priv);
3556
3557         if (ipw_read32(priv, IPW_INTA_RW) & IPW_INTA_BIT_PARITY_ERROR) {
3558                 if (retries > 0) {
3559                         IPW_WARNING("Parity error.  Retrying init.\n");
3560                         retries--;
3561                         goto retry;
3562                 }
3563
3564                 IPW_ERROR("TODO: Handle parity error -- schedule restart?\n");
3565                 rc = -EIO;
3566                 goto error;
3567         }
3568
3569         /* wait for the device */
3570         rc = ipw_poll_bit(priv, IPW_INTA_RW,
3571                           IPW_INTA_BIT_FW_INITIALIZATION_DONE, 500);
3572         if (rc < 0) {
3573                 IPW_ERROR("device failed to start within 500ms\n");
3574                 goto error;
3575         }
3576         IPW_DEBUG_INFO("device response after %dms\n", rc);
3577
3578         /* ack fw init done interrupt */
3579         ipw_write32(priv, IPW_INTA_RW, IPW_INTA_BIT_FW_INITIALIZATION_DONE);
3580
3581         /* read eeprom data and initialize the eeprom region of sram */
3582         priv->eeprom_delay = 1;
3583         ipw_eeprom_init_sram(priv);
3584
3585         /* enable interrupts */
3586         ipw_enable_interrupts(priv);
3587
3588         /* Ensure our queue has valid packets */
3589         ipw_rx_queue_replenish(priv);
3590
3591         ipw_write32(priv, IPW_RX_READ_INDEX, priv->rxq->read);
3592
3593         /* ack pending interrupts */
3594         ipw_write32(priv, IPW_INTA_RW, IPW_INTA_MASK_ALL);
3595
3596 #ifndef CONFIG_PM
3597         release_firmware(raw);
3598 #endif
3599         return 0;
3600
3601       error:
3602         if (priv->rxq) {
3603                 ipw_rx_queue_free(priv, priv->rxq);
3604                 priv->rxq = NULL;
3605         }
3606         ipw_tx_queue_free(priv);
3607         if (raw)
3608                 release_firmware(raw);
3609 #ifdef CONFIG_PM
3610         fw_loaded = 0;
3611         raw = NULL;
3612 #endif
3613
3614         return rc;
3615 }
3616
3617 /**
3618  * DMA services
3619  *
3620  * Theory of operation
3621  *
3622  * A queue is a circular buffers with 'Read' and 'Write' pointers.
3623  * 2 empty entries always kept in the buffer to protect from overflow.
3624  *
3625  * For Tx queue, there are low mark and high mark limits. If, after queuing
3626  * the packet for Tx, free space become < low mark, Tx queue stopped. When
3627  * reclaiming packets (on 'tx done IRQ), if free space become > high mark,
3628  * Tx queue resumed.
3629  *
3630  * The IPW operates with six queues, one receive queue in the device's
3631  * sram, one transmit queue for sending commands to the device firmware,
3632  * and four transmit queues for data.
3633  *
3634  * The four transmit queues allow for performing quality of service (qos)
3635  * transmissions as per the 802.11 protocol.  Currently Linux does not
3636  * provide a mechanism to the user for utilizing prioritized queues, so
3637  * we only utilize the first data transmit queue (queue1).
3638  */
3639
3640 /**
3641  * Driver allocates buffers of this size for Rx
3642  */
3643
3644 /**
3645  * ipw_rx_queue_space - Return number of free slots available in queue.
3646  */
3647 static int ipw_rx_queue_space(const struct ipw_rx_queue *q)
3648 {
3649         int s = q->read - q->write;
3650         if (s <= 0)
3651                 s += RX_QUEUE_SIZE;
3652         /* keep some buffer to not confuse full and empty queue */
3653         s -= 2;
3654         if (s < 0)
3655                 s = 0;
3656         return s;
3657 }
3658
3659 static inline int ipw_tx_queue_space(const struct clx2_queue *q)
3660 {
3661         int s = q->last_used - q->first_empty;
3662         if (s <= 0)
3663                 s += q->n_bd;
3664         s -= 2;                 /* keep some reserve to not confuse empty and full situations */
3665         if (s < 0)
3666                 s = 0;
3667         return s;
3668 }
3669
3670 static inline int ipw_queue_inc_wrap(int index, int n_bd)
3671 {
3672         return (++index == n_bd) ? 0 : index;
3673 }
3674
3675 /**
3676  * Initialize common DMA queue structure
3677  *
3678  * @param q                queue to init
3679  * @param count            Number of BD's to allocate. Should be power of 2
3680  * @param read_register    Address for 'read' register
3681  *                         (not offset within BAR, full address)
3682  * @param write_register   Address for 'write' register
3683  *                         (not offset within BAR, full address)
3684  * @param base_register    Address for 'base' register
3685  *                         (not offset within BAR, full address)
3686  * @param size             Address for 'size' register
3687  *                         (not offset within BAR, full address)
3688  */
3689 static void ipw_queue_init(struct ipw_priv *priv, struct clx2_queue *q,
3690                            int count, u32 read, u32 write, u32 base, u32 size)
3691 {
3692         q->n_bd = count;
3693
3694         q->low_mark = q->n_bd / 4;
3695         if (q->low_mark < 4)
3696                 q->low_mark = 4;
3697
3698         q->high_mark = q->n_bd / 8;
3699         if (q->high_mark < 2)
3700                 q->high_mark = 2;
3701
3702         q->first_empty = q->last_used = 0;
3703         q->reg_r = read;
3704         q->reg_w = write;
3705
3706         ipw_write32(priv, base, q->dma_addr);
3707         ipw_write32(priv, size, count);
3708         ipw_write32(priv, read, 0);
3709         ipw_write32(priv, write, 0);
3710
3711         _ipw_read32(priv, 0x90);
3712 }
3713
3714 static int ipw_queue_tx_init(struct ipw_priv *priv,
3715                              struct clx2_tx_queue *q,
3716                              int count, u32 read, u32 write, u32 base, u32 size)
3717 {
3718         struct pci_dev *dev = priv->pci_dev;
3719
3720         q->txb = kmalloc(sizeof(q->txb[0]) * count, GFP_KERNEL);
3721         if (!q->txb) {
3722                 IPW_ERROR("vmalloc for auxilary BD structures failed\n");
3723                 return -ENOMEM;
3724         }
3725
3726         q->bd =
3727             pci_alloc_consistent(dev, sizeof(q->bd[0]) * count, &q->q.dma_addr);
3728         if (!q->bd) {
3729                 IPW_ERROR("pci_alloc_consistent(%zd) failed\n",
3730                           sizeof(q->bd[0]) * count);
3731                 kfree(q->txb);
3732                 q->txb = NULL;
3733                 return -ENOMEM;
3734         }
3735
3736         ipw_queue_init(priv, &q->q, count, read, write, base, size);
3737         return 0;
3738 }
3739
3740 /**
3741  * Free one TFD, those at index [txq->q.last_used].
3742  * Do NOT advance any indexes
3743  *
3744  * @param dev
3745  * @param txq
3746  */
3747 static void ipw_queue_tx_free_tfd(struct ipw_priv *priv,
3748                                   struct clx2_tx_queue *txq)
3749 {
3750         struct tfd_frame *bd = &txq->bd[txq->q.last_used];
3751         struct pci_dev *dev = priv->pci_dev;
3752         int i;
3753
3754         /* classify bd */
3755         if (bd->control_flags.message_type == TX_HOST_COMMAND_TYPE)
3756                 /* nothing to cleanup after for host commands */
3757                 return;
3758
3759         /* sanity check */
3760         if (le32_to_cpu(bd->u.data.num_chunks) > NUM_TFD_CHUNKS) {
3761                 IPW_ERROR("Too many chunks: %i\n",
3762                           le32_to_cpu(bd->u.data.num_chunks));
3763                 /** @todo issue fatal error, it is quite serious situation */
3764                 return;
3765         }
3766
3767         /* unmap chunks if any */
3768         for (i = 0; i < le32_to_cpu(bd->u.data.num_chunks); i++) {
3769                 pci_unmap_single(dev, le32_to_cpu(bd->u.data.chunk_ptr[i]),
3770                                  le16_to_cpu(bd->u.data.chunk_len[i]),
3771                                  PCI_DMA_TODEVICE);
3772                 if (txq->txb[txq->q.last_used]) {
3773                         libipw_txb_free(txq->txb[txq->q.last_used]);
3774                         txq->txb[txq->q.last_used] = NULL;
3775                 }
3776         }
3777 }
3778
3779 /**
3780  * Deallocate DMA queue.
3781  *
3782  * Empty queue by removing and destroying all BD's.
3783  * Free all buffers.
3784  *
3785  * @param dev
3786  * @param q
3787  */
3788 static void ipw_queue_tx_free(struct ipw_priv *priv, struct clx2_tx_queue *txq)
3789 {
3790         struct clx2_queue *q = &txq->q;
3791         struct pci_dev *dev = priv->pci_dev;
3792
3793         if (q->n_bd == 0)
3794                 return;
3795
3796         /* first, empty all BD's */
3797         for (; q->first_empty != q->last_used;
3798              q->last_used = ipw_queue_inc_wrap(q->last_used, q->n_bd)) {
3799                 ipw_queue_tx_free_tfd(priv, txq);
3800         }
3801
3802         /* free buffers belonging to queue itself */
3803         pci_free_consistent(dev, sizeof(txq->bd[0]) * q->n_bd, txq->bd,
3804                             q->dma_addr);
3805         kfree(txq->txb);
3806
3807         /* 0 fill whole structure */
3808         memset(txq, 0, sizeof(*txq));
3809 }
3810
3811 /**
3812  * Destroy all DMA queues and structures
3813  *
3814  * @param priv
3815  */
3816 static void ipw_tx_queue_free(struct ipw_priv *priv)
3817 {
3818         /* Tx CMD queue */
3819         ipw_queue_tx_free(priv, &priv->txq_cmd);
3820
3821         /* Tx queues */
3822         ipw_queue_tx_free(priv, &priv->txq[0]);
3823         ipw_queue_tx_free(priv, &priv->txq[1]);
3824         ipw_queue_tx_free(priv, &priv->txq[2]);
3825         ipw_queue_tx_free(priv, &priv->txq[3]);
3826 }
3827
3828 static void ipw_create_bssid(struct ipw_priv *priv, u8 * bssid)
3829 {
3830         /* First 3 bytes are manufacturer */
3831         bssid[0] = priv->mac_addr[0];
3832         bssid[1] = priv->mac_addr[1];
3833         bssid[2] = priv->mac_addr[2];
3834
3835         /* Last bytes are random */
3836         get_random_bytes(&bssid[3], ETH_ALEN - 3);
3837
3838         bssid[0] &= 0xfe;       /* clear multicast bit */
3839         bssid[0] |= 0x02;       /* set local assignment bit (IEEE802) */
3840 }
3841
3842 static u8 ipw_add_station(struct ipw_priv *priv, u8 * bssid)
3843 {
3844         struct ipw_station_entry entry;
3845         int i;
3846
3847         for (i = 0; i < priv->num_stations; i++) {
3848                 if (!memcmp(priv->stations[i], bssid, ETH_ALEN)) {
3849                         /* Another node is active in network */
3850                         priv->missed_adhoc_beacons = 0;
3851                         if (!(priv->config & CFG_STATIC_CHANNEL))
3852                                 /* when other nodes drop out, we drop out */
3853                                 priv->config &= ~CFG_ADHOC_PERSIST;
3854
3855                         return i;
3856                 }
3857         }
3858
3859         if (i == MAX_STATIONS)
3860                 return IPW_INVALID_STATION;
3861
3862         IPW_DEBUG_SCAN("Adding AdHoc station: %pM\n", bssid);
3863
3864         entry.reserved = 0;
3865         entry.support_mode = 0;
3866         memcpy(entry.mac_addr, bssid, ETH_ALEN);
3867         memcpy(priv->stations[i], bssid, ETH_ALEN);
3868         ipw_write_direct(priv, IPW_STATION_TABLE_LOWER + i * sizeof(entry),
3869                          &entry, sizeof(entry));
3870         priv->num_stations++;
3871
3872         return i;
3873 }
3874
3875 static u8 ipw_find_station(struct ipw_priv *priv, u8 * bssid)
3876 {
3877         int i;
3878
3879         for (i = 0; i < priv->num_stations; i++)
3880                 if (!memcmp(priv->stations[i], bssid, ETH_ALEN))
3881                         return i;
3882
3883         return IPW_INVALID_STATION;
3884 }
3885
3886 static void ipw_send_disassociate(struct ipw_priv *priv, int quiet)
3887 {
3888         int err;
3889
3890         if (priv->status & STATUS_ASSOCIATING) {
3891                 IPW_DEBUG_ASSOC("Disassociating while associating.\n");
3892                 queue_work(priv->workqueue, &priv->disassociate);
3893                 return;
3894         }
3895
3896         if (!(priv->status & STATUS_ASSOCIATED)) {
3897                 IPW_DEBUG_ASSOC("Disassociating while not associated.\n");
3898                 return;
3899         }
3900
3901         IPW_DEBUG_ASSOC("Disassocation attempt from %pM "
3902                         "on channel %d.\n",
3903                         priv->assoc_request.bssid,
3904                         priv->assoc_request.channel);
3905
3906         priv->status &= ~(STATUS_ASSOCIATING | STATUS_ASSOCIATED);
3907         priv->status |= STATUS_DISASSOCIATING;
3908
3909         if (quiet)
3910                 priv->assoc_request.assoc_type = HC_DISASSOC_QUIET;
3911         else
3912                 priv->assoc_request.assoc_type = HC_DISASSOCIATE;
3913
3914         err = ipw_send_associate(priv, &priv->assoc_request);
3915         if (err) {
3916                 IPW_DEBUG_HC("Attempt to send [dis]associate command "
3917                              "failed.\n");
3918                 return;
3919         }
3920
3921 }
3922
3923 static int ipw_disassociate(void *data)
3924 {
3925         struct ipw_priv *priv = data;
3926         if (!(priv->status & (STATUS_ASSOCIATED | STATUS_ASSOCIATING)))
3927                 return 0;
3928         ipw_send_disassociate(data, 0);
3929         netif_carrier_off(priv->net_dev);
3930         return 1;
3931 }
3932
3933 static void ipw_bg_disassociate(struct work_struct *work)
3934 {
3935         struct ipw_priv *priv =
3936                 container_of(work, struct ipw_priv, disassociate);
3937         mutex_lock(&priv->mutex);
3938         ipw_disassociate(priv);
3939         mutex_unlock(&priv->mutex);
3940 }
3941
3942 static void ipw_system_config(struct work_struct *work)
3943 {
3944         struct ipw_priv *priv =
3945                 container_of(work, struct ipw_priv, system_config);
3946
3947 #ifdef CONFIG_IPW2200_PROMISCUOUS
3948         if (priv->prom_net_dev && netif_running(priv->prom_net_dev)) {
3949                 priv->sys_config.accept_all_data_frames = 1;
3950                 priv->sys_config.accept_non_directed_frames = 1;
3951                 priv->sys_config.accept_all_mgmt_bcpr = 1;
3952                 priv->sys_config.accept_all_mgmt_frames = 1;
3953         }
3954 #endif
3955
3956         ipw_send_system_config(priv);
3957 }
3958
3959 struct ipw_status_code {
3960         u16 status;
3961         const char *reason;
3962 };
3963
3964 static const struct ipw_status_code ipw_status_codes[] = {
3965         {0x00, "Successful"},
3966         {0x01, "Unspecified failure"},
3967         {0x0A, "Cannot support all requested capabilities in the "
3968          "Capability information field"},
3969         {0x0B, "Reassociation denied due to inability to confirm that "
3970          "association exists"},
3971         {0x0C, "Association denied due to reason outside the scope of this "
3972          "standard"},
3973         {0x0D,
3974          "Responding station does not support the specified authentication "
3975          "algorithm"},
3976         {0x0E,
3977          "Received an Authentication frame with authentication sequence "
3978          "transaction sequence number out of expected sequence"},
3979         {0x0F, "Authentication rejected because of challenge failure"},
3980         {0x10, "Authentication rejected due to timeout waiting for next "
3981          "frame in sequence"},
3982         {0x11, "Association denied because AP is unable to handle additional "
3983          "associated stations"},
3984         {0x12,
3985          "Association denied due to requesting station not supporting all "
3986          "of the datarates in the BSSBasicServiceSet Parameter"},
3987         {0x13,
3988          "Association denied due to requesting station not supporting "
3989          "short preamble operation"},
3990         {0x14,
3991          "Association denied due to requesting station not supporting "
3992          "PBCC encoding"},
3993         {0x15,
3994          "Association denied due to requesting station not supporting "
3995          "channel agility"},
3996         {0x19,
3997          "Association denied due to requesting station not supporting "
3998          "short slot operation"},
3999         {0x1A,
4000          "Association denied due to requesting station not supporting "
4001          "DSSS-OFDM operation"},
4002         {0x28, "Invalid Information Element"},
4003         {0x29, "Group Cipher is not valid"},
4004         {0x2A, "Pairwise Cipher is not valid"},
4005         {0x2B, "AKMP is not valid"},
4006         {0x2C, "Unsupported RSN IE version"},
4007         {0x2D, "Invalid RSN IE Capabilities"},
4008         {0x2E, "Cipher suite is rejected per security policy"},
4009 };
4010
4011 static const char *ipw_get_status_code(u16 status)
4012 {
4013         int i;
4014         for (i = 0; i < ARRAY_SIZE(ipw_status_codes); i++)
4015                 if (ipw_status_codes[i].status == (status & 0xff))
4016                         return ipw_status_codes[i].reason;
4017         return "Unknown status value.";
4018 }
4019
4020 static void inline average_init(struct average *avg)
4021 {
4022         memset(avg, 0, sizeof(*avg));
4023 }
4024
4025 #define DEPTH_RSSI 8
4026 #define DEPTH_NOISE 16
4027 static s16 exponential_average(s16 prev_avg, s16 val, u8 depth)
4028 {
4029         return ((depth-1)*prev_avg +  val)/depth;
4030 }
4031
4032 static void average_add(struct average *avg, s16 val)
4033 {
4034         avg->sum -= avg->entries[avg->pos];
4035         avg->sum += val;
4036         avg->entries[avg->pos++] = val;
4037         if (unlikely(avg->pos == AVG_ENTRIES)) {
4038                 avg->init = 1;
4039                 avg->pos = 0;
4040         }
4041 }
4042
4043 static s16 average_value(struct average *avg)
4044 {
4045         if (!unlikely(avg->init)) {
4046                 if (avg->pos)
4047                         return avg->sum / avg->pos;
4048                 return 0;
4049         }
4050
4051         return avg->sum / AVG_ENTRIES;
4052 }
4053
4054 static void ipw_reset_stats(struct ipw_priv *priv)
4055 {
4056         u32 len = sizeof(u32);
4057
4058         priv->quality = 0;
4059
4060         average_init(&priv->average_missed_beacons);
4061         priv->exp_avg_rssi = -60;
4062         priv->exp_avg_noise = -85 + 0x100;
4063
4064         priv->last_rate = 0;
4065         priv->last_missed_beacons = 0;
4066         priv->last_rx_packets = 0;
4067         priv->last_tx_packets = 0;
4068         priv->last_tx_failures = 0;
4069
4070         /* Firmware managed, reset only when NIC is restarted, so we have to
4071          * normalize on the current value */
4072         ipw_get_ordinal(priv, IPW_ORD_STAT_RX_ERR_CRC,
4073                         &priv->last_rx_err, &len);
4074         ipw_get_ordinal(priv, IPW_ORD_STAT_TX_FAILURE,
4075                         &priv->last_tx_failures, &len);
4076
4077         /* Driver managed, reset with each association */
4078         priv->missed_adhoc_beacons = 0;
4079         priv->missed_beacons = 0;
4080         priv->tx_packets = 0;
4081         priv->rx_packets = 0;
4082
4083 }
4084
4085 static u32 ipw_get_max_rate(struct ipw_priv *priv)
4086 {
4087         u32 i = 0x80000000;
4088         u32 mask = priv->rates_mask;
4089         /* If currently associated in B mode, restrict the maximum
4090          * rate match to B rates */
4091         if (priv->assoc_request.ieee_mode == IPW_B_MODE)
4092                 mask &= LIBIPW_CCK_RATES_MASK;
4093
4094         /* TODO: Verify that the rate is supported by the current rates
4095          * list. */
4096
4097         while (i && !(mask & i))
4098                 i >>= 1;
4099         switch (i) {
4100         case LIBIPW_CCK_RATE_1MB_MASK:
4101                 return 1000000;
4102         case LIBIPW_CCK_RATE_2MB_MASK:
4103                 return 2000000;
4104         case LIBIPW_CCK_RATE_5MB_MASK:
4105                 return 5500000;
4106         case LIBIPW_OFDM_RATE_6MB_MASK:
4107                 return 6000000;
4108         case LIBIPW_OFDM_RATE_9MB_MASK:
4109                 return 9000000;
4110         case LIBIPW_CCK_RATE_11MB_MASK:
4111                 return 11000000;
4112         case LIBIPW_OFDM_RATE_12MB_MASK:
4113                 return 12000000;
4114         case LIBIPW_OFDM_RATE_18MB_MASK:
4115                 return 18000000;
4116         case LIBIPW_OFDM_RATE_24MB_MASK:
4117                 return 24000000;
4118         case LIBIPW_OFDM_RATE_36MB_MASK:
4119                 return 36000000;
4120         case LIBIPW_OFDM_RATE_48MB_MASK:
4121                 return 48000000;
4122         case LIBIPW_OFDM_RATE_54MB_MASK:
4123                 return 54000000;
4124         }
4125
4126         if (priv->ieee->mode == IEEE_B)
4127                 return 11000000;
4128         else
4129                 return 54000000;
4130 }
4131
4132 static u32 ipw_get_current_rate(struct ipw_priv *priv)
4133 {
4134         u32 rate, len = sizeof(rate);
4135         int err;
4136
4137         if (!(priv->status & STATUS_ASSOCIATED))
4138                 return 0;
4139
4140         if (priv->tx_packets > IPW_REAL_RATE_RX_PACKET_THRESHOLD) {
4141                 err = ipw_get_ordinal(priv, IPW_ORD_STAT_TX_CURR_RATE, &rate,
4142                                       &len);
4143                 if (err) {
4144                         IPW_DEBUG_INFO("failed querying ordinals.\n");
4145                         return 0;
4146                 }
4147         } else
4148                 return ipw_get_max_rate(priv);
4149
4150         switch (rate) {
4151         case IPW_TX_RATE_1MB:
4152                 return 1000000;
4153         case IPW_TX_RATE_2MB:
4154                 return 2000000;
4155         case IPW_TX_RATE_5MB:
4156                 return 5500000;
4157         case IPW_TX_RATE_6MB:
4158                 return 6000000;
4159         case IPW_TX_RATE_9MB:
4160                 return 9000000;
4161         case IPW_TX_RATE_11MB:
4162                 return 11000000;
4163         case IPW_TX_RATE_12MB:
4164                 return 12000000;
4165         case IPW_TX_RATE_18MB:
4166                 return 18000000;
4167         case IPW_TX_RATE_24MB:
4168                 return 24000000;
4169         case IPW_TX_RATE_36MB:
4170                 return 36000000;
4171         case IPW_TX_RATE_48MB:
4172                 return 48000000;
4173         case IPW_TX_RATE_54MB:
4174                 return 54000000;
4175         }
4176
4177         return 0;
4178 }
4179
4180 #define IPW_STATS_INTERVAL (2 * HZ)
4181 static void ipw_gather_stats(struct ipw_priv *priv)
4182 {
4183         u32 rx_err, rx_err_delta, rx_packets_delta;
4184         u32 tx_failures, tx_failures_delta, tx_packets_delta;
4185         u32 missed_beacons_percent, missed_beacons_delta;
4186         u32 quality = 0;
4187         u32 len = sizeof(u32);
4188         s16 rssi;
4189         u32 beacon_quality, signal_quality, tx_quality, rx_quality,
4190             rate_quality;
4191         u32 max_rate;
4192
4193         if (!(priv->status & STATUS_ASSOCIATED)) {
4194                 priv->quality = 0;
4195                 return;
4196         }
4197
4198         /* Update the statistics */
4199         ipw_get_ordinal(priv, IPW_ORD_STAT_MISSED_BEACONS,
4200                         &priv->missed_beacons, &len);
4201         missed_beacons_delta = priv->missed_beacons - priv->last_missed_beacons;
4202         priv->last_missed_beacons = priv->missed_beacons;
4203         if (priv->assoc_request.beacon_interval) {
4204                 missed_beacons_percent = missed_beacons_delta *
4205                     (HZ * le16_to_cpu(priv->assoc_request.beacon_interval)) /
4206                     (IPW_STATS_INTERVAL * 10);
4207         } else {
4208                 missed_beacons_percent = 0;
4209         }
4210         average_add(&priv->average_missed_beacons, missed_beacons_percent);
4211
4212         ipw_get_ordinal(priv, IPW_ORD_STAT_RX_ERR_CRC, &rx_err, &len);
4213         rx_err_delta = rx_err - priv->last_rx_err;
4214         priv->last_rx_err = rx_err;
4215
4216         ipw_get_ordinal(priv, IPW_ORD_STAT_TX_FAILURE, &tx_failures, &len);
4217         tx_failures_delta = tx_failures - priv->last_tx_failures;
4218         priv->last_tx_failures = tx_failures;
4219
4220         rx_packets_delta = priv->rx_packets - priv->last_rx_packets;
4221         priv->last_rx_packets = priv->rx_packets;
4222
4223         tx_packets_delta = priv->tx_packets - priv->last_tx_packets;
4224         priv->last_tx_packets = priv->tx_packets;
4225
4226         /* Calculate quality based on the following:
4227          *
4228          * Missed beacon: 100% = 0, 0% = 70% missed
4229          * Rate: 60% = 1Mbs, 100% = Max
4230          * Rx and Tx errors represent a straight % of total Rx/Tx
4231          * RSSI: 100% = > -50,  0% = < -80
4232          * Rx errors: 100% = 0, 0% = 50% missed
4233          *
4234          * The lowest computed quality is used.
4235          *
4236          */
4237 #define BEACON_THRESHOLD 5
4238         beacon_quality = 100 - missed_beacons_percent;
4239         if (beacon_quality < BEACON_THRESHOLD)
4240                 beacon_quality = 0;
4241         else
4242                 beacon_quality = (beacon_quality - BEACON_THRESHOLD) * 100 /
4243                     (100 - BEACON_THRESHOLD);
4244         IPW_DEBUG_STATS("Missed beacon: %3d%% (%d%%)\n",
4245                         beacon_quality, missed_beacons_percent);
4246
4247         priv->last_rate = ipw_get_current_rate(priv);
4248         max_rate = ipw_get_max_rate(priv);
4249         rate_quality = priv->last_rate * 40 / max_rate + 60;
4250         IPW_DEBUG_STATS("Rate quality : %3d%% (%dMbs)\n",
4251                         rate_quality, priv->last_rate / 1000000);
4252
4253         if (rx_packets_delta > 100 && rx_packets_delta + rx_err_delta)
4254                 rx_quality = 100 - (rx_err_delta * 100) /
4255                     (rx_packets_delta + rx_err_delta);
4256         else
4257                 rx_quality = 100;
4258         IPW_DEBUG_STATS("Rx quality   : %3d%% (%u errors, %u packets)\n",
4259                         rx_quality, rx_err_delta, rx_packets_delta);
4260
4261         if (tx_packets_delta > 100 && tx_packets_delta + tx_failures_delta)
4262                 tx_quality = 100 - (tx_failures_delta * 100) /
4263                     (tx_packets_delta + tx_failures_delta);
4264         else
4265                 tx_quality = 100;
4266         IPW_DEBUG_STATS("Tx quality   : %3d%% (%u errors, %u packets)\n",
4267                         tx_quality, tx_failures_delta, tx_packets_delta);
4268
4269         rssi = priv->exp_avg_rssi;
4270         signal_quality =
4271             (100 *
4272              (priv->ieee->perfect_rssi - priv->ieee->worst_rssi) *
4273              (priv->ieee->perfect_rssi - priv->ieee->worst_rssi) -
4274              (priv->ieee->perfect_rssi - rssi) *
4275              (15 * (priv->ieee->perfect_rssi - priv->ieee->worst_rssi) +
4276               62 * (priv->ieee->perfect_rssi - rssi))) /
4277             ((priv->ieee->perfect_rssi - priv->ieee->worst_rssi) *
4278              (priv->ieee->perfect_rssi - priv->ieee->worst_rssi));
4279         if (signal_quality > 100)
4280                 signal_quality = 100;
4281         else if (signal_quality < 1)
4282                 signal_quality = 0;
4283
4284         IPW_DEBUG_STATS("Signal level : %3d%% (%d dBm)\n",
4285                         signal_quality, rssi);
4286
4287         quality = min(rx_quality, signal_quality);
4288         quality = min(tx_quality, quality);
4289         quality = min(rate_quality, quality);
4290         quality = min(beacon_quality, quality);
4291         if (quality == beacon_quality)
4292                 IPW_DEBUG_STATS("Quality (%d%%): Clamped to missed beacons.\n",
4293                                 quality);
4294         if (quality == rate_quality)
4295                 IPW_DEBUG_STATS("Quality (%d%%): Clamped to rate quality.\n",
4296                                 quality);
4297         if (quality == tx_quality)
4298                 IPW_DEBUG_STATS("Quality (%d%%): Clamped to Tx quality.\n",
4299                                 quality);
4300         if (quality == rx_quality)
4301                 IPW_DEBUG_STATS("Quality (%d%%): Clamped to Rx quality.\n",
4302                                 quality);
4303         if (quality == signal_quality)
4304                 IPW_DEBUG_STATS("Quality (%d%%): Clamped to signal quality.\n",
4305                                 quality);
4306
4307         priv->quality = quality;
4308
4309         queue_delayed_work(priv->workqueue, &priv->gather_stats,
4310                            IPW_STATS_INTERVAL);
4311 }
4312
4313 static void ipw_bg_gather_stats(struct work_struct *work)
4314 {
4315         struct ipw_priv *priv =
4316                 container_of(work, struct ipw_priv, gather_stats.work);
4317         mutex_lock(&priv->mutex);
4318         ipw_gather_stats(priv);
4319         mutex_unlock(&priv->mutex);
4320 }
4321
4322 /* Missed beacon behavior:
4323  * 1st missed -> roaming_threshold, just wait, don't do any scan/roam.
4324  * roaming_threshold -> disassociate_threshold, scan and roam for better signal.
4325  * Above disassociate threshold, give up and stop scanning.
4326  * Roaming is disabled if disassociate_threshold <= roaming_threshold  */
4327 static void ipw_handle_missed_beacon(struct ipw_priv *priv,
4328                                             int missed_count)
4329 {
4330         priv->notif_missed_beacons = missed_count;
4331
4332         if (missed_count > priv->disassociate_threshold &&
4333             priv->status & STATUS_ASSOCIATED) {
4334                 /* If associated and we've hit the missed
4335                  * beacon threshold, disassociate, turn
4336                  * off roaming, and abort any active scans */
4337                 IPW_DEBUG(IPW_DL_INFO | IPW_DL_NOTIF |
4338                           IPW_DL_STATE | IPW_DL_ASSOC,
4339                           "Missed beacon: %d - disassociate\n", missed_count);
4340                 priv->status &= ~STATUS_ROAMING;
4341                 if (priv->status & STATUS_SCANNING) {
4342                         IPW_DEBUG(IPW_DL_INFO | IPW_DL_NOTIF |
4343                                   IPW_DL_STATE,
4344                                   "Aborting scan with missed beacon.\n");
4345                         queue_work(priv->workqueue, &priv->abort_scan);
4346                 }
4347
4348                 queue_work(priv->workqueue, &priv->disassociate);
4349                 return;
4350         }
4351
4352         if (priv->status & STATUS_ROAMING) {
4353                 /* If we are currently roaming, then just
4354                  * print a debug statement... */
4355                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE,
4356                           "Missed beacon: %d - roam in progress\n",
4357                           missed_count);
4358                 return;
4359         }
4360
4361         if (roaming &&
4362             (missed_count > priv->roaming_threshold &&
4363              missed_count <= priv->disassociate_threshold)) {
4364                 /* If we are not already roaming, set the ROAM
4365                  * bit in the status and kick off a scan.
4366                  * This can happen several times before we reach
4367                  * disassociate_threshold. */
4368                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE,
4369                           "Missed beacon: %d - initiate "
4370                           "roaming\n", missed_count);
4371                 if (!(priv->status & STATUS_ROAMING)) {
4372                         priv->status |= STATUS_ROAMING;
4373                         if (!(priv->status & STATUS_SCANNING))
4374                                 queue_delayed_work(priv->workqueue,
4375                                                    &priv->request_scan, 0);
4376                 }
4377                 return;
4378         }
4379
4380         if (priv->status & STATUS_SCANNING &&
4381             missed_count > IPW_MB_SCAN_CANCEL_THRESHOLD) {
4382                 /* Stop scan to keep fw from getting
4383                  * stuck (only if we aren't roaming --
4384                  * otherwise we'll never scan more than 2 or 3
4385                  * channels..) */
4386                 IPW_DEBUG(IPW_DL_INFO | IPW_DL_NOTIF | IPW_DL_STATE,
4387                           "Aborting scan with missed beacon.\n");
4388                 queue_work(priv->workqueue, &priv->abort_scan);
4389         }
4390
4391         IPW_DEBUG_NOTIF("Missed beacon: %d\n", missed_count);
4392 }
4393
4394 static void ipw_scan_event(struct work_struct *work)
4395 {
4396         union iwreq_data wrqu;
4397
4398         struct ipw_priv *priv =
4399                 container_of(work, struct ipw_priv, scan_event.work);
4400
4401         wrqu.data.length = 0;
4402         wrqu.data.flags = 0;
4403         wireless_send_event(priv->net_dev, SIOCGIWSCAN, &wrqu, NULL);
4404 }
4405
4406 static void handle_scan_event(struct ipw_priv *priv)
4407 {
4408         /* Only userspace-requested scan completion events go out immediately */
4409         if (!priv->user_requested_scan) {
4410                 if (!delayed_work_pending(&priv->scan_event))
4411                         queue_delayed_work(priv->workqueue, &priv->scan_event,
4412                                          round_jiffies_relative(msecs_to_jiffies(4000)));
4413         } else {
4414                 union iwreq_data wrqu;
4415
4416                 priv->user_requested_scan = 0;
4417                 cancel_delayed_work(&priv->scan_event);
4418
4419                 wrqu.data.length = 0;
4420                 wrqu.data.flags = 0;
4421                 wireless_send_event(priv->net_dev, SIOCGIWSCAN, &wrqu, NULL);
4422         }
4423 }
4424
4425 /**
4426  * Handle host notification packet.
4427  * Called from interrupt routine
4428  */
4429 static void ipw_rx_notification(struct ipw_priv *priv,
4430                                        struct ipw_rx_notification *notif)
4431 {
4432         DECLARE_SSID_BUF(ssid);
4433         u16 size = le16_to_cpu(notif->size);
4434
4435         IPW_DEBUG_NOTIF("type = %i (%d bytes)\n", notif->subtype, size);
4436
4437         switch (notif->subtype) {
4438         case HOST_NOTIFICATION_STATUS_ASSOCIATED:{
4439                         struct notif_association *assoc = &notif->u.assoc;
4440
4441                         switch (assoc->state) {
4442                         case CMAS_ASSOCIATED:{
4443                                         IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4444                                                   IPW_DL_ASSOC,
4445                                                   "associated: '%s' %pM \n",
4446                                                   print_ssid(ssid, priv->essid,
4447                                                              priv->essid_len),
4448                                                   priv->bssid);
4449
4450                                         switch (priv->ieee->iw_mode) {
4451                                         case IW_MODE_INFRA:
4452                                                 memcpy(priv->ieee->bssid,
4453                                                        priv->bssid, ETH_ALEN);
4454                                                 break;
4455
4456                                         case IW_MODE_ADHOC:
4457                                                 memcpy(priv->ieee->bssid,
4458                                                        priv->bssid, ETH_ALEN);
4459
4460                                                 /* clear out the station table */
4461                                                 priv->num_stations = 0;
4462
4463                                                 IPW_DEBUG_ASSOC
4464                                                     ("queueing adhoc check\n");
4465                                                 queue_delayed_work(priv->
4466                                                                    workqueue,
4467                                                                    &priv->
4468                                                                    adhoc_check,
4469                                                                    le16_to_cpu(priv->
4470                                                                    assoc_request.
4471                                                                    beacon_interval));
4472                                                 break;
4473                                         }
4474
4475                                         priv->status &= ~STATUS_ASSOCIATING;
4476                                         priv->status |= STATUS_ASSOCIATED;
4477                                         queue_work(priv->workqueue,
4478                                                    &priv->system_config);
4479
4480 #ifdef CONFIG_IPW2200_QOS
4481 #define IPW_GET_PACKET_STYPE(x) WLAN_FC_GET_STYPE( \
4482                          le16_to_cpu(((struct ieee80211_hdr *)(x))->frame_control))
4483                                         if ((priv->status & STATUS_AUTH) &&
4484                                             (IPW_GET_PACKET_STYPE(&notif->u.raw)
4485                                              == IEEE80211_STYPE_ASSOC_RESP)) {
4486                                                 if ((sizeof
4487                                                      (struct
4488                                                       libipw_assoc_response)
4489                                                      <= size)
4490                                                     && (size <= 2314)) {
4491                                                         struct
4492                                                         libipw_rx_stats
4493                                                             stats = {
4494                                                                 .len = size - 1,
4495                                                         };
4496
4497                                                         IPW_DEBUG_QOS
4498                                                             ("QoS Associate "
4499                                                              "size %d\n", size);
4500                                                         libipw_rx_mgt(priv->
4501                                                                          ieee,
4502                                                                          (struct
4503                                                                           libipw_hdr_4addr
4504                                                                           *)
4505                                                                          &notif->u.raw, &stats);
4506                                                 }
4507                                         }
4508 #endif
4509
4510                                         schedule_work(&priv->link_up);
4511
4512                                         break;
4513                                 }
4514
4515                         case CMAS_AUTHENTICATED:{
4516                                         if (priv->
4517                                             status & (STATUS_ASSOCIATED |
4518                                                       STATUS_AUTH)) {
4519                                                 struct notif_authenticate *auth
4520                                                     = &notif->u.auth;
4521                                                 IPW_DEBUG(IPW_DL_NOTIF |
4522                                                           IPW_DL_STATE |
4523                                                           IPW_DL_ASSOC,
4524                                                           "deauthenticated: '%s' "
4525                                                           "%pM"
4526                                                           ": (0x%04X) - %s \n",
4527                                                           print_ssid(ssid,
4528                                                                      priv->
4529                                                                      essid,
4530                                                                      priv->
4531                                                                      essid_len),
4532                                                           priv->bssid,
4533                                                           le16_to_cpu(auth->status),
4534                                                           ipw_get_status_code
4535                                                           (le16_to_cpu
4536                                                            (auth->status)));
4537
4538                                                 priv->status &=
4539                                                     ~(STATUS_ASSOCIATING |
4540                                                       STATUS_AUTH |
4541                                                       STATUS_ASSOCIATED);
4542
4543                                                 schedule_work(&priv->link_down);
4544                                                 break;
4545                                         }
4546
4547                                         IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4548                                                   IPW_DL_ASSOC,
4549                                                   "authenticated: '%s' %pM\n",
4550                                                   print_ssid(ssid, priv->essid,
4551                                                              priv->essid_len),
4552                                                   priv->bssid);
4553                                         break;
4554                                 }
4555
4556                         case CMAS_INIT:{
4557                                         if (priv->status & STATUS_AUTH) {
4558                                                 struct
4559                                                     libipw_assoc_response
4560                                                 *resp;
4561                                                 resp =
4562                                                     (struct
4563                                                      libipw_assoc_response
4564                                                      *)&notif->u.raw;
4565                                                 IPW_DEBUG(IPW_DL_NOTIF |
4566                                                           IPW_DL_STATE |
4567                                                           IPW_DL_ASSOC,
4568                                                           "association failed (0x%04X): %s\n",
4569                                                           le16_to_cpu(resp->status),
4570                                                           ipw_get_status_code
4571                                                           (le16_to_cpu
4572                                                            (resp->status)));
4573                                         }
4574
4575                                         IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4576                                                   IPW_DL_ASSOC,
4577                                                   "disassociated: '%s' %pM \n",
4578                                                   print_ssid(ssid, priv->essid,
4579                                                              priv->essid_len),
4580                                                   priv->bssid);
4581
4582                                         priv->status &=
4583                                             ~(STATUS_DISASSOCIATING |
4584                                               STATUS_ASSOCIATING |
4585                                               STATUS_ASSOCIATED | STATUS_AUTH);
4586                                         if (priv->assoc_network
4587                                             && (priv->assoc_network->
4588                                                 capability &
4589                                                 WLAN_CAPABILITY_IBSS))
4590                                                 ipw_remove_current_network
4591                                                     (priv);
4592
4593                                         schedule_work(&priv->link_down);
4594
4595                                         break;
4596                                 }
4597
4598                         case CMAS_RX_ASSOC_RESP:
4599                                 break;
4600
4601                         default:
4602                                 IPW_ERROR("assoc: unknown (%d)\n",
4603                                           assoc->state);
4604                                 break;
4605                         }
4606
4607                         break;
4608                 }
4609
4610         case HOST_NOTIFICATION_STATUS_AUTHENTICATE:{
4611                         struct notif_authenticate *auth = &notif->u.auth;
4612                         switch (auth->state) {
4613                         case CMAS_AUTHENTICATED:
4614                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE,
4615                                           "authenticated: '%s' %pM \n",
4616                                           print_ssid(ssid, priv->essid,
4617                                                      priv->essid_len),
4618                                           priv->bssid);
4619                                 priv->status |= STATUS_AUTH;
4620                                 break;
4621
4622                         case CMAS_INIT:
4623                                 if (priv->status & STATUS_AUTH) {
4624                                         IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4625                                                   IPW_DL_ASSOC,
4626                                                   "authentication failed (0x%04X): %s\n",
4627                                                   le16_to_cpu(auth->status),
4628                                                   ipw_get_status_code(le16_to_cpu
4629                                                                       (auth->
4630                                                                        status)));
4631                                 }
4632                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4633                                           IPW_DL_ASSOC,
4634                                           "deauthenticated: '%s' %pM\n",
4635                                           print_ssid(ssid, priv->essid,
4636                                                      priv->essid_len),
4637                                           priv->bssid);
4638
4639                                 priv->status &= ~(STATUS_ASSOCIATING |
4640                                                   STATUS_AUTH |
4641                                                   STATUS_ASSOCIATED);
4642
4643                                 schedule_work(&priv->link_down);
4644                                 break;
4645
4646                         case CMAS_TX_AUTH_SEQ_1:
4647                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4648                                           IPW_DL_ASSOC, "AUTH_SEQ_1\n");
4649                                 break;
4650                         case CMAS_RX_AUTH_SEQ_2:
4651                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4652                                           IPW_DL_ASSOC, "AUTH_SEQ_2\n");
4653                                 break;
4654                         case CMAS_AUTH_SEQ_1_PASS:
4655                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4656                                           IPW_DL_ASSOC, "AUTH_SEQ_1_PASS\n");
4657                                 break;
4658                         case CMAS_AUTH_SEQ_1_FAIL:
4659                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4660                                           IPW_DL_ASSOC, "AUTH_SEQ_1_FAIL\n");
4661                                 break;
4662                         case CMAS_TX_AUTH_SEQ_3:
4663                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4664                                           IPW_DL_ASSOC, "AUTH_SEQ_3\n");
4665                                 break;
4666                         case CMAS_RX_AUTH_SEQ_4:
4667                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4668                                           IPW_DL_ASSOC, "RX_AUTH_SEQ_4\n");
4669                                 break;
4670                         case CMAS_AUTH_SEQ_2_PASS:
4671                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4672                                           IPW_DL_ASSOC, "AUTH_SEQ_2_PASS\n");
4673                                 break;
4674                         case CMAS_AUTH_SEQ_2_FAIL:
4675                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4676                                           IPW_DL_ASSOC, "AUT_SEQ_2_FAIL\n");
4677                                 break;
4678                         case CMAS_TX_ASSOC:
4679                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4680                                           IPW_DL_ASSOC, "TX_ASSOC\n");
4681                                 break;
4682                         case CMAS_RX_ASSOC_RESP:
4683                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4684                                           IPW_DL_ASSOC, "RX_ASSOC_RESP\n");
4685
4686                                 break;
4687                         case CMAS_ASSOCIATED:
4688                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE |
4689                                           IPW_DL_ASSOC, "ASSOCIATED\n");
4690                                 break;
4691                         default:
4692                                 IPW_DEBUG_NOTIF("auth: failure - %d\n",
4693                                                 auth->state);
4694                                 break;
4695                         }
4696                         break;
4697                 }
4698
4699         case HOST_NOTIFICATION_STATUS_SCAN_CHANNEL_RESULT:{
4700                         struct notif_channel_result *x =
4701                             &notif->u.channel_result;
4702
4703                         if (size == sizeof(*x)) {
4704                                 IPW_DEBUG_SCAN("Scan result for channel %d\n",
4705                                                x->channel_num);
4706                         } else {
4707                                 IPW_DEBUG_SCAN("Scan result of wrong size %d "
4708                                                "(should be %zd)\n",
4709                                                size, sizeof(*x));
4710                         }
4711                         break;
4712                 }
4713
4714         case HOST_NOTIFICATION_STATUS_SCAN_COMPLETED:{
4715                         struct notif_scan_complete *x = &notif->u.scan_complete;
4716                         if (size == sizeof(*x)) {
4717                                 IPW_DEBUG_SCAN
4718                                     ("Scan completed: type %d, %d channels, "
4719                                      "%d status\n", x->scan_type,
4720                                      x->num_channels, x->status);
4721                         } else {
4722                                 IPW_ERROR("Scan completed of wrong size %d "
4723                                           "(should be %zd)\n",
4724                                           size, sizeof(*x));
4725                         }
4726
4727                         priv->status &=
4728                             ~(STATUS_SCANNING | STATUS_SCAN_ABORTING);
4729
4730                         wake_up_interruptible(&priv->wait_state);
4731                         cancel_delayed_work(&priv->scan_check);
4732
4733                         if (priv->status & STATUS_EXIT_PENDING)
4734                                 break;
4735
4736                         priv->ieee->scans++;
4737
4738 #ifdef CONFIG_IPW2200_MONITOR
4739                         if (priv->ieee->iw_mode == IW_MODE_MONITOR) {
4740                                 priv->status |= STATUS_SCAN_FORCED;
4741                                 queue_delayed_work(priv->workqueue,
4742                                                    &priv->request_scan, 0);
4743                                 break;
4744                         }
4745                         priv->status &= ~STATUS_SCAN_FORCED;
4746 #endif                          /* CONFIG_IPW2200_MONITOR */
4747
4748                         /* Do queued direct scans first */
4749                         if (priv->status & STATUS_DIRECT_SCAN_PENDING) {
4750                                 queue_delayed_work(priv->workqueue,
4751                                                    &priv->request_direct_scan, 0);
4752                         }
4753
4754                         if (!(priv->status & (STATUS_ASSOCIATED |
4755                                               STATUS_ASSOCIATING |
4756                                               STATUS_ROAMING |
4757                                               STATUS_DISASSOCIATING)))
4758                                 queue_work(priv->workqueue, &priv->associate);
4759                         else if (priv->status & STATUS_ROAMING) {
4760                                 if (x->status == SCAN_COMPLETED_STATUS_COMPLETE)
4761                                         /* If a scan completed and we are in roam mode, then
4762                                          * the scan that completed was the one requested as a
4763                                          * result of entering roam... so, schedule the
4764                                          * roam work */
4765                                         queue_work(priv->workqueue,
4766                                                    &priv->roam);
4767                                 else
4768                                         /* Don't schedule if we aborted the scan */
4769                                         priv->status &= ~STATUS_ROAMING;
4770                         } else if (priv->status & STATUS_SCAN_PENDING)
4771                                 queue_delayed_work(priv->workqueue,
4772                                                    &priv->request_scan, 0);
4773                         else if (priv->config & CFG_BACKGROUND_SCAN
4774                                  && priv->status & STATUS_ASSOCIATED)
4775                                 queue_delayed_work(priv->workqueue,
4776                                                    &priv->request_scan,
4777                                                    round_jiffies_relative(HZ));
4778
4779                         /* Send an empty event to user space.
4780                          * We don't send the received data on the event because
4781                          * it would require us to do complex transcoding, and
4782                          * we want to minimise the work done in the irq handler
4783                          * Use a request to extract the data.
4784                          * Also, we generate this even for any scan, regardless
4785                          * on how the scan was initiated. User space can just
4786                          * sync on periodic scan to get fresh data...
4787                          * Jean II */
4788                         if (x->status == SCAN_COMPLETED_STATUS_COMPLETE)
4789                                 handle_scan_event(priv);
4790                         break;
4791                 }
4792
4793         case HOST_NOTIFICATION_STATUS_FRAG_LENGTH:{
4794                         struct notif_frag_length *x = &notif->u.frag_len;
4795
4796                         if (size == sizeof(*x))
4797                                 IPW_ERROR("Frag length: %d\n",
4798                                           le16_to_cpu(x->frag_length));
4799                         else
4800                                 IPW_ERROR("Frag length of wrong size %d "
4801                                           "(should be %zd)\n",
4802                                           size, sizeof(*x));
4803                         break;
4804                 }
4805
4806         case HOST_NOTIFICATION_STATUS_LINK_DETERIORATION:{
4807                         struct notif_link_deterioration *x =
4808                             &notif->u.link_deterioration;
4809
4810                         if (size == sizeof(*x)) {
4811                                 IPW_DEBUG(IPW_DL_NOTIF | IPW_DL_STATE,
4812                                         "link deterioration: type %d, cnt %d\n",
4813                                         x->silence_notification_type,
4814                                         x->silence_count);
4815                                 memcpy(&priv->last_link_deterioration, x,
4816                                        sizeof(*x));
4817                         } else {
4818                                 IPW_ERROR("Link Deterioration of wrong size %d "
4819                                           "(should be %zd)\n",
4820                                           size, sizeof(*x));
4821                         }
4822                         break;
4823                 }
4824
4825         case HOST_NOTIFICATION_DINO_CONFIG_RESPONSE:{
4826                         IPW_ERROR("Dino config\n");
4827                         if (priv->hcmd
4828                             && priv->hcmd->cmd != HOST_CMD_DINO_CONFIG)
4829                                 IPW_ERROR("Unexpected DINO_CONFIG_RESPONSE\n");
4830
4831                         break;
4832                 }
4833
4834         case HOST_NOTIFICATION_STATUS_BEACON_STATE:{
4835                         struct notif_beacon_state *x = &notif->u.beacon_state;
4836                         if (size != sizeof(*x)) {
4837                                 IPW_ERROR
4838                                     ("Beacon state of wrong size %d (should "
4839                                      "be %zd)\n", size, sizeof(*x));
4840                                 break;
4841                         }
4842
4843                         if (le32_to_cpu(x->state) ==
4844                             HOST_NOTIFICATION_STATUS_BEACON_MISSING)
4845                                 ipw_handle_missed_beacon(priv,
4846                                                          le32_to_cpu(x->
4847                                                                      number));
4848
4849                         break;
4850                 }
4851
4852         case HOST_NOTIFICATION_STATUS_TGI_TX_KEY:{
4853                         struct notif_tgi_tx_key *x = &notif->u.tgi_tx_key;
4854                         if (size == sizeof(*x)) {
4855                                 IPW_ERROR("TGi Tx Key: state 0x%02x sec type "
4856                                           "0x%02x station %d\n",
4857                                           x->key_state, x->security_type,
4858                                           x->station_index);
4859                                 break;
4860                         }
4861
4862                         IPW_ERROR
4863                             ("TGi Tx Key of wrong size %d (should be %zd)\n",
4864                              size, sizeof(*x));
4865                         break;
4866                 }
4867
4868         case HOST_NOTIFICATION_CALIB_KEEP_RESULTS:{
4869                         struct notif_calibration *x = &notif->u.calibration;
4870
4871                         if (size == sizeof(*x)) {
4872                                 memcpy(&priv->calib, x, sizeof(*x));
4873                                 IPW_DEBUG_INFO("TODO: Calibration\n");
4874                                 break;
4875                         }
4876
4877                         IPW_ERROR
4878                             ("Calibration of wrong size %d (should be %zd)\n",
4879                              size, sizeof(*x));
4880                         break;
4881                 }
4882
4883         case HOST_NOTIFICATION_NOISE_STATS:{
4884                         if (size == sizeof(u32)) {
4885                                 priv->exp_avg_noise =
4886                                     exponential_average(priv->exp_avg_noise,
4887                                     (u8) (le32_to_cpu(notif->u.noise.value) & 0xff),
4888                                     DEPTH_NOISE);
4889                                 break;
4890                         }
4891
4892                         IPW_ERROR
4893                             ("Noise stat is wrong size %d (should be %zd)\n",
4894                              size, sizeof(u32));
4895                         break;
4896                 }
4897
4898         default:
4899                 IPW_DEBUG_NOTIF("Unknown notification: "
4900                                 "subtype=%d,flags=0x%2x,size=%d\n",
4901                                 notif->subtype, notif->flags, size);
4902         }
4903 }
4904
4905 /**
4906  * Destroys all DMA structures and initialise them again
4907  *
4908  * @param priv
4909  * @return error code
4910  */
4911 static int ipw_queue_reset(struct ipw_priv *priv)
4912 {
4913         int rc = 0;
4914         /** @todo customize queue sizes */
4915         int nTx = 64, nTxCmd = 8;
4916         ipw_tx_queue_free(priv);
4917         /* Tx CMD queue */
4918         rc = ipw_queue_tx_init(priv, &priv->txq_cmd, nTxCmd,
4919                                IPW_TX_CMD_QUEUE_READ_INDEX,
4920                                IPW_TX_CMD_QUEUE_WRITE_INDEX,
4921                                IPW_TX_CMD_QUEUE_BD_BASE,
4922                                IPW_TX_CMD_QUEUE_BD_SIZE);
4923         if (rc) {
4924                 IPW_ERROR("Tx Cmd queue init failed\n");
4925                 goto error;
4926         }
4927         /* Tx queue(s) */
4928         rc = ipw_queue_tx_init(priv, &priv->txq[0], nTx,
4929                                IPW_TX_QUEUE_0_READ_INDEX,
4930                                IPW_TX_QUEUE_0_WRITE_INDEX,
4931                                IPW_TX_QUEUE_0_BD_BASE, IPW_TX_QUEUE_0_BD_SIZE);
4932         if (rc) {
4933                 IPW_ERROR("Tx 0 queue init failed\n");
4934                 goto error;
4935         }
4936         rc = ipw_queue_tx_init(priv, &priv->txq[1], nTx,
4937                                IPW_TX_QUEUE_1_READ_INDEX,
4938                                IPW_TX_QUEUE_1_WRITE_INDEX,
4939                                IPW_TX_QUEUE_1_BD_BASE, IPW_TX_QUEUE_1_BD_SIZE);
4940         if (rc) {
4941                 IPW_ERROR("Tx 1 queue init failed\n");
4942                 goto error;
4943         }
4944         rc = ipw_queue_tx_init(priv, &priv->txq[2], nTx,
4945                                IPW_TX_QUEUE_2_READ_INDEX,
4946                                IPW_TX_QUEUE_2_WRITE_INDEX,
4947                                IPW_TX_QUEUE_2_BD_BASE, IPW_TX_QUEUE_2_BD_SIZE);
4948         if (rc) {
4949                 IPW_ERROR("Tx 2 queue init failed\n");
4950                 goto error;
4951         }
4952         rc = ipw_queue_tx_init(priv, &priv->txq[3], nTx,
4953                                IPW_TX_QUEUE_3_READ_INDEX,
4954                                IPW_TX_QUEUE_3_WRITE_INDEX,
4955                                IPW_TX_QUEUE_3_BD_BASE, IPW_TX_QUEUE_3_BD_SIZE);
4956         if (rc) {
4957                 IPW_ERROR("Tx 3 queue init failed\n");
4958                 goto error;
4959         }
4960         /* statistics */
4961         priv->rx_bufs_min = 0;
4962         priv->rx_pend_max = 0;
4963         return rc;
4964
4965       error:
4966         ipw_tx_queue_free(priv);
4967         return rc;
4968 }
4969
4970 /**
4971  * Reclaim Tx queue entries no more used by NIC.
4972  *
4973  * When FW advances 'R' index, all entries between old and
4974  * new 'R' index need to be reclaimed. As result, some free space
4975  * forms. If there is enough free space (> low mark), wake Tx queue.
4976  *
4977  * @note Need to protect against garbage in 'R' index
4978  * @param priv
4979  * @param txq
4980  * @param qindex
4981  * @return Number of used entries remains in the queue
4982  */
4983 static int ipw_queue_tx_reclaim(struct ipw_priv *priv,
4984                                 struct clx2_tx_queue *txq, int qindex)
4985 {
4986         u32 hw_tail;
4987         int used;
4988         struct clx2_queue *q = &txq->q;
4989
4990         hw_tail = ipw_read32(priv, q->reg_r);
4991         if (hw_tail >= q->n_bd) {
4992                 IPW_ERROR
4993                     ("Read index for DMA queue (%d) is out of range [0-%d)\n",
4994                      hw_tail, q->n_bd);
4995                 goto done;
4996         }
4997         for (; q->last_used != hw_tail;
4998              q->last_used = ipw_queue_inc_wrap(q->last_used, q->n_bd)) {
4999                 ipw_queue_tx_free_tfd(priv, txq);
5000                 priv->tx_packets++;
5001         }
5002       done:
5003         if ((ipw_tx_queue_space(q) > q->low_mark) &&
5004             (qindex >= 0))
5005                 netif_wake_queue(priv->net_dev);
5006         used = q->first_empty - q->last_used;
5007         if (used < 0)
5008                 used += q->n_bd;
5009
5010         return used;
5011 }
5012
5013 static int ipw_queue_tx_hcmd(struct ipw_priv *priv, int hcmd, void *buf,
5014                              int len, int sync)
5015 {
5016         struct clx2_tx_queue *txq = &priv->txq_cmd;
5017         struct clx2_queue *q = &txq->q;
5018         struct tfd_frame *tfd;
5019
5020         if (ipw_tx_queue_space(q) < (sync ? 1 : 2)) {
5021                 IPW_ERROR("No space for Tx\n");
5022                 return -EBUSY;
5023         }
5024
5025         tfd = &txq->bd[q->first_empty];
5026         txq->txb[q->first_empty] = NULL;
5027
5028         memset(tfd, 0, sizeof(*tfd));
5029         tfd->control_flags.message_type = TX_HOST_COMMAND_TYPE;
5030         tfd->control_flags.control_bits = TFD_NEED_IRQ_MASK;
5031         priv->hcmd_seq++;
5032         tfd->u.cmd.index = hcmd;
5033         tfd->u.cmd.length = len;
5034         memcpy(tfd->u.cmd.payload, buf, len);
5035         q->first_empty = ipw_queue_inc_wrap(q->first_empty, q->n_bd);
5036         ipw_write32(priv, q->reg_w, q->first_empty);
5037         _ipw_read32(priv, 0x90);
5038
5039         return 0;
5040 }
5041
5042 /*
5043  * Rx theory of operation
5044  *
5045  * The host allocates 32 DMA target addresses and passes the host address
5046  * to the firmware at register IPW_RFDS_TABLE_LOWER + N * RFD_SIZE where N is
5047  * 0 to 31
5048  *
5049  * Rx Queue Indexes
5050  * The host/firmware share two index registers for managing the Rx buffers.
5051  *
5052  * The READ index maps to the first position that the firmware may be writing
5053  * to -- the driver can read up to (but not including) this position and get
5054  * good data.
5055  * The READ index is managed by the firmware once the card is enabled.
5056  *
5057  * The WRITE index maps to the last position the driver has read from -- the
5058  * position preceding WRITE is the last slot the firmware can place a packet.
5059  *
5060  * The queue is empty (no good data) if WRITE = READ - 1, and is full if
5061  * WRITE = READ.
5062  *
5063  * During initialization the host sets up the READ queue position to the first
5064  * INDEX position, and WRITE to the last (READ - 1 wrapped)
5065  *
5066  * When the firmware places a packet in a buffer it will advance the READ index
5067  * and fire the RX interrupt.  The driver can then query the READ index and
5068  * process as many packets as possible, moving the WRITE index forward as it
5069  * resets the Rx queue buffers with new memory.
5070  *
5071  * The management in the driver is as follows:
5072  * + A list of pre-allocated SKBs is stored in ipw->rxq->rx_free.  When
5073  *   ipw->rxq->free_count drops to or below RX_LOW_WATERMARK, work is scheduled
5074  *   to replensish the ipw->rxq->rx_free.
5075  * + In ipw_rx_queue_replenish (scheduled) if 'processed' != 'read' then the
5076  *   ipw->rxq is replenished and the READ INDEX is updated (updating the
5077  *   'processed' and 'read' driver indexes as well)
5078  * + A received packet is processed and handed to the kernel network stack,
5079  *   detached from the ipw->rxq.  The driver 'processed' index is updated.
5080  * + The Host/Firmware ipw->rxq is replenished at tasklet time from the rx_free
5081  *   list. If there are no allocated buffers in ipw->rxq->rx_free, the READ
5082  *   INDEX is not incremented and ipw->status(RX_STALLED) is set.  If there
5083  *   were enough free buffers and RX_STALLED is set it is cleared.
5084  *
5085  *
5086  * Driver sequence:
5087  *
5088  * ipw_rx_queue_alloc()       Allocates rx_free
5089  * ipw_rx_queue_replenish()   Replenishes rx_free list from rx_used, and calls
5090  *                            ipw_rx_queue_restock
5091  * ipw_rx_queue_restock()     Moves available buffers from rx_free into Rx
5092  *                            queue, updates firmware pointers, and updates
5093  *                            the WRITE index.  If insufficient rx_free buffers
5094  *                            are available, schedules ipw_rx_queue_replenish
5095  *
5096  * -- enable interrupts --
5097  * ISR - ipw_rx()             Detach ipw_rx_mem_buffers from pool up to the
5098  *                            READ INDEX, detaching the SKB from the pool.
5099  *                            Moves the packet buffer from queue to rx_used.
5100  *                            Calls ipw_rx_queue_restock to refill any empty
5101  *                            slots.
5102  * ...
5103  *
5104  */
5105
5106 /*
5107  * If there are slots in the RX queue that  need to be restocked,
5108  * and we have free pre-allocated buffers, fill the ranks as much
5109  * as we can pulling from rx_free.
5110  *
5111  * This moves the 'write' index forward to catch up with 'processed', and
5112  * also updates the memory address in the firmware to reference the new
5113  * target buffer.
5114  */
5115 static void ipw_rx_queue_restock(struct ipw_priv *priv)
5116 {
5117         struct ipw_rx_queue *rxq = priv->rxq;
5118         struct list_head *element;
5119         struct ipw_rx_mem_buffer *rxb;
5120         unsigned long flags;
5121         int write;
5122
5123         spin_lock_irqsave(&rxq->lock, flags);
5124         write = rxq->write;
5125         while ((ipw_rx_queue_space(rxq) > 0) && (rxq->free_count)) {
5126                 element = rxq->rx_free.next;
5127                 rxb = list_entry(element, struct ipw_rx_mem_buffer, list);
5128                 list_del(element);
5129
5130                 ipw_write32(priv, IPW_RFDS_TABLE_LOWER + rxq->write * RFD_SIZE,
5131                             rxb->dma_addr);
5132                 rxq->queue[rxq->write] = rxb;
5133                 rxq->write = (rxq->write + 1) % RX_QUEUE_SIZE;
5134                 rxq->free_count--;
5135         }
5136         spin_unlock_irqrestore(&rxq->lock, flags);
5137
5138         /* If the pre-allocated buffer pool is dropping low, schedule to
5139          * refill it */
5140         if (rxq->free_count <= RX_LOW_WATERMARK)
5141                 queue_work(priv->workqueue, &priv->rx_replenish);
5142
5143         /* If we've added more space for the firmware to place data, tell it */
5144         if (write != rxq->write)
5145                 ipw_write32(priv, IPW_RX_WRITE_INDEX, rxq->write);
5146 }
5147
5148 /*
5149  * Move all used packet from rx_used to rx_free, allocating a new SKB for each.
5150  * Also restock the Rx queue via ipw_rx_queue_restock.
5151  *
5152  * This is called as a scheduled work item (except for during intialization)
5153  */
5154 static void ipw_rx_queue_replenish(void *data)
5155 {
5156         struct ipw_priv *priv = data;
5157         struct ipw_rx_queue *rxq = priv->rxq;
5158         struct list_head *element;
5159         struct ipw_rx_mem_buffer *rxb;
5160         unsigned long flags;
5161
5162         spin_lock_irqsave(&rxq->lock, flags);
5163         while (!list_empty(&rxq->rx_used)) {
5164                 element = rxq->rx_used.next;
5165                 rxb = list_entry(element, struct ipw_rx_mem_buffer, list);
5166                 rxb->skb = alloc_skb(IPW_RX_BUF_SIZE, GFP_ATOMIC);
5167                 if (!rxb->skb) {
5168                         printk(KERN_CRIT "%s: Can not allocate SKB buffers.\n",
5169                                priv->net_dev->name);
5170                         /* We don't reschedule replenish work here -- we will
5171                          * call the restock method and if it still needs
5172                          * more buffers it will schedule replenish */
5173                         break;
5174                 }
5175                 list_del(element);
5176
5177                 rxb->dma_addr =
5178                     pci_map_single(priv->pci_dev, rxb->skb->data,
5179                                    IPW_RX_BUF_SIZE, PCI_DMA_FROMDEVICE);
5180
5181                 list_add_tail(&rxb->list, &rxq->rx_free);
5182                 rxq->free_count++;
5183         }
5184         spin_unlock_irqrestore(&rxq->lock, flags);
5185
5186         ipw_rx_queue_restock(priv);
5187 }
5188
5189 static void ipw_bg_rx_queue_replenish(struct work_struct *work)
5190 {
5191         struct ipw_priv *priv =
5192                 container_of(work, struct ipw_priv, rx_replenish);
5193         mutex_lock(&priv->mutex);
5194         ipw_rx_queue_replenish(priv);
5195         mutex_unlock(&priv->mutex);
5196 }
5197
5198 /* Assumes that the skb field of the buffers in 'pool' is kept accurate.
5199  * If an SKB has been detached, the POOL needs to have its SKB set to NULL
5200  * This free routine walks the list of POOL entries and if SKB is set to
5201  * non NULL it is unmapped and freed
5202  */
5203 static void ipw_rx_queue_free(struct ipw_priv *priv, struct ipw_rx_queue *rxq)
5204 {
5205         int i;
5206
5207         if (!rxq)
5208                 return;
5209
5210         for (i = 0; i < RX_QUEUE_SIZE + RX_FREE_BUFFERS; i++) {
5211                 if (rxq->pool[i].skb != NULL) {
5212                         pci_unmap_single(priv->pci_dev, rxq->pool[i].dma_addr,
5213                                          IPW_RX_BUF_SIZE, PCI_DMA_FROMDEVICE);
5214                         dev_kfree_skb(rxq->pool[i].skb);
5215                 }
5216         }
5217
5218         kfree(rxq);
5219 }
5220
5221 static struct ipw_rx_queue *ipw_rx_queue_alloc(struct ipw_priv *priv)
5222 {
5223         struct ipw_rx_queue *rxq;
5224         int i;
5225
5226         rxq = kzalloc(sizeof(*rxq), GFP_KERNEL);
5227         if (unlikely(!rxq)) {
5228                 IPW_ERROR("memory allocation failed\n");
5229                 return NULL;
5230         }
5231         spin_lock_init(&rxq->lock);
5232         INIT_LIST_HEAD(&rxq->rx_free);
5233         INIT_LIST_HEAD(&rxq->rx_used);
5234
5235         /* Fill the rx_used queue with _all_ of the Rx buffers */
5236         for (i = 0; i < RX_FREE_BUFFERS + RX_QUEUE_SIZE; i++)
5237                 list_add_tail(&rxq->pool[i].list, &rxq->rx_used);
5238
5239         /* Set us so that we have processed and used all buffers, but have
5240          * not restocked the Rx queue with fresh buffers */
5241         rxq->read = rxq->write = 0;
5242         rxq->free_count = 0;
5243
5244         return rxq;
5245 }
5246
5247 static int ipw_is_rate_in_mask(struct ipw_priv *priv, int ieee_mode, u8 rate)
5248 {
5249         rate &= ~LIBIPW_BASIC_RATE_MASK;
5250         if (ieee_mode == IEEE_A) {
5251                 switch (rate) {
5252                 case LIBIPW_OFDM_RATE_6MB:
5253                         return priv->rates_mask & LIBIPW_OFDM_RATE_6MB_MASK ?
5254                             1 : 0;
5255                 case LIBIPW_OFDM_RATE_9MB:
5256                         return priv->rates_mask & LIBIPW_OFDM_RATE_9MB_MASK ?
5257                             1 : 0;
5258                 case LIBIPW_OFDM_RATE_12MB:
5259                         return priv->
5260                             rates_mask & LIBIPW_OFDM_RATE_12MB_MASK ? 1 : 0;
5261                 case LIBIPW_OFDM_RATE_18MB:
5262                         return priv->
5263                             rates_mask & LIBIPW_OFDM_RATE_18MB_MASK ? 1 : 0;
5264                 case LIBIPW_OFDM_RATE_24MB:
5265                         return priv->
5266                             rates_mask & LIBIPW_OFDM_RATE_24MB_MASK ? 1 : 0;
5267                 case LIBIPW_OFDM_RATE_36MB:
5268                         return priv->
5269                             rates_mask & LIBIPW_OFDM_RATE_36MB_MASK ? 1 : 0;
5270                 case LIBIPW_OFDM_RATE_48MB:
5271                         return priv->
5272                             rates_mask & LIBIPW_OFDM_RATE_48MB_MASK ? 1 : 0;
5273                 case LIBIPW_OFDM_RATE_54MB:
5274                         return priv->
5275                             rates_mask & LIBIPW_OFDM_RATE_54MB_MASK ? 1 : 0;
5276                 default:
5277                         return 0;
5278                 }
5279         }
5280
5281         /* B and G mixed */
5282         switch (rate) {
5283         case LIBIPW_CCK_RATE_1MB:
5284                 return priv->rates_mask & LIBIPW_CCK_RATE_1MB_MASK ? 1 : 0;
5285         case LIBIPW_CCK_RATE_2MB:
5286                 return priv->rates_mask & LIBIPW_CCK_RATE_2MB_MASK ? 1 : 0;
5287         case LIBIPW_CCK_RATE_5MB:
5288                 return priv->rates_mask & LIBIPW_CCK_RATE_5MB_MASK ? 1 : 0;
5289         case LIBIPW_CCK_RATE_11MB:
5290                 return priv->rates_mask & LIBIPW_CCK_RATE_11MB_MASK ? 1 : 0;
5291         }
5292
5293         /* If we are limited to B modulations, bail at this point */
5294         if (ieee_mode == IEEE_B)
5295                 return 0;
5296
5297         /* G */
5298         switch (rate) {
5299         case LIBIPW_OFDM_RATE_6MB:
5300                 return priv->rates_mask & LIBIPW_OFDM_RATE_6MB_MASK ? 1 : 0;
5301         case LIBIPW_OFDM_RATE_9MB:
5302                 return priv->rates_mask & LIBIPW_OFDM_RATE_9MB_MASK ? 1 : 0;
5303         case LIBIPW_OFDM_RATE_12MB:
5304                 return priv->rates_mask & LIBIPW_OFDM_RATE_12MB_MASK ? 1 : 0;
5305         case LIBIPW_OFDM_RATE_18MB:
5306                 return priv->rates_mask & LIBIPW_OFDM_RATE_18MB_MASK ? 1 : 0;
5307         case LIBIPW_OFDM_RATE_24MB:
5308                 return priv->rates_mask & LIBIPW_OFDM_RATE_24MB_MASK ? 1 : 0;
5309         case LIBIPW_OFDM_RATE_36MB:
5310                 return priv->rates_mask & LIBIPW_OFDM_RATE_36MB_MASK ? 1 : 0;
5311         case LIBIPW_OFDM_RATE_48MB:
5312                 return priv->rates_mask & LIBIPW_OFDM_RATE_48MB_MASK ? 1 : 0;
5313         case LIBIPW_OFDM_RATE_54MB:
5314                 return priv->rates_mask & LIBIPW_OFDM_RATE_54MB_MASK ? 1 : 0;
5315         }
5316
5317         return 0;
5318 }
5319
5320 static int ipw_compatible_rates(struct ipw_priv *priv,
5321                                 const struct libipw_network *network,
5322                                 struct ipw_supported_rates *rates)
5323 {
5324         int num_rates, i;
5325
5326         memset(rates, 0, sizeof(*rates));
5327         num_rates = min(network->rates_len, (u8) IPW_MAX_RATES);
5328         rates->num_rates = 0;
5329         for (i = 0; i < num_rates; i++) {
5330                 if (!ipw_is_rate_in_mask(priv, network->mode,
5331                                          network->rates[i])) {
5332
5333                         if (network->rates[i] & LIBIPW_BASIC_RATE_MASK) {
5334                                 IPW_DEBUG_SCAN("Adding masked mandatory "
5335                                                "rate %02X\n",
5336                                                network->rates[i]);
5337                                 rates->supported_rates[rates->num_rates++] =
5338                                     network->rates[i];
5339                                 continue;
5340                         }
5341
5342                         IPW_DEBUG_SCAN("Rate %02X masked : 0x%08X\n",
5343                                        network->rates[i], priv->rates_mask);
5344                         continue;
5345                 }
5346
5347                 rates->supported_rates[rates->num_rates++] = network->rates[i];
5348         }
5349
5350         num_rates = min(network->rates_ex_len,
5351                         (u8) (IPW_MAX_RATES - num_rates));
5352         for (i = 0; i < num_rates; i++) {
5353                 if (!ipw_is_rate_in_mask(priv, network->mode,
5354                                          network->rates_ex[i])) {
5355                         if (network->rates_ex[i] & LIBIPW_BASIC_RATE_MASK) {
5356                                 IPW_DEBUG_SCAN("Adding masked mandatory "
5357                                                "rate %02X\n",
5358                                                network->rates_ex[i]);
5359                                 rates->supported_rates[rates->num_rates++] =
5360                                     network->rates[i];
5361                                 continue;
5362                         }
5363
5364                         IPW_DEBUG_SCAN("Rate %02X masked : 0x%08X\n",
5365                                        network->rates_ex[i], priv->rates_mask);
5366                         continue;
5367                 }
5368
5369                 rates->supported_rates[rates->num_rates++] =
5370                     network->rates_ex[i];
5371         }
5372
5373         return 1;
5374 }
5375
5376 static void ipw_copy_rates(struct ipw_supported_rates *dest,
5377                                   const struct ipw_supported_rates *src)
5378 {
5379         u8 i;
5380         for (i = 0; i < src->num_rates; i++)
5381                 dest->supported_rates[i] = src->supported_rates[i];
5382         dest->num_rates = src->num_rates;
5383 }
5384
5385 /* TODO: Look at sniffed packets in the air to determine if the basic rate
5386  * mask should ever be used -- right now all callers to add the scan rates are
5387  * set with the modulation = CCK, so BASIC_RATE_MASK is never set... */
5388 static void ipw_add_cck_scan_rates(struct ipw_supported_rates *rates,
5389                                    u8 modulation, u32 rate_mask)
5390 {
5391         u8 basic_mask = (LIBIPW_OFDM_MODULATION == modulation) ?
5392             LIBIPW_BASIC_RATE_MASK : 0;
5393
5394         if (rate_mask & LIBIPW_CCK_RATE_1MB_MASK)
5395                 rates->supported_rates[rates->num_rates++] =
5396                     LIBIPW_BASIC_RATE_MASK | LIBIPW_CCK_RATE_1MB;
5397
5398         if (rate_mask & LIBIPW_CCK_RATE_2MB_MASK)
5399                 rates->supported_rates[rates->num_rates++] =
5400                     LIBIPW_BASIC_RATE_MASK | LIBIPW_CCK_RATE_2MB;
5401
5402         if (rate_mask & LIBIPW_CCK_RATE_5MB_MASK)
5403                 rates->supported_rates[rates->num_rates++] = basic_mask |
5404                     LIBIPW_CCK_RATE_5MB;
5405
5406         if (rate_mask & LIBIPW_CCK_RATE_11MB_MASK)
5407                 rates->supported_rates[rates->num_rates++] = basic_mask |
5408                     LIBIPW_CCK_RATE_11MB;
5409 }
5410
5411 static void ipw_add_ofdm_scan_rates(struct ipw_supported_rates *rates,
5412                                     u8 modulation, u32 rate_mask)
5413 {
5414         u8 basic_mask = (LIBIPW_OFDM_MODULATION == modulation) ?
5415             LIBIPW_BASIC_RATE_MASK : 0;
5416
5417         if (rate_mask & LIBIPW_OFDM_RATE_6MB_MASK)
5418                 rates->supported_rates[rates->num_rates++] = basic_mask |
5419                     LIBIPW_OFDM_RATE_6MB;
5420
5421         if (rate_mask & LIBIPW_OFDM_RATE_9MB_MASK)
5422                 rates->supported_rates[rates->num_rates++] =
5423                     LIBIPW_OFDM_RATE_9MB;
5424
5425         if (rate_mask & LIBIPW_OFDM_RATE_12MB_MASK)
5426                 rates->supported_rates[rates->num_rates++] = basic_mask |
5427                     LIBIPW_OFDM_RATE_12MB;
5428
5429         if (rate_mask & LIBIPW_OFDM_RATE_18MB_MASK)
5430                 rates->supported_rates[rates->num_rates++] =
5431                     LIBIPW_OFDM_RATE_18MB;
5432
5433         if (rate_mask & LIBIPW_OFDM_RATE_24MB_MASK)
5434                 rates->supported_rates[rates->num_rates++] = basic_mask |
5435                     LIBIPW_OFDM_RATE_24MB;
5436
5437         if (rate_mask & LIBIPW_OFDM_RATE_36MB_MASK)
5438                 rates->supported_rates[rates->num_rates++] =
5439                     LIBIPW_OFDM_RATE_36MB;
5440
5441         if (rate_mask & LIBIPW_OFDM_RATE_48MB_MASK)
5442                 rates->supported_rates[rates->num_rates++] =
5443                     LIBIPW_OFDM_RATE_48MB;
5444
5445         if (rate_mask & LIBIPW_OFDM_RATE_54MB_MASK)
5446                 rates->supported_rates[rates->num_rates++] =
5447                     LIBIPW_OFDM_RATE_54MB;
5448 }
5449
5450 struct ipw_network_match {
5451         struct libipw_network *network;
5452         struct ipw_supported_rates rates;
5453 };
5454
5455 static int ipw_find_adhoc_network(struct ipw_priv *priv,
5456                                   struct ipw_network_match *match,
5457                                   struct libipw_network *network,
5458                                   int roaming)
5459 {
5460         struct ipw_supported_rates rates;
5461         DECLARE_SSID_BUF(ssid);
5462
5463         /* Verify that this network's capability is compatible with the
5464          * current mode (AdHoc or Infrastructure) */
5465         if ((priv->ieee->iw_mode == IW_MODE_ADHOC &&
5466              !(network->capability & WLAN_CAPABILITY_IBSS))) {
5467                 IPW_DEBUG_MERGE("Network '%s (%pM)' excluded due to "
5468                                 "capability mismatch.\n",
5469                                 print_ssid(ssid, network->ssid,
5470                                            network->ssid_len),
5471                                 network->bssid);
5472                 return 0;
5473         }
5474
5475         if (unlikely(roaming)) {
5476                 /* If we are roaming, then ensure check if this is a valid
5477                  * network to try and roam to */
5478                 if ((network->ssid_len != match->network->ssid_len) ||
5479                     memcmp(network->ssid, match->network->ssid,
5480                            network->ssid_len)) {
5481                         IPW_DEBUG_MERGE("Network '%s (%pM)' excluded "
5482                                         "because of non-network ESSID.\n",
5483                                         print_ssid(ssid, network->ssid,
5484                                                    network->ssid_len),
5485                                         network->bssid);
5486                         return 0;
5487                 }
5488         } else {
5489                 /* If an ESSID has been configured then compare the broadcast
5490                  * ESSID to ours */
5491                 if ((priv->config & CFG_STATIC_ESSID) &&
5492                     ((network->ssid_len != priv->essid_len) ||
5493                      memcmp(network->ssid, priv->essid,
5494                             min(network->ssid_len, priv->essid_len)))) {
5495                         char escaped[IW_ESSID_MAX_SIZE * 2 + 1];
5496
5497                         strncpy(escaped,
5498                                 print_ssid(ssid, network->ssid,
5499                                            network->ssid_len),
5500                                 sizeof(escaped));
5501                         IPW_DEBUG_MERGE("Network '%s (%pM)' excluded "
5502                                         "because of ESSID mismatch: '%s'.\n",
5503                                         escaped, network->bssid,
5504                                         print_ssid(ssid, priv->essid,
5505                                                    priv->essid_len));
5506                         return 0;
5507                 }
5508         }
5509
5510         /* If the old network rate is better than this one, don't bother
5511          * testing everything else. */
5512
5513         if (network->time_stamp[0] < match->network->time_stamp[0]) {
5514                 IPW_DEBUG_MERGE("Network '%s excluded because newer than "
5515                                 "current network.\n",
5516                                 print_ssid(ssid, match->network->ssid,
5517                                            match->network->ssid_len));
5518                 return 0;
5519         } else if (network->time_stamp[1] < match->network->time_stamp[1]) {
5520                 IPW_DEBUG_MERGE("Network '%s excluded because newer than "
5521                                 "current network.\n",
5522                                 print_ssid(ssid, match->network->ssid,
5523                                            match->network->ssid_len));
5524                 return 0;
5525         }
5526
5527         /* Now go through and see if the requested network is valid... */
5528         if (priv->ieee->scan_age != 0 &&
5529             time_after(jiffies, network->last_scanned + priv->ieee->scan_age)) {
5530                 IPW_DEBUG_MERGE("Network '%s (%pM)' excluded "
5531                                 "because of age: %ums.\n",
5532                                 print_ssid(ssid, network->ssid,
5533                                            network->ssid_len),
5534                                 network->bssid,
5535                                 jiffies_to_msecs(jiffies -
5536                                                  network->last_scanned));
5537                 return 0;
5538         }
5539
5540         if ((priv->config & CFG_STATIC_CHANNEL) &&
5541             (network->channel != priv->channel)) {
5542                 IPW_DEBUG_MERGE("Network '%s (%pM)' excluded "
5543                                 "because of channel mismatch: %d != %d.\n",
5544                                 print_ssid(ssid, network->ssid,
5545                                            network->ssid_len),
5546                                 network->bssid,
5547                                 network->channel, priv->channel);
5548                 return 0;
5549         }
5550
5551         /* Verify privacy compatability */
5552         if (((priv->capability & CAP_PRIVACY_ON) ? 1 : 0) !=
5553             ((network->capability & WLAN_CAPABILITY_PRIVACY) ? 1 : 0)) {
5554                 IPW_DEBUG_MERGE("Network '%s (%pM)' excluded "
5555                                 "because of privacy mismatch: %s != %s.\n",
5556                                 print_ssid(ssid, network->ssid,
5557                                            network->ssid_len),
5558                                 network->bssid,
5559                                 priv->
5560                                 capability & CAP_PRIVACY_ON ? "on" : "off",
5561                                 network->
5562                                 capability & WLAN_CAPABILITY_PRIVACY ? "on" :
5563                                 "off");
5564                 return 0;
5565         }
5566
5567         if (!memcmp(network->bssid, priv->bssid, ETH_ALEN)) {
5568                 IPW_DEBUG_MERGE("Network '%s (%pM)' excluded "
5569                                 "because of the same BSSID match: %pM"
5570                                 ".\n", print_ssid(ssid, network->ssid,
5571                                                   network->ssid_len),
5572                                 network->bssid,
5573                                 priv->bssid);
5574                 return 0;
5575         }
5576
5577         /* Filter out any incompatible freq / mode combinations */
5578         if (!libipw_is_valid_mode(priv->ieee, network->mode)) {
5579                 IPW_DEBUG_MERGE("Network '%s (%pM)' excluded "
5580                                 "because of invalid frequency/mode "
5581                                 "combination.\n",
5582                                 print_ssid(ssid, network->ssid,
5583                                            network->ssid_len),
5584                                 network->bssid);
5585                 return 0;
5586         }
5587
5588         /* Ensure that the rates supported by the driver are compatible with
5589          * this AP, including verification of basic rates (mandatory) */
5590         if (!ipw_compatible_rates(priv, network, &rates)) {
5591                 IPW_DEBUG_MERGE("Network '%s (%pM)' excluded "
5592                                 "because configured rate mask excludes "
5593                                 "AP mandatory rate.\n",
5594                                 print_ssid(ssid, network->ssid,
5595                                            network->ssid_len),
5596                                 network->bssid);
5597                 return 0;
5598         }
5599
5600         if (rates.num_rates == 0) {
5601                 IPW_DEBUG_MERGE("Network '%s (%pM)' excluded "
5602                                 "because of no compatible rates.\n",
5603                                 print_ssid(ssid, network->ssid,
5604                                            network->ssid_len),
5605                                 network->bssid);
5606                 return 0;
5607         }
5608
5609         /* TODO: Perform any further minimal comparititive tests.  We do not
5610          * want to put too much policy logic here; intelligent scan selection
5611          * should occur within a generic IEEE 802.11 user space tool.  */
5612
5613         /* Set up 'new' AP to this network */
5614         ipw_copy_rates(&match->rates, &rates);
5615         match->network = network;
5616         IPW_DEBUG_MERGE("Network '%s (%pM)' is a viable match.\n",
5617                         print_ssid(ssid, network->ssid, network->ssid_len),
5618                         network->bssid);
5619
5620         return 1;
5621 }
5622
5623 static void ipw_merge_adhoc_network(struct work_struct *work)
5624 {
5625         DECLARE_SSID_BUF(ssid);
5626         struct ipw_priv *priv =
5627                 container_of(work, struct ipw_priv, merge_networks);
5628         struct libipw_network *network = NULL;
5629         struct ipw_network_match match = {
5630                 .network = priv->assoc_network
5631         };
5632
5633         if ((priv->status & STATUS_ASSOCIATED) &&
5634             (priv->ieee->iw_mode == IW_MODE_ADHOC)) {
5635                 /* First pass through ROAM process -- look for a better
5636                  * network */
5637                 unsigned long flags;
5638
5639                 spin_lock_irqsave(&priv->ieee->lock, flags);
5640                 list_for_each_entry(network, &priv->ieee->network_list, list) {
5641                         if (network != priv->assoc_network)
5642                                 ipw_find_adhoc_network(priv, &match, network,
5643                                                        1);
5644                 }
5645                 spin_unlock_irqrestore(&priv->ieee->lock, flags);
5646
5647                 if (match.network == priv->assoc_network) {
5648                         IPW_DEBUG_MERGE("No better ADHOC in this network to "
5649                                         "merge to.\n");
5650                         return;
5651                 }
5652
5653                 mutex_lock(&priv->mutex);
5654                 if ((priv->ieee->iw_mode == IW_MODE_ADHOC)) {
5655                         IPW_DEBUG_MERGE("remove network %s\n",
5656                                         print_ssid(ssid, priv->essid,
5657                                                    priv->essid_len));
5658                         ipw_remove_current_network(priv);
5659                 }
5660
5661                 ipw_disassociate(priv);
5662                 priv->assoc_network = match.network;
5663                 mutex_unlock(&priv->mutex);
5664                 return;
5665         }
5666 }
5667
5668 static int ipw_best_network(struct ipw_priv *priv,
5669                             struct ipw_network_match *match,
5670                             struct libipw_network *network, int roaming)
5671 {
5672         struct ipw_supported_rates rates;
5673         DECLARE_SSID_BUF(ssid);
5674
5675         /* Verify that this network's capability is compatible with the
5676          * current mode (AdHoc or Infrastructure) */
5677         if ((priv->ieee->iw_mode == IW_MODE_INFRA &&
5678              !(network->capability & WLAN_CAPABILITY_ESS)) ||
5679             (priv->ieee->iw_mode == IW_MODE_ADHOC &&
5680              !(network->capability & WLAN_CAPABILITY_IBSS))) {
5681                 IPW_DEBUG_ASSOC("Network '%s (%pM)' excluded due to "
5682                                 "capability mismatch.\n",
5683                                 print_ssid(ssid, network->ssid,
5684                                            network->ssid_len),
5685                                 network->bssid);
5686                 return 0;
5687         }
5688
5689         if (unlikely(roaming)) {
5690                 /* If we are roaming, then ensure check if this is a valid
5691                  * network to try and roam to */
5692                 if ((network->ssid_len != match->network->ssid_len) ||
5693                     memcmp(network->ssid, match->network->ssid,
5694                            network->ssid_len)) {
5695                         IPW_DEBUG_ASSOC("Network '%s (%pM)' excluded "
5696                                         "because of non-network ESSID.\n",
5697                                         print_ssid(ssid, network->ssid,
5698                                                    network->ssid_len),
5699                                         network->bssid);
5700                         return 0;
5701                 }
5702         } else {
5703                 /* If an ESSID has been configured then compare the broadcast
5704                  * ESSID to ours */
5705                 if ((priv->config & CFG_STATIC_ESSID) &&
5706                     ((network->ssid_len != priv->essid_len) ||
5707                      memcmp(network->ssid, priv->essid,
5708                             min(network->ssid_len, priv->essid_len)))) {
5709                         char escaped[IW_ESSID_MAX_SIZE * 2 + 1];
5710                         strncpy(escaped,
5711                                 print_ssid(ssid, network->ssid,
5712                                            network->ssid_len),
5713                                 sizeof(escaped));
5714                         IPW_DEBUG_ASSOC("Network '%s (%pM)' excluded "
5715                                         "because of ESSID mismatch: '%s'.\n",
5716                                         escaped, network->bssid,
5717                                         print_ssid(ssid, priv->essid,
5718                                                    priv->essid_len));
5719                         return 0;
5720                 }
5721         }
5722
5723         /* If the old network rate is better than this one, don't bother
5724          * testing everything else. */
5725         if (match->network && match->network->stats.rssi > network->stats.rssi) {
5726                 char escaped[IW_ESSID_MAX_SIZE * 2 + 1];
5727                 strncpy(escaped,
5728                         print_ssid(ssid, network->ssid, network->ssid_len),
5729                         sizeof(escaped));
5730                 IPW_DEBUG_ASSOC("Network '%s (%pM)' excluded because "
5731                                 "'%s (%pM)' has a stronger signal.\n",
5732                                 escaped, network->bssid,
5733                                 print_ssid(ssid, match->network->ssid,
5734                                            match->network->ssid_len),
5735                                 match->network->bssid);
5736                 return 0;
5737         }
5738
5739         /* If this network has already had an association attempt within the
5740          * last 3 seconds, do not try and associate again... */
5741         if (network->last_associate &&
5742             time_after(network->last_associate + (HZ * 3UL), jiffies)) {
5743                 IPW_DEBUG_ASSOC("Network '%s (%pM)' excluded "
5744                                 "because of storming (%ums since last "
5745                                 "assoc attempt).\n",
5746                                 print_ssid(ssid, network->ssid,
5747                                            network->ssid_len),
5748                                 network->bssid,
5749                                 jiffies_to_msecs(jiffies -
5750                                                  network->last_associate));
5751                 return 0;
5752         }
5753
5754         /* Now go through and see if the requested network is valid... */
5755         if (priv->ieee->scan_age != 0 &&
5756             time_after(jiffies, network->last_scanned + priv->ieee->scan_age)) {
5757                 IPW_DEBUG_ASSOC("Network '%s (%pM)' excluded "
5758                                 "because of age: %ums.\n",
5759                                 print_ssid(ssid, network->ssid,
5760                                            network->ssid_len),
5761                                 network->bssid,
5762                                 jiffies_to_msecs(jiffies -
5763                                                  network->last_scanned));
5764                 return 0;
5765         }
5766
5767         if ((priv->config & CFG_STATIC_CHANNEL) &&
5768             (network->channel != priv->channel)) {
5769                 IPW_DEBUG_ASSOC("Network '%s (%pM)' excluded "
5770                                 "because of channel mismatch: %d != %d.\n",
5771                                 print_ssid(ssid, network->ssid,
5772                                            network->ssid_len),
5773                                 network->bssid,
5774                                 network->channel, priv->channel);
5775                 return 0;
5776         }
5777 <