]> nv-tegra.nvidia Code Review - linux-2.6.git/blob - drivers/net/wireless/b43/main.c
b43: Force-wake queues on init
[linux-2.6.git] / drivers / net / wireless / b43 / main.c
1 /*
2
3   Broadcom B43 wireless driver
4
5   Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6   Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7   Copyright (c) 2005-2009 Michael Buesch <mb@bu3sch.de>
8   Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9   Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
10
11   Some parts of the code in this file are derived from the ipw2200
12   driver  Copyright(c) 2003 - 2004 Intel Corporation.
13
14   This program is free software; you can redistribute it and/or modify
15   it under the terms of the GNU General Public License as published by
16   the Free Software Foundation; either version 2 of the License, or
17   (at your option) any later version.
18
19   This program is distributed in the hope that it will be useful,
20   but WITHOUT ANY WARRANTY; without even the implied warranty of
21   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
22   GNU General Public License for more details.
23
24   You should have received a copy of the GNU General Public License
25   along with this program; see the file COPYING.  If not, write to
26   the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
27   Boston, MA 02110-1301, USA.
28
29 */
30
31 #include <linux/delay.h>
32 #include <linux/init.h>
33 #include <linux/moduleparam.h>
34 #include <linux/if_arp.h>
35 #include <linux/etherdevice.h>
36 #include <linux/firmware.h>
37 #include <linux/wireless.h>
38 #include <linux/workqueue.h>
39 #include <linux/skbuff.h>
40 #include <linux/io.h>
41 #include <linux/dma-mapping.h>
42 #include <asm/unaligned.h>
43
44 #include "b43.h"
45 #include "main.h"
46 #include "debugfs.h"
47 #include "phy_common.h"
48 #include "phy_g.h"
49 #include "phy_n.h"
50 #include "dma.h"
51 #include "pio.h"
52 #include "sysfs.h"
53 #include "xmit.h"
54 #include "lo.h"
55 #include "pcmcia.h"
56
57 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
58 MODULE_AUTHOR("Martin Langer");
59 MODULE_AUTHOR("Stefano Brivio");
60 MODULE_AUTHOR("Michael Buesch");
61 MODULE_AUTHOR("Gábor Stefanik");
62 MODULE_LICENSE("GPL");
63
64 MODULE_FIRMWARE(B43_SUPPORTED_FIRMWARE_ID);
65
66
67 static int modparam_bad_frames_preempt;
68 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
69 MODULE_PARM_DESC(bad_frames_preempt,
70                  "enable(1) / disable(0) Bad Frames Preemption");
71
72 static char modparam_fwpostfix[16];
73 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
74 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
75
76 static int modparam_hwpctl;
77 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
78 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
79
80 static int modparam_nohwcrypt;
81 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
82 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
83
84 static int modparam_hwtkip;
85 module_param_named(hwtkip, modparam_hwtkip, int, 0444);
86 MODULE_PARM_DESC(hwtkip, "Enable hardware tkip.");
87
88 static int modparam_qos = 1;
89 module_param_named(qos, modparam_qos, int, 0444);
90 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
91
92 static int modparam_btcoex = 1;
93 module_param_named(btcoex, modparam_btcoex, int, 0444);
94 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistence (default on)");
95
96 int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
97 module_param_named(verbose, b43_modparam_verbose, int, 0644);
98 MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
99
100
101 static const struct ssb_device_id b43_ssb_tbl[] = {
102         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
103         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
104         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
105         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
106         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
107         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
108         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
109         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
110         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
111         SSB_DEVTABLE_END
112 };
113
114 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
115
116 /* Channel and ratetables are shared for all devices.
117  * They can't be const, because ieee80211 puts some precalculated
118  * data in there. This data is the same for all devices, so we don't
119  * get concurrency issues */
120 #define RATETAB_ENT(_rateid, _flags) \
121         {                                                               \
122                 .bitrate        = B43_RATE_TO_BASE100KBPS(_rateid),     \
123                 .hw_value       = (_rateid),                            \
124                 .flags          = (_flags),                             \
125         }
126
127 /*
128  * NOTE: When changing this, sync with xmit.c's
129  *       b43_plcp_get_bitrate_idx_* functions!
130  */
131 static struct ieee80211_rate __b43_ratetable[] = {
132         RATETAB_ENT(B43_CCK_RATE_1MB, 0),
133         RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
134         RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
135         RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
136         RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
137         RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
138         RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
139         RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
140         RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
141         RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
142         RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
143         RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
144 };
145
146 #define b43_a_ratetable         (__b43_ratetable + 4)
147 #define b43_a_ratetable_size    8
148 #define b43_b_ratetable         (__b43_ratetable + 0)
149 #define b43_b_ratetable_size    4
150 #define b43_g_ratetable         (__b43_ratetable + 0)
151 #define b43_g_ratetable_size    12
152
153 #define CHAN4G(_channel, _freq, _flags) {                       \
154         .band                   = IEEE80211_BAND_2GHZ,          \
155         .center_freq            = (_freq),                      \
156         .hw_value               = (_channel),                   \
157         .flags                  = (_flags),                     \
158         .max_antenna_gain       = 0,                            \
159         .max_power              = 30,                           \
160 }
161 static struct ieee80211_channel b43_2ghz_chantable[] = {
162         CHAN4G(1, 2412, 0),
163         CHAN4G(2, 2417, 0),
164         CHAN4G(3, 2422, 0),
165         CHAN4G(4, 2427, 0),
166         CHAN4G(5, 2432, 0),
167         CHAN4G(6, 2437, 0),
168         CHAN4G(7, 2442, 0),
169         CHAN4G(8, 2447, 0),
170         CHAN4G(9, 2452, 0),
171         CHAN4G(10, 2457, 0),
172         CHAN4G(11, 2462, 0),
173         CHAN4G(12, 2467, 0),
174         CHAN4G(13, 2472, 0),
175         CHAN4G(14, 2484, 0),
176 };
177 #undef CHAN4G
178
179 #define CHAN5G(_channel, _flags) {                              \
180         .band                   = IEEE80211_BAND_5GHZ,          \
181         .center_freq            = 5000 + (5 * (_channel)),      \
182         .hw_value               = (_channel),                   \
183         .flags                  = (_flags),                     \
184         .max_antenna_gain       = 0,                            \
185         .max_power              = 30,                           \
186 }
187 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
188         CHAN5G(32, 0),          CHAN5G(34, 0),
189         CHAN5G(36, 0),          CHAN5G(38, 0),
190         CHAN5G(40, 0),          CHAN5G(42, 0),
191         CHAN5G(44, 0),          CHAN5G(46, 0),
192         CHAN5G(48, 0),          CHAN5G(50, 0),
193         CHAN5G(52, 0),          CHAN5G(54, 0),
194         CHAN5G(56, 0),          CHAN5G(58, 0),
195         CHAN5G(60, 0),          CHAN5G(62, 0),
196         CHAN5G(64, 0),          CHAN5G(66, 0),
197         CHAN5G(68, 0),          CHAN5G(70, 0),
198         CHAN5G(72, 0),          CHAN5G(74, 0),
199         CHAN5G(76, 0),          CHAN5G(78, 0),
200         CHAN5G(80, 0),          CHAN5G(82, 0),
201         CHAN5G(84, 0),          CHAN5G(86, 0),
202         CHAN5G(88, 0),          CHAN5G(90, 0),
203         CHAN5G(92, 0),          CHAN5G(94, 0),
204         CHAN5G(96, 0),          CHAN5G(98, 0),
205         CHAN5G(100, 0),         CHAN5G(102, 0),
206         CHAN5G(104, 0),         CHAN5G(106, 0),
207         CHAN5G(108, 0),         CHAN5G(110, 0),
208         CHAN5G(112, 0),         CHAN5G(114, 0),
209         CHAN5G(116, 0),         CHAN5G(118, 0),
210         CHAN5G(120, 0),         CHAN5G(122, 0),
211         CHAN5G(124, 0),         CHAN5G(126, 0),
212         CHAN5G(128, 0),         CHAN5G(130, 0),
213         CHAN5G(132, 0),         CHAN5G(134, 0),
214         CHAN5G(136, 0),         CHAN5G(138, 0),
215         CHAN5G(140, 0),         CHAN5G(142, 0),
216         CHAN5G(144, 0),         CHAN5G(145, 0),
217         CHAN5G(146, 0),         CHAN5G(147, 0),
218         CHAN5G(148, 0),         CHAN5G(149, 0),
219         CHAN5G(150, 0),         CHAN5G(151, 0),
220         CHAN5G(152, 0),         CHAN5G(153, 0),
221         CHAN5G(154, 0),         CHAN5G(155, 0),
222         CHAN5G(156, 0),         CHAN5G(157, 0),
223         CHAN5G(158, 0),         CHAN5G(159, 0),
224         CHAN5G(160, 0),         CHAN5G(161, 0),
225         CHAN5G(162, 0),         CHAN5G(163, 0),
226         CHAN5G(164, 0),         CHAN5G(165, 0),
227         CHAN5G(166, 0),         CHAN5G(168, 0),
228         CHAN5G(170, 0),         CHAN5G(172, 0),
229         CHAN5G(174, 0),         CHAN5G(176, 0),
230         CHAN5G(178, 0),         CHAN5G(180, 0),
231         CHAN5G(182, 0),         CHAN5G(184, 0),
232         CHAN5G(186, 0),         CHAN5G(188, 0),
233         CHAN5G(190, 0),         CHAN5G(192, 0),
234         CHAN5G(194, 0),         CHAN5G(196, 0),
235         CHAN5G(198, 0),         CHAN5G(200, 0),
236         CHAN5G(202, 0),         CHAN5G(204, 0),
237         CHAN5G(206, 0),         CHAN5G(208, 0),
238         CHAN5G(210, 0),         CHAN5G(212, 0),
239         CHAN5G(214, 0),         CHAN5G(216, 0),
240         CHAN5G(218, 0),         CHAN5G(220, 0),
241         CHAN5G(222, 0),         CHAN5G(224, 0),
242         CHAN5G(226, 0),         CHAN5G(228, 0),
243 };
244
245 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
246         CHAN5G(34, 0),          CHAN5G(36, 0),
247         CHAN5G(38, 0),          CHAN5G(40, 0),
248         CHAN5G(42, 0),          CHAN5G(44, 0),
249         CHAN5G(46, 0),          CHAN5G(48, 0),
250         CHAN5G(52, 0),          CHAN5G(56, 0),
251         CHAN5G(60, 0),          CHAN5G(64, 0),
252         CHAN5G(100, 0),         CHAN5G(104, 0),
253         CHAN5G(108, 0),         CHAN5G(112, 0),
254         CHAN5G(116, 0),         CHAN5G(120, 0),
255         CHAN5G(124, 0),         CHAN5G(128, 0),
256         CHAN5G(132, 0),         CHAN5G(136, 0),
257         CHAN5G(140, 0),         CHAN5G(149, 0),
258         CHAN5G(153, 0),         CHAN5G(157, 0),
259         CHAN5G(161, 0),         CHAN5G(165, 0),
260         CHAN5G(184, 0),         CHAN5G(188, 0),
261         CHAN5G(192, 0),         CHAN5G(196, 0),
262         CHAN5G(200, 0),         CHAN5G(204, 0),
263         CHAN5G(208, 0),         CHAN5G(212, 0),
264         CHAN5G(216, 0),
265 };
266 #undef CHAN5G
267
268 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
269         .band           = IEEE80211_BAND_5GHZ,
270         .channels       = b43_5ghz_nphy_chantable,
271         .n_channels     = ARRAY_SIZE(b43_5ghz_nphy_chantable),
272         .bitrates       = b43_a_ratetable,
273         .n_bitrates     = b43_a_ratetable_size,
274 };
275
276 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
277         .band           = IEEE80211_BAND_5GHZ,
278         .channels       = b43_5ghz_aphy_chantable,
279         .n_channels     = ARRAY_SIZE(b43_5ghz_aphy_chantable),
280         .bitrates       = b43_a_ratetable,
281         .n_bitrates     = b43_a_ratetable_size,
282 };
283
284 static struct ieee80211_supported_band b43_band_2GHz = {
285         .band           = IEEE80211_BAND_2GHZ,
286         .channels       = b43_2ghz_chantable,
287         .n_channels     = ARRAY_SIZE(b43_2ghz_chantable),
288         .bitrates       = b43_g_ratetable,
289         .n_bitrates     = b43_g_ratetable_size,
290 };
291
292 static void b43_wireless_core_exit(struct b43_wldev *dev);
293 static int b43_wireless_core_init(struct b43_wldev *dev);
294 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev);
295 static int b43_wireless_core_start(struct b43_wldev *dev);
296
297 static int b43_ratelimit(struct b43_wl *wl)
298 {
299         if (!wl || !wl->current_dev)
300                 return 1;
301         if (b43_status(wl->current_dev) < B43_STAT_STARTED)
302                 return 1;
303         /* We are up and running.
304          * Ratelimit the messages to avoid DoS over the net. */
305         return net_ratelimit();
306 }
307
308 void b43info(struct b43_wl *wl, const char *fmt, ...)
309 {
310         va_list args;
311
312         if (b43_modparam_verbose < B43_VERBOSITY_INFO)
313                 return;
314         if (!b43_ratelimit(wl))
315                 return;
316         va_start(args, fmt);
317         printk(KERN_INFO "b43-%s: ",
318                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
319         vprintk(fmt, args);
320         va_end(args);
321 }
322
323 void b43err(struct b43_wl *wl, const char *fmt, ...)
324 {
325         va_list args;
326
327         if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
328                 return;
329         if (!b43_ratelimit(wl))
330                 return;
331         va_start(args, fmt);
332         printk(KERN_ERR "b43-%s ERROR: ",
333                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
334         vprintk(fmt, args);
335         va_end(args);
336 }
337
338 void b43warn(struct b43_wl *wl, const char *fmt, ...)
339 {
340         va_list args;
341
342         if (b43_modparam_verbose < B43_VERBOSITY_WARN)
343                 return;
344         if (!b43_ratelimit(wl))
345                 return;
346         va_start(args, fmt);
347         printk(KERN_WARNING "b43-%s warning: ",
348                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
349         vprintk(fmt, args);
350         va_end(args);
351 }
352
353 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
354 {
355         va_list args;
356
357         if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
358                 return;
359         va_start(args, fmt);
360         printk(KERN_DEBUG "b43-%s debug: ",
361                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
362         vprintk(fmt, args);
363         va_end(args);
364 }
365
366 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
367 {
368         u32 macctl;
369
370         B43_WARN_ON(offset % 4 != 0);
371
372         macctl = b43_read32(dev, B43_MMIO_MACCTL);
373         if (macctl & B43_MACCTL_BE)
374                 val = swab32(val);
375
376         b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
377         mmiowb();
378         b43_write32(dev, B43_MMIO_RAM_DATA, val);
379 }
380
381 static inline void b43_shm_control_word(struct b43_wldev *dev,
382                                         u16 routing, u16 offset)
383 {
384         u32 control;
385
386         /* "offset" is the WORD offset. */
387         control = routing;
388         control <<= 16;
389         control |= offset;
390         b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
391 }
392
393 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
394 {
395         u32 ret;
396
397         if (routing == B43_SHM_SHARED) {
398                 B43_WARN_ON(offset & 0x0001);
399                 if (offset & 0x0003) {
400                         /* Unaligned access */
401                         b43_shm_control_word(dev, routing, offset >> 2);
402                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
403                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
404                         ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
405
406                         goto out;
407                 }
408                 offset >>= 2;
409         }
410         b43_shm_control_word(dev, routing, offset);
411         ret = b43_read32(dev, B43_MMIO_SHM_DATA);
412 out:
413         return ret;
414 }
415
416 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
417 {
418         u16 ret;
419
420         if (routing == B43_SHM_SHARED) {
421                 B43_WARN_ON(offset & 0x0001);
422                 if (offset & 0x0003) {
423                         /* Unaligned access */
424                         b43_shm_control_word(dev, routing, offset >> 2);
425                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
426
427                         goto out;
428                 }
429                 offset >>= 2;
430         }
431         b43_shm_control_word(dev, routing, offset);
432         ret = b43_read16(dev, B43_MMIO_SHM_DATA);
433 out:
434         return ret;
435 }
436
437 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
438 {
439         if (routing == B43_SHM_SHARED) {
440                 B43_WARN_ON(offset & 0x0001);
441                 if (offset & 0x0003) {
442                         /* Unaligned access */
443                         b43_shm_control_word(dev, routing, offset >> 2);
444                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
445                                     value & 0xFFFF);
446                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
447                         b43_write16(dev, B43_MMIO_SHM_DATA,
448                                     (value >> 16) & 0xFFFF);
449                         return;
450                 }
451                 offset >>= 2;
452         }
453         b43_shm_control_word(dev, routing, offset);
454         b43_write32(dev, B43_MMIO_SHM_DATA, value);
455 }
456
457 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
458 {
459         if (routing == B43_SHM_SHARED) {
460                 B43_WARN_ON(offset & 0x0001);
461                 if (offset & 0x0003) {
462                         /* Unaligned access */
463                         b43_shm_control_word(dev, routing, offset >> 2);
464                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
465                         return;
466                 }
467                 offset >>= 2;
468         }
469         b43_shm_control_word(dev, routing, offset);
470         b43_write16(dev, B43_MMIO_SHM_DATA, value);
471 }
472
473 /* Read HostFlags */
474 u64 b43_hf_read(struct b43_wldev *dev)
475 {
476         u64 ret;
477
478         ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI);
479         ret <<= 16;
480         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI);
481         ret <<= 16;
482         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO);
483
484         return ret;
485 }
486
487 /* Write HostFlags */
488 void b43_hf_write(struct b43_wldev *dev, u64 value)
489 {
490         u16 lo, mi, hi;
491
492         lo = (value & 0x00000000FFFFULL);
493         mi = (value & 0x0000FFFF0000ULL) >> 16;
494         hi = (value & 0xFFFF00000000ULL) >> 32;
495         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO, lo);
496         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI, mi);
497         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI, hi);
498 }
499
500 /* Read the firmware capabilities bitmask (Opensource firmware only) */
501 static u16 b43_fwcapa_read(struct b43_wldev *dev)
502 {
503         B43_WARN_ON(!dev->fw.opensource);
504         return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
505 }
506
507 void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
508 {
509         u32 low, high;
510
511         B43_WARN_ON(dev->dev->id.revision < 3);
512
513         /* The hardware guarantees us an atomic read, if we
514          * read the low register first. */
515         low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
516         high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
517
518         *tsf = high;
519         *tsf <<= 32;
520         *tsf |= low;
521 }
522
523 static void b43_time_lock(struct b43_wldev *dev)
524 {
525         u32 macctl;
526
527         macctl = b43_read32(dev, B43_MMIO_MACCTL);
528         macctl |= B43_MACCTL_TBTTHOLD;
529         b43_write32(dev, B43_MMIO_MACCTL, macctl);
530         /* Commit the write */
531         b43_read32(dev, B43_MMIO_MACCTL);
532 }
533
534 static void b43_time_unlock(struct b43_wldev *dev)
535 {
536         u32 macctl;
537
538         macctl = b43_read32(dev, B43_MMIO_MACCTL);
539         macctl &= ~B43_MACCTL_TBTTHOLD;
540         b43_write32(dev, B43_MMIO_MACCTL, macctl);
541         /* Commit the write */
542         b43_read32(dev, B43_MMIO_MACCTL);
543 }
544
545 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
546 {
547         u32 low, high;
548
549         B43_WARN_ON(dev->dev->id.revision < 3);
550
551         low = tsf;
552         high = (tsf >> 32);
553         /* The hardware guarantees us an atomic write, if we
554          * write the low register first. */
555         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
556         mmiowb();
557         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
558         mmiowb();
559 }
560
561 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
562 {
563         b43_time_lock(dev);
564         b43_tsf_write_locked(dev, tsf);
565         b43_time_unlock(dev);
566 }
567
568 static
569 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
570 {
571         static const u8 zero_addr[ETH_ALEN] = { 0 };
572         u16 data;
573
574         if (!mac)
575                 mac = zero_addr;
576
577         offset |= 0x0020;
578         b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
579
580         data = mac[0];
581         data |= mac[1] << 8;
582         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
583         data = mac[2];
584         data |= mac[3] << 8;
585         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
586         data = mac[4];
587         data |= mac[5] << 8;
588         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
589 }
590
591 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
592 {
593         const u8 *mac;
594         const u8 *bssid;
595         u8 mac_bssid[ETH_ALEN * 2];
596         int i;
597         u32 tmp;
598
599         bssid = dev->wl->bssid;
600         mac = dev->wl->mac_addr;
601
602         b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
603
604         memcpy(mac_bssid, mac, ETH_ALEN);
605         memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
606
607         /* Write our MAC address and BSSID to template ram */
608         for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
609                 tmp = (u32) (mac_bssid[i + 0]);
610                 tmp |= (u32) (mac_bssid[i + 1]) << 8;
611                 tmp |= (u32) (mac_bssid[i + 2]) << 16;
612                 tmp |= (u32) (mac_bssid[i + 3]) << 24;
613                 b43_ram_write(dev, 0x20 + i, tmp);
614         }
615 }
616
617 static void b43_upload_card_macaddress(struct b43_wldev *dev)
618 {
619         b43_write_mac_bssid_templates(dev);
620         b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
621 }
622
623 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
624 {
625         /* slot_time is in usec. */
626         if (dev->phy.type != B43_PHYTYPE_G)
627                 return;
628         b43_write16(dev, 0x684, 510 + slot_time);
629         b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
630 }
631
632 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
633 {
634         b43_set_slot_time(dev, 9);
635 }
636
637 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
638 {
639         b43_set_slot_time(dev, 20);
640 }
641
642 /* DummyTransmission function, as documented on
643  * http://bcm-v4.sipsolutions.net/802.11/DummyTransmission
644  */
645 void b43_dummy_transmission(struct b43_wldev *dev, bool ofdm, bool pa_on)
646 {
647         struct b43_phy *phy = &dev->phy;
648         unsigned int i, max_loop;
649         u16 value;
650         u32 buffer[5] = {
651                 0x00000000,
652                 0x00D40000,
653                 0x00000000,
654                 0x01000000,
655                 0x00000000,
656         };
657
658         if (ofdm) {
659                 max_loop = 0x1E;
660                 buffer[0] = 0x000201CC;
661         } else {
662                 max_loop = 0xFA;
663                 buffer[0] = 0x000B846E;
664         }
665
666         for (i = 0; i < 5; i++)
667                 b43_ram_write(dev, i * 4, buffer[i]);
668
669         b43_write16(dev, 0x0568, 0x0000);
670         if (dev->dev->id.revision < 11)
671                 b43_write16(dev, 0x07C0, 0x0000);
672         else
673                 b43_write16(dev, 0x07C0, 0x0100);
674         value = (ofdm ? 0x41 : 0x40);
675         b43_write16(dev, 0x050C, value);
676         if ((phy->type == B43_PHYTYPE_N) || (phy->type == B43_PHYTYPE_LP))
677                 b43_write16(dev, 0x0514, 0x1A02);
678         b43_write16(dev, 0x0508, 0x0000);
679         b43_write16(dev, 0x050A, 0x0000);
680         b43_write16(dev, 0x054C, 0x0000);
681         b43_write16(dev, 0x056A, 0x0014);
682         b43_write16(dev, 0x0568, 0x0826);
683         b43_write16(dev, 0x0500, 0x0000);
684         if (!pa_on && (phy->type == B43_PHYTYPE_N)) {
685                 //SPEC TODO
686         }
687
688         switch (phy->type) {
689         case B43_PHYTYPE_N:
690                 b43_write16(dev, 0x0502, 0x00D0);
691                 break;
692         case B43_PHYTYPE_LP:
693                 b43_write16(dev, 0x0502, 0x0050);
694                 break;
695         default:
696                 b43_write16(dev, 0x0502, 0x0030);
697         }
698
699         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
700                 b43_radio_write16(dev, 0x0051, 0x0017);
701         for (i = 0x00; i < max_loop; i++) {
702                 value = b43_read16(dev, 0x050E);
703                 if (value & 0x0080)
704                         break;
705                 udelay(10);
706         }
707         for (i = 0x00; i < 0x0A; i++) {
708                 value = b43_read16(dev, 0x050E);
709                 if (value & 0x0400)
710                         break;
711                 udelay(10);
712         }
713         for (i = 0x00; i < 0x19; i++) {
714                 value = b43_read16(dev, 0x0690);
715                 if (!(value & 0x0100))
716                         break;
717                 udelay(10);
718         }
719         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
720                 b43_radio_write16(dev, 0x0051, 0x0037);
721 }
722
723 static void key_write(struct b43_wldev *dev,
724                       u8 index, u8 algorithm, const u8 *key)
725 {
726         unsigned int i;
727         u32 offset;
728         u16 value;
729         u16 kidx;
730
731         /* Key index/algo block */
732         kidx = b43_kidx_to_fw(dev, index);
733         value = ((kidx << 4) | algorithm);
734         b43_shm_write16(dev, B43_SHM_SHARED,
735                         B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
736
737         /* Write the key to the Key Table Pointer offset */
738         offset = dev->ktp + (index * B43_SEC_KEYSIZE);
739         for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
740                 value = key[i];
741                 value |= (u16) (key[i + 1]) << 8;
742                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
743         }
744 }
745
746 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
747 {
748         u32 addrtmp[2] = { 0, 0, };
749         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
750
751         if (b43_new_kidx_api(dev))
752                 pairwise_keys_start = B43_NR_GROUP_KEYS;
753
754         B43_WARN_ON(index < pairwise_keys_start);
755         /* We have four default TX keys and possibly four default RX keys.
756          * Physical mac 0 is mapped to physical key 4 or 8, depending
757          * on the firmware version.
758          * So we must adjust the index here.
759          */
760         index -= pairwise_keys_start;
761         B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
762
763         if (addr) {
764                 addrtmp[0] = addr[0];
765                 addrtmp[0] |= ((u32) (addr[1]) << 8);
766                 addrtmp[0] |= ((u32) (addr[2]) << 16);
767                 addrtmp[0] |= ((u32) (addr[3]) << 24);
768                 addrtmp[1] = addr[4];
769                 addrtmp[1] |= ((u32) (addr[5]) << 8);
770         }
771
772         /* Receive match transmitter address (RCMTA) mechanism */
773         b43_shm_write32(dev, B43_SHM_RCMTA,
774                         (index * 2) + 0, addrtmp[0]);
775         b43_shm_write16(dev, B43_SHM_RCMTA,
776                         (index * 2) + 1, addrtmp[1]);
777 }
778
779 /* The ucode will use phase1 key with TEK key to decrypt rx packets.
780  * When a packet is received, the iv32 is checked.
781  * - if it doesn't the packet is returned without modification (and software
782  *   decryption can be done). That's what happen when iv16 wrap.
783  * - if it does, the rc4 key is computed, and decryption is tried.
784  *   Either it will success and B43_RX_MAC_DEC is returned,
785  *   either it fails and B43_RX_MAC_DEC|B43_RX_MAC_DECERR is returned
786  *   and the packet is not usable (it got modified by the ucode).
787  * So in order to never have B43_RX_MAC_DECERR, we should provide
788  * a iv32 and phase1key that match. Because we drop packets in case of
789  * B43_RX_MAC_DECERR, if we have a correct iv32 but a wrong phase1key, all
790  * packets will be lost without higher layer knowing (ie no resync possible
791  * until next wrap).
792  *
793  * NOTE : this should support 50 key like RCMTA because
794  * (B43_SHM_SH_KEYIDXBLOCK - B43_SHM_SH_TKIPTSCTTAK)/14 = 50
795  */
796 static void rx_tkip_phase1_write(struct b43_wldev *dev, u8 index, u32 iv32,
797                 u16 *phase1key)
798 {
799         unsigned int i;
800         u32 offset;
801         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
802
803         if (!modparam_hwtkip)
804                 return;
805
806         if (b43_new_kidx_api(dev))
807                 pairwise_keys_start = B43_NR_GROUP_KEYS;
808
809         B43_WARN_ON(index < pairwise_keys_start);
810         /* We have four default TX keys and possibly four default RX keys.
811          * Physical mac 0 is mapped to physical key 4 or 8, depending
812          * on the firmware version.
813          * So we must adjust the index here.
814          */
815         index -= pairwise_keys_start;
816         B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
817
818         if (b43_debug(dev, B43_DBG_KEYS)) {
819                 b43dbg(dev->wl, "rx_tkip_phase1_write : idx 0x%x, iv32 0x%x\n",
820                                 index, iv32);
821         }
822         /* Write the key to the  RX tkip shared mem */
823         offset = B43_SHM_SH_TKIPTSCTTAK + index * (10 + 4);
824         for (i = 0; i < 10; i += 2) {
825                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i,
826                                 phase1key ? phase1key[i / 2] : 0);
827         }
828         b43_shm_write16(dev, B43_SHM_SHARED, offset + i, iv32);
829         b43_shm_write16(dev, B43_SHM_SHARED, offset + i + 2, iv32 >> 16);
830 }
831
832 static void b43_op_update_tkip_key(struct ieee80211_hw *hw,
833                         struct ieee80211_key_conf *keyconf, const u8 *addr,
834                         u32 iv32, u16 *phase1key)
835 {
836         struct b43_wl *wl = hw_to_b43_wl(hw);
837         struct b43_wldev *dev;
838         int index = keyconf->hw_key_idx;
839
840         if (B43_WARN_ON(!modparam_hwtkip))
841                 return;
842
843         mutex_lock(&wl->mutex);
844
845         dev = wl->current_dev;
846         if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
847                 goto out_unlock;
848
849         keymac_write(dev, index, NULL); /* First zero out mac to avoid race */
850
851         rx_tkip_phase1_write(dev, index, iv32, phase1key);
852         keymac_write(dev, index, addr);
853
854 out_unlock:
855         mutex_unlock(&wl->mutex);
856 }
857
858 static void do_key_write(struct b43_wldev *dev,
859                          u8 index, u8 algorithm,
860                          const u8 *key, size_t key_len, const u8 *mac_addr)
861 {
862         u8 buf[B43_SEC_KEYSIZE] = { 0, };
863         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
864
865         if (b43_new_kidx_api(dev))
866                 pairwise_keys_start = B43_NR_GROUP_KEYS;
867
868         B43_WARN_ON(index >= ARRAY_SIZE(dev->key));
869         B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
870
871         if (index >= pairwise_keys_start)
872                 keymac_write(dev, index, NULL); /* First zero out mac. */
873         if (algorithm == B43_SEC_ALGO_TKIP) {
874                 /*
875                  * We should provide an initial iv32, phase1key pair.
876                  * We could start with iv32=0 and compute the corresponding
877                  * phase1key, but this means calling ieee80211_get_tkip_key
878                  * with a fake skb (or export other tkip function).
879                  * Because we are lazy we hope iv32 won't start with
880                  * 0xffffffff and let's b43_op_update_tkip_key provide a
881                  * correct pair.
882                  */
883                 rx_tkip_phase1_write(dev, index, 0xffffffff, (u16*)buf);
884         } else if (index >= pairwise_keys_start) /* clear it */
885                 rx_tkip_phase1_write(dev, index, 0, NULL);
886         if (key)
887                 memcpy(buf, key, key_len);
888         key_write(dev, index, algorithm, buf);
889         if (index >= pairwise_keys_start)
890                 keymac_write(dev, index, mac_addr);
891
892         dev->key[index].algorithm = algorithm;
893 }
894
895 static int b43_key_write(struct b43_wldev *dev,
896                          int index, u8 algorithm,
897                          const u8 *key, size_t key_len,
898                          const u8 *mac_addr,
899                          struct ieee80211_key_conf *keyconf)
900 {
901         int i;
902         int pairwise_keys_start;
903
904         /* For ALG_TKIP the key is encoded as a 256-bit (32 byte) data block:
905          *      - Temporal Encryption Key (128 bits)
906          *      - Temporal Authenticator Tx MIC Key (64 bits)
907          *      - Temporal Authenticator Rx MIC Key (64 bits)
908          *
909          *      Hardware only store TEK
910          */
911         if (algorithm == B43_SEC_ALGO_TKIP && key_len == 32)
912                 key_len = 16;
913         if (key_len > B43_SEC_KEYSIZE)
914                 return -EINVAL;
915         for (i = 0; i < ARRAY_SIZE(dev->key); i++) {
916                 /* Check that we don't already have this key. */
917                 B43_WARN_ON(dev->key[i].keyconf == keyconf);
918         }
919         if (index < 0) {
920                 /* Pairwise key. Get an empty slot for the key. */
921                 if (b43_new_kidx_api(dev))
922                         pairwise_keys_start = B43_NR_GROUP_KEYS;
923                 else
924                         pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
925                 for (i = pairwise_keys_start;
926                      i < pairwise_keys_start + B43_NR_PAIRWISE_KEYS;
927                      i++) {
928                         B43_WARN_ON(i >= ARRAY_SIZE(dev->key));
929                         if (!dev->key[i].keyconf) {
930                                 /* found empty */
931                                 index = i;
932                                 break;
933                         }
934                 }
935                 if (index < 0) {
936                         b43warn(dev->wl, "Out of hardware key memory\n");
937                         return -ENOSPC;
938                 }
939         } else
940                 B43_WARN_ON(index > 3);
941
942         do_key_write(dev, index, algorithm, key, key_len, mac_addr);
943         if ((index <= 3) && !b43_new_kidx_api(dev)) {
944                 /* Default RX key */
945                 B43_WARN_ON(mac_addr);
946                 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
947         }
948         keyconf->hw_key_idx = index;
949         dev->key[index].keyconf = keyconf;
950
951         return 0;
952 }
953
954 static int b43_key_clear(struct b43_wldev *dev, int index)
955 {
956         if (B43_WARN_ON((index < 0) || (index >= ARRAY_SIZE(dev->key))))
957                 return -EINVAL;
958         do_key_write(dev, index, B43_SEC_ALGO_NONE,
959                      NULL, B43_SEC_KEYSIZE, NULL);
960         if ((index <= 3) && !b43_new_kidx_api(dev)) {
961                 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
962                              NULL, B43_SEC_KEYSIZE, NULL);
963         }
964         dev->key[index].keyconf = NULL;
965
966         return 0;
967 }
968
969 static void b43_clear_keys(struct b43_wldev *dev)
970 {
971         int i, count;
972
973         if (b43_new_kidx_api(dev))
974                 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
975         else
976                 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
977         for (i = 0; i < count; i++)
978                 b43_key_clear(dev, i);
979 }
980
981 static void b43_dump_keymemory(struct b43_wldev *dev)
982 {
983         unsigned int i, index, count, offset, pairwise_keys_start;
984         u8 mac[ETH_ALEN];
985         u16 algo;
986         u32 rcmta0;
987         u16 rcmta1;
988         u64 hf;
989         struct b43_key *key;
990
991         if (!b43_debug(dev, B43_DBG_KEYS))
992                 return;
993
994         hf = b43_hf_read(dev);
995         b43dbg(dev->wl, "Hardware key memory dump:  USEDEFKEYS=%u\n",
996                !!(hf & B43_HF_USEDEFKEYS));
997         if (b43_new_kidx_api(dev)) {
998                 pairwise_keys_start = B43_NR_GROUP_KEYS;
999                 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1000         } else {
1001                 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1002                 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1003         }
1004         for (index = 0; index < count; index++) {
1005                 key = &(dev->key[index]);
1006                 printk(KERN_DEBUG "Key slot %02u: %s",
1007                        index, (key->keyconf == NULL) ? " " : "*");
1008                 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
1009                 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
1010                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1011                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1012                 }
1013
1014                 algo = b43_shm_read16(dev, B43_SHM_SHARED,
1015                                       B43_SHM_SH_KEYIDXBLOCK + (index * 2));
1016                 printk("   Algo: %04X/%02X", algo, key->algorithm);
1017
1018                 if (index >= pairwise_keys_start) {
1019                         if (key->algorithm == B43_SEC_ALGO_TKIP) {
1020                                 printk("   TKIP: ");
1021                                 offset = B43_SHM_SH_TKIPTSCTTAK + (index - 4) * (10 + 4);
1022                                 for (i = 0; i < 14; i += 2) {
1023                                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1024                                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1025                                 }
1026                         }
1027                         rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
1028                                                 ((index - pairwise_keys_start) * 2) + 0);
1029                         rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
1030                                                 ((index - pairwise_keys_start) * 2) + 1);
1031                         *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
1032                         *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
1033                         printk("   MAC: %pM", mac);
1034                 } else
1035                         printk("   DEFAULT KEY");
1036                 printk("\n");
1037         }
1038 }
1039
1040 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1041 {
1042         u32 macctl;
1043         u16 ucstat;
1044         bool hwps;
1045         bool awake;
1046         int i;
1047
1048         B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1049                     (ps_flags & B43_PS_DISABLED));
1050         B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1051
1052         if (ps_flags & B43_PS_ENABLED) {
1053                 hwps = 1;
1054         } else if (ps_flags & B43_PS_DISABLED) {
1055                 hwps = 0;
1056         } else {
1057                 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1058                 //      and thus is not an AP and we are associated, set bit 25
1059         }
1060         if (ps_flags & B43_PS_AWAKE) {
1061                 awake = 1;
1062         } else if (ps_flags & B43_PS_ASLEEP) {
1063                 awake = 0;
1064         } else {
1065                 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1066                 //      or we are associated, or FIXME, or the latest PS-Poll packet sent was
1067                 //      successful, set bit26
1068         }
1069
1070 /* FIXME: For now we force awake-on and hwps-off */
1071         hwps = 0;
1072         awake = 1;
1073
1074         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1075         if (hwps)
1076                 macctl |= B43_MACCTL_HWPS;
1077         else
1078                 macctl &= ~B43_MACCTL_HWPS;
1079         if (awake)
1080                 macctl |= B43_MACCTL_AWAKE;
1081         else
1082                 macctl &= ~B43_MACCTL_AWAKE;
1083         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1084         /* Commit write */
1085         b43_read32(dev, B43_MMIO_MACCTL);
1086         if (awake && dev->dev->id.revision >= 5) {
1087                 /* Wait for the microcode to wake up. */
1088                 for (i = 0; i < 100; i++) {
1089                         ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1090                                                 B43_SHM_SH_UCODESTAT);
1091                         if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1092                                 break;
1093                         udelay(10);
1094                 }
1095         }
1096 }
1097
1098 void b43_wireless_core_reset(struct b43_wldev *dev, u32 flags)
1099 {
1100         u32 tmslow;
1101         u32 macctl;
1102
1103         flags |= B43_TMSLOW_PHYCLKEN;
1104         flags |= B43_TMSLOW_PHYRESET;
1105         ssb_device_enable(dev->dev, flags);
1106         msleep(2);              /* Wait for the PLL to turn on. */
1107
1108         /* Now take the PHY out of Reset again */
1109         tmslow = ssb_read32(dev->dev, SSB_TMSLOW);
1110         tmslow |= SSB_TMSLOW_FGC;
1111         tmslow &= ~B43_TMSLOW_PHYRESET;
1112         ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1113         ssb_read32(dev->dev, SSB_TMSLOW);       /* flush */
1114         msleep(1);
1115         tmslow &= ~SSB_TMSLOW_FGC;
1116         ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1117         ssb_read32(dev->dev, SSB_TMSLOW);       /* flush */
1118         msleep(1);
1119
1120         /* Turn Analog ON, but only if we already know the PHY-type.
1121          * This protects against very early setup where we don't know the
1122          * PHY-type, yet. wireless_core_reset will be called once again later,
1123          * when we know the PHY-type. */
1124         if (dev->phy.ops)
1125                 dev->phy.ops->switch_analog(dev, 1);
1126
1127         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1128         macctl &= ~B43_MACCTL_GMODE;
1129         if (flags & B43_TMSLOW_GMODE)
1130                 macctl |= B43_MACCTL_GMODE;
1131         macctl |= B43_MACCTL_IHR_ENABLED;
1132         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1133 }
1134
1135 static void handle_irq_transmit_status(struct b43_wldev *dev)
1136 {
1137         u32 v0, v1;
1138         u16 tmp;
1139         struct b43_txstatus stat;
1140
1141         while (1) {
1142                 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1143                 if (!(v0 & 0x00000001))
1144                         break;
1145                 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1146
1147                 stat.cookie = (v0 >> 16);
1148                 stat.seq = (v1 & 0x0000FFFF);
1149                 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1150                 tmp = (v0 & 0x0000FFFF);
1151                 stat.frame_count = ((tmp & 0xF000) >> 12);
1152                 stat.rts_count = ((tmp & 0x0F00) >> 8);
1153                 stat.supp_reason = ((tmp & 0x001C) >> 2);
1154                 stat.pm_indicated = !!(tmp & 0x0080);
1155                 stat.intermediate = !!(tmp & 0x0040);
1156                 stat.for_ampdu = !!(tmp & 0x0020);
1157                 stat.acked = !!(tmp & 0x0002);
1158
1159                 b43_handle_txstatus(dev, &stat);
1160         }
1161 }
1162
1163 static void drain_txstatus_queue(struct b43_wldev *dev)
1164 {
1165         u32 dummy;
1166
1167         if (dev->dev->id.revision < 5)
1168                 return;
1169         /* Read all entries from the microcode TXstatus FIFO
1170          * and throw them away.
1171          */
1172         while (1) {
1173                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1174                 if (!(dummy & 0x00000001))
1175                         break;
1176                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1177         }
1178 }
1179
1180 static u32 b43_jssi_read(struct b43_wldev *dev)
1181 {
1182         u32 val = 0;
1183
1184         val = b43_shm_read16(dev, B43_SHM_SHARED, 0x08A);
1185         val <<= 16;
1186         val |= b43_shm_read16(dev, B43_SHM_SHARED, 0x088);
1187
1188         return val;
1189 }
1190
1191 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1192 {
1193         b43_shm_write16(dev, B43_SHM_SHARED, 0x088, (jssi & 0x0000FFFF));
1194         b43_shm_write16(dev, B43_SHM_SHARED, 0x08A, (jssi & 0xFFFF0000) >> 16);
1195 }
1196
1197 static void b43_generate_noise_sample(struct b43_wldev *dev)
1198 {
1199         b43_jssi_write(dev, 0x7F7F7F7F);
1200         b43_write32(dev, B43_MMIO_MACCMD,
1201                     b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1202 }
1203
1204 static void b43_calculate_link_quality(struct b43_wldev *dev)
1205 {
1206         /* Top half of Link Quality calculation. */
1207
1208         if (dev->phy.type != B43_PHYTYPE_G)
1209                 return;
1210         if (dev->noisecalc.calculation_running)
1211                 return;
1212         dev->noisecalc.calculation_running = 1;
1213         dev->noisecalc.nr_samples = 0;
1214
1215         b43_generate_noise_sample(dev);
1216 }
1217
1218 static void handle_irq_noise(struct b43_wldev *dev)
1219 {
1220         struct b43_phy_g *phy = dev->phy.g;
1221         u16 tmp;
1222         u8 noise[4];
1223         u8 i, j;
1224         s32 average;
1225
1226         /* Bottom half of Link Quality calculation. */
1227
1228         if (dev->phy.type != B43_PHYTYPE_G)
1229                 return;
1230
1231         /* Possible race condition: It might be possible that the user
1232          * changed to a different channel in the meantime since we
1233          * started the calculation. We ignore that fact, since it's
1234          * not really that much of a problem. The background noise is
1235          * an estimation only anyway. Slightly wrong results will get damped
1236          * by the averaging of the 8 sample rounds. Additionally the
1237          * value is shortlived. So it will be replaced by the next noise
1238          * calculation round soon. */
1239
1240         B43_WARN_ON(!dev->noisecalc.calculation_running);
1241         *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1242         if (noise[0] == 0x7F || noise[1] == 0x7F ||
1243             noise[2] == 0x7F || noise[3] == 0x7F)
1244                 goto generate_new;
1245
1246         /* Get the noise samples. */
1247         B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1248         i = dev->noisecalc.nr_samples;
1249         noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1250         noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1251         noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1252         noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1253         dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1254         dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1255         dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1256         dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1257         dev->noisecalc.nr_samples++;
1258         if (dev->noisecalc.nr_samples == 8) {
1259                 /* Calculate the Link Quality by the noise samples. */
1260                 average = 0;
1261                 for (i = 0; i < 8; i++) {
1262                         for (j = 0; j < 4; j++)
1263                                 average += dev->noisecalc.samples[i][j];
1264                 }
1265                 average /= (8 * 4);
1266                 average *= 125;
1267                 average += 64;
1268                 average /= 128;
1269                 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1270                 tmp = (tmp / 128) & 0x1F;
1271                 if (tmp >= 8)
1272                         average += 2;
1273                 else
1274                         average -= 25;
1275                 if (tmp == 8)
1276                         average -= 72;
1277                 else
1278                         average -= 48;
1279
1280                 dev->stats.link_noise = average;
1281                 dev->noisecalc.calculation_running = 0;
1282                 return;
1283         }
1284 generate_new:
1285         b43_generate_noise_sample(dev);
1286 }
1287
1288 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1289 {
1290         if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1291                 ///TODO: PS TBTT
1292         } else {
1293                 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1294                         b43_power_saving_ctl_bits(dev, 0);
1295         }
1296         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1297                 dev->dfq_valid = 1;
1298 }
1299
1300 static void handle_irq_atim_end(struct b43_wldev *dev)
1301 {
1302         if (dev->dfq_valid) {
1303                 b43_write32(dev, B43_MMIO_MACCMD,
1304                             b43_read32(dev, B43_MMIO_MACCMD)
1305                             | B43_MACCMD_DFQ_VALID);
1306                 dev->dfq_valid = 0;
1307         }
1308 }
1309
1310 static void handle_irq_pmq(struct b43_wldev *dev)
1311 {
1312         u32 tmp;
1313
1314         //TODO: AP mode.
1315
1316         while (1) {
1317                 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1318                 if (!(tmp & 0x00000008))
1319                         break;
1320         }
1321         /* 16bit write is odd, but correct. */
1322         b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1323 }
1324
1325 static void b43_write_template_common(struct b43_wldev *dev,
1326                                       const u8 *data, u16 size,
1327                                       u16 ram_offset,
1328                                       u16 shm_size_offset, u8 rate)
1329 {
1330         u32 i, tmp;
1331         struct b43_plcp_hdr4 plcp;
1332
1333         plcp.data = 0;
1334         b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1335         b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1336         ram_offset += sizeof(u32);
1337         /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1338          * So leave the first two bytes of the next write blank.
1339          */
1340         tmp = (u32) (data[0]) << 16;
1341         tmp |= (u32) (data[1]) << 24;
1342         b43_ram_write(dev, ram_offset, tmp);
1343         ram_offset += sizeof(u32);
1344         for (i = 2; i < size; i += sizeof(u32)) {
1345                 tmp = (u32) (data[i + 0]);
1346                 if (i + 1 < size)
1347                         tmp |= (u32) (data[i + 1]) << 8;
1348                 if (i + 2 < size)
1349                         tmp |= (u32) (data[i + 2]) << 16;
1350                 if (i + 3 < size)
1351                         tmp |= (u32) (data[i + 3]) << 24;
1352                 b43_ram_write(dev, ram_offset + i - 2, tmp);
1353         }
1354         b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1355                         size + sizeof(struct b43_plcp_hdr6));
1356 }
1357
1358 /* Check if the use of the antenna that ieee80211 told us to
1359  * use is possible. This will fall back to DEFAULT.
1360  * "antenna_nr" is the antenna identifier we got from ieee80211. */
1361 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1362                                   u8 antenna_nr)
1363 {
1364         u8 antenna_mask;
1365
1366         if (antenna_nr == 0) {
1367                 /* Zero means "use default antenna". That's always OK. */
1368                 return 0;
1369         }
1370
1371         /* Get the mask of available antennas. */
1372         if (dev->phy.gmode)
1373                 antenna_mask = dev->dev->bus->sprom.ant_available_bg;
1374         else
1375                 antenna_mask = dev->dev->bus->sprom.ant_available_a;
1376
1377         if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1378                 /* This antenna is not available. Fall back to default. */
1379                 return 0;
1380         }
1381
1382         return antenna_nr;
1383 }
1384
1385 /* Convert a b43 antenna number value to the PHY TX control value. */
1386 static u16 b43_antenna_to_phyctl(int antenna)
1387 {
1388         switch (antenna) {
1389         case B43_ANTENNA0:
1390                 return B43_TXH_PHY_ANT0;
1391         case B43_ANTENNA1:
1392                 return B43_TXH_PHY_ANT1;
1393         case B43_ANTENNA2:
1394                 return B43_TXH_PHY_ANT2;
1395         case B43_ANTENNA3:
1396                 return B43_TXH_PHY_ANT3;
1397         case B43_ANTENNA_AUTO0:
1398         case B43_ANTENNA_AUTO1:
1399                 return B43_TXH_PHY_ANT01AUTO;
1400         }
1401         B43_WARN_ON(1);
1402         return 0;
1403 }
1404
1405 static void b43_write_beacon_template(struct b43_wldev *dev,
1406                                       u16 ram_offset,
1407                                       u16 shm_size_offset)
1408 {
1409         unsigned int i, len, variable_len;
1410         const struct ieee80211_mgmt *bcn;
1411         const u8 *ie;
1412         bool tim_found = 0;
1413         unsigned int rate;
1414         u16 ctl;
1415         int antenna;
1416         struct ieee80211_tx_info *info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1417
1418         bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1419         len = min((size_t) dev->wl->current_beacon->len,
1420                   0x200 - sizeof(struct b43_plcp_hdr6));
1421         rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1422
1423         b43_write_template_common(dev, (const u8 *)bcn,
1424                                   len, ram_offset, shm_size_offset, rate);
1425
1426         /* Write the PHY TX control parameters. */
1427         antenna = B43_ANTENNA_DEFAULT;
1428         antenna = b43_antenna_to_phyctl(antenna);
1429         ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1430         /* We can't send beacons with short preamble. Would get PHY errors. */
1431         ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1432         ctl &= ~B43_TXH_PHY_ANT;
1433         ctl &= ~B43_TXH_PHY_ENC;
1434         ctl |= antenna;
1435         if (b43_is_cck_rate(rate))
1436                 ctl |= B43_TXH_PHY_ENC_CCK;
1437         else
1438                 ctl |= B43_TXH_PHY_ENC_OFDM;
1439         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1440
1441         /* Find the position of the TIM and the DTIM_period value
1442          * and write them to SHM. */
1443         ie = bcn->u.beacon.variable;
1444         variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1445         for (i = 0; i < variable_len - 2; ) {
1446                 uint8_t ie_id, ie_len;
1447
1448                 ie_id = ie[i];
1449                 ie_len = ie[i + 1];
1450                 if (ie_id == 5) {
1451                         u16 tim_position;
1452                         u16 dtim_period;
1453                         /* This is the TIM Information Element */
1454
1455                         /* Check whether the ie_len is in the beacon data range. */
1456                         if (variable_len < ie_len + 2 + i)
1457                                 break;
1458                         /* A valid TIM is at least 4 bytes long. */
1459                         if (ie_len < 4)
1460                                 break;
1461                         tim_found = 1;
1462
1463                         tim_position = sizeof(struct b43_plcp_hdr6);
1464                         tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1465                         tim_position += i;
1466
1467                         dtim_period = ie[i + 3];
1468
1469                         b43_shm_write16(dev, B43_SHM_SHARED,
1470                                         B43_SHM_SH_TIMBPOS, tim_position);
1471                         b43_shm_write16(dev, B43_SHM_SHARED,
1472                                         B43_SHM_SH_DTIMPER, dtim_period);
1473                         break;
1474                 }
1475                 i += ie_len + 2;
1476         }
1477         if (!tim_found) {
1478                 /*
1479                  * If ucode wants to modify TIM do it behind the beacon, this
1480                  * will happen, for example, when doing mesh networking.
1481                  */
1482                 b43_shm_write16(dev, B43_SHM_SHARED,
1483                                 B43_SHM_SH_TIMBPOS,
1484                                 len + sizeof(struct b43_plcp_hdr6));
1485                 b43_shm_write16(dev, B43_SHM_SHARED,
1486                                 B43_SHM_SH_DTIMPER, 0);
1487         }
1488         b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1489 }
1490
1491 static void b43_upload_beacon0(struct b43_wldev *dev)
1492 {
1493         struct b43_wl *wl = dev->wl;
1494
1495         if (wl->beacon0_uploaded)
1496                 return;
1497         b43_write_beacon_template(dev, 0x68, 0x18);
1498         wl->beacon0_uploaded = 1;
1499 }
1500
1501 static void b43_upload_beacon1(struct b43_wldev *dev)
1502 {
1503         struct b43_wl *wl = dev->wl;
1504
1505         if (wl->beacon1_uploaded)
1506                 return;
1507         b43_write_beacon_template(dev, 0x468, 0x1A);
1508         wl->beacon1_uploaded = 1;
1509 }
1510
1511 static void handle_irq_beacon(struct b43_wldev *dev)
1512 {
1513         struct b43_wl *wl = dev->wl;
1514         u32 cmd, beacon0_valid, beacon1_valid;
1515
1516         if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1517             !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
1518                 return;
1519
1520         /* This is the bottom half of the asynchronous beacon update. */
1521
1522         /* Ignore interrupt in the future. */
1523         dev->irq_mask &= ~B43_IRQ_BEACON;
1524
1525         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1526         beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1527         beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1528
1529         /* Schedule interrupt manually, if busy. */
1530         if (beacon0_valid && beacon1_valid) {
1531                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1532                 dev->irq_mask |= B43_IRQ_BEACON;
1533                 return;
1534         }
1535
1536         if (unlikely(wl->beacon_templates_virgin)) {
1537                 /* We never uploaded a beacon before.
1538                  * Upload both templates now, but only mark one valid. */
1539                 wl->beacon_templates_virgin = 0;
1540                 b43_upload_beacon0(dev);
1541                 b43_upload_beacon1(dev);
1542                 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1543                 cmd |= B43_MACCMD_BEACON0_VALID;
1544                 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1545         } else {
1546                 if (!beacon0_valid) {
1547                         b43_upload_beacon0(dev);
1548                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1549                         cmd |= B43_MACCMD_BEACON0_VALID;
1550                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1551                 } else if (!beacon1_valid) {
1552                         b43_upload_beacon1(dev);
1553                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1554                         cmd |= B43_MACCMD_BEACON1_VALID;
1555                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1556                 }
1557         }
1558 }
1559
1560 static void b43_do_beacon_update_trigger_work(struct b43_wldev *dev)
1561 {
1562         u32 old_irq_mask = dev->irq_mask;
1563
1564         /* update beacon right away or defer to irq */
1565         handle_irq_beacon(dev);
1566         if (old_irq_mask != dev->irq_mask) {
1567                 /* The handler updated the IRQ mask. */
1568                 B43_WARN_ON(!dev->irq_mask);
1569                 if (b43_read32(dev, B43_MMIO_GEN_IRQ_MASK)) {
1570                         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1571                 } else {
1572                         /* Device interrupts are currently disabled. That means
1573                          * we just ran the hardirq handler and scheduled the
1574                          * IRQ thread. The thread will write the IRQ mask when
1575                          * it finished, so there's nothing to do here. Writing
1576                          * the mask _here_ would incorrectly re-enable IRQs. */
1577                 }
1578         }
1579 }
1580
1581 static void b43_beacon_update_trigger_work(struct work_struct *work)
1582 {
1583         struct b43_wl *wl = container_of(work, struct b43_wl,
1584                                          beacon_update_trigger);
1585         struct b43_wldev *dev;
1586
1587         mutex_lock(&wl->mutex);
1588         dev = wl->current_dev;
1589         if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1590                 if (0 /*FIXME dev->dev->bus->bustype == SSB_BUSTYPE_SDIO*/) {
1591                         /* wl->mutex is enough. */
1592                         b43_do_beacon_update_trigger_work(dev);
1593                         mmiowb();
1594                 } else {
1595                         spin_lock_irq(&wl->hardirq_lock);
1596                         b43_do_beacon_update_trigger_work(dev);
1597                         mmiowb();
1598                         spin_unlock_irq(&wl->hardirq_lock);
1599                 }
1600         }
1601         mutex_unlock(&wl->mutex);
1602 }
1603
1604 /* Asynchronously update the packet templates in template RAM.
1605  * Locking: Requires wl->mutex to be locked. */
1606 static void b43_update_templates(struct b43_wl *wl)
1607 {
1608         struct sk_buff *beacon;
1609
1610         /* This is the top half of the ansynchronous beacon update.
1611          * The bottom half is the beacon IRQ.
1612          * Beacon update must be asynchronous to avoid sending an
1613          * invalid beacon. This can happen for example, if the firmware
1614          * transmits a beacon while we are updating it. */
1615
1616         /* We could modify the existing beacon and set the aid bit in
1617          * the TIM field, but that would probably require resizing and
1618          * moving of data within the beacon template.
1619          * Simply request a new beacon and let mac80211 do the hard work. */
1620         beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1621         if (unlikely(!beacon))
1622                 return;
1623
1624         if (wl->current_beacon)
1625                 dev_kfree_skb_any(wl->current_beacon);
1626         wl->current_beacon = beacon;
1627         wl->beacon0_uploaded = 0;
1628         wl->beacon1_uploaded = 0;
1629         ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1630 }
1631
1632 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1633 {
1634         b43_time_lock(dev);
1635         if (dev->dev->id.revision >= 3) {
1636                 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1637                 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1638         } else {
1639                 b43_write16(dev, 0x606, (beacon_int >> 6));
1640                 b43_write16(dev, 0x610, beacon_int);
1641         }
1642         b43_time_unlock(dev);
1643         b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1644 }
1645
1646 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1647 {
1648         u16 reason;
1649
1650         /* Read the register that contains the reason code for the panic. */
1651         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1652         b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1653
1654         switch (reason) {
1655         default:
1656                 b43dbg(dev->wl, "The panic reason is unknown.\n");
1657                 /* fallthrough */
1658         case B43_FWPANIC_DIE:
1659                 /* Do not restart the controller or firmware.
1660                  * The device is nonfunctional from now on.
1661                  * Restarting would result in this panic to trigger again,
1662                  * so we avoid that recursion. */
1663                 break;
1664         case B43_FWPANIC_RESTART:
1665                 b43_controller_restart(dev, "Microcode panic");
1666                 break;
1667         }
1668 }
1669
1670 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1671 {
1672         unsigned int i, cnt;
1673         u16 reason, marker_id, marker_line;
1674         __le16 *buf;
1675
1676         /* The proprietary firmware doesn't have this IRQ. */
1677         if (!dev->fw.opensource)
1678                 return;
1679
1680         /* Read the register that contains the reason code for this IRQ. */
1681         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1682
1683         switch (reason) {
1684         case B43_DEBUGIRQ_PANIC:
1685                 b43_handle_firmware_panic(dev);
1686                 break;
1687         case B43_DEBUGIRQ_DUMP_SHM:
1688                 if (!B43_DEBUG)
1689                         break; /* Only with driver debugging enabled. */
1690                 buf = kmalloc(4096, GFP_ATOMIC);
1691                 if (!buf) {
1692                         b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1693                         goto out;
1694                 }
1695                 for (i = 0; i < 4096; i += 2) {
1696                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1697                         buf[i / 2] = cpu_to_le16(tmp);
1698                 }
1699                 b43info(dev->wl, "Shared memory dump:\n");
1700                 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1701                                16, 2, buf, 4096, 1);
1702                 kfree(buf);
1703                 break;
1704         case B43_DEBUGIRQ_DUMP_REGS:
1705                 if (!B43_DEBUG)
1706                         break; /* Only with driver debugging enabled. */
1707                 b43info(dev->wl, "Microcode register dump:\n");
1708                 for (i = 0, cnt = 0; i < 64; i++) {
1709                         u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1710                         if (cnt == 0)
1711                                 printk(KERN_INFO);
1712                         printk("r%02u: 0x%04X  ", i, tmp);
1713                         cnt++;
1714                         if (cnt == 6) {
1715                                 printk("\n");
1716                                 cnt = 0;
1717                         }
1718                 }
1719                 printk("\n");
1720                 break;
1721         case B43_DEBUGIRQ_MARKER:
1722                 if (!B43_DEBUG)
1723                         break; /* Only with driver debugging enabled. */
1724                 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1725                                            B43_MARKER_ID_REG);
1726                 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1727                                              B43_MARKER_LINE_REG);
1728                 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1729                         "at line number %u\n",
1730                         marker_id, marker_line);
1731                 break;
1732         default:
1733                 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1734                        reason);
1735         }
1736 out:
1737         /* Acknowledge the debug-IRQ, so the firmware can continue. */
1738         b43_shm_write16(dev, B43_SHM_SCRATCH,
1739                         B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1740 }
1741
1742 static void b43_do_interrupt_thread(struct b43_wldev *dev)
1743 {
1744         u32 reason;
1745         u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1746         u32 merged_dma_reason = 0;
1747         int i;
1748
1749         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
1750                 return;
1751
1752         reason = dev->irq_reason;
1753         for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1754                 dma_reason[i] = dev->dma_reason[i];
1755                 merged_dma_reason |= dma_reason[i];
1756         }
1757
1758         if (unlikely(reason & B43_IRQ_MAC_TXERR))
1759                 b43err(dev->wl, "MAC transmission error\n");
1760
1761         if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1762                 b43err(dev->wl, "PHY transmission error\n");
1763                 rmb();
1764                 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1765                         atomic_set(&dev->phy.txerr_cnt,
1766                                    B43_PHY_TX_BADNESS_LIMIT);
1767                         b43err(dev->wl, "Too many PHY TX errors, "
1768                                         "restarting the controller\n");
1769                         b43_controller_restart(dev, "PHY TX errors");
1770                 }
1771         }
1772
1773         if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK |
1774                                           B43_DMAIRQ_NONFATALMASK))) {
1775                 if (merged_dma_reason & B43_DMAIRQ_FATALMASK) {
1776                         b43err(dev->wl, "Fatal DMA error: "
1777                                "0x%08X, 0x%08X, 0x%08X, "
1778                                "0x%08X, 0x%08X, 0x%08X\n",
1779                                dma_reason[0], dma_reason[1],
1780                                dma_reason[2], dma_reason[3],
1781                                dma_reason[4], dma_reason[5]);
1782                         b43_controller_restart(dev, "DMA error");
1783                         return;
1784                 }
1785                 if (merged_dma_reason & B43_DMAIRQ_NONFATALMASK) {
1786                         b43err(dev->wl, "DMA error: "
1787                                "0x%08X, 0x%08X, 0x%08X, "
1788                                "0x%08X, 0x%08X, 0x%08X\n",
1789                                dma_reason[0], dma_reason[1],
1790                                dma_reason[2], dma_reason[3],
1791                                dma_reason[4], dma_reason[5]);
1792                 }
1793         }
1794
1795         if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1796                 handle_irq_ucode_debug(dev);
1797         if (reason & B43_IRQ_TBTT_INDI)
1798                 handle_irq_tbtt_indication(dev);
1799         if (reason & B43_IRQ_ATIM_END)
1800                 handle_irq_atim_end(dev);
1801         if (reason & B43_IRQ_BEACON)
1802                 handle_irq_beacon(dev);
1803         if (reason & B43_IRQ_PMQ)
1804                 handle_irq_pmq(dev);
1805         if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1806                 ;/* TODO */
1807         if (reason & B43_IRQ_NOISESAMPLE_OK)
1808                 handle_irq_noise(dev);
1809
1810         /* Check the DMA reason registers for received data. */
1811         if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
1812                 if (b43_using_pio_transfers(dev))
1813                         b43_pio_rx(dev->pio.rx_queue);
1814                 else
1815                         b43_dma_rx(dev->dma.rx_ring);
1816         }
1817         B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1818         B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
1819         B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
1820         B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1821         B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1822
1823         if (reason & B43_IRQ_TX_OK)
1824                 handle_irq_transmit_status(dev);
1825
1826         /* Re-enable interrupts on the device by restoring the current interrupt mask. */
1827         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1828 }
1829
1830 /* Interrupt thread handler. Handles device interrupts in thread context. */
1831 static irqreturn_t b43_interrupt_thread_handler(int irq, void *dev_id)
1832 {
1833         struct b43_wldev *dev = dev_id;
1834
1835         mutex_lock(&dev->wl->mutex);
1836         b43_do_interrupt_thread(dev);
1837         mmiowb();
1838         mutex_unlock(&dev->wl->mutex);
1839
1840         return IRQ_HANDLED;
1841 }
1842
1843 static irqreturn_t b43_do_interrupt(struct b43_wldev *dev)
1844 {
1845         u32 reason;
1846
1847         /* This code runs under wl->hardirq_lock, but _only_ on non-SDIO busses.
1848          * On SDIO, this runs under wl->mutex. */
1849
1850         reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1851         if (reason == 0xffffffff)       /* shared IRQ */
1852                 return IRQ_NONE;
1853         reason &= dev->irq_mask;
1854         if (!reason)
1855                 return IRQ_HANDLED;
1856
1857         dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
1858             & 0x0001DC00;
1859         dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
1860             & 0x0000DC00;
1861         dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
1862             & 0x0000DC00;
1863         dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
1864             & 0x0001DC00;
1865         dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
1866             & 0x0000DC00;
1867 /* Unused ring
1868         dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
1869             & 0x0000DC00;
1870 */
1871
1872         /* ACK the interrupt. */
1873         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
1874         b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
1875         b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
1876         b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
1877         b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
1878         b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
1879 /* Unused ring
1880         b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
1881 */
1882
1883         /* Disable IRQs on the device. The IRQ thread handler will re-enable them. */
1884         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
1885         /* Save the reason bitmasks for the IRQ thread handler. */
1886         dev->irq_reason = reason;
1887
1888         return IRQ_WAKE_THREAD;
1889 }
1890
1891 /* Interrupt handler top-half. This runs with interrupts disabled. */
1892 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
1893 {
1894         struct b43_wldev *dev = dev_id;
1895         irqreturn_t ret;
1896
1897         if (unlikely(b43_status(dev) < B43_STAT_STARTED))
1898                 return IRQ_NONE;
1899
1900         spin_lock(&dev->wl->hardirq_lock);
1901         ret = b43_do_interrupt(dev);
1902         mmiowb();
1903         spin_unlock(&dev->wl->hardirq_lock);
1904
1905         return ret;
1906 }
1907
1908 void b43_do_release_fw(struct b43_firmware_file *fw)
1909 {
1910         release_firmware(fw->data);
1911         fw->data = NULL;
1912         fw->filename = NULL;
1913 }
1914
1915 static void b43_release_firmware(struct b43_wldev *dev)
1916 {
1917         b43_do_release_fw(&dev->fw.ucode);
1918         b43_do_release_fw(&dev->fw.pcm);
1919         b43_do_release_fw(&dev->fw.initvals);
1920         b43_do_release_fw(&dev->fw.initvals_band);
1921 }
1922
1923 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
1924 {
1925         const char text[] =
1926                 "You must go to " \
1927                 "http://wireless.kernel.org/en/users/Drivers/b43#devicefirmware " \
1928                 "and download the correct firmware for this driver version. " \
1929                 "Please carefully read all instructions on this website.\n";
1930
1931         if (error)
1932                 b43err(wl, text);
1933         else
1934                 b43warn(wl, text);
1935 }
1936
1937 int b43_do_request_fw(struct b43_request_fw_context *ctx,
1938                       const char *name,
1939                       struct b43_firmware_file *fw)
1940 {
1941         const struct firmware *blob;
1942         struct b43_fw_header *hdr;
1943         u32 size;
1944         int err;
1945
1946         if (!name) {
1947                 /* Don't fetch anything. Free possibly cached firmware. */
1948                 /* FIXME: We should probably keep it anyway, to save some headache
1949                  * on suspend/resume with multiband devices. */
1950                 b43_do_release_fw(fw);
1951                 return 0;
1952         }
1953         if (fw->filename) {
1954                 if ((fw->type == ctx->req_type) &&
1955                     (strcmp(fw->filename, name) == 0))
1956                         return 0; /* Already have this fw. */
1957                 /* Free the cached firmware first. */
1958                 /* FIXME: We should probably do this later after we successfully
1959                  * got the new fw. This could reduce headache with multiband devices.
1960                  * We could also redesign this to cache the firmware for all possible
1961                  * bands all the time. */
1962                 b43_do_release_fw(fw);
1963         }
1964
1965         switch (ctx->req_type) {
1966         case B43_FWTYPE_PROPRIETARY:
1967                 snprintf(ctx->fwname, sizeof(ctx->fwname),
1968                          "b43%s/%s.fw",
1969                          modparam_fwpostfix, name);
1970                 break;
1971         case B43_FWTYPE_OPENSOURCE:
1972                 snprintf(ctx->fwname, sizeof(ctx->fwname),
1973                          "b43-open%s/%s.fw",
1974                          modparam_fwpostfix, name);
1975                 break;
1976         default:
1977                 B43_WARN_ON(1);
1978                 return -ENOSYS;
1979         }
1980         err = request_firmware(&blob, ctx->fwname, ctx->dev->dev->dev);
1981         if (err == -ENOENT) {
1982                 snprintf(ctx->errors[ctx->req_type],
1983                          sizeof(ctx->errors[ctx->req_type]),
1984                          "Firmware file \"%s\" not found\n", ctx->fwname);
1985                 return err;
1986         } else if (err) {
1987                 snprintf(ctx->errors[ctx->req_type],
1988                          sizeof(ctx->errors[ctx->req_type]),
1989                          "Firmware file \"%s\" request failed (err=%d)\n",
1990                          ctx->fwname, err);
1991                 return err;
1992         }
1993         if (blob->size < sizeof(struct b43_fw_header))
1994                 goto err_format;
1995         hdr = (struct b43_fw_header *)(blob->data);
1996         switch (hdr->type) {
1997         case B43_FW_TYPE_UCODE:
1998         case B43_FW_TYPE_PCM:
1999                 size = be32_to_cpu(hdr->size);
2000                 if (size != blob->size - sizeof(struct b43_fw_header))
2001                         goto err_format;
2002                 /* fallthrough */
2003         case B43_FW_TYPE_IV:
2004                 if (hdr->ver != 1)
2005                         goto err_format;
2006                 break;
2007         default:
2008                 goto err_format;
2009         }
2010
2011         fw->data = blob;
2012         fw->filename = name;
2013         fw->type = ctx->req_type;
2014
2015         return 0;
2016
2017 err_format:
2018         snprintf(ctx->errors[ctx->req_type],
2019                  sizeof(ctx->errors[ctx->req_type]),
2020                  "Firmware file \"%s\" format error.\n", ctx->fwname);
2021         release_firmware(blob);
2022
2023         return -EPROTO;
2024 }
2025
2026 static int b43_try_request_fw(struct b43_request_fw_context *ctx)
2027 {
2028         struct b43_wldev *dev = ctx->dev;
2029         struct b43_firmware *fw = &ctx->dev->fw;
2030         const u8 rev = ctx->dev->dev->id.revision;
2031         const char *filename;
2032         u32 tmshigh;
2033         int err;
2034
2035         /* Get microcode */
2036         tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
2037         if ((rev >= 5) && (rev <= 10))
2038                 filename = "ucode5";
2039         else if ((rev >= 11) && (rev <= 12))
2040                 filename = "ucode11";
2041         else if (rev == 13)
2042                 filename = "ucode13";
2043         else if (rev == 14)
2044                 filename = "ucode14";
2045         else if (rev >= 15)
2046                 filename = "ucode15";
2047         else
2048                 goto err_no_ucode;
2049         err = b43_do_request_fw(ctx, filename, &fw->ucode);
2050         if (err)
2051                 goto err_load;
2052
2053         /* Get PCM code */
2054         if ((rev >= 5) && (rev <= 10))
2055                 filename = "pcm5";
2056         else if (rev >= 11)
2057                 filename = NULL;
2058         else
2059                 goto err_no_pcm;
2060         fw->pcm_request_failed = 0;
2061         err = b43_do_request_fw(ctx, filename, &fw->pcm);
2062         if (err == -ENOENT) {
2063                 /* We did not find a PCM file? Not fatal, but
2064                  * core rev <= 10 must do without hwcrypto then. */
2065                 fw->pcm_request_failed = 1;
2066         } else if (err)
2067                 goto err_load;
2068
2069         /* Get initvals */
2070         switch (dev->phy.type) {
2071         case B43_PHYTYPE_A:
2072                 if ((rev >= 5) && (rev <= 10)) {
2073                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2074                                 filename = "a0g1initvals5";
2075                         else
2076                                 filename = "a0g0initvals5";
2077                 } else
2078                         goto err_no_initvals;
2079                 break;
2080         case B43_PHYTYPE_G:
2081                 if ((rev >= 5) && (rev <= 10))
2082                         filename = "b0g0initvals5";
2083                 else if (rev >= 13)
2084                         filename = "b0g0initvals13";
2085                 else
2086                         goto err_no_initvals;
2087                 break;
2088         case B43_PHYTYPE_N:
2089                 if ((rev >= 11) && (rev <= 12))
2090                         filename = "n0initvals11";
2091                 else
2092                         goto err_no_initvals;
2093                 break;
2094         case B43_PHYTYPE_LP:
2095                 if (rev == 13)
2096                         filename = "lp0initvals13";
2097                 else if (rev == 14)
2098                         filename = "lp0initvals14";
2099                 else if (rev >= 15)
2100                         filename = "lp0initvals15";
2101                 else
2102                         goto err_no_initvals;
2103                 break;
2104         default:
2105                 goto err_no_initvals;
2106         }
2107         err = b43_do_request_fw(ctx, filename, &fw->initvals);
2108         if (err)
2109                 goto err_load;
2110
2111         /* Get bandswitch initvals */
2112         switch (dev->phy.type) {
2113         case B43_PHYTYPE_A:
2114                 if ((rev >= 5) && (rev <= 10)) {
2115                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2116                                 filename = "a0g1bsinitvals5";
2117                         else
2118                                 filename = "a0g0bsinitvals5";
2119                 } else if (rev >= 11)
2120                         filename = NULL;
2121                 else
2122                         goto err_no_initvals;
2123                 break;
2124         case B43_PHYTYPE_G:
2125                 if ((rev >= 5) && (rev <= 10))
2126                         filename = "b0g0bsinitvals5";
2127                 else if (rev >= 11)
2128                         filename = NULL;
2129                 else
2130                         goto err_no_initvals;
2131                 break;
2132         case B43_PHYTYPE_N:
2133                 if ((rev >= 11) && (rev <= 12))
2134                         filename = "n0bsinitvals11";
2135                 else
2136                         goto err_no_initvals;
2137                 break;
2138         case B43_PHYTYPE_LP:
2139                 if (rev == 13)
2140                         filename = "lp0bsinitvals13";
2141                 else if (rev == 14)
2142                         filename = "lp0bsinitvals14";
2143                 else if (rev >= 15)
2144                         filename = "lp0bsinitvals15";
2145                 else
2146                         goto err_no_initvals;
2147                 break;
2148         default:
2149                 goto err_no_initvals;
2150         }
2151         err = b43_do_request_fw(ctx, filename, &fw->initvals_band);
2152         if (err)
2153                 goto err_load;
2154
2155         return 0;
2156
2157 err_no_ucode:
2158         err = ctx->fatal_failure = -EOPNOTSUPP;
2159         b43err(dev->wl, "The driver does not know which firmware (ucode) "
2160                "is required for your device (wl-core rev %u)\n", rev);
2161         goto error;
2162
2163 err_no_pcm:
2164         err = ctx->fatal_failure = -EOPNOTSUPP;
2165         b43err(dev->wl, "The driver does not know which firmware (PCM) "
2166                "is required for your device (wl-core rev %u)\n", rev);
2167         goto error;
2168
2169 err_no_initvals:
2170         err = ctx->fatal_failure = -EOPNOTSUPP;
2171         b43err(dev->wl, "The driver does not know which firmware (initvals) "
2172                "is required for your device (wl-core rev %u)\n", rev);
2173         goto error;
2174
2175 err_load:
2176         /* We failed to load this firmware image. The error message
2177          * already is in ctx->errors. Return and let our caller decide
2178          * what to do. */
2179         goto error;
2180
2181 error:
2182         b43_release_firmware(dev);
2183         return err;
2184 }
2185
2186 static int b43_request_firmware(struct b43_wldev *dev)
2187 {
2188         struct b43_request_fw_context *ctx;
2189         unsigned int i;
2190         int err;
2191         const char *errmsg;
2192
2193         ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2194         if (!ctx)
2195                 return -ENOMEM;
2196         ctx->dev = dev;
2197
2198         ctx->req_type = B43_FWTYPE_PROPRIETARY;
2199         err = b43_try_request_fw(ctx);
2200         if (!err)
2201                 goto out; /* Successfully loaded it. */
2202         err = ctx->fatal_failure;
2203         if (err)
2204                 goto out;
2205
2206         ctx->req_type = B43_FWTYPE_OPENSOURCE;
2207         err = b43_try_request_fw(ctx);
2208         if (!err)
2209                 goto out; /* Successfully loaded it. */
2210         err = ctx->fatal_failure;
2211         if (err)
2212                 goto out;
2213
2214         /* Could not find a usable firmware. Print the errors. */
2215         for (i = 0; i < B43_NR_FWTYPES; i++) {
2216                 errmsg = ctx->errors[i];
2217                 if (strlen(errmsg))
2218                         b43err(dev->wl, errmsg);
2219         }
2220         b43_print_fw_helptext(dev->wl, 1);
2221         err = -ENOENT;
2222
2223 out:
2224         kfree(ctx);
2225         return err;
2226 }
2227
2228 static int b43_upload_microcode(struct b43_wldev *dev)
2229 {
2230         const size_t hdr_len = sizeof(struct b43_fw_header);
2231         const __be32 *data;
2232         unsigned int i, len;
2233         u16 fwrev, fwpatch, fwdate, fwtime;
2234         u32 tmp, macctl;
2235         int err = 0;
2236
2237         /* Jump the microcode PSM to offset 0 */
2238         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2239         B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2240         macctl |= B43_MACCTL_PSM_JMP0;
2241         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2242         /* Zero out all microcode PSM registers and shared memory. */
2243         for (i = 0; i < 64; i++)
2244                 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2245         for (i = 0; i < 4096; i += 2)
2246                 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2247
2248         /* Upload Microcode. */
2249         data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2250         len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2251         b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2252         for (i = 0; i < len; i++) {
2253                 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2254                 udelay(10);
2255         }
2256
2257         if (dev->fw.pcm.data) {
2258                 /* Upload PCM data. */
2259                 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2260                 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2261                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2262                 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2263                 /* No need for autoinc bit in SHM_HW */
2264                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2265                 for (i = 0; i < len; i++) {
2266                         b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2267                         udelay(10);
2268                 }
2269         }
2270
2271         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2272
2273         /* Start the microcode PSM */
2274         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2275         macctl &= ~B43_MACCTL_PSM_JMP0;
2276         macctl |= B43_MACCTL_PSM_RUN;
2277         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2278
2279         /* Wait for the microcode to load and respond */
2280         i = 0;
2281         while (1) {
2282                 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2283                 if (tmp == B43_IRQ_MAC_SUSPENDED)
2284                         break;
2285                 i++;
2286                 if (i >= 20) {
2287                         b43err(dev->wl, "Microcode not responding\n");
2288                         b43_print_fw_helptext(dev->wl, 1);
2289                         err = -ENODEV;
2290                         goto error;
2291                 }
2292                 msleep_interruptible(50);
2293                 if (signal_pending(current)) {
2294                         err = -EINTR;
2295                         goto error;
2296                 }
2297         }
2298         b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);       /* dummy read */
2299
2300         /* Get and check the revisions. */
2301         fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2302         fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2303         fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2304         fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2305
2306         if (fwrev <= 0x128) {
2307                 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2308                        "binary drivers older than version 4.x is unsupported. "
2309                        "You must upgrade your firmware files.\n");
2310                 b43_print_fw_helptext(dev->wl, 1);
2311                 err = -EOPNOTSUPP;
2312                 goto error;
2313         }
2314         dev->fw.rev = fwrev;
2315         dev->fw.patch = fwpatch;
2316         dev->fw.opensource = (fwdate == 0xFFFF);
2317
2318         /* Default to use-all-queues. */
2319         dev->wl->hw->queues = dev->wl->mac80211_initially_registered_queues;
2320         dev->qos_enabled = !!modparam_qos;
2321         /* Default to firmware/hardware crypto acceleration. */
2322         dev->hwcrypto_enabled = 1;
2323
2324         if (dev->fw.opensource) {
2325                 u16 fwcapa;
2326
2327                 /* Patchlevel info is encoded in the "time" field. */
2328                 dev->fw.patch = fwtime;
2329                 b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2330                         dev->fw.rev, dev->fw.patch);
2331
2332                 fwcapa = b43_fwcapa_read(dev);
2333                 if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2334                         b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2335                         /* Disable hardware crypto and fall back to software crypto. */
2336                         dev->hwcrypto_enabled = 0;
2337                 }
2338                 if (!(fwcapa & B43_FWCAPA_QOS)) {
2339                         b43info(dev->wl, "QoS not supported by firmware\n");
2340                         /* Disable QoS. Tweak hw->queues to 1. It will be restored before
2341                          * ieee80211_unregister to make sure the networking core can
2342                          * properly free possible resources. */
2343                         dev->wl->hw->queues = 1;
2344                         dev->qos_enabled = 0;
2345                 }
2346         } else {
2347                 b43info(dev->wl, "Loading firmware version %u.%u "
2348                         "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2349                         fwrev, fwpatch,
2350                         (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2351                         (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2352                 if (dev->fw.pcm_request_failed) {
2353                         b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2354                                 "Hardware accelerated cryptography is disabled.\n");
2355                         b43_print_fw_helptext(dev->wl, 0);
2356                 }
2357         }
2358
2359         if (b43_is_old_txhdr_format(dev)) {
2360                 /* We're over the deadline, but we keep support for old fw
2361                  * until it turns out to be in major conflict with something new. */
2362                 b43warn(dev->wl, "You are using an old firmware image. "
2363                         "Support for old firmware will be removed soon "
2364                         "(official deadline was July 2008).\n");
2365                 b43_print_fw_helptext(dev->wl, 0);
2366         }
2367
2368         return 0;
2369
2370 error:
2371         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2372         macctl &= ~B43_MACCTL_PSM_RUN;
2373         macctl |= B43_MACCTL_PSM_JMP0;
2374         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2375
2376         return err;
2377 }
2378
2379 static int b43_write_initvals(struct b43_wldev *dev,
2380                               const struct b43_iv *ivals,
2381                               size_t count,
2382                               size_t array_size)
2383 {
2384         const struct b43_iv *iv;
2385         u16 offset;
2386         size_t i;
2387         bool bit32;
2388
2389         BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2390         iv = ivals;
2391         for (i = 0; i < count; i++) {
2392                 if (array_size < sizeof(iv->offset_size))
2393                         goto err_format;
2394                 array_size -= sizeof(iv->offset_size);
2395                 offset = be16_to_cpu(iv->offset_size);
2396                 bit32 = !!(offset & B43_IV_32BIT);
2397                 offset &= B43_IV_OFFSET_MASK;
2398                 if (offset >= 0x1000)
2399                         goto err_format;
2400                 if (bit32) {
2401                         u32 value;
2402
2403                         if (array_size < sizeof(iv->data.d32))
2404                                 goto err_format;
2405                         array_size -= sizeof(iv->data.d32);
2406
2407                         value = get_unaligned_be32(&iv->data.d32);
2408                         b43_write32(dev, offset, value);
2409
2410                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2411                                                         sizeof(__be16) +
2412                                                         sizeof(__be32));
2413                 } else {
2414                         u16 value;
2415
2416                         if (array_size < sizeof(iv->data.d16))
2417                                 goto err_format;
2418                         array_size -= sizeof(iv->data.d16);
2419
2420                         value = be16_to_cpu(iv->data.d16);
2421                         b43_write16(dev, offset, value);
2422
2423                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2424                                                         sizeof(__be16) +
2425                                                         sizeof(__be16));
2426                 }
2427         }
2428         if (array_size)
2429                 goto err_format;
2430
2431         return 0;
2432
2433 err_format:
2434         b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2435         b43_print_fw_helptext(dev->wl, 1);
2436
2437         return -EPROTO;
2438 }
2439
2440 static int b43_upload_initvals(struct b43_wldev *dev)
2441 {
2442         const size_t hdr_len = sizeof(struct b43_fw_header);
2443         const struct b43_fw_header *hdr;
2444         struct b43_firmware *fw = &dev->fw;
2445         const struct b43_iv *ivals;
2446         size_t count;
2447         int err;
2448
2449         hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2450         ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2451         count = be32_to_cpu(hdr->size);
2452         err = b43_write_initvals(dev, ivals, count,
2453                                  fw->initvals.data->size - hdr_len);
2454         if (err)
2455                 goto out;
2456         if (fw->initvals_band.data) {
2457                 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2458                 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2459                 count = be32_to_cpu(hdr->size);
2460                 err = b43_write_initvals(dev, ivals, count,
2461                                          fw->initvals_band.data->size - hdr_len);
2462                 if (err)
2463                         goto out;
2464         }
2465 out:
2466
2467         return err;
2468 }
2469
2470 /* Initialize the GPIOs
2471  * http://bcm-specs.sipsolutions.net/GPIO
2472  */
2473 static int b43_gpio_init(struct b43_wldev *dev)
2474 {
2475         struct ssb_bus *bus = dev->dev->bus;
2476         struct ssb_device *gpiodev, *pcidev = NULL;
2477         u32 mask, set;
2478
2479         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2480                     & ~B43_MACCTL_GPOUTSMSK);
2481
2482         b43_write16(dev, B43_MMIO_GPIO_MASK, b43_read16(dev, B43_MMIO_GPIO_MASK)
2483                     | 0x000F);
2484
2485         mask = 0x0000001F;
2486         set = 0x0000000F;
2487         if (dev->dev->bus->chip_id == 0x4301) {
2488                 mask |= 0x0060;
2489                 set |= 0x0060;
2490         }
2491         if (0 /* FIXME: conditional unknown */ ) {
2492                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2493                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2494                             | 0x0100);
2495                 mask |= 0x0180;
2496                 set |= 0x0180;
2497         }
2498         if (dev->dev->bus->sprom.boardflags_lo & B43_BFL_PACTRL) {
2499                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2500                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2501                             | 0x0200);
2502                 mask |= 0x0200;
2503                 set |= 0x0200;
2504         }
2505         if (dev->dev->id.revision >= 2)
2506                 mask |= 0x0010; /* FIXME: This is redundant. */
2507
2508 #ifdef CONFIG_SSB_DRIVER_PCICORE
2509         pcidev = bus->pcicore.dev;
2510 #endif
2511         gpiodev = bus->chipco.dev ? : pcidev;
2512         if (!gpiodev)
2513                 return 0;
2514         ssb_write32(gpiodev, B43_GPIO_CONTROL,
2515                     (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2516                      & mask) | set);
2517
2518         return 0;
2519 }
2520
2521 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2522 static void b43_gpio_cleanup(struct b43_wldev *dev)
2523 {
2524         struct ssb_bus *bus = dev->dev->bus;
2525         struct ssb_device *gpiodev, *pcidev = NULL;
2526
2527 #ifdef CONFIG_SSB_DRIVER_PCICORE
2528         pcidev = bus->pcicore.dev;
2529 #endif
2530         gpiodev = bus->chipco.dev ? : pcidev;
2531         if (!gpiodev)
2532                 return;
2533         ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2534 }
2535
2536 /* http://bcm-specs.sipsolutions.net/EnableMac */
2537 void b43_mac_enable(struct b43_wldev *dev)
2538 {
2539         if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2540                 u16 fwstate;
2541
2542                 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2543                                          B43_SHM_SH_UCODESTAT);
2544                 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2545                     (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2546                         b43err(dev->wl, "b43_mac_enable(): The firmware "
2547                                "should be suspended, but current state is %u\n",
2548                                fwstate);
2549                 }
2550         }
2551
2552         dev->mac_suspended--;
2553         B43_WARN_ON(dev->mac_suspended < 0);
2554         if (dev->mac_suspended == 0) {
2555                 b43_write32(dev, B43_MMIO_MACCTL,
2556                             b43_read32(dev, B43_MMIO_MACCTL)
2557                             | B43_MACCTL_ENABLED);
2558                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2559                             B43_IRQ_MAC_SUSPENDED);
2560                 /* Commit writes */
2561                 b43_read32(dev, B43_MMIO_MACCTL);
2562                 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2563                 b43_power_saving_ctl_bits(dev, 0);
2564         }
2565 }
2566
2567 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2568 void b43_mac_suspend(struct b43_wldev *dev)
2569 {
2570         int i;
2571         u32 tmp;
2572
2573         might_sleep();
2574         B43_WARN_ON(dev->mac_suspended < 0);
2575
2576         if (dev->mac_suspended == 0) {
2577                 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2578                 b43_write32(dev, B43_MMIO_MACCTL,
2579                             b43_read32(dev, B43_MMIO_MACCTL)
2580                             & ~B43_MACCTL_ENABLED);
2581                 /* force pci to flush the write */
2582                 b43_read32(dev, B43_MMIO_MACCTL);
2583                 for (i = 35; i; i--) {
2584                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2585                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2586                                 goto out;
2587                         udelay(10);
2588                 }
2589                 /* Hm, it seems this will take some time. Use msleep(). */
2590                 for (i = 40; i; i--) {
2591                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2592                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2593                                 goto out;
2594                         msleep(1);
2595                 }
2596                 b43err(dev->wl, "MAC suspend failed\n");
2597         }
2598 out:
2599         dev->mac_suspended++;
2600 }
2601
2602 static void b43_adjust_opmode(struct b43_wldev *dev)
2603 {
2604         struct b43_wl *wl = dev->wl;
2605         u32 ctl;
2606         u16 cfp_pretbtt;
2607
2608         ctl = b43_read32(dev, B43_MMIO_MACCTL);
2609         /* Reset status to STA infrastructure mode. */
2610         ctl &= ~B43_MACCTL_AP;
2611         ctl &= ~B43_MACCTL_KEEP_CTL;
2612         ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2613         ctl &= ~B43_MACCTL_KEEP_BAD;
2614         ctl &= ~B43_MACCTL_PROMISC;
2615         ctl &= ~B43_MACCTL_BEACPROMISC;
2616         ctl |= B43_MACCTL_INFRA;
2617
2618         if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
2619             b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
2620                 ctl |= B43_MACCTL_AP;
2621         else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
2622                 ctl &= ~B43_MACCTL_INFRA;
2623
2624         if (wl->filter_flags & FIF_CONTROL)
2625                 ctl |= B43_MACCTL_KEEP_CTL;
2626         if (wl->filter_flags & FIF_FCSFAIL)
2627                 ctl |= B43_MACCTL_KEEP_BAD;
2628         if (wl->filter_flags & FIF_PLCPFAIL)
2629                 ctl |= B43_MACCTL_KEEP_BADPLCP;
2630         if (wl->filter_flags & FIF_PROMISC_IN_BSS)
2631                 ctl |= B43_MACCTL_PROMISC;
2632         if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2633                 ctl |= B43_MACCTL_BEACPROMISC;
2634
2635         /* Workaround: On old hardware the HW-MAC-address-filter
2636          * doesn't work properly, so always run promisc in filter
2637          * it in software. */
2638         if (dev->dev->id.revision <= 4)
2639                 ctl |= B43_MACCTL_PROMISC;
2640
2641         b43_write32(dev, B43_MMIO_MACCTL, ctl);
2642
2643         cfp_pretbtt = 2;
2644         if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2645                 if (dev->dev->bus->chip_id == 0x4306 &&
2646                     dev->dev->bus->chip_rev == 3)
2647                         cfp_pretbtt = 100;
2648                 else
2649                         cfp_pretbtt = 50;
2650         }
2651         b43_write16(dev, 0x612, cfp_pretbtt);
2652 }
2653
2654 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
2655 {
2656         u16 offset;
2657
2658         if (is_ofdm) {
2659                 offset = 0x480;
2660                 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
2661         } else {
2662                 offset = 0x4C0;
2663                 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
2664         }
2665         b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
2666                         b43_shm_read16(dev, B43_SHM_SHARED, offset));
2667 }
2668
2669 static void b43_rate_memory_init(struct b43_wldev *dev)
2670 {
2671         switch (dev->phy.type) {
2672         case B43_PHYTYPE_A:
2673         case B43_PHYTYPE_G:
2674         case B43_PHYTYPE_N:
2675         case B43_PHYTYPE_LP:
2676                 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
2677                 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
2678                 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
2679                 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
2680                 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
2681                 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
2682                 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
2683                 if (dev->phy.type == B43_PHYTYPE_A)
2684                         break;
2685                 /* fallthrough */
2686         case B43_PHYTYPE_B:
2687                 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
2688                 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
2689                 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
2690                 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
2691                 break;
2692         default:
2693                 B43_WARN_ON(1);
2694         }
2695 }
2696
2697 /* Set the default values for the PHY TX Control Words. */
2698 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
2699 {
2700         u16 ctl = 0;
2701
2702         ctl |= B43_TXH_PHY_ENC_CCK;
2703         ctl |= B43_TXH_PHY_ANT01AUTO;
2704         ctl |= B43_TXH_PHY_TXPWR;
2705
2706         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
2707         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
2708         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
2709 }
2710
2711 /* Set the TX-Antenna for management frames sent by firmware. */
2712 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
2713 {
2714         u16 ant;
2715         u16 tmp;
2716
2717         ant = b43_antenna_to_phyctl(antenna);
2718
2719         /* For ACK/CTS */
2720         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
2721         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2722         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
2723         /* For Probe Resposes */
2724         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
2725         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2726         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
2727 }
2728
2729 /* This is the opposite of b43_chip_init() */
2730 static void b43_chip_exit(struct b43_wldev *dev)
2731 {
2732         b43_phy_exit(dev);
2733         b43_gpio_cleanup(dev);
2734         /* firmware is released later */
2735 }
2736
2737 /* Initialize the chip
2738  * http://bcm-specs.sipsolutions.net/ChipInit
2739  */
2740 static int b43_chip_init(struct b43_wldev *dev)
2741 {
2742         struct b43_phy *phy = &dev->phy;
2743         int err;
2744         u32 value32, macctl;
2745         u16 value16;
2746
2747         /* Initialize the MAC control */
2748         macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
2749         if (dev->phy.gmode)
2750                 macctl |= B43_MACCTL_GMODE;
2751         macctl |= B43_MACCTL_INFRA;
2752         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2753
2754         err = b43_request_firmware(dev);
2755         if (err)
2756                 goto out;
2757         err = b43_upload_microcode(dev);
2758         if (err)
2759                 goto out;       /* firmware is released later */
2760
2761         err = b43_gpio_init(dev);
2762         if (err)
2763                 goto out;       /* firmware is released later */
2764
2765         err = b43_upload_initvals(dev);
2766         if (err)
2767                 goto err_gpio_clean;
2768
2769         /* Turn the Analog on and initialize the PHY. */
2770         phy->ops->switch_analog(dev, 1);
2771         err = b43_phy_init(dev);
2772         if (err)
2773                 goto err_gpio_clean;
2774
2775         /* Disable Interference Mitigation. */
2776         if (phy->ops->interf_mitigation)
2777                 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
2778
2779         /* Select the antennae */
2780         if (phy->ops->set_rx_antenna)
2781                 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
2782         b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
2783
2784         if (phy->type == B43_PHYTYPE_B) {
2785                 value16 = b43_read16(dev, 0x005E);
2786                 value16 |= 0x0004;
2787                 b43_write16(dev, 0x005E, value16);
2788         }
2789         b43_write32(dev, 0x0100, 0x01000000);
2790         if (dev->dev->id.revision < 5)
2791                 b43_write32(dev, 0x010C, 0x01000000);
2792
2793         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2794                     & ~B43_MACCTL_INFRA);
2795         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2796                     | B43_MACCTL_INFRA);
2797
2798         /* Probe Response Timeout value */
2799         /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
2800         b43_shm_write16(dev, B43_SHM_SHARED, 0x0074, 0x0000);
2801
2802         /* Initially set the wireless operation mode. */
2803         b43_adjust_opmode(dev);
2804
2805         if (dev->dev->id.revision < 3) {
2806                 b43_write16(dev, 0x060E, 0x0000);
2807                 b43_write16(dev, 0x0610, 0x8000);
2808                 b43_write16(dev, 0x0604, 0x0000);
2809                 b43_write16(dev, 0x0606, 0x0200);
2810         } else {
2811                 b43_write32(dev, 0x0188, 0x80000000);
2812                 b43_write32(dev, 0x018C, 0x02000000);
2813         }
2814         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
2815         b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001DC00);
2816         b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
2817         b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
2818         b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
2819         b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
2820         b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
2821
2822         value32 = ssb_read32(dev->dev, SSB_TMSLOW);
2823         value32 |= 0x00100000;
2824         ssb_write32(dev->dev, SSB_TMSLOW, value32);
2825
2826         b43_write16(dev, B43_MMIO_POWERUP_DELAY,
2827                     dev->dev->bus->chipco.fast_pwrup_delay);
2828
2829         err = 0;
2830         b43dbg(dev->wl, "Chip initialized\n");
2831 out:
2832         return err;
2833
2834 err_gpio_clean:
2835         b43_gpio_cleanup(dev);
2836         return err;
2837 }
2838
2839 static void b43_periodic_every60sec(struct b43_wldev *dev)
2840 {
2841         const struct b43_phy_operations *ops = dev->phy.ops;
2842
2843         if (ops->pwork_60sec)
2844                 ops->pwork_60sec(dev);
2845
2846         /* Force check the TX power emission now. */
2847         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
2848 }
2849
2850 static void b43_periodic_every30sec(struct b43_wldev *dev)
2851 {
2852         /* Update device statistics. */
2853         b43_calculate_link_quality(dev);
2854 }
2855
2856 static void b43_periodic_every15sec(struct b43_wldev *dev)
2857 {
2858         struct b43_phy *phy = &dev->phy;
2859         u16 wdr;
2860
2861         if (dev->fw.opensource) {
2862                 /* Check if the firmware is still alive.
2863                  * It will reset the watchdog counter to 0 in its idle loop. */
2864                 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
2865                 if (unlikely(wdr)) {
2866                         b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
2867                         b43_controller_restart(dev, "Firmware watchdog");
2868                         return;
2869                 } else {
2870                         b43_shm_write16(dev, B43_SHM_SCRATCH,
2871                                         B43_WATCHDOG_REG, 1);
2872                 }
2873         }
2874
2875         if (phy->ops->pwork_15sec)
2876                 phy->ops->pwork_15sec(dev);
2877
2878         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
2879         wmb();
2880 }
2881
2882 static void do_periodic_work(struct b43_wldev *dev)
2883 {
2884         unsigned int state;
2885
2886         state = dev->periodic_state;
2887         if (state % 4 == 0)
2888                 b43_periodic_every60sec(dev);
2889         if (state % 2 == 0)
2890                 b43_periodic_every30sec(dev);
2891         b43_periodic_every15sec(dev);
2892 }
2893
2894 /* Periodic work locking policy:
2895  *      The whole periodic work handler is protected by
2896  *      wl->mutex. If another lock is needed somewhere in the
2897  *      pwork callchain, it's aquired in-place, where it's needed.
2898  */
2899 static void b43_periodic_work_handler(struct work_struct *work)
2900 {
2901         struct b43_wldev *dev = container_of(work, struct b43_wldev,
2902                                              periodic_work.work);
2903         struct b43_wl *wl = dev->wl;
2904         unsigned long delay;
2905
2906         mutex_lock(&wl->mutex);
2907
2908         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
2909                 goto out;
2910         if (b43_debug(dev, B43_DBG_PWORK_STOP))
2911                 goto out_requeue;
2912
2913         do_periodic_work(dev);
2914
2915         dev->periodic_state++;
2916 out_requeue:
2917         if (b43_debug(dev, B43_DBG_PWORK_FAST))
2918                 delay = msecs_to_jiffies(50);
2919         else
2920                 delay = round_jiffies_relative(HZ * 15);
2921         ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
2922 out:
2923         mutex_unlock(&wl->mutex);
2924 }
2925
2926 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
2927 {
2928         struct delayed_work *work = &dev->periodic_work;
2929
2930         dev->periodic_state = 0;
2931         INIT_DELAYED_WORK(work, b43_periodic_work_handler);
2932         ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
2933 }
2934
2935 /* Check if communication with the device works correctly. */
2936 static int b43_validate_chipaccess(struct b43_wldev *dev)
2937 {
2938         u32 v, backup0, backup4;
2939
2940         backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
2941         backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
2942
2943         /* Check for read/write and endianness problems. */
2944         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
2945         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
2946                 goto error;
2947         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
2948         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
2949                 goto error;
2950
2951         /* Check if unaligned 32bit SHM_SHARED access works properly.
2952          * However, don't bail out on failure, because it's noncritical. */
2953         b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
2954         b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
2955         b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
2956         b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
2957         if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
2958                 b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
2959         b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
2960         if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
2961             b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
2962             b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
2963             b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
2964                 b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
2965
2966         b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
2967         b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
2968
2969         if ((dev->dev->id.revision >= 3) && (dev->dev->id.revision <= 10)) {
2970                 /* The 32bit register shadows the two 16bit registers
2971                  * with update sideeffects. Validate this. */
2972                 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
2973                 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
2974                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
2975                         goto error;
2976                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
2977                         goto error;
2978         }
2979         b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
2980
2981         v = b43_read32(dev, B43_MMIO_MACCTL);
2982         v |= B43_MACCTL_GMODE;
2983         if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
2984                 goto error;
2985
2986         return 0;
2987 error:
2988         b43err(dev->wl, "Failed to validate the chipaccess\n");
2989         return -ENODEV;
2990 }
2991
2992 static void b43_security_init(struct b43_wldev *dev)
2993 {
2994         dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
2995         /* KTP is a word address, but we address SHM bytewise.
2996          * So multiply by two.
2997          */
2998         dev->ktp *= 2;
2999         /* Number of RCMTA address slots */
3000         b43_write16(dev, B43_MMIO_RCMTA_COUNT, B43_NR_PAIRWISE_KEYS);
3001         /* Clear the key memory. */
3002         b43_clear_keys(dev);
3003 }
3004
3005 #ifdef CONFIG_B43_HWRNG
3006 static int b43_rng_read(struct hwrng *rng, u32 *data)
3007 {
3008         struct b43_wl *wl = (struct b43_wl *)rng->priv;
3009
3010         /* FIXME: We need to take wl->mutex here to make sure the device
3011          * is not going away from under our ass. However it could deadlock
3012          * with hwrng internal locking. */
3013
3014         *data = b43_read16(wl->current_dev, B43_MMIO_RNG);
3015
3016         return (sizeof(u16));
3017 }
3018 #endif /* CONFIG_B43_HWRNG */
3019
3020 static void b43_rng_exit(struct b43_wl *wl)
3021 {
3022 #ifdef CONFIG_B43_HWRNG
3023         if (wl->rng_initialized)
3024                 hwrng_unregister(&wl->rng);
3025 #endif /* CONFIG_B43_HWRNG */
3026 }
3027
3028 static int b43_rng_init(struct b43_wl *wl)
3029 {
3030         int err = 0;
3031
3032 #ifdef CONFIG_B43_HWRNG
3033         snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3034                  "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3035         wl->rng.name = wl->rng_name;
3036         wl->rng.data_read = b43_rng_read;
3037         wl->rng.priv = (unsigned long)wl;
3038         wl->rng_initialized = 1;
3039         err = hwrng_register(&wl->rng);
3040         if (err) {
3041                 wl->rng_initialized = 0;
3042                 b43err(wl, "Failed to register the random "
3043                        "number generator (%d)\n", err);
3044         }
3045 #endif /* CONFIG_B43_HWRNG */
3046
3047         return err;
3048 }
3049
3050 static void b43_tx_work(struct work_struct *work)
3051 {
3052         struct b43_wl *wl = container_of(work, struct b43_wl, tx_work);
3053         struct b43_wldev *dev;
3054         struct sk_buff *skb;
3055         int err = 0;
3056
3057         mutex_lock(&wl->mutex);
3058         dev = wl->current_dev;
3059         if (unlikely(!dev || b43_status(dev) < B43_STAT_STARTED)) {
3060                 mutex_unlock(&wl->mutex);
3061                 return;
3062         }
3063
3064         while (skb_queue_len(&wl->tx_queue)) {
3065                 skb = skb_dequeue(&wl->tx_queue);
3066
3067                 if (b43_using_pio_transfers(dev))
3068                         err = b43_pio_tx(dev, skb);
3069                 else
3070                         err = b43_dma_tx(dev, skb);
3071                 if (unlikely(err))
3072                         dev_kfree_skb(skb); /* Drop it */
3073         }
3074
3075         mutex_unlock(&wl->mutex);
3076 }
3077
3078 static int b43_op_tx(struct ieee80211_hw *hw,
3079                      struct sk_buff *skb)
3080 {
3081         struct b43_wl *wl = hw_to_b43_wl(hw);
3082
3083         if (unlikely(skb->len < 2 + 2 + 6)) {
3084                 /* Too short, this can't be a valid frame. */
3085                 dev_kfree_skb_any(skb);
3086                 return NETDEV_TX_OK;
3087         }
3088         B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3089
3090         skb_queue_tail(&wl->tx_queue, skb);
3091         ieee80211_queue_work(wl->hw, &wl->tx_work);
3092
3093         return NETDEV_TX_OK;
3094 }
3095
3096 static void b43_qos_params_upload(struct b43_wldev *dev,
3097                                   const struct ieee80211_tx_queue_params *p,
3098                                   u16 shm_offset)
3099 {
3100         u16 params[B43_NR_QOSPARAMS];
3101         int bslots, tmp;
3102         unsigned int i;
3103
3104         if (!dev->qos_enabled)
3105                 return;
3106
3107         bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3108
3109         memset(&params, 0, sizeof(params));
3110
3111         params[B43_QOSPARAM_TXOP] = p->txop * 32;
3112         params[B43_QOSPARAM_CWMIN] = p->cw_min;
3113         params[B43_QOSPARAM_CWMAX] = p->cw_max;
3114         params[B43_QOSPARAM_CWCUR] = p->cw_min;
3115         params[B43_QOSPARAM_AIFS] = p->aifs;
3116         params[B43_QOSPARAM_BSLOTS] = bslots;
3117         params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3118
3119         for (i = 0; i < ARRAY_SIZE(params); i++) {
3120                 if (i == B43_QOSPARAM_STATUS) {
3121                         tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3122                                              shm_offset + (i * 2));
3123                         /* Mark the parameters as updated. */
3124                         tmp |= 0x100;
3125                         b43_shm_write16(dev, B43_SHM_SHARED,
3126                                         shm_offset + (i * 2),
3127                                         tmp);
3128                 } else {
3129                         b43_shm_write16(dev, B43_SHM_SHARED,
3130                                         shm_offset + (i * 2),
3131                                         params[i]);
3132                 }
3133         }
3134 }
3135
3136 /* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3137 static const u16 b43_qos_shm_offsets[] = {
3138         /* [mac80211-queue-nr] = SHM_OFFSET, */
3139         [0] = B43_QOS_VOICE,
3140         [1] = B43_QOS_VIDEO,
3141         [2] = B43_QOS_BESTEFFORT,
3142         [3] = B43_QOS_BACKGROUND,
3143 };
3144
3145 /* Update all QOS parameters in hardware. */
3146 static void b43_qos_upload_all(struct b43_wldev *dev)
3147 {
3148         struct b43_wl *wl = dev->wl;
3149         struct b43_qos_params *params;
3150         unsigned int i;
3151
3152         if (!dev->qos_enabled)
3153                 return;
3154
3155         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3156                      ARRAY_SIZE(wl->qos_params));
3157
3158         b43_mac_suspend(dev);
3159         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3160                 params = &(wl->qos_params[i]);
3161                 b43_qos_params_upload(dev, &(params->p),
3162                                       b43_qos_shm_offsets[i]);
3163         }
3164         b43_mac_enable(dev);
3165 }
3166
3167 static void b43_qos_clear(struct b43_wl *wl)
3168 {
3169         struct b43_qos_params *params;
3170         unsigned int i;
3171
3172         /* Initialize QoS parameters to sane defaults. */
3173
3174         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3175                      ARRAY_SIZE(wl->qos_params));
3176
3177         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3178                 params = &(wl->qos_params[i]);
3179
3180                 switch (b43_qos_shm_offsets[i]) {
3181                 case B43_QOS_VOICE:
3182                         params->p.txop = 0;
3183                         params->p.aifs = 2;
3184                         params->p.cw_min = 0x0001;
3185                         params->p.cw_max = 0x0001;
3186                         break;
3187                 case B43_QOS_VIDEO:
3188                         params->p.txop = 0;
3189                         params->p.aifs = 2;
3190                         params->p.cw_min = 0x0001;
3191                         params->p.cw_max = 0x0001;
3192                         break;
3193                 case B43_QOS_BESTEFFORT:
3194                         params->p.txop = 0;
3195                         params->p.aifs = 3;
3196                         params->p.cw_min = 0x0001;
3197                         params->p.cw_max = 0x03FF;