Version:  2.0.40 2.2.26 2.4.37 3.0 3.1 3.2 3.3 3.4 3.5 3.6 3.7 3.8 3.9 3.10 3.11 3.12 3.13 3.14 3.15 3.16

Linux/drivers/net/wireless/b43/main.c

  1 /*
  2 
  3   Broadcom B43 wireless driver
  4 
  5   Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
  6   Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
  7   Copyright (c) 2005-2009 Michael Buesch <m@bues.ch>
  8   Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
  9   Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
 10   Copyright (c) 2010-2011 Rafał Miłecki <zajec5@gmail.com>
 11 
 12   SDIO support
 13   Copyright (c) 2009 Albert Herranz <albert_herranz@yahoo.es>
 14 
 15   Some parts of the code in this file are derived from the ipw2200
 16   driver  Copyright(c) 2003 - 2004 Intel Corporation.
 17 
 18   This program is free software; you can redistribute it and/or modify
 19   it under the terms of the GNU General Public License as published by
 20   the Free Software Foundation; either version 2 of the License, or
 21   (at your option) any later version.
 22 
 23   This program is distributed in the hope that it will be useful,
 24   but WITHOUT ANY WARRANTY; without even the implied warranty of
 25   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 26   GNU General Public License for more details.
 27 
 28   You should have received a copy of the GNU General Public License
 29   along with this program; see the file COPYING.  If not, write to
 30   the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
 31   Boston, MA 02110-1301, USA.
 32 
 33 */
 34 
 35 #include <linux/delay.h>
 36 #include <linux/init.h>
 37 #include <linux/module.h>
 38 #include <linux/if_arp.h>
 39 #include <linux/etherdevice.h>
 40 #include <linux/firmware.h>
 41 #include <linux/workqueue.h>
 42 #include <linux/skbuff.h>
 43 #include <linux/io.h>
 44 #include <linux/dma-mapping.h>
 45 #include <linux/slab.h>
 46 #include <asm/unaligned.h>
 47 
 48 #include "b43.h"
 49 #include "main.h"
 50 #include "debugfs.h"
 51 #include "phy_common.h"
 52 #include "phy_g.h"
 53 #include "phy_n.h"
 54 #include "dma.h"
 55 #include "pio.h"
 56 #include "sysfs.h"
 57 #include "xmit.h"
 58 #include "lo.h"
 59 #include "pcmcia.h"
 60 #include "sdio.h"
 61 #include <linux/mmc/sdio_func.h>
 62 
 63 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
 64 MODULE_AUTHOR("Martin Langer");
 65 MODULE_AUTHOR("Stefano Brivio");
 66 MODULE_AUTHOR("Michael Buesch");
 67 MODULE_AUTHOR("Gábor Stefanik");
 68 MODULE_AUTHOR("Rafał Miłecki");
 69 MODULE_LICENSE("GPL");
 70 
 71 MODULE_FIRMWARE("b43/ucode11.fw");
 72 MODULE_FIRMWARE("b43/ucode13.fw");
 73 MODULE_FIRMWARE("b43/ucode14.fw");
 74 MODULE_FIRMWARE("b43/ucode15.fw");
 75 MODULE_FIRMWARE("b43/ucode16_mimo.fw");
 76 MODULE_FIRMWARE("b43/ucode5.fw");
 77 MODULE_FIRMWARE("b43/ucode9.fw");
 78 
 79 static int modparam_bad_frames_preempt;
 80 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
 81 MODULE_PARM_DESC(bad_frames_preempt,
 82                  "enable(1) / disable(0) Bad Frames Preemption");
 83 
 84 static char modparam_fwpostfix[16];
 85 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
 86 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
 87 
 88 static int modparam_hwpctl;
 89 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
 90 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
 91 
 92 static int modparam_nohwcrypt;
 93 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
 94 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
 95 
 96 static int modparam_hwtkip;
 97 module_param_named(hwtkip, modparam_hwtkip, int, 0444);
 98 MODULE_PARM_DESC(hwtkip, "Enable hardware tkip.");
 99 
100 static int modparam_qos = 1;
101 module_param_named(qos, modparam_qos, int, 0444);
102 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
103 
104 static int modparam_btcoex = 1;
105 module_param_named(btcoex, modparam_btcoex, int, 0444);
106 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistence (default on)");
107 
108 int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
109 module_param_named(verbose, b43_modparam_verbose, int, 0644);
110 MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
111 
112 static int b43_modparam_pio = 0;
113 module_param_named(pio, b43_modparam_pio, int, 0644);
114 MODULE_PARM_DESC(pio, "Use PIO accesses by default: 0=DMA, 1=PIO");
115 
116 static int modparam_allhwsupport = !IS_ENABLED(CONFIG_BRCMSMAC);
117 module_param_named(allhwsupport, modparam_allhwsupport, int, 0444);
118 MODULE_PARM_DESC(allhwsupport, "Enable support for all hardware (even it if overlaps with the brcmsmac driver)");
119 
120 #ifdef CONFIG_B43_BCMA
121 static const struct bcma_device_id b43_bcma_tbl[] = {
122         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x11, BCMA_ANY_CLASS),
123         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x17, BCMA_ANY_CLASS),
124         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x18, BCMA_ANY_CLASS),
125         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1D, BCMA_ANY_CLASS),
126         BCMA_CORETABLE_END
127 };
128 MODULE_DEVICE_TABLE(bcma, b43_bcma_tbl);
129 #endif
130 
131 #ifdef CONFIG_B43_SSB
132 static const struct ssb_device_id b43_ssb_tbl[] = {
133         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
134         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
135         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
136         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
137         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
138         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
139         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 12),
140         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
141         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
142         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
143         SSB_DEVTABLE_END
144 };
145 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
146 #endif
147 
148 /* Channel and ratetables are shared for all devices.
149  * They can't be const, because ieee80211 puts some precalculated
150  * data in there. This data is the same for all devices, so we don't
151  * get concurrency issues */
152 #define RATETAB_ENT(_rateid, _flags) \
153         {                                                               \
154                 .bitrate        = B43_RATE_TO_BASE100KBPS(_rateid),     \
155                 .hw_value       = (_rateid),                            \
156                 .flags          = (_flags),                             \
157         }
158 
159 /*
160  * NOTE: When changing this, sync with xmit.c's
161  *       b43_plcp_get_bitrate_idx_* functions!
162  */
163 static struct ieee80211_rate __b43_ratetable[] = {
164         RATETAB_ENT(B43_CCK_RATE_1MB, 0),
165         RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
166         RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
167         RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
168         RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
169         RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
170         RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
171         RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
172         RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
173         RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
174         RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
175         RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
176 };
177 
178 #define b43_a_ratetable         (__b43_ratetable + 4)
179 #define b43_a_ratetable_size    8
180 #define b43_b_ratetable         (__b43_ratetable + 0)
181 #define b43_b_ratetable_size    4
182 #define b43_g_ratetable         (__b43_ratetable + 0)
183 #define b43_g_ratetable_size    12
184 
185 #define CHAN2G(_channel, _freq, _flags) {                       \
186         .band                   = IEEE80211_BAND_2GHZ,          \
187         .center_freq            = (_freq),                      \
188         .hw_value               = (_channel),                   \
189         .flags                  = (_flags),                     \
190         .max_antenna_gain       = 0,                            \
191         .max_power              = 30,                           \
192 }
193 static struct ieee80211_channel b43_2ghz_chantable[] = {
194         CHAN2G(1, 2412, 0),
195         CHAN2G(2, 2417, 0),
196         CHAN2G(3, 2422, 0),
197         CHAN2G(4, 2427, 0),
198         CHAN2G(5, 2432, 0),
199         CHAN2G(6, 2437, 0),
200         CHAN2G(7, 2442, 0),
201         CHAN2G(8, 2447, 0),
202         CHAN2G(9, 2452, 0),
203         CHAN2G(10, 2457, 0),
204         CHAN2G(11, 2462, 0),
205         CHAN2G(12, 2467, 0),
206         CHAN2G(13, 2472, 0),
207         CHAN2G(14, 2484, 0),
208 };
209 #undef CHAN2G
210 
211 #define CHAN4G(_channel, _flags) {                              \
212         .band                   = IEEE80211_BAND_5GHZ,          \
213         .center_freq            = 4000 + (5 * (_channel)),      \
214         .hw_value               = (_channel),                   \
215         .flags                  = (_flags),                     \
216         .max_antenna_gain       = 0,                            \
217         .max_power              = 30,                           \
218 }
219 #define CHAN5G(_channel, _flags) {                              \
220         .band                   = IEEE80211_BAND_5GHZ,          \
221         .center_freq            = 5000 + (5 * (_channel)),      \
222         .hw_value               = (_channel),                   \
223         .flags                  = (_flags),                     \
224         .max_antenna_gain       = 0,                            \
225         .max_power              = 30,                           \
226 }
227 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
228         CHAN4G(184, 0),         CHAN4G(186, 0),
229         CHAN4G(188, 0),         CHAN4G(190, 0),
230         CHAN4G(192, 0),         CHAN4G(194, 0),
231         CHAN4G(196, 0),         CHAN4G(198, 0),
232         CHAN4G(200, 0),         CHAN4G(202, 0),
233         CHAN4G(204, 0),         CHAN4G(206, 0),
234         CHAN4G(208, 0),         CHAN4G(210, 0),
235         CHAN4G(212, 0),         CHAN4G(214, 0),
236         CHAN4G(216, 0),         CHAN4G(218, 0),
237         CHAN4G(220, 0),         CHAN4G(222, 0),
238         CHAN4G(224, 0),         CHAN4G(226, 0),
239         CHAN4G(228, 0),
240         CHAN5G(32, 0),          CHAN5G(34, 0),
241         CHAN5G(36, 0),          CHAN5G(38, 0),
242         CHAN5G(40, 0),          CHAN5G(42, 0),
243         CHAN5G(44, 0),          CHAN5G(46, 0),
244         CHAN5G(48, 0),          CHAN5G(50, 0),
245         CHAN5G(52, 0),          CHAN5G(54, 0),
246         CHAN5G(56, 0),          CHAN5G(58, 0),
247         CHAN5G(60, 0),          CHAN5G(62, 0),
248         CHAN5G(64, 0),          CHAN5G(66, 0),
249         CHAN5G(68, 0),          CHAN5G(70, 0),
250         CHAN5G(72, 0),          CHAN5G(74, 0),
251         CHAN5G(76, 0),          CHAN5G(78, 0),
252         CHAN5G(80, 0),          CHAN5G(82, 0),
253         CHAN5G(84, 0),          CHAN5G(86, 0),
254         CHAN5G(88, 0),          CHAN5G(90, 0),
255         CHAN5G(92, 0),          CHAN5G(94, 0),
256         CHAN5G(96, 0),          CHAN5G(98, 0),
257         CHAN5G(100, 0),         CHAN5G(102, 0),
258         CHAN5G(104, 0),         CHAN5G(106, 0),
259         CHAN5G(108, 0),         CHAN5G(110, 0),
260         CHAN5G(112, 0),         CHAN5G(114, 0),
261         CHAN5G(116, 0),         CHAN5G(118, 0),
262         CHAN5G(120, 0),         CHAN5G(122, 0),
263         CHAN5G(124, 0),         CHAN5G(126, 0),
264         CHAN5G(128, 0),         CHAN5G(130, 0),
265         CHAN5G(132, 0),         CHAN5G(134, 0),
266         CHAN5G(136, 0),         CHAN5G(138, 0),
267         CHAN5G(140, 0),         CHAN5G(142, 0),
268         CHAN5G(144, 0),         CHAN5G(145, 0),
269         CHAN5G(146, 0),         CHAN5G(147, 0),
270         CHAN5G(148, 0),         CHAN5G(149, 0),
271         CHAN5G(150, 0),         CHAN5G(151, 0),
272         CHAN5G(152, 0),         CHAN5G(153, 0),
273         CHAN5G(154, 0),         CHAN5G(155, 0),
274         CHAN5G(156, 0),         CHAN5G(157, 0),
275         CHAN5G(158, 0),         CHAN5G(159, 0),
276         CHAN5G(160, 0),         CHAN5G(161, 0),
277         CHAN5G(162, 0),         CHAN5G(163, 0),
278         CHAN5G(164, 0),         CHAN5G(165, 0),
279         CHAN5G(166, 0),         CHAN5G(168, 0),
280         CHAN5G(170, 0),         CHAN5G(172, 0),
281         CHAN5G(174, 0),         CHAN5G(176, 0),
282         CHAN5G(178, 0),         CHAN5G(180, 0),
283         CHAN5G(182, 0),
284 };
285 
286 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
287         CHAN5G(34, 0),          CHAN5G(36, 0),
288         CHAN5G(38, 0),          CHAN5G(40, 0),
289         CHAN5G(42, 0),          CHAN5G(44, 0),
290         CHAN5G(46, 0),          CHAN5G(48, 0),
291         CHAN5G(52, 0),          CHAN5G(56, 0),
292         CHAN5G(60, 0),          CHAN5G(64, 0),
293         CHAN5G(100, 0),         CHAN5G(104, 0),
294         CHAN5G(108, 0),         CHAN5G(112, 0),
295         CHAN5G(116, 0),         CHAN5G(120, 0),
296         CHAN5G(124, 0),         CHAN5G(128, 0),
297         CHAN5G(132, 0),         CHAN5G(136, 0),
298         CHAN5G(140, 0),         CHAN5G(149, 0),
299         CHAN5G(153, 0),         CHAN5G(157, 0),
300         CHAN5G(161, 0),         CHAN5G(165, 0),
301         CHAN5G(184, 0),         CHAN5G(188, 0),
302         CHAN5G(192, 0),         CHAN5G(196, 0),
303         CHAN5G(200, 0),         CHAN5G(204, 0),
304         CHAN5G(208, 0),         CHAN5G(212, 0),
305         CHAN5G(216, 0),
306 };
307 #undef CHAN4G
308 #undef CHAN5G
309 
310 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
311         .band           = IEEE80211_BAND_5GHZ,
312         .channels       = b43_5ghz_nphy_chantable,
313         .n_channels     = ARRAY_SIZE(b43_5ghz_nphy_chantable),
314         .bitrates       = b43_a_ratetable,
315         .n_bitrates     = b43_a_ratetable_size,
316 };
317 
318 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
319         .band           = IEEE80211_BAND_5GHZ,
320         .channels       = b43_5ghz_aphy_chantable,
321         .n_channels     = ARRAY_SIZE(b43_5ghz_aphy_chantable),
322         .bitrates       = b43_a_ratetable,
323         .n_bitrates     = b43_a_ratetable_size,
324 };
325 
326 static struct ieee80211_supported_band b43_band_2GHz = {
327         .band           = IEEE80211_BAND_2GHZ,
328         .channels       = b43_2ghz_chantable,
329         .n_channels     = ARRAY_SIZE(b43_2ghz_chantable),
330         .bitrates       = b43_g_ratetable,
331         .n_bitrates     = b43_g_ratetable_size,
332 };
333 
334 static void b43_wireless_core_exit(struct b43_wldev *dev);
335 static int b43_wireless_core_init(struct b43_wldev *dev);
336 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev);
337 static int b43_wireless_core_start(struct b43_wldev *dev);
338 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
339                                     struct ieee80211_vif *vif,
340                                     struct ieee80211_bss_conf *conf,
341                                     u32 changed);
342 
343 static int b43_ratelimit(struct b43_wl *wl)
344 {
345         if (!wl || !wl->current_dev)
346                 return 1;
347         if (b43_status(wl->current_dev) < B43_STAT_STARTED)
348                 return 1;
349         /* We are up and running.
350          * Ratelimit the messages to avoid DoS over the net. */
351         return net_ratelimit();
352 }
353 
354 void b43info(struct b43_wl *wl, const char *fmt, ...)
355 {
356         struct va_format vaf;
357         va_list args;
358 
359         if (b43_modparam_verbose < B43_VERBOSITY_INFO)
360                 return;
361         if (!b43_ratelimit(wl))
362                 return;
363 
364         va_start(args, fmt);
365 
366         vaf.fmt = fmt;
367         vaf.va = &args;
368 
369         printk(KERN_INFO "b43-%s: %pV",
370                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
371 
372         va_end(args);
373 }
374 
375 void b43err(struct b43_wl *wl, const char *fmt, ...)
376 {
377         struct va_format vaf;
378         va_list args;
379 
380         if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
381                 return;
382         if (!b43_ratelimit(wl))
383                 return;
384 
385         va_start(args, fmt);
386 
387         vaf.fmt = fmt;
388         vaf.va = &args;
389 
390         printk(KERN_ERR "b43-%s ERROR: %pV",
391                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
392 
393         va_end(args);
394 }
395 
396 void b43warn(struct b43_wl *wl, const char *fmt, ...)
397 {
398         struct va_format vaf;
399         va_list args;
400 
401         if (b43_modparam_verbose < B43_VERBOSITY_WARN)
402                 return;
403         if (!b43_ratelimit(wl))
404                 return;
405 
406         va_start(args, fmt);
407 
408         vaf.fmt = fmt;
409         vaf.va = &args;
410 
411         printk(KERN_WARNING "b43-%s warning: %pV",
412                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
413 
414         va_end(args);
415 }
416 
417 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
418 {
419         struct va_format vaf;
420         va_list args;
421 
422         if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
423                 return;
424 
425         va_start(args, fmt);
426 
427         vaf.fmt = fmt;
428         vaf.va = &args;
429 
430         printk(KERN_DEBUG "b43-%s debug: %pV",
431                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
432 
433         va_end(args);
434 }
435 
436 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
437 {
438         u32 macctl;
439 
440         B43_WARN_ON(offset % 4 != 0);
441 
442         macctl = b43_read32(dev, B43_MMIO_MACCTL);
443         if (macctl & B43_MACCTL_BE)
444                 val = swab32(val);
445 
446         b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
447         mmiowb();
448         b43_write32(dev, B43_MMIO_RAM_DATA, val);
449 }
450 
451 static inline void b43_shm_control_word(struct b43_wldev *dev,
452                                         u16 routing, u16 offset)
453 {
454         u32 control;
455 
456         /* "offset" is the WORD offset. */
457         control = routing;
458         control <<= 16;
459         control |= offset;
460         b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
461 }
462 
463 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
464 {
465         u32 ret;
466 
467         if (routing == B43_SHM_SHARED) {
468                 B43_WARN_ON(offset & 0x0001);
469                 if (offset & 0x0003) {
470                         /* Unaligned access */
471                         b43_shm_control_word(dev, routing, offset >> 2);
472                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
473                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
474                         ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
475 
476                         goto out;
477                 }
478                 offset >>= 2;
479         }
480         b43_shm_control_word(dev, routing, offset);
481         ret = b43_read32(dev, B43_MMIO_SHM_DATA);
482 out:
483         return ret;
484 }
485 
486 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
487 {
488         u16 ret;
489 
490         if (routing == B43_SHM_SHARED) {
491                 B43_WARN_ON(offset & 0x0001);
492                 if (offset & 0x0003) {
493                         /* Unaligned access */
494                         b43_shm_control_word(dev, routing, offset >> 2);
495                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
496 
497                         goto out;
498                 }
499                 offset >>= 2;
500         }
501         b43_shm_control_word(dev, routing, offset);
502         ret = b43_read16(dev, B43_MMIO_SHM_DATA);
503 out:
504         return ret;
505 }
506 
507 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
508 {
509         if (routing == B43_SHM_SHARED) {
510                 B43_WARN_ON(offset & 0x0001);
511                 if (offset & 0x0003) {
512                         /* Unaligned access */
513                         b43_shm_control_word(dev, routing, offset >> 2);
514                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
515                                     value & 0xFFFF);
516                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
517                         b43_write16(dev, B43_MMIO_SHM_DATA,
518                                     (value >> 16) & 0xFFFF);
519                         return;
520                 }
521                 offset >>= 2;
522         }
523         b43_shm_control_word(dev, routing, offset);
524         b43_write32(dev, B43_MMIO_SHM_DATA, value);
525 }
526 
527 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
528 {
529         if (routing == B43_SHM_SHARED) {
530                 B43_WARN_ON(offset & 0x0001);
531                 if (offset & 0x0003) {
532                         /* Unaligned access */
533                         b43_shm_control_word(dev, routing, offset >> 2);
534                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
535                         return;
536                 }
537                 offset >>= 2;
538         }
539         b43_shm_control_word(dev, routing, offset);
540         b43_write16(dev, B43_MMIO_SHM_DATA, value);
541 }
542 
543 /* Read HostFlags */
544 u64 b43_hf_read(struct b43_wldev *dev)
545 {
546         u64 ret;
547 
548         ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3);
549         ret <<= 16;
550         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2);
551         ret <<= 16;
552         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1);
553 
554         return ret;
555 }
556 
557 /* Write HostFlags */
558 void b43_hf_write(struct b43_wldev *dev, u64 value)
559 {
560         u16 lo, mi, hi;
561 
562         lo = (value & 0x00000000FFFFULL);
563         mi = (value & 0x0000FFFF0000ULL) >> 16;
564         hi = (value & 0xFFFF00000000ULL) >> 32;
565         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1, lo);
566         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2, mi);
567         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3, hi);
568 }
569 
570 /* Read the firmware capabilities bitmask (Opensource firmware only) */
571 static u16 b43_fwcapa_read(struct b43_wldev *dev)
572 {
573         B43_WARN_ON(!dev->fw.opensource);
574         return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
575 }
576 
577 void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
578 {
579         u32 low, high;
580 
581         B43_WARN_ON(dev->dev->core_rev < 3);
582 
583         /* The hardware guarantees us an atomic read, if we
584          * read the low register first. */
585         low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
586         high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
587 
588         *tsf = high;
589         *tsf <<= 32;
590         *tsf |= low;
591 }
592 
593 static void b43_time_lock(struct b43_wldev *dev)
594 {
595         b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_TBTTHOLD);
596         /* Commit the write */
597         b43_read32(dev, B43_MMIO_MACCTL);
598 }
599 
600 static void b43_time_unlock(struct b43_wldev *dev)
601 {
602         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_TBTTHOLD, 0);
603         /* Commit the write */
604         b43_read32(dev, B43_MMIO_MACCTL);
605 }
606 
607 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
608 {
609         u32 low, high;
610 
611         B43_WARN_ON(dev->dev->core_rev < 3);
612 
613         low = tsf;
614         high = (tsf >> 32);
615         /* The hardware guarantees us an atomic write, if we
616          * write the low register first. */
617         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
618         mmiowb();
619         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
620         mmiowb();
621 }
622 
623 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
624 {
625         b43_time_lock(dev);
626         b43_tsf_write_locked(dev, tsf);
627         b43_time_unlock(dev);
628 }
629 
630 static
631 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
632 {
633         static const u8 zero_addr[ETH_ALEN] = { 0 };
634         u16 data;
635 
636         if (!mac)
637                 mac = zero_addr;
638 
639         offset |= 0x0020;
640         b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
641 
642         data = mac[0];
643         data |= mac[1] << 8;
644         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
645         data = mac[2];
646         data |= mac[3] << 8;
647         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
648         data = mac[4];
649         data |= mac[5] << 8;
650         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
651 }
652 
653 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
654 {
655         const u8 *mac;
656         const u8 *bssid;
657         u8 mac_bssid[ETH_ALEN * 2];
658         int i;
659         u32 tmp;
660 
661         bssid = dev->wl->bssid;
662         mac = dev->wl->mac_addr;
663 
664         b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
665 
666         memcpy(mac_bssid, mac, ETH_ALEN);
667         memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
668 
669         /* Write our MAC address and BSSID to template ram */
670         for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
671                 tmp = (u32) (mac_bssid[i + 0]);
672                 tmp |= (u32) (mac_bssid[i + 1]) << 8;
673                 tmp |= (u32) (mac_bssid[i + 2]) << 16;
674                 tmp |= (u32) (mac_bssid[i + 3]) << 24;
675                 b43_ram_write(dev, 0x20 + i, tmp);
676         }
677 }
678 
679 static void b43_upload_card_macaddress(struct b43_wldev *dev)
680 {
681         b43_write_mac_bssid_templates(dev);
682         b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
683 }
684 
685 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
686 {
687         /* slot_time is in usec. */
688         /* This test used to exit for all but a G PHY. */
689         if (b43_current_band(dev->wl) == IEEE80211_BAND_5GHZ)
690                 return;
691         b43_write16(dev, B43_MMIO_IFSSLOT, 510 + slot_time);
692         /* Shared memory location 0x0010 is the slot time and should be
693          * set to slot_time; however, this register is initially 0 and changing
694          * the value adversely affects the transmit rate for BCM4311
695          * devices. Until this behavior is unterstood, delete this step
696          *
697          * b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
698          */
699 }
700 
701 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
702 {
703         b43_set_slot_time(dev, 9);
704 }
705 
706 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
707 {
708         b43_set_slot_time(dev, 20);
709 }
710 
711 /* DummyTransmission function, as documented on
712  * http://bcm-v4.sipsolutions.net/802.11/DummyTransmission
713  */
714 void b43_dummy_transmission(struct b43_wldev *dev, bool ofdm, bool pa_on)
715 {
716         struct b43_phy *phy = &dev->phy;
717         unsigned int i, max_loop;
718         u16 value;
719         u32 buffer[5] = {
720                 0x00000000,
721                 0x00D40000,
722                 0x00000000,
723                 0x01000000,
724                 0x00000000,
725         };
726 
727         if (ofdm) {
728                 max_loop = 0x1E;
729                 buffer[0] = 0x000201CC;
730         } else {
731                 max_loop = 0xFA;
732                 buffer[0] = 0x000B846E;
733         }
734 
735         for (i = 0; i < 5; i++)
736                 b43_ram_write(dev, i * 4, buffer[i]);
737 
738         b43_write16(dev, B43_MMIO_XMTSEL, 0x0000);
739 
740         if (dev->dev->core_rev < 11)
741                 b43_write16(dev, B43_MMIO_WEPCTL, 0x0000);
742         else
743                 b43_write16(dev, B43_MMIO_WEPCTL, 0x0100);
744 
745         value = (ofdm ? 0x41 : 0x40);
746         b43_write16(dev, B43_MMIO_TXE0_PHYCTL, value);
747         if (phy->type == B43_PHYTYPE_N || phy->type == B43_PHYTYPE_LP ||
748             phy->type == B43_PHYTYPE_LCN)
749                 b43_write16(dev, B43_MMIO_TXE0_PHYCTL1, 0x1A02);
750 
751         b43_write16(dev, B43_MMIO_TXE0_WM_0, 0x0000);
752         b43_write16(dev, B43_MMIO_TXE0_WM_1, 0x0000);
753 
754         b43_write16(dev, B43_MMIO_XMTTPLATETXPTR, 0x0000);
755         b43_write16(dev, B43_MMIO_XMTTXCNT, 0x0014);
756         b43_write16(dev, B43_MMIO_XMTSEL, 0x0826);
757         b43_write16(dev, B43_MMIO_TXE0_CTL, 0x0000);
758 
759         if (!pa_on && phy->type == B43_PHYTYPE_N)
760                 ; /*b43_nphy_pa_override(dev, false) */
761 
762         switch (phy->type) {
763         case B43_PHYTYPE_N:
764         case B43_PHYTYPE_LCN:
765                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x00D0);
766                 break;
767         case B43_PHYTYPE_LP:
768                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0050);
769                 break;
770         default:
771                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0030);
772         }
773         b43_read16(dev, B43_MMIO_TXE0_AUX);
774 
775         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
776                 b43_radio_write16(dev, 0x0051, 0x0017);
777         for (i = 0x00; i < max_loop; i++) {
778                 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
779                 if (value & 0x0080)
780                         break;
781                 udelay(10);
782         }
783         for (i = 0x00; i < 0x0A; i++) {
784                 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
785                 if (value & 0x0400)
786                         break;
787                 udelay(10);
788         }
789         for (i = 0x00; i < 0x19; i++) {
790                 value = b43_read16(dev, B43_MMIO_IFSSTAT);
791                 if (!(value & 0x0100))
792                         break;
793                 udelay(10);
794         }
795         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
796                 b43_radio_write16(dev, 0x0051, 0x0037);
797 }
798 
799 static void key_write(struct b43_wldev *dev,
800                       u8 index, u8 algorithm, const u8 *key)
801 {
802         unsigned int i;
803         u32 offset;
804         u16 value;
805         u16 kidx;
806 
807         /* Key index/algo block */
808         kidx = b43_kidx_to_fw(dev, index);
809         value = ((kidx << 4) | algorithm);
810         b43_shm_write16(dev, B43_SHM_SHARED,
811                         B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
812 
813         /* Write the key to the Key Table Pointer offset */
814         offset = dev->ktp + (index * B43_SEC_KEYSIZE);
815         for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
816                 value = key[i];
817                 value |= (u16) (key[i + 1]) << 8;
818                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
819         }
820 }
821 
822 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
823 {
824         u32 addrtmp[2] = { 0, 0, };
825         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
826 
827         if (b43_new_kidx_api(dev))
828                 pairwise_keys_start = B43_NR_GROUP_KEYS;
829 
830         B43_WARN_ON(index < pairwise_keys_start);
831         /* We have four default TX keys and possibly four default RX keys.
832          * Physical mac 0 is mapped to physical key 4 or 8, depending
833          * on the firmware version.
834          * So we must adjust the index here.
835          */
836         index -= pairwise_keys_start;
837         B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
838 
839         if (addr) {
840                 addrtmp[0] = addr[0];
841                 addrtmp[0] |= ((u32) (addr[1]) << 8);
842                 addrtmp[0] |= ((u32) (addr[2]) << 16);
843                 addrtmp[0] |= ((u32) (addr[3]) << 24);
844                 addrtmp[1] = addr[4];
845                 addrtmp[1] |= ((u32) (addr[5]) << 8);
846         }
847 
848         /* Receive match transmitter address (RCMTA) mechanism */
849         b43_shm_write32(dev, B43_SHM_RCMTA,
850                         (index * 2) + 0, addrtmp[0]);
851         b43_shm_write16(dev, B43_SHM_RCMTA,
852                         (index * 2) + 1, addrtmp[1]);
853 }
854 
855 /* The ucode will use phase1 key with TEK key to decrypt rx packets.
856  * When a packet is received, the iv32 is checked.
857  * - if it doesn't the packet is returned without modification (and software
858  *   decryption can be done). That's what happen when iv16 wrap.
859  * - if it does, the rc4 key is computed, and decryption is tried.
860  *   Either it will success and B43_RX_MAC_DEC is returned,
861  *   either it fails and B43_RX_MAC_DEC|B43_RX_MAC_DECERR is returned
862  *   and the packet is not usable (it got modified by the ucode).
863  * So in order to never have B43_RX_MAC_DECERR, we should provide
864  * a iv32 and phase1key that match. Because we drop packets in case of
865  * B43_RX_MAC_DECERR, if we have a correct iv32 but a wrong phase1key, all
866  * packets will be lost without higher layer knowing (ie no resync possible
867  * until next wrap).
868  *
869  * NOTE : this should support 50 key like RCMTA because
870  * (B43_SHM_SH_KEYIDXBLOCK - B43_SHM_SH_TKIPTSCTTAK)/14 = 50
871  */
872 static void rx_tkip_phase1_write(struct b43_wldev *dev, u8 index, u32 iv32,
873                 u16 *phase1key)
874 {
875         unsigned int i;
876         u32 offset;
877         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
878 
879         if (!modparam_hwtkip)
880                 return;
881 
882         if (b43_new_kidx_api(dev))
883                 pairwise_keys_start = B43_NR_GROUP_KEYS;
884 
885         B43_WARN_ON(index < pairwise_keys_start);
886         /* We have four default TX keys and possibly four default RX keys.
887          * Physical mac 0 is mapped to physical key 4 or 8, depending
888          * on the firmware version.
889          * So we must adjust the index here.
890          */
891         index -= pairwise_keys_start;
892         B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
893 
894         if (b43_debug(dev, B43_DBG_KEYS)) {
895                 b43dbg(dev->wl, "rx_tkip_phase1_write : idx 0x%x, iv32 0x%x\n",
896                                 index, iv32);
897         }
898         /* Write the key to the  RX tkip shared mem */
899         offset = B43_SHM_SH_TKIPTSCTTAK + index * (10 + 4);
900         for (i = 0; i < 10; i += 2) {
901                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i,
902                                 phase1key ? phase1key[i / 2] : 0);
903         }
904         b43_shm_write16(dev, B43_SHM_SHARED, offset + i, iv32);
905         b43_shm_write16(dev, B43_SHM_SHARED, offset + i + 2, iv32 >> 16);
906 }
907 
908 static void b43_op_update_tkip_key(struct ieee80211_hw *hw,
909                                    struct ieee80211_vif *vif,
910                                    struct ieee80211_key_conf *keyconf,
911                                    struct ieee80211_sta *sta,
912                                    u32 iv32, u16 *phase1key)
913 {
914         struct b43_wl *wl = hw_to_b43_wl(hw);
915         struct b43_wldev *dev;
916         int index = keyconf->hw_key_idx;
917 
918         if (B43_WARN_ON(!modparam_hwtkip))
919                 return;
920 
921         /* This is only called from the RX path through mac80211, where
922          * our mutex is already locked. */
923         B43_WARN_ON(!mutex_is_locked(&wl->mutex));
924         dev = wl->current_dev;
925         B43_WARN_ON(!dev || b43_status(dev) < B43_STAT_INITIALIZED);
926 
927         keymac_write(dev, index, NULL); /* First zero out mac to avoid race */
928 
929         rx_tkip_phase1_write(dev, index, iv32, phase1key);
930         /* only pairwise TKIP keys are supported right now */
931         if (WARN_ON(!sta))
932                 return;
933         keymac_write(dev, index, sta->addr);
934 }
935 
936 static void do_key_write(struct b43_wldev *dev,
937                          u8 index, u8 algorithm,
938                          const u8 *key, size_t key_len, const u8 *mac_addr)
939 {
940         u8 buf[B43_SEC_KEYSIZE] = { 0, };
941         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
942 
943         if (b43_new_kidx_api(dev))
944                 pairwise_keys_start = B43_NR_GROUP_KEYS;
945 
946         B43_WARN_ON(index >= ARRAY_SIZE(dev->key));
947         B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
948 
949         if (index >= pairwise_keys_start)
950                 keymac_write(dev, index, NULL); /* First zero out mac. */
951         if (algorithm == B43_SEC_ALGO_TKIP) {
952                 /*
953                  * We should provide an initial iv32, phase1key pair.
954                  * We could start with iv32=0 and compute the corresponding
955                  * phase1key, but this means calling ieee80211_get_tkip_key
956                  * with a fake skb (or export other tkip function).
957                  * Because we are lazy we hope iv32 won't start with
958                  * 0xffffffff and let's b43_op_update_tkip_key provide a
959                  * correct pair.
960                  */
961                 rx_tkip_phase1_write(dev, index, 0xffffffff, (u16*)buf);
962         } else if (index >= pairwise_keys_start) /* clear it */
963                 rx_tkip_phase1_write(dev, index, 0, NULL);
964         if (key)
965                 memcpy(buf, key, key_len);
966         key_write(dev, index, algorithm, buf);
967         if (index >= pairwise_keys_start)
968                 keymac_write(dev, index, mac_addr);
969 
970         dev->key[index].algorithm = algorithm;
971 }
972 
973 static int b43_key_write(struct b43_wldev *dev,
974                          int index, u8 algorithm,
975                          const u8 *key, size_t key_len,
976                          const u8 *mac_addr,
977                          struct ieee80211_key_conf *keyconf)
978 {
979         int i;
980         int pairwise_keys_start;
981 
982         /* For ALG_TKIP the key is encoded as a 256-bit (32 byte) data block:
983          *      - Temporal Encryption Key (128 bits)
984          *      - Temporal Authenticator Tx MIC Key (64 bits)
985          *      - Temporal Authenticator Rx MIC Key (64 bits)
986          *
987          *      Hardware only store TEK
988          */
989         if (algorithm == B43_SEC_ALGO_TKIP && key_len == 32)
990                 key_len = 16;
991         if (key_len > B43_SEC_KEYSIZE)
992                 return -EINVAL;
993         for (i = 0; i < ARRAY_SIZE(dev->key); i++) {
994                 /* Check that we don't already have this key. */
995                 B43_WARN_ON(dev->key[i].keyconf == keyconf);
996         }
997         if (index < 0) {
998                 /* Pairwise key. Get an empty slot for the key. */
999                 if (b43_new_kidx_api(dev))
1000                         pairwise_keys_start = B43_NR_GROUP_KEYS;
1001                 else
1002                         pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1003                 for (i = pairwise_keys_start;
1004                      i < pairwise_keys_start + B43_NR_PAIRWISE_KEYS;
1005                      i++) {
1006                         B43_WARN_ON(i >= ARRAY_SIZE(dev->key));
1007                         if (!dev->key[i].keyconf) {
1008                                 /* found empty */
1009                                 index = i;
1010                                 break;
1011                         }
1012                 }
1013                 if (index < 0) {
1014                         b43warn(dev->wl, "Out of hardware key memory\n");
1015                         return -ENOSPC;
1016                 }
1017         } else
1018                 B43_WARN_ON(index > 3);
1019 
1020         do_key_write(dev, index, algorithm, key, key_len, mac_addr);
1021         if ((index <= 3) && !b43_new_kidx_api(dev)) {
1022                 /* Default RX key */
1023                 B43_WARN_ON(mac_addr);
1024                 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
1025         }
1026         keyconf->hw_key_idx = index;
1027         dev->key[index].keyconf = keyconf;
1028 
1029         return 0;
1030 }
1031 
1032 static int b43_key_clear(struct b43_wldev *dev, int index)
1033 {
1034         if (B43_WARN_ON((index < 0) || (index >= ARRAY_SIZE(dev->key))))
1035                 return -EINVAL;
1036         do_key_write(dev, index, B43_SEC_ALGO_NONE,
1037                      NULL, B43_SEC_KEYSIZE, NULL);
1038         if ((index <= 3) && !b43_new_kidx_api(dev)) {
1039                 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
1040                              NULL, B43_SEC_KEYSIZE, NULL);
1041         }
1042         dev->key[index].keyconf = NULL;
1043 
1044         return 0;
1045 }
1046 
1047 static void b43_clear_keys(struct b43_wldev *dev)
1048 {
1049         int i, count;
1050 
1051         if (b43_new_kidx_api(dev))
1052                 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1053         else
1054                 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1055         for (i = 0; i < count; i++)
1056                 b43_key_clear(dev, i);
1057 }
1058 
1059 static void b43_dump_keymemory(struct b43_wldev *dev)
1060 {
1061         unsigned int i, index, count, offset, pairwise_keys_start;
1062         u8 mac[ETH_ALEN];
1063         u16 algo;
1064         u32 rcmta0;
1065         u16 rcmta1;
1066         u64 hf;
1067         struct b43_key *key;
1068 
1069         if (!b43_debug(dev, B43_DBG_KEYS))
1070                 return;
1071 
1072         hf = b43_hf_read(dev);
1073         b43dbg(dev->wl, "Hardware key memory dump:  USEDEFKEYS=%u\n",
1074                !!(hf & B43_HF_USEDEFKEYS));
1075         if (b43_new_kidx_api(dev)) {
1076                 pairwise_keys_start = B43_NR_GROUP_KEYS;
1077                 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1078         } else {
1079                 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1080                 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1081         }
1082         for (index = 0; index < count; index++) {
1083                 key = &(dev->key[index]);
1084                 printk(KERN_DEBUG "Key slot %02u: %s",
1085                        index, (key->keyconf == NULL) ? " " : "*");
1086                 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
1087                 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
1088                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1089                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1090                 }
1091 
1092                 algo = b43_shm_read16(dev, B43_SHM_SHARED,
1093                                       B43_SHM_SH_KEYIDXBLOCK + (index * 2));
1094                 printk("   Algo: %04X/%02X", algo, key->algorithm);
1095 
1096                 if (index >= pairwise_keys_start) {
1097                         if (key->algorithm == B43_SEC_ALGO_TKIP) {
1098                                 printk("   TKIP: ");
1099                                 offset = B43_SHM_SH_TKIPTSCTTAK + (index - 4) * (10 + 4);
1100                                 for (i = 0; i < 14; i += 2) {
1101                                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1102                                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1103                                 }
1104                         }
1105                         rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
1106                                                 ((index - pairwise_keys_start) * 2) + 0);
1107                         rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
1108                                                 ((index - pairwise_keys_start) * 2) + 1);
1109                         *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
1110                         *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
1111                         printk("   MAC: %pM", mac);
1112                 } else
1113                         printk("   DEFAULT KEY");
1114                 printk("\n");
1115         }
1116 }
1117 
1118 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1119 {
1120         u32 macctl;
1121         u16 ucstat;
1122         bool hwps;
1123         bool awake;
1124         int i;
1125 
1126         B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1127                     (ps_flags & B43_PS_DISABLED));
1128         B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1129 
1130         if (ps_flags & B43_PS_ENABLED) {
1131                 hwps = true;
1132         } else if (ps_flags & B43_PS_DISABLED) {
1133                 hwps = false;
1134         } else {
1135                 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1136                 //      and thus is not an AP and we are associated, set bit 25
1137         }
1138         if (ps_flags & B43_PS_AWAKE) {
1139                 awake = true;
1140         } else if (ps_flags & B43_PS_ASLEEP) {
1141                 awake = false;
1142         } else {
1143                 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1144                 //      or we are associated, or FIXME, or the latest PS-Poll packet sent was
1145                 //      successful, set bit26
1146         }
1147 
1148 /* FIXME: For now we force awake-on and hwps-off */
1149         hwps = false;
1150         awake = true;
1151 
1152         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1153         if (hwps)
1154                 macctl |= B43_MACCTL_HWPS;
1155         else
1156                 macctl &= ~B43_MACCTL_HWPS;
1157         if (awake)
1158                 macctl |= B43_MACCTL_AWAKE;
1159         else
1160                 macctl &= ~B43_MACCTL_AWAKE;
1161         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1162         /* Commit write */
1163         b43_read32(dev, B43_MMIO_MACCTL);
1164         if (awake && dev->dev->core_rev >= 5) {
1165                 /* Wait for the microcode to wake up. */
1166                 for (i = 0; i < 100; i++) {
1167                         ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1168                                                 B43_SHM_SH_UCODESTAT);
1169                         if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1170                                 break;
1171                         udelay(10);
1172                 }
1173         }
1174 }
1175 
1176 #ifdef CONFIG_B43_BCMA
1177 static void b43_bcma_phy_reset(struct b43_wldev *dev)
1178 {
1179         u32 flags;
1180 
1181         /* Put PHY into reset */
1182         flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1183         flags |= B43_BCMA_IOCTL_PHY_RESET;
1184         flags |= B43_BCMA_IOCTL_PHY_BW_20MHZ; /* Make 20 MHz def */
1185         bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1186         udelay(2);
1187 
1188         b43_phy_take_out_of_reset(dev);
1189 }
1190 
1191 static void b43_bcma_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1192 {
1193         u32 req = B43_BCMA_CLKCTLST_80211_PLL_REQ |
1194                   B43_BCMA_CLKCTLST_PHY_PLL_REQ;
1195         u32 status = B43_BCMA_CLKCTLST_80211_PLL_ST |
1196                      B43_BCMA_CLKCTLST_PHY_PLL_ST;
1197         u32 flags;
1198 
1199         flags = B43_BCMA_IOCTL_PHY_CLKEN;
1200         if (gmode)
1201                 flags |= B43_BCMA_IOCTL_GMODE;
1202         b43_device_enable(dev, flags);
1203 
1204         bcma_core_set_clockmode(dev->dev->bdev, BCMA_CLKMODE_FAST);
1205         b43_bcma_phy_reset(dev);
1206         bcma_core_pll_ctl(dev->dev->bdev, req, status, true);
1207 }
1208 #endif
1209 
1210 #ifdef CONFIG_B43_SSB
1211 static void b43_ssb_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1212 {
1213         u32 flags = 0;
1214 
1215         if (gmode)
1216                 flags |= B43_TMSLOW_GMODE;
1217         flags |= B43_TMSLOW_PHYCLKEN;
1218         flags |= B43_TMSLOW_PHYRESET;
1219         if (dev->phy.type == B43_PHYTYPE_N)
1220                 flags |= B43_TMSLOW_PHY_BANDWIDTH_20MHZ; /* Make 20 MHz def */
1221         b43_device_enable(dev, flags);
1222         msleep(2);              /* Wait for the PLL to turn on. */
1223 
1224         b43_phy_take_out_of_reset(dev);
1225 }
1226 #endif
1227 
1228 void b43_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1229 {
1230         u32 macctl;
1231 
1232         switch (dev->dev->bus_type) {
1233 #ifdef CONFIG_B43_BCMA
1234         case B43_BUS_BCMA:
1235                 b43_bcma_wireless_core_reset(dev, gmode);
1236                 break;
1237 #endif
1238 #ifdef CONFIG_B43_SSB
1239         case B43_BUS_SSB:
1240                 b43_ssb_wireless_core_reset(dev, gmode);
1241                 break;
1242 #endif
1243         }
1244 
1245         /* Turn Analog ON, but only if we already know the PHY-type.
1246          * This protects against very early setup where we don't know the
1247          * PHY-type, yet. wireless_core_reset will be called once again later,
1248          * when we know the PHY-type. */
1249         if (dev->phy.ops)
1250                 dev->phy.ops->switch_analog(dev, 1);
1251 
1252         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1253         macctl &= ~B43_MACCTL_GMODE;
1254         if (gmode)
1255                 macctl |= B43_MACCTL_GMODE;
1256         macctl |= B43_MACCTL_IHR_ENABLED;
1257         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1258 }
1259 
1260 static void handle_irq_transmit_status(struct b43_wldev *dev)
1261 {
1262         u32 v0, v1;
1263         u16 tmp;
1264         struct b43_txstatus stat;
1265 
1266         while (1) {
1267                 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1268                 if (!(v0 & 0x00000001))
1269                         break;
1270                 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1271 
1272                 stat.cookie = (v0 >> 16);
1273                 stat.seq = (v1 & 0x0000FFFF);
1274                 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1275                 tmp = (v0 & 0x0000FFFF);
1276                 stat.frame_count = ((tmp & 0xF000) >> 12);
1277                 stat.rts_count = ((tmp & 0x0F00) >> 8);
1278                 stat.supp_reason = ((tmp & 0x001C) >> 2);
1279                 stat.pm_indicated = !!(tmp & 0x0080);
1280                 stat.intermediate = !!(tmp & 0x0040);
1281                 stat.for_ampdu = !!(tmp & 0x0020);
1282                 stat.acked = !!(tmp & 0x0002);
1283 
1284                 b43_handle_txstatus(dev, &stat);
1285         }
1286 }
1287 
1288 static void drain_txstatus_queue(struct b43_wldev *dev)
1289 {
1290         u32 dummy;
1291 
1292         if (dev->dev->core_rev < 5)
1293                 return;
1294         /* Read all entries from the microcode TXstatus FIFO
1295          * and throw them away.
1296          */
1297         while (1) {
1298                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1299                 if (!(dummy & 0x00000001))
1300                         break;
1301                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1302         }
1303 }
1304 
1305 static u32 b43_jssi_read(struct b43_wldev *dev)
1306 {
1307         u32 val = 0;
1308 
1309         val = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1);
1310         val <<= 16;
1311         val |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0);
1312 
1313         return val;
1314 }
1315 
1316 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1317 {
1318         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0,
1319                         (jssi & 0x0000FFFF));
1320         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1,
1321                         (jssi & 0xFFFF0000) >> 16);
1322 }
1323 
1324 static void b43_generate_noise_sample(struct b43_wldev *dev)
1325 {
1326         b43_jssi_write(dev, 0x7F7F7F7F);
1327         b43_write32(dev, B43_MMIO_MACCMD,
1328                     b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1329 }
1330 
1331 static void b43_calculate_link_quality(struct b43_wldev *dev)
1332 {
1333         /* Top half of Link Quality calculation. */
1334 
1335         if (dev->phy.type != B43_PHYTYPE_G)
1336                 return;
1337         if (dev->noisecalc.calculation_running)
1338                 return;
1339         dev->noisecalc.calculation_running = true;
1340         dev->noisecalc.nr_samples = 0;
1341 
1342         b43_generate_noise_sample(dev);
1343 }
1344 
1345 static void handle_irq_noise(struct b43_wldev *dev)
1346 {
1347         struct b43_phy_g *phy = dev->phy.g;
1348         u16 tmp;
1349         u8 noise[4];
1350         u8 i, j;
1351         s32 average;
1352 
1353         /* Bottom half of Link Quality calculation. */
1354 
1355         if (dev->phy.type != B43_PHYTYPE_G)
1356                 return;
1357 
1358         /* Possible race condition: It might be possible that the user
1359          * changed to a different channel in the meantime since we
1360          * started the calculation. We ignore that fact, since it's
1361          * not really that much of a problem. The background noise is
1362          * an estimation only anyway. Slightly wrong results will get damped
1363          * by the averaging of the 8 sample rounds. Additionally the
1364          * value is shortlived. So it will be replaced by the next noise
1365          * calculation round soon. */
1366 
1367         B43_WARN_ON(!dev->noisecalc.calculation_running);
1368         *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1369         if (noise[0] == 0x7F || noise[1] == 0x7F ||
1370             noise[2] == 0x7F || noise[3] == 0x7F)
1371                 goto generate_new;
1372 
1373         /* Get the noise samples. */
1374         B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1375         i = dev->noisecalc.nr_samples;
1376         noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1377         noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1378         noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1379         noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1380         dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1381         dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1382         dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1383         dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1384         dev->noisecalc.nr_samples++;
1385         if (dev->noisecalc.nr_samples == 8) {
1386                 /* Calculate the Link Quality by the noise samples. */
1387                 average = 0;
1388                 for (i = 0; i < 8; i++) {
1389                         for (j = 0; j < 4; j++)
1390                                 average += dev->noisecalc.samples[i][j];
1391                 }
1392                 average /= (8 * 4);
1393                 average *= 125;
1394                 average += 64;
1395                 average /= 128;
1396                 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1397                 tmp = (tmp / 128) & 0x1F;
1398                 if (tmp >= 8)
1399                         average += 2;
1400                 else
1401                         average -= 25;
1402                 if (tmp == 8)
1403                         average -= 72;
1404                 else
1405                         average -= 48;
1406 
1407                 dev->stats.link_noise = average;
1408                 dev->noisecalc.calculation_running = false;
1409                 return;
1410         }
1411 generate_new:
1412         b43_generate_noise_sample(dev);
1413 }
1414 
1415 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1416 {
1417         if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1418                 ///TODO: PS TBTT
1419         } else {
1420                 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1421                         b43_power_saving_ctl_bits(dev, 0);
1422         }
1423         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1424                 dev->dfq_valid = true;
1425 }
1426 
1427 static void handle_irq_atim_end(struct b43_wldev *dev)
1428 {
1429         if (dev->dfq_valid) {
1430                 b43_write32(dev, B43_MMIO_MACCMD,
1431                             b43_read32(dev, B43_MMIO_MACCMD)
1432                             | B43_MACCMD_DFQ_VALID);
1433                 dev->dfq_valid = false;
1434         }
1435 }
1436 
1437 static void handle_irq_pmq(struct b43_wldev *dev)
1438 {
1439         u32 tmp;
1440 
1441         //TODO: AP mode.
1442 
1443         while (1) {
1444                 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1445                 if (!(tmp & 0x00000008))
1446                         break;
1447         }
1448         /* 16bit write is odd, but correct. */
1449         b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1450 }
1451 
1452 static void b43_write_template_common(struct b43_wldev *dev,
1453                                       const u8 *data, u16 size,
1454                                       u16 ram_offset,
1455                                       u16 shm_size_offset, u8 rate)
1456 {
1457         u32 i, tmp;
1458         struct b43_plcp_hdr4 plcp;
1459 
1460         plcp.data = 0;
1461         b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1462         b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1463         ram_offset += sizeof(u32);
1464         /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1465          * So leave the first two bytes of the next write blank.
1466          */
1467         tmp = (u32) (data[0]) << 16;
1468         tmp |= (u32) (data[1]) << 24;
1469         b43_ram_write(dev, ram_offset, tmp);
1470         ram_offset += sizeof(u32);
1471         for (i = 2; i < size; i += sizeof(u32)) {
1472                 tmp = (u32) (data[i + 0]);
1473                 if (i + 1 < size)
1474                         tmp |= (u32) (data[i + 1]) << 8;
1475                 if (i + 2 < size)
1476                         tmp |= (u32) (data[i + 2]) << 16;
1477                 if (i + 3 < size)
1478                         tmp |= (u32) (data[i + 3]) << 24;
1479                 b43_ram_write(dev, ram_offset + i - 2, tmp);
1480         }
1481         b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1482                         size + sizeof(struct b43_plcp_hdr6));
1483 }
1484 
1485 /* Check if the use of the antenna that ieee80211 told us to
1486  * use is possible. This will fall back to DEFAULT.
1487  * "antenna_nr" is the antenna identifier we got from ieee80211. */
1488 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1489                                   u8 antenna_nr)
1490 {
1491         u8 antenna_mask;
1492 
1493         if (antenna_nr == 0) {
1494                 /* Zero means "use default antenna". That's always OK. */
1495                 return 0;
1496         }
1497 
1498         /* Get the mask of available antennas. */
1499         if (dev->phy.gmode)
1500                 antenna_mask = dev->dev->bus_sprom->ant_available_bg;
1501         else
1502                 antenna_mask = dev->dev->bus_sprom->ant_available_a;
1503 
1504         if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1505                 /* This antenna is not available. Fall back to default. */
1506                 return 0;
1507         }
1508 
1509         return antenna_nr;
1510 }
1511 
1512 /* Convert a b43 antenna number value to the PHY TX control value. */
1513 static u16 b43_antenna_to_phyctl(int antenna)
1514 {
1515         switch (antenna) {
1516         case B43_ANTENNA0:
1517                 return B43_TXH_PHY_ANT0;
1518         case B43_ANTENNA1:
1519                 return B43_TXH_PHY_ANT1;
1520         case B43_ANTENNA2:
1521                 return B43_TXH_PHY_ANT2;
1522         case B43_ANTENNA3:
1523                 return B43_TXH_PHY_ANT3;
1524         case B43_ANTENNA_AUTO0:
1525         case B43_ANTENNA_AUTO1:
1526                 return B43_TXH_PHY_ANT01AUTO;
1527         }
1528         B43_WARN_ON(1);
1529         return 0;
1530 }
1531 
1532 static void b43_write_beacon_template(struct b43_wldev *dev,
1533                                       u16 ram_offset,
1534                                       u16 shm_size_offset)
1535 {
1536         unsigned int i, len, variable_len;
1537         const struct ieee80211_mgmt *bcn;
1538         const u8 *ie;
1539         bool tim_found = false;
1540         unsigned int rate;
1541         u16 ctl;
1542         int antenna;
1543         struct ieee80211_tx_info *info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1544 
1545         bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1546         len = min_t(size_t, dev->wl->current_beacon->len,
1547                   0x200 - sizeof(struct b43_plcp_hdr6));
1548         rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1549 
1550         b43_write_template_common(dev, (const u8 *)bcn,
1551                                   len, ram_offset, shm_size_offset, rate);
1552 
1553         /* Write the PHY TX control parameters. */
1554         antenna = B43_ANTENNA_DEFAULT;
1555         antenna = b43_antenna_to_phyctl(antenna);
1556         ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1557         /* We can't send beacons with short preamble. Would get PHY errors. */
1558         ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1559         ctl &= ~B43_TXH_PHY_ANT;
1560         ctl &= ~B43_TXH_PHY_ENC;
1561         ctl |= antenna;
1562         if (b43_is_cck_rate(rate))
1563                 ctl |= B43_TXH_PHY_ENC_CCK;
1564         else
1565                 ctl |= B43_TXH_PHY_ENC_OFDM;
1566         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1567 
1568         /* Find the position of the TIM and the DTIM_period value
1569          * and write them to SHM. */
1570         ie = bcn->u.beacon.variable;
1571         variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1572         for (i = 0; i < variable_len - 2; ) {
1573                 uint8_t ie_id, ie_len;
1574 
1575                 ie_id = ie[i];
1576                 ie_len = ie[i + 1];
1577                 if (ie_id == 5) {
1578                         u16 tim_position;
1579                         u16 dtim_period;
1580                         /* This is the TIM Information Element */
1581 
1582                         /* Check whether the ie_len is in the beacon data range. */
1583                         if (variable_len < ie_len + 2 + i)
1584                                 break;
1585                         /* A valid TIM is at least 4 bytes long. */
1586                         if (ie_len < 4)
1587                                 break;
1588                         tim_found = true;
1589 
1590                         tim_position = sizeof(struct b43_plcp_hdr6);
1591                         tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1592                         tim_position += i;
1593 
1594                         dtim_period = ie[i + 3];
1595 
1596                         b43_shm_write16(dev, B43_SHM_SHARED,
1597                                         B43_SHM_SH_TIMBPOS, tim_position);
1598                         b43_shm_write16(dev, B43_SHM_SHARED,
1599                                         B43_SHM_SH_DTIMPER, dtim_period);
1600                         break;
1601                 }
1602                 i += ie_len + 2;
1603         }
1604         if (!tim_found) {
1605                 /*
1606                  * If ucode wants to modify TIM do it behind the beacon, this
1607                  * will happen, for example, when doing mesh networking.
1608                  */
1609                 b43_shm_write16(dev, B43_SHM_SHARED,
1610                                 B43_SHM_SH_TIMBPOS,
1611                                 len + sizeof(struct b43_plcp_hdr6));
1612                 b43_shm_write16(dev, B43_SHM_SHARED,
1613                                 B43_SHM_SH_DTIMPER, 0);
1614         }
1615         b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1616 }
1617 
1618 static void b43_upload_beacon0(struct b43_wldev *dev)
1619 {
1620         struct b43_wl *wl = dev->wl;
1621 
1622         if (wl->beacon0_uploaded)
1623                 return;
1624         b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE0, B43_SHM_SH_BTL0);
1625         wl->beacon0_uploaded = true;
1626 }
1627 
1628 static void b43_upload_beacon1(struct b43_wldev *dev)
1629 {
1630         struct b43_wl *wl = dev->wl;
1631 
1632         if (wl->beacon1_uploaded)
1633                 return;
1634         b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE1, B43_SHM_SH_BTL1);
1635         wl->beacon1_uploaded = true;
1636 }
1637 
1638 static void handle_irq_beacon(struct b43_wldev *dev)
1639 {
1640         struct b43_wl *wl = dev->wl;
1641         u32 cmd, beacon0_valid, beacon1_valid;
1642 
1643         if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1644             !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) &&
1645             !b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
1646                 return;
1647 
1648         /* This is the bottom half of the asynchronous beacon update. */
1649 
1650         /* Ignore interrupt in the future. */
1651         dev->irq_mask &= ~B43_IRQ_BEACON;
1652 
1653         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1654         beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1655         beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1656 
1657         /* Schedule interrupt manually, if busy. */
1658         if (beacon0_valid && beacon1_valid) {
1659                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1660                 dev->irq_mask |= B43_IRQ_BEACON;
1661                 return;
1662         }
1663 
1664         if (unlikely(wl->beacon_templates_virgin)) {
1665                 /* We never uploaded a beacon before.
1666                  * Upload both templates now, but only mark one valid. */
1667                 wl->beacon_templates_virgin = false;
1668                 b43_upload_beacon0(dev);
1669                 b43_upload_beacon1(dev);
1670                 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1671                 cmd |= B43_MACCMD_BEACON0_VALID;
1672                 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1673         } else {
1674                 if (!beacon0_valid) {
1675                         b43_upload_beacon0(dev);
1676                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1677                         cmd |= B43_MACCMD_BEACON0_VALID;
1678                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1679                 } else if (!beacon1_valid) {
1680                         b43_upload_beacon1(dev);
1681                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1682                         cmd |= B43_MACCMD_BEACON1_VALID;
1683                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1684                 }
1685         }
1686 }
1687 
1688 static void b43_do_beacon_update_trigger_work(struct b43_wldev *dev)
1689 {
1690         u32 old_irq_mask = dev->irq_mask;
1691 
1692         /* update beacon right away or defer to irq */
1693         handle_irq_beacon(dev);
1694         if (old_irq_mask != dev->irq_mask) {
1695                 /* The handler updated the IRQ mask. */
1696                 B43_WARN_ON(!dev->irq_mask);
1697                 if (b43_read32(dev, B43_MMIO_GEN_IRQ_MASK)) {
1698                         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1699                 } else {
1700                         /* Device interrupts are currently disabled. That means
1701                          * we just ran the hardirq handler and scheduled the
1702                          * IRQ thread. The thread will write the IRQ mask when
1703                          * it finished, so there's nothing to do here. Writing
1704                          * the mask _here_ would incorrectly re-enable IRQs. */
1705                 }
1706         }
1707 }
1708 
1709 static void b43_beacon_update_trigger_work(struct work_struct *work)
1710 {
1711         struct b43_wl *wl = container_of(work, struct b43_wl,
1712                                          beacon_update_trigger);
1713         struct b43_wldev *dev;
1714 
1715         mutex_lock(&wl->mutex);
1716         dev = wl->current_dev;
1717         if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1718                 if (b43_bus_host_is_sdio(dev->dev)) {
1719                         /* wl->mutex is enough. */
1720                         b43_do_beacon_update_trigger_work(dev);
1721                         mmiowb();
1722                 } else {
1723                         spin_lock_irq(&wl->hardirq_lock);
1724                         b43_do_beacon_update_trigger_work(dev);
1725                         mmiowb();
1726                         spin_unlock_irq(&wl->hardirq_lock);
1727                 }
1728         }
1729         mutex_unlock(&wl->mutex);
1730 }
1731 
1732 /* Asynchronously update the packet templates in template RAM.
1733  * Locking: Requires wl->mutex to be locked. */
1734 static void b43_update_templates(struct b43_wl *wl)
1735 {
1736         struct sk_buff *beacon;
1737 
1738         /* This is the top half of the ansynchronous beacon update.
1739          * The bottom half is the beacon IRQ.
1740          * Beacon update must be asynchronous to avoid sending an
1741          * invalid beacon. This can happen for example, if the firmware
1742          * transmits a beacon while we are updating it. */
1743 
1744         /* We could modify the existing beacon and set the aid bit in
1745          * the TIM field, but that would probably require resizing and
1746          * moving of data within the beacon template.
1747          * Simply request a new beacon and let mac80211 do the hard work. */
1748         beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1749         if (unlikely(!beacon))
1750                 return;
1751 
1752         if (wl->current_beacon)
1753                 dev_kfree_skb_any(wl->current_beacon);
1754         wl->current_beacon = beacon;
1755         wl->beacon0_uploaded = false;
1756         wl->beacon1_uploaded = false;
1757         ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1758 }
1759 
1760 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1761 {
1762         b43_time_lock(dev);
1763         if (dev->dev->core_rev >= 3) {
1764                 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1765                 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1766         } else {
1767                 b43_write16(dev, 0x606, (beacon_int >> 6));
1768                 b43_write16(dev, 0x610, beacon_int);
1769         }
1770         b43_time_unlock(dev);
1771         b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1772 }
1773 
1774 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1775 {
1776         u16 reason;
1777 
1778         /* Read the register that contains the reason code for the panic. */
1779         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1780         b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1781 
1782         switch (reason) {
1783         default:
1784                 b43dbg(dev->wl, "The panic reason is unknown.\n");
1785                 /* fallthrough */
1786         case B43_FWPANIC_DIE:
1787                 /* Do not restart the controller or firmware.
1788                  * The device is nonfunctional from now on.
1789                  * Restarting would result in this panic to trigger again,
1790                  * so we avoid that recursion. */
1791                 break;
1792         case B43_FWPANIC_RESTART:
1793                 b43_controller_restart(dev, "Microcode panic");
1794                 break;
1795         }
1796 }
1797 
1798 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1799 {
1800         unsigned int i, cnt;
1801         u16 reason, marker_id, marker_line;
1802         __le16 *buf;
1803 
1804         /* The proprietary firmware doesn't have this IRQ. */
1805         if (!dev->fw.opensource)
1806                 return;
1807 
1808         /* Read the register that contains the reason code for this IRQ. */
1809         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1810 
1811         switch (reason) {
1812         case B43_DEBUGIRQ_PANIC:
1813                 b43_handle_firmware_panic(dev);
1814                 break;
1815         case B43_DEBUGIRQ_DUMP_SHM:
1816                 if (!B43_DEBUG)
1817                         break; /* Only with driver debugging enabled. */
1818                 buf = kmalloc(4096, GFP_ATOMIC);
1819                 if (!buf) {
1820                         b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1821                         goto out;
1822                 }
1823                 for (i = 0; i < 4096; i += 2) {
1824                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1825                         buf[i / 2] = cpu_to_le16(tmp);
1826                 }
1827                 b43info(dev->wl, "Shared memory dump:\n");
1828                 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1829                                16, 2, buf, 4096, 1);
1830                 kfree(buf);
1831                 break;
1832         case B43_DEBUGIRQ_DUMP_REGS:
1833                 if (!B43_DEBUG)
1834                         break; /* Only with driver debugging enabled. */
1835                 b43info(dev->wl, "Microcode register dump:\n");
1836                 for (i = 0, cnt = 0; i < 64; i++) {
1837                         u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1838                         if (cnt == 0)
1839                                 printk(KERN_INFO);
1840                         printk("r%02u: 0x%04X  ", i, tmp);
1841                         cnt++;
1842                         if (cnt == 6) {
1843                                 printk("\n");
1844                                 cnt = 0;
1845                         }
1846                 }
1847                 printk("\n");
1848                 break;
1849         case B43_DEBUGIRQ_MARKER:
1850                 if (!B43_DEBUG)
1851                         break; /* Only with driver debugging enabled. */
1852                 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1853                                            B43_MARKER_ID_REG);
1854                 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1855                                              B43_MARKER_LINE_REG);
1856                 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1857                         "at line number %u\n",
1858                         marker_id, marker_line);
1859                 break;
1860         default:
1861                 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1862                        reason);
1863         }
1864 out:
1865         /* Acknowledge the debug-IRQ, so the firmware can continue. */
1866         b43_shm_write16(dev, B43_SHM_SCRATCH,
1867                         B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1868 }
1869 
1870 static void b43_do_interrupt_thread(struct b43_wldev *dev)
1871 {
1872         u32 reason;
1873         u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1874         u32 merged_dma_reason = 0;
1875         int i;
1876 
1877         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
1878                 return;
1879 
1880         reason = dev->irq_reason;
1881         for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1882                 dma_reason[i] = dev->dma_reason[i];
1883                 merged_dma_reason |= dma_reason[i];
1884         }
1885 
1886         if (unlikely(reason & B43_IRQ_MAC_TXERR))
1887                 b43err(dev->wl, "MAC transmission error\n");
1888 
1889         if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1890                 b43err(dev->wl, "PHY transmission error\n");
1891                 rmb();
1892                 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1893                         atomic_set(&dev->phy.txerr_cnt,
1894                                    B43_PHY_TX_BADNESS_LIMIT);
1895                         b43err(dev->wl, "Too many PHY TX errors, "
1896                                         "restarting the controller\n");
1897                         b43_controller_restart(dev, "PHY TX errors");
1898                 }
1899         }
1900 
1901         if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK))) {
1902                 b43err(dev->wl,
1903                         "Fatal DMA error: 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X\n",
1904                         dma_reason[0], dma_reason[1],
1905                         dma_reason[2], dma_reason[3],
1906                         dma_reason[4], dma_reason[5]);
1907                 b43err(dev->wl, "This device does not support DMA "
1908                                "on your system. It will now be switched to PIO.\n");
1909                 /* Fall back to PIO transfers if we get fatal DMA errors! */
1910                 dev->use_pio = true;
1911                 b43_controller_restart(dev, "DMA error");
1912                 return;
1913         }
1914 
1915         if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1916                 handle_irq_ucode_debug(dev);
1917         if (reason & B43_IRQ_TBTT_INDI)
1918                 handle_irq_tbtt_indication(dev);
1919         if (reason & B43_IRQ_ATIM_END)
1920                 handle_irq_atim_end(dev);
1921         if (reason & B43_IRQ_BEACON)
1922                 handle_irq_beacon(dev);
1923         if (reason & B43_IRQ_PMQ)
1924                 handle_irq_pmq(dev);
1925         if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1926                 ;/* TODO */
1927         if (reason & B43_IRQ_NOISESAMPLE_OK)
1928                 handle_irq_noise(dev);
1929 
1930         /* Check the DMA reason registers for received data. */
1931         if (dma_reason[0] & B43_DMAIRQ_RDESC_UFLOW) {
1932                 if (B43_DEBUG)
1933                         b43warn(dev->wl, "RX descriptor underrun\n");
1934                 b43_dma_handle_rx_overflow(dev->dma.rx_ring);
1935         }
1936         if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
1937                 if (b43_using_pio_transfers(dev))
1938                         b43_pio_rx(dev->pio.rx_queue);
1939                 else
1940                         b43_dma_rx(dev->dma.rx_ring);
1941         }
1942         B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1943         B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
1944         B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
1945         B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1946         B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1947 
1948         if (reason & B43_IRQ_TX_OK)
1949                 handle_irq_transmit_status(dev);
1950 
1951         /* Re-enable interrupts on the device by restoring the current interrupt mask. */
1952         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1953 
1954 #if B43_DEBUG
1955         if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
1956                 dev->irq_count++;
1957                 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
1958                         if (reason & (1 << i))
1959                                 dev->irq_bit_count[i]++;
1960                 }
1961         }
1962 #endif
1963 }
1964 
1965 /* Interrupt thread handler. Handles device interrupts in thread context. */
1966 static irqreturn_t b43_interrupt_thread_handler(int irq, void *dev_id)
1967 {
1968         struct b43_wldev *dev = dev_id;
1969 
1970         mutex_lock(&dev->wl->mutex);
1971         b43_do_interrupt_thread(dev);
1972         mmiowb();
1973         mutex_unlock(&dev->wl->mutex);
1974 
1975         return IRQ_HANDLED;
1976 }
1977 
1978 static irqreturn_t b43_do_interrupt(struct b43_wldev *dev)
1979 {
1980         u32 reason;
1981 
1982         /* This code runs under wl->hardirq_lock, but _only_ on non-SDIO busses.
1983          * On SDIO, this runs under wl->mutex. */
1984 
1985         reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1986         if (reason == 0xffffffff)       /* shared IRQ */
1987                 return IRQ_NONE;
1988         reason &= dev->irq_mask;
1989         if (!reason)
1990                 return IRQ_NONE;
1991 
1992         dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
1993             & 0x0001FC00;
1994         dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
1995             & 0x0000DC00;
1996         dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
1997             & 0x0000DC00;
1998         dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
1999             & 0x0001DC00;
2000         dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
2001             & 0x0000DC00;
2002 /* Unused ring
2003         dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
2004             & 0x0000DC00;
2005 */
2006 
2007         /* ACK the interrupt. */
2008         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
2009         b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
2010         b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
2011         b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
2012         b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
2013         b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
2014 /* Unused ring
2015         b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
2016 */
2017 
2018         /* Disable IRQs on the device. The IRQ thread handler will re-enable them. */
2019         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
2020         /* Save the reason bitmasks for the IRQ thread handler. */
2021         dev->irq_reason = reason;
2022 
2023         return IRQ_WAKE_THREAD;
2024 }
2025 
2026 /* Interrupt handler top-half. This runs with interrupts disabled. */
2027 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
2028 {
2029         struct b43_wldev *dev = dev_id;
2030         irqreturn_t ret;
2031 
2032         if (unlikely(b43_status(dev) < B43_STAT_STARTED))
2033                 return IRQ_NONE;
2034 
2035         spin_lock(&dev->wl->hardirq_lock);
2036         ret = b43_do_interrupt(dev);
2037         mmiowb();
2038         spin_unlock(&dev->wl->hardirq_lock);
2039 
2040         return ret;
2041 }
2042 
2043 /* SDIO interrupt handler. This runs in process context. */
2044 static void b43_sdio_interrupt_handler(struct b43_wldev *dev)
2045 {
2046         struct b43_wl *wl = dev->wl;
2047         irqreturn_t ret;
2048 
2049         mutex_lock(&wl->mutex);
2050 
2051         ret = b43_do_interrupt(dev);
2052         if (ret == IRQ_WAKE_THREAD)
2053                 b43_do_interrupt_thread(dev);
2054 
2055         mutex_unlock(&wl->mutex);
2056 }
2057 
2058 void b43_do_release_fw(struct b43_firmware_file *fw)
2059 {
2060         release_firmware(fw->data);
2061         fw->data = NULL;
2062         fw->filename = NULL;
2063 }
2064 
2065 static void b43_release_firmware(struct b43_wldev *dev)
2066 {
2067         complete(&dev->fw_load_complete);
2068         b43_do_release_fw(&dev->fw.ucode);
2069         b43_do_release_fw(&dev->fw.pcm);
2070         b43_do_release_fw(&dev->fw.initvals);
2071         b43_do_release_fw(&dev->fw.initvals_band);
2072 }
2073 
2074 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
2075 {
2076         const char text[] =
2077                 "You must go to " \
2078                 "http://wireless.kernel.org/en/users/Drivers/b43#devicefirmware " \
2079                 "and download the correct firmware for this driver version. " \
2080                 "Please carefully read all instructions on this website.\n";
2081 
2082         if (error)
2083                 b43err(wl, text);
2084         else
2085                 b43warn(wl, text);
2086 }
2087 
2088 static void b43_fw_cb(const struct firmware *firmware, void *context)
2089 {
2090         struct b43_request_fw_context *ctx = context;
2091 
2092         ctx->blob = firmware;
2093         complete(&ctx->dev->fw_load_complete);
2094 }
2095 
2096 int b43_do_request_fw(struct b43_request_fw_context *ctx,
2097                       const char *name,
2098                       struct b43_firmware_file *fw, bool async)
2099 {
2100         struct b43_fw_header *hdr;
2101         u32 size;
2102         int err;
2103 
2104         if (!name) {
2105                 /* Don't fetch anything. Free possibly cached firmware. */
2106                 /* FIXME: We should probably keep it anyway, to save some headache
2107                  * on suspend/resume with multiband devices. */
2108                 b43_do_release_fw(fw);
2109                 return 0;
2110         }
2111         if (fw->filename) {
2112                 if ((fw->type == ctx->req_type) &&
2113                     (strcmp(fw->filename, name) == 0))
2114                         return 0; /* Already have this fw. */
2115                 /* Free the cached firmware first. */
2116                 /* FIXME: We should probably do this later after we successfully
2117                  * got the new fw. This could reduce headache with multiband devices.
2118                  * We could also redesign this to cache the firmware for all possible
2119                  * bands all the time. */
2120                 b43_do_release_fw(fw);
2121         }
2122 
2123         switch (ctx->req_type) {
2124         case B43_FWTYPE_PROPRIETARY:
2125                 snprintf(ctx->fwname, sizeof(ctx->fwname),
2126                          "b43%s/%s.fw",
2127                          modparam_fwpostfix, name);
2128                 break;
2129         case B43_FWTYPE_OPENSOURCE:
2130                 snprintf(ctx->fwname, sizeof(ctx->fwname),
2131                          "b43-open%s/%s.fw",
2132                          modparam_fwpostfix, name);
2133                 break;
2134         default:
2135                 B43_WARN_ON(1);
2136                 return -ENOSYS;
2137         }
2138         if (async) {
2139                 /* do this part asynchronously */
2140                 init_completion(&ctx->dev->fw_load_complete);
2141                 err = request_firmware_nowait(THIS_MODULE, 1, ctx->fwname,
2142                                               ctx->dev->dev->dev, GFP_KERNEL,
2143                                               ctx, b43_fw_cb);
2144                 if (err < 0) {
2145                         pr_err("Unable to load firmware\n");
2146                         return err;
2147                 }
2148                 wait_for_completion(&ctx->dev->fw_load_complete);
2149                 if (ctx->blob)
2150                         goto fw_ready;
2151         /* On some ARM systems, the async request will fail, but the next sync
2152          * request works. For this reason, we fall through here
2153          */
2154         }
2155         err = request_firmware(&ctx->blob, ctx->fwname,
2156                                ctx->dev->dev->dev);
2157         if (err == -ENOENT) {
2158                 snprintf(ctx->errors[ctx->req_type],
2159                          sizeof(ctx->errors[ctx->req_type]),
2160                          "Firmware file \"%s\" not found\n",
2161                          ctx->fwname);
2162                 return err;
2163         } else if (err) {
2164                 snprintf(ctx->errors[ctx->req_type],
2165                          sizeof(ctx->errors[ctx->req_type]),
2166                          "Firmware file \"%s\" request failed (err=%d)\n",
2167                          ctx->fwname, err);
2168                 return err;
2169         }
2170 fw_ready:
2171         if (ctx->blob->size < sizeof(struct b43_fw_header))
2172                 goto err_format;
2173         hdr = (struct b43_fw_header *)(ctx->blob->data);
2174         switch (hdr->type) {
2175         case B43_FW_TYPE_UCODE:
2176         case B43_FW_TYPE_PCM:
2177                 size = be32_to_cpu(hdr->size);
2178                 if (size != ctx->blob->size - sizeof(struct b43_fw_header))
2179                         goto err_format;
2180                 /* fallthrough */
2181         case B43_FW_TYPE_IV:
2182                 if (hdr->ver != 1)
2183                         goto err_format;
2184                 break;
2185         default:
2186                 goto err_format;
2187         }
2188 
2189         fw->data = ctx->blob;
2190         fw->filename = name;
2191         fw->type = ctx->req_type;
2192 
2193         return 0;
2194 
2195 err_format:
2196         snprintf(ctx->errors[ctx->req_type],
2197                  sizeof(ctx->errors[ctx->req_type]),
2198                  "Firmware file \"%s\" format error.\n", ctx->fwname);
2199         release_firmware(ctx->blob);
2200 
2201         return -EPROTO;
2202 }
2203 
2204 static int b43_try_request_fw(struct b43_request_fw_context *ctx)
2205 {
2206         struct b43_wldev *dev = ctx->dev;
2207         struct b43_firmware *fw = &ctx->dev->fw;
2208         const u8 rev = ctx->dev->dev->core_rev;
2209         const char *filename;
2210         u32 tmshigh;
2211         int err;
2212 
2213         /* Files for HT and LCN were found by trying one by one */
2214 
2215         /* Get microcode */
2216         if ((rev >= 5) && (rev <= 10)) {
2217                 filename = "ucode5";
2218         } else if ((rev >= 11) && (rev <= 12)) {
2219                 filename = "ucode11";
2220         } else if (rev == 13) {
2221                 filename = "ucode13";
2222         } else if (rev == 14) {
2223                 filename = "ucode14";
2224         } else if (rev == 15) {
2225                 filename = "ucode15";
2226         } else {
2227                 switch (dev->phy.type) {
2228                 case B43_PHYTYPE_N:
2229                         if (rev >= 16)
2230                                 filename = "ucode16_mimo";
2231                         else
2232                                 goto err_no_ucode;
2233                         break;
2234                 case B43_PHYTYPE_HT:
2235                         if (rev == 29)
2236                                 filename = "ucode29_mimo";
2237                         else
2238                                 goto err_no_ucode;
2239                         break;
2240                 case B43_PHYTYPE_LCN:
2241                         if (rev == 24)
2242                                 filename = "ucode24_mimo";
2243                         else
2244                                 goto err_no_ucode;
2245                         break;
2246                 default:
2247                         goto err_no_ucode;
2248                 }
2249         }
2250         err = b43_do_request_fw(ctx, filename, &fw->ucode, true);
2251         if (err)
2252                 goto err_load;
2253 
2254         /* Get PCM code */
2255         if ((rev >= 5) && (rev <= 10))
2256                 filename = "pcm5";
2257         else if (rev >= 11)
2258                 filename = NULL;
2259         else
2260                 goto err_no_pcm;
2261         fw->pcm_request_failed = false;
2262         err = b43_do_request_fw(ctx, filename, &fw->pcm, false);
2263         if (err == -ENOENT) {
2264                 /* We did not find a PCM file? Not fatal, but
2265                  * core rev <= 10 must do without hwcrypto then. */
2266                 fw->pcm_request_failed = true;
2267         } else if (err)
2268                 goto err_load;
2269 
2270         /* Get initvals */
2271         switch (dev->phy.type) {
2272         case B43_PHYTYPE_A:
2273                 if ((rev >= 5) && (rev <= 10)) {
2274                         tmshigh = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
2275                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2276                                 filename = "a0g1initvals5";
2277                         else
2278                                 filename = "a0g0initvals5";
2279                 } else
2280                         goto err_no_initvals;
2281                 break;
2282         case B43_PHYTYPE_G:
2283                 if ((rev >= 5) && (rev <= 10))
2284                         filename = "b0g0initvals5";
2285                 else if (rev >= 13)
2286                         filename = "b0g0initvals13";
2287                 else
2288                         goto err_no_initvals;
2289                 break;
2290         case B43_PHYTYPE_N:
2291                 if (rev >= 16)
2292                         filename = "n0initvals16";
2293                 else if ((rev >= 11) && (rev <= 12))
2294                         filename = "n0initvals11";
2295                 else
2296                         goto err_no_initvals;
2297                 break;
2298         case B43_PHYTYPE_LP:
2299                 if (rev == 13)
2300                         filename = "lp0initvals13";
2301                 else if (rev == 14)
2302                         filename = "lp0initvals14";
2303                 else if (rev >= 15)
2304                         filename = "lp0initvals15";
2305                 else
2306                         goto err_no_initvals;
2307                 break;
2308         case B43_PHYTYPE_HT:
2309                 if (rev == 29)
2310                         filename = "ht0initvals29";
2311                 else
2312                         goto err_no_initvals;
2313                 break;
2314         case B43_PHYTYPE_LCN:
2315                 if (rev == 24)
2316                         filename = "lcn0initvals24";
2317                 else
2318                         goto err_no_initvals;
2319                 break;
2320         default:
2321                 goto err_no_initvals;
2322         }
2323         err = b43_do_request_fw(ctx, filename, &fw->initvals, false);
2324         if (err)
2325                 goto err_load;
2326 
2327         /* Get bandswitch initvals */
2328         switch (dev->phy.type) {
2329         case B43_PHYTYPE_A:
2330                 if ((rev >= 5) && (rev <= 10)) {
2331                         tmshigh = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
2332                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2333                                 filename = "a0g1bsinitvals5";
2334                         else
2335                                 filename = "a0g0bsinitvals5";
2336                 } else if (rev >= 11)
2337                         filename = NULL;
2338                 else
2339                         goto err_no_initvals;
2340                 break;
2341         case B43_PHYTYPE_G:
2342                 if ((rev >= 5) && (rev <= 10))
2343                         filename = "b0g0bsinitvals5";
2344                 else if (rev >= 11)
2345                         filename = NULL;
2346                 else
2347                         goto err_no_initvals;
2348                 break;
2349         case B43_PHYTYPE_N:
2350                 if (rev >= 16)
2351                         filename = "n0bsinitvals16";
2352                 else if ((rev >= 11) && (rev <= 12))
2353                         filename = "n0bsinitvals11";
2354                 else
2355                         goto err_no_initvals;
2356                 break;
2357         case B43_PHYTYPE_LP:
2358                 if (rev == 13)
2359                         filename = "lp0bsinitvals13";
2360                 else if (rev == 14)
2361                         filename = "lp0bsinitvals14";
2362                 else if (rev >= 15)
2363                         filename = "lp0bsinitvals15";
2364                 else
2365                         goto err_no_initvals;
2366                 break;
2367         case B43_PHYTYPE_HT:
2368                 if (rev == 29)
2369                         filename = "ht0bsinitvals29";
2370                 else
2371                         goto err_no_initvals;
2372                 break;
2373         case B43_PHYTYPE_LCN:
2374                 if (rev == 24)
2375                         filename = "lcn0bsinitvals24";
2376                 else
2377                         goto err_no_initvals;
2378                 break;
2379         default:
2380                 goto err_no_initvals;
2381         }
2382         err = b43_do_request_fw(ctx, filename, &fw->initvals_band, false);
2383         if (err)
2384                 goto err_load;
2385 
2386         fw->opensource = (ctx->req_type == B43_FWTYPE_OPENSOURCE);
2387 
2388         return 0;
2389 
2390 err_no_ucode:
2391         err = ctx->fatal_failure = -EOPNOTSUPP;
2392         b43err(dev->wl, "The driver does not know which firmware (ucode) "
2393                "is required for your device (wl-core rev %u)\n", rev);
2394         goto error;
2395 
2396 err_no_pcm:
2397         err = ctx->fatal_failure = -EOPNOTSUPP;
2398         b43err(dev->wl, "The driver does not know which firmware (PCM) "
2399                "is required for your device (wl-core rev %u)\n", rev);
2400         goto error;
2401 
2402 err_no_initvals:
2403         err = ctx->fatal_failure = -EOPNOTSUPP;
2404         b43err(dev->wl, "The driver does not know which firmware (initvals) "
2405                "is required for your device (wl-core rev %u)\n", rev);
2406         goto error;
2407 
2408 err_load:
2409         /* We failed to load this firmware image. The error message
2410          * already is in ctx->errors. Return and let our caller decide
2411          * what to do. */
2412         goto error;
2413 
2414 error:
2415         b43_release_firmware(dev);
2416         return err;
2417 }
2418 
2419 static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl);
2420 static void b43_one_core_detach(struct b43_bus_dev *dev);
2421 static int b43_rng_init(struct b43_wl *wl);
2422 
2423 static void b43_request_firmware(struct work_struct *work)
2424 {
2425         struct b43_wl *wl = container_of(work,
2426                             struct b43_wl, firmware_load);
2427         struct b43_wldev *dev = wl->current_dev;
2428         struct b43_request_fw_context *ctx;
2429         unsigned int i;
2430         int err;
2431         const char *errmsg;
2432 
2433         ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2434         if (!ctx)
2435                 return;
2436         ctx->dev = dev;
2437 
2438         ctx->req_type = B43_FWTYPE_PROPRIETARY;
2439         err = b43_try_request_fw(ctx);
2440         if (!err)
2441                 goto start_ieee80211; /* Successfully loaded it. */
2442         /* Was fw version known? */
2443         if (ctx->fatal_failure)
2444                 goto out;
2445 
2446         /* proprietary fw not found, try open source */
2447         ctx->req_type = B43_FWTYPE_OPENSOURCE;
2448         err = b43_try_request_fw(ctx);
2449         if (!err)
2450                 goto start_ieee80211; /* Successfully loaded it. */
2451         if(ctx->fatal_failure)
2452                 goto out;
2453 
2454         /* Could not find a usable firmware. Print the errors. */
2455         for (i = 0; i < B43_NR_FWTYPES; i++) {
2456                 errmsg = ctx->errors[i];
2457                 if (strlen(errmsg))
2458                         b43err(dev->wl, "%s", errmsg);
2459         }
2460         b43_print_fw_helptext(dev->wl, 1);
2461         goto out;
2462 
2463 start_ieee80211:
2464         wl->hw->queues = B43_QOS_QUEUE_NUM;
2465         if (!modparam_qos || dev->fw.opensource)
2466                 wl->hw->queues = 1;
2467 
2468         err = ieee80211_register_hw(wl->hw);
2469         if (err)
2470                 goto err_one_core_detach;
2471         wl->hw_registred = true;
2472         b43_leds_register(wl->current_dev);
2473 
2474         /* Register HW RNG driver */
2475         b43_rng_init(wl);
2476 
2477         goto out;
2478 
2479 err_one_core_detach:
2480         b43_one_core_detach(dev->dev);
2481 
2482 out:
2483         kfree(ctx);
2484 }
2485 
2486 static int b43_upload_microcode(struct b43_wldev *dev)
2487 {
2488         struct wiphy *wiphy = dev->wl->hw->wiphy;
2489         const size_t hdr_len = sizeof(struct b43_fw_header);
2490         const __be32 *data;
2491         unsigned int i, len;
2492         u16 fwrev, fwpatch, fwdate, fwtime;
2493         u32 tmp, macctl;
2494         int err = 0;
2495 
2496         /* Jump the microcode PSM to offset 0 */
2497         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2498         B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2499         macctl |= B43_MACCTL_PSM_JMP0;
2500         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2501         /* Zero out all microcode PSM registers and shared memory. */
2502         for (i = 0; i < 64; i++)
2503                 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2504         for (i = 0; i < 4096; i += 2)
2505                 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2506 
2507         /* Upload Microcode. */
2508         data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2509         len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2510         b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2511         for (i = 0; i < len; i++) {
2512                 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2513                 udelay(10);
2514         }
2515 
2516         if (dev->fw.pcm.data) {
2517                 /* Upload PCM data. */
2518                 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2519                 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2520                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2521                 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2522                 /* No need for autoinc bit in SHM_HW */
2523                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2524                 for (i = 0; i < len; i++) {
2525                         b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2526                         udelay(10);
2527                 }
2528         }
2529 
2530         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2531 
2532         /* Start the microcode PSM */
2533         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_JMP0,
2534                       B43_MACCTL_PSM_RUN);
2535 
2536         /* Wait for the microcode to load and respond */
2537         i = 0;
2538         while (1) {
2539                 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2540                 if (tmp == B43_IRQ_MAC_SUSPENDED)
2541                         break;
2542                 i++;
2543                 if (i >= 20) {
2544                         b43err(dev->wl, "Microcode not responding\n");
2545                         b43_print_fw_helptext(dev->wl, 1);
2546                         err = -ENODEV;
2547                         goto error;
2548                 }
2549                 msleep(50);
2550         }
2551         b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);       /* dummy read */
2552 
2553         /* Get and check the revisions. */
2554         fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2555         fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2556         fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2557         fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2558 
2559         if (fwrev <= 0x128) {
2560                 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2561                        "binary drivers older than version 4.x is unsupported. "
2562                        "You must upgrade your firmware files.\n");
2563                 b43_print_fw_helptext(dev->wl, 1);
2564                 err = -EOPNOTSUPP;
2565                 goto error;
2566         }
2567         dev->fw.rev = fwrev;
2568         dev->fw.patch = fwpatch;
2569         if (dev->fw.rev >= 598)
2570                 dev->fw.hdr_format = B43_FW_HDR_598;
2571         else if (dev->fw.rev >= 410)
2572                 dev->fw.hdr_format = B43_FW_HDR_410;
2573         else
2574                 dev->fw.hdr_format = B43_FW_HDR_351;
2575         WARN_ON(dev->fw.opensource != (fwdate == 0xFFFF));
2576 
2577         dev->qos_enabled = dev->wl->hw->queues > 1;
2578         /* Default to firmware/hardware crypto acceleration. */
2579         dev->hwcrypto_enabled = true;
2580 
2581         if (dev->fw.opensource) {
2582                 u16 fwcapa;
2583 
2584                 /* Patchlevel info is encoded in the "time" field. */
2585                 dev->fw.patch = fwtime;
2586                 b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2587                         dev->fw.rev, dev->fw.patch);
2588 
2589                 fwcapa = b43_fwcapa_read(dev);
2590                 if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2591                         b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2592                         /* Disable hardware crypto and fall back to software crypto. */
2593                         dev->hwcrypto_enabled = false;
2594                 }
2595                 /* adding QoS support should use an offline discovery mechanism */
2596                 WARN(fwcapa & B43_FWCAPA_QOS, "QoS in OpenFW not supported\n");
2597         } else {
2598                 b43info(dev->wl, "Loading firmware version %u.%u "
2599                         "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2600                         fwrev, fwpatch,
2601                         (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2602                         (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2603                 if (dev->fw.pcm_request_failed) {
2604                         b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2605                                 "Hardware accelerated cryptography is disabled.\n");
2606                         b43_print_fw_helptext(dev->wl, 0);
2607                 }
2608         }
2609 
2610         snprintf(wiphy->fw_version, sizeof(wiphy->fw_version), "%u.%u",
2611                         dev->fw.rev, dev->fw.patch);
2612         wiphy->hw_version = dev->dev->core_id;
2613 
2614         if (dev->fw.hdr_format == B43_FW_HDR_351) {
2615                 /* We're over the deadline, but we keep support for old fw
2616                  * until it turns out to be in major conflict with something new. */
2617                 b43warn(dev->wl, "You are using an old firmware image. "
2618                         "Support for old firmware will be removed soon "
2619                         "(official deadline was July 2008).\n");
2620                 b43_print_fw_helptext(dev->wl, 0);
2621         }
2622 
2623         return 0;
2624 
2625 error:
2626         /* Stop the microcode PSM. */
2627         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
2628                       B43_MACCTL_PSM_JMP0);
2629 
2630         return err;
2631 }
2632 
2633 static int b43_write_initvals(struct b43_wldev *dev,
2634                               const struct b43_iv *ivals,
2635                               size_t count,
2636                               size_t array_size)
2637 {
2638         const struct b43_iv *iv;
2639         u16 offset;
2640         size_t i;
2641         bool bit32;
2642 
2643         BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2644         iv = ivals;
2645         for (i = 0; i < count; i++) {
2646                 if (array_size < sizeof(iv->offset_size))
2647                         goto err_format;
2648                 array_size -= sizeof(iv->offset_size);
2649                 offset = be16_to_cpu(iv->offset_size);
2650                 bit32 = !!(offset & B43_IV_32BIT);
2651                 offset &= B43_IV_OFFSET_MASK;
2652                 if (offset >= 0x1000)
2653                         goto err_format;
2654                 if (bit32) {
2655                         u32 value;
2656 
2657                         if (array_size < sizeof(iv->data.d32))
2658                                 goto err_format;
2659                         array_size -= sizeof(iv->data.d32);
2660 
2661                         value = get_unaligned_be32(&iv->data.d32);
2662                         b43_write32(dev, offset, value);
2663 
2664                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2665                                                         sizeof(__be16) +
2666                                                         sizeof(__be32));
2667                 } else {
2668                         u16 value;
2669 
2670                         if (array_size < sizeof(iv->data.d16))
2671                                 goto err_format;
2672                         array_size -= sizeof(iv->data.d16);
2673 
2674                         value = be16_to_cpu(iv->data.d16);
2675                         b43_write16(dev, offset, value);
2676 
2677                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2678                                                         sizeof(__be16) +
2679                                                         sizeof(__be16));
2680                 }
2681         }
2682         if (array_size)
2683                 goto err_format;
2684 
2685         return 0;
2686 
2687 err_format:
2688         b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2689         b43_print_fw_helptext(dev->wl, 1);
2690 
2691         return -EPROTO;
2692 }
2693 
2694 static int b43_upload_initvals(struct b43_wldev *dev)
2695 {
2696         const size_t hdr_len = sizeof(struct b43_fw_header);
2697         const struct b43_fw_header *hdr;
2698         struct b43_firmware *fw = &dev->fw;
2699         const struct b43_iv *ivals;
2700         size_t count;
2701 
2702         hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2703         ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2704         count = be32_to_cpu(hdr->size);
2705         return b43_write_initvals(dev, ivals, count,
2706                                  fw->initvals.data->size - hdr_len);
2707 }
2708 
2709 static int b43_upload_initvals_band(struct b43_wldev *dev)
2710 {
2711         const size_t hdr_len = sizeof(struct b43_fw_header);
2712         const struct b43_fw_header *hdr;
2713         struct b43_firmware *fw = &dev->fw;
2714         const struct b43_iv *ivals;
2715         size_t count;
2716 
2717         if (!fw->initvals_band.data)
2718                 return 0;
2719 
2720         hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2721         ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2722         count = be32_to_cpu(hdr->size);
2723         return b43_write_initvals(dev, ivals, count,
2724                                   fw->initvals_band.data->size - hdr_len);
2725 }
2726 
2727 /* Initialize the GPIOs
2728  * http://bcm-specs.sipsolutions.net/GPIO
2729  */
2730 
2731 #ifdef CONFIG_B43_SSB
2732 static struct ssb_device *b43_ssb_gpio_dev(struct b43_wldev *dev)
2733 {
2734         struct ssb_bus *bus = dev->dev->sdev->bus;
2735 
2736 #ifdef CONFIG_SSB_DRIVER_PCICORE
2737         return (bus->chipco.dev ? bus->chipco.dev : bus->pcicore.dev);
2738 #else
2739         return bus->chipco.dev;
2740 #endif
2741 }
2742 #endif
2743 
2744 static int b43_gpio_init(struct b43_wldev *dev)
2745 {
2746 #ifdef CONFIG_B43_SSB
2747         struct ssb_device *gpiodev;
2748 #endif
2749         u32 mask, set;
2750 
2751         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_GPOUTSMSK, 0);
2752         b43_maskset16(dev, B43_MMIO_GPIO_MASK, ~0, 0xF);
2753 
2754         mask = 0x0000001F;
2755         set = 0x0000000F;
2756         if (dev->dev->chip_id == 0x4301) {
2757                 mask |= 0x0060;
2758                 set |= 0x0060;
2759         } else if (dev->dev->chip_id == 0x5354) {
2760                 /* Don't allow overtaking buttons GPIOs */
2761                 set &= 0x2; /* 0x2 is LED GPIO on BCM5354 */
2762         }
2763 
2764         if (0 /* FIXME: conditional unknown */ ) {
2765                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2766                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2767                             | 0x0100);
2768                 /* BT Coexistance Input */
2769                 mask |= 0x0080;
2770                 set |= 0x0080;
2771                 /* BT Coexistance Out */
2772                 mask |= 0x0100;
2773                 set |= 0x0100;
2774         }
2775         if (dev->dev->bus_sprom->boardflags_lo & B43_BFL_PACTRL) {
2776                 /* PA is controlled by gpio 9, let ucode handle it */
2777                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2778                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2779                             | 0x0200);
2780                 mask |= 0x0200;
2781                 set |= 0x0200;
2782         }
2783 
2784         switch (dev->dev->bus_type) {
2785 #ifdef CONFIG_B43_BCMA
2786         case B43_BUS_BCMA:
2787                 bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, mask, set);
2788                 break;
2789 #endif
2790 #ifdef CONFIG_B43_SSB
2791         case B43_BUS_SSB:
2792                 gpiodev = b43_ssb_gpio_dev(dev);
2793                 if (gpiodev)
2794                         ssb_write32(gpiodev, B43_GPIO_CONTROL,
2795                                     (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2796                                     & ~mask) | set);
2797                 break;
2798 #endif
2799         }
2800 
2801         return 0;
2802 }
2803 
2804 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2805 static void b43_gpio_cleanup(struct b43_wldev *dev)
2806 {
2807 #ifdef CONFIG_B43_SSB
2808         struct ssb_device *gpiodev;
2809 #endif
2810 
2811         switch (dev->dev->bus_type) {
2812 #ifdef CONFIG_B43_BCMA
2813         case B43_BUS_BCMA:
2814                 bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, ~0, 0);
2815                 break;
2816 #endif
2817 #ifdef CONFIG_B43_SSB
2818         case B43_BUS_SSB:
2819                 gpiodev = b43_ssb_gpio_dev(dev);
2820                 if (gpiodev)
2821                         ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2822                 break;
2823 #endif
2824         }
2825 }
2826 
2827 /* http://bcm-specs.sipsolutions.net/EnableMac */
2828 void b43_mac_enable(struct b43_wldev *dev)
2829 {
2830         if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2831                 u16 fwstate;
2832 
2833                 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2834                                          B43_SHM_SH_UCODESTAT);
2835                 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2836                     (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2837                         b43err(dev->wl, "b43_mac_enable(): The firmware "
2838                                "should be suspended, but current state is %u\n",
2839                                fwstate);
2840                 }
2841         }
2842 
2843         dev->mac_suspended--;
2844         B43_WARN_ON(dev->mac_suspended < 0);
2845         if (dev->mac_suspended == 0) {
2846                 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_ENABLED);
2847                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2848                             B43_IRQ_MAC_SUSPENDED);
2849                 /* Commit writes */
2850                 b43_read32(dev, B43_MMIO_MACCTL);
2851                 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2852                 b43_power_saving_ctl_bits(dev, 0);
2853         }
2854 }
2855 
2856 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2857 void b43_mac_suspend(struct b43_wldev *dev)
2858 {
2859         int i;
2860         u32 tmp;
2861 
2862         might_sleep();
2863         B43_WARN_ON(dev->mac_suspended < 0);
2864 
2865         if (dev->mac_suspended == 0) {
2866                 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2867                 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_ENABLED, 0);
2868                 /* force pci to flush the write */
2869                 b43_read32(dev, B43_MMIO_MACCTL);
2870                 for (i = 35; i; i--) {
2871                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2872                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2873                                 goto out;
2874                         udelay(10);
2875                 }
2876                 /* Hm, it seems this will take some time. Use msleep(). */
2877                 for (i = 40; i; i--) {
2878                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2879                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2880                                 goto out;
2881                         msleep(1);
2882                 }
2883                 b43err(dev->wl, "MAC suspend failed\n");
2884         }
2885 out:
2886         dev->mac_suspended++;
2887 }
2888 
2889 /* http://bcm-v4.sipsolutions.net/802.11/PHY/N/MacPhyClkSet */
2890 void b43_mac_phy_clock_set(struct b43_wldev *dev, bool on)
2891 {
2892         u32 tmp;
2893 
2894         switch (dev->dev->bus_type) {
2895 #ifdef CONFIG_B43_BCMA
2896         case B43_BUS_BCMA:
2897                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
2898                 if (on)
2899                         tmp |= B43_BCMA_IOCTL_MACPHYCLKEN;
2900                 else
2901                         tmp &= ~B43_BCMA_IOCTL_MACPHYCLKEN;
2902                 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
2903                 break;
2904 #endif
2905 #ifdef CONFIG_B43_SSB
2906         case B43_BUS_SSB:
2907                 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
2908                 if (on)
2909                         tmp |= B43_TMSLOW_MACPHYCLKEN;
2910                 else
2911                         tmp &= ~B43_TMSLOW_MACPHYCLKEN;
2912                 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
2913                 break;
2914 #endif
2915         }
2916 }
2917 
2918 static void b43_adjust_opmode(struct b43_wldev *dev)
2919 {
2920         struct b43_wl *wl = dev->wl;
2921         u32 ctl;
2922         u16 cfp_pretbtt;
2923 
2924         ctl = b43_read32(dev, B43_MMIO_MACCTL);
2925         /* Reset status to STA infrastructure mode. */
2926         ctl &= ~B43_MACCTL_AP;
2927         ctl &= ~B43_MACCTL_KEEP_CTL;
2928         ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2929         ctl &= ~B43_MACCTL_KEEP_BAD;
2930         ctl &= ~B43_MACCTL_PROMISC;
2931         ctl &= ~B43_MACCTL_BEACPROMISC;
2932         ctl |= B43_MACCTL_INFRA;
2933 
2934         if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
2935             b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
2936                 ctl |= B43_MACCTL_AP;
2937         else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
2938                 ctl &= ~B43_MACCTL_INFRA;
2939 
2940         if (wl->filter_flags & FIF_CONTROL)
2941                 ctl |= B43_MACCTL_KEEP_CTL;
2942         if (wl->filter_flags & FIF_FCSFAIL)
2943                 ctl |= B43_MACCTL_KEEP_BAD;
2944         if (wl->filter_flags & FIF_PLCPFAIL)
2945                 ctl |= B43_MACCTL_KEEP_BADPLCP;
2946         if (wl->filter_flags & FIF_PROMISC_IN_BSS)
2947                 ctl |= B43_MACCTL_PROMISC;
2948         if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2949                 ctl |= B43_MACCTL_BEACPROMISC;
2950 
2951         /* Workaround: On old hardware the HW-MAC-address-filter
2952          * doesn't work properly, so always run promisc in filter
2953          * it in software. */
2954         if (dev->dev->core_rev <= 4)
2955                 ctl |= B43_MACCTL_PROMISC;
2956 
2957         b43_write32(dev, B43_MMIO_MACCTL, ctl);
2958 
2959         cfp_pretbtt = 2;
2960         if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2961                 if (dev->dev->chip_id == 0x4306 &&
2962                     dev->dev->chip_rev == 3)
2963                         cfp_pretbtt = 100;
2964                 else
2965                         cfp_pretbtt = 50;
2966         }
2967         b43_write16(dev, 0x612, cfp_pretbtt);
2968 
2969         /* FIXME: We don't currently implement the PMQ mechanism,
2970          *        so always disable it. If we want to implement PMQ,
2971          *        we need to enable it here (clear DISCPMQ) in AP mode.
2972          */
2973         if (0  /* ctl & B43_MACCTL_AP */)
2974                 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_DISCPMQ, 0);
2975         else
2976                 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_DISCPMQ);
2977 }
2978 
2979 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
2980 {
2981         u16 offset;
2982 
2983         if (is_ofdm) {
2984                 offset = 0x480;
2985                 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
2986         } else {
2987                 offset = 0x4C0;
2988                 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
2989         }
2990         b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
2991                         b43_shm_read16(dev, B43_SHM_SHARED, offset));
2992 }
2993 
2994 static void b43_rate_memory_init(struct b43_wldev *dev)
2995 {
2996         switch (dev->phy.type) {
2997         case B43_PHYTYPE_A:
2998         case B43_PHYTYPE_G:
2999         case B43_PHYTYPE_N:
3000         case B43_PHYTYPE_LP:
3001         case B43_PHYTYPE_HT:
3002         case B43_PHYTYPE_LCN:
3003                 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
3004                 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
3005                 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
3006                 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
3007                 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
3008                 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
3009                 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
3010                 if (dev->phy.type == B43_PHYTYPE_A)
3011                         break;
3012                 /* fallthrough */
3013         case B43_PHYTYPE_B:
3014                 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
3015                 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
3016                 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
3017                 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
3018                 break;
3019         default:
3020                 B43_WARN_ON(1);
3021         }
3022 }
3023 
3024 /* Set the default values for the PHY TX Control Words. */
3025 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
3026 {
3027         u16 ctl = 0;
3028 
3029         ctl |= B43_TXH_PHY_ENC_CCK;
3030         ctl |= B43_TXH_PHY_ANT01AUTO;
3031         ctl |= B43_TXH_PHY_TXPWR;
3032 
3033         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
3034         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
3035         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
3036 }
3037 
3038 /* Set the TX-Antenna for management frames sent by firmware. */
3039 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
3040 {
3041         u16 ant;
3042         u16 tmp;
3043 
3044         ant = b43_antenna_to_phyctl(antenna);
3045 
3046         /* For ACK/CTS */
3047         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
3048         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3049         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
3050         /* For Probe Resposes */
3051         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
3052         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3053         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
3054 }
3055 
3056 /* This is the opposite of b43_chip_init() */
3057 static void b43_chip_exit(struct b43_wldev *dev)
3058 {
3059         b43_phy_exit(dev);
3060         b43_gpio_cleanup(dev);
3061         /* firmware is released later */
3062 }
3063 
3064 /* Initialize the chip
3065  * http://bcm-specs.sipsolutions.net/ChipInit
3066  */
3067 static int b43_chip_init(struct b43_wldev *dev)
3068 {
3069         struct b43_phy *phy = &dev->phy;
3070         int err;
3071         u32 macctl;
3072         u16 value16;
3073 
3074         /* Initialize the MAC control */
3075         macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
3076         if (dev->phy.gmode)
3077                 macctl |= B43_MACCTL_GMODE;
3078         macctl |= B43_MACCTL_INFRA;
3079         b43_write32(dev, B43_MMIO_MACCTL, macctl);
3080 
3081         err = b43_upload_microcode(dev);
3082         if (err)
3083                 goto out;       /* firmware is released later */
3084 
3085         err = b43_gpio_init(dev);
3086         if (err)
3087                 goto out;       /* firmware is released later */
3088 
3089         err = b43_upload_initvals(dev);
3090         if (err)
3091                 goto err_gpio_clean;
3092 
3093         err = b43_upload_initvals_band(dev);
3094         if (err)
3095                 goto err_gpio_clean;
3096 
3097         /* Turn the Analog on and initialize the PHY. */
3098         phy->ops->switch_analog(dev, 1);
3099         err = b43_phy_init(dev);
3100         if (err)
3101                 goto err_gpio_clean;
3102 
3103         /* Disable Interference Mitigation. */
3104         if (phy->ops->interf_mitigation)
3105                 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
3106 
3107         /* Select the antennae */
3108         if (phy->ops->set_rx_antenna)
3109                 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
3110         b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
3111 
3112         if (phy->type == B43_PHYTYPE_B) {
3113                 value16 = b43_read16(dev, 0x005E);
3114                 value16 |= 0x0004;
3115                 b43_write16(dev, 0x005E, value16);
3116         }
3117         b43_write32(dev, 0x0100, 0x01000000);
3118         if (dev->dev->core_rev < 5)
3119                 b43_write32(dev, 0x010C, 0x01000000);
3120 
3121         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_INFRA, 0);
3122         b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_INFRA);
3123 
3124         /* Probe Response Timeout value */
3125         /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
3126         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 0);
3127 
3128         /* Initially set the wireless operation mode. */
3129         b43_adjust_opmode(dev);
3130 
3131         if (dev->dev->core_rev < 3) {
3132                 b43_write16(dev, 0x060E, 0x0000);
3133                 b43_write16(dev, 0x0610, 0x8000);
3134                 b43_write16(dev, 0x0604, 0x0000);
3135                 b43_write16(dev, 0x0606, 0x0200);
3136         } else {
3137                 b43_write32(dev, 0x0188, 0x80000000);
3138                 b43_write32(dev, 0x018C, 0x02000000);
3139         }
3140         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
3141         b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001FC00);
3142         b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
3143         b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
3144         b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
3145         b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
3146         b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
3147 
3148         b43_mac_phy_clock_set(dev, true);
3149 
3150         switch (dev->dev->bus_type) {
3151 #ifdef CONFIG_B43_BCMA
3152         case B43_BUS_BCMA:
3153                 /* FIXME: 0xE74 is quite common, but should be read from CC */
3154                 b43_write16(dev, B43_MMIO_POWERUP_DELAY, 0xE74);
3155                 break;
3156 #endif
3157 #ifdef CONFIG_B43_SSB
3158         case B43_BUS_SSB:
3159                 b43_write16(dev, B43_MMIO_POWERUP_DELAY,
3160                             dev->dev->sdev->bus->chipco.fast_pwrup_delay);
3161                 break;
3162 #endif
3163         }
3164 
3165         err = 0;
3166         b43dbg(dev->wl, "Chip initialized\n");
3167 out:
3168         return err;
3169 
3170 err_gpio_clean:
3171         b43_gpio_cleanup(dev);
3172         return err;
3173 }
3174 
3175 static void b43_periodic_every60sec(struct b43_wldev *dev)
3176 {
3177         const struct b43_phy_operations *ops = dev->phy.ops;
3178 
3179         if (ops->pwork_60sec)
3180                 ops->pwork_60sec(dev);
3181 
3182         /* Force check the TX power emission now. */
3183         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
3184 }
3185 
3186 static void b43_periodic_every30sec(struct b43_wldev *dev)
3187 {
3188         /* Update device statistics. */
3189         b43_calculate_link_quality(dev);
3190 }
3191 
3192 static void b43_periodic_every15sec(struct b43_wldev *dev)
3193 {
3194         struct b43_phy *phy = &dev->phy;
3195         u16 wdr;
3196 
3197         if (dev->fw.opensource) {
3198                 /* Check if the firmware is still alive.
3199                  * It will reset the watchdog counter to 0 in its idle loop. */
3200                 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
3201                 if (unlikely(wdr)) {
3202                         b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
3203                         b43_controller_restart(dev, "Firmware watchdog");
3204                         return;
3205                 } else {
3206                         b43_shm_write16(dev, B43_SHM_SCRATCH,
3207                                         B43_WATCHDOG_REG, 1);
3208                 }
3209         }
3210 
3211         if (phy->ops->pwork_15sec)
3212                 phy->ops->pwork_15sec(dev);
3213 
3214         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3215         wmb();
3216 
3217 #if B43_DEBUG
3218         if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
3219                 unsigned int i;
3220 
3221                 b43dbg(dev->wl, "Stats: %7u IRQs/sec, %7u TX/sec, %7u RX/sec\n",
3222                        dev->irq_count / 15,
3223                        dev->tx_count / 15,
3224                        dev->rx_count / 15);
3225                 dev->irq_count = 0;
3226                 dev->tx_count = 0;
3227                 dev->rx_count = 0;
3228                 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
3229                         if (dev->irq_bit_count[i]) {
3230                                 b43dbg(dev->wl, "Stats: %7u IRQ-%02u/sec (0x%08X)\n",
3231                                        dev->irq_bit_count[i] / 15, i, (1 << i));
3232                                 dev->irq_bit_count[i] = 0;
3233                         }
3234                 }
3235         }
3236 #endif
3237 }
3238 
3239 static void do_periodic_work(struct b43_wldev *dev)
3240 {
3241         unsigned int state;
3242 
3243         state = dev->periodic_state;
3244         if (state % 4 == 0)
3245                 b43_periodic_every60sec(dev);
3246         if (state % 2 == 0)
3247                 b43_periodic_every30sec(dev);
3248         b43_periodic_every15sec(dev);
3249 }
3250 
3251 /* Periodic work locking policy:
3252  *      The whole periodic work handler is protected by
3253  *      wl->mutex. If another lock is needed somewhere in the
3254  *      pwork callchain, it's acquired in-place, where it's needed.
3255  */
3256 static void b43_periodic_work_handler(struct work_struct *work)
3257 {
3258         struct b43_wldev *dev = container_of(work, struct b43_wldev,
3259                                              periodic_work.work);
3260         struct b43_wl *wl = dev->wl;
3261         unsigned long delay;
3262 
3263         mutex_lock(&wl->mutex);
3264 
3265         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
3266                 goto out;
3267         if (b43_debug(dev, B43_DBG_PWORK_STOP))
3268                 goto out_requeue;
3269 
3270         do_periodic_work(dev);
3271 
3272         dev->periodic_state++;
3273 out_requeue:
3274         if (b43_debug(dev, B43_DBG_PWORK_FAST))
3275                 delay = msecs_to_jiffies(50);
3276         else
3277                 delay = round_jiffies_relative(HZ * 15);
3278         ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
3279 out:
3280         mutex_unlock(&wl->mutex);
3281 }
3282 
3283 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
3284 {
3285         struct delayed_work *work = &dev->periodic_work;
3286 
3287         dev->periodic_state = 0;
3288         INIT_DELAYED_WORK(work, b43_periodic_work_handler);
3289         ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
3290 }
3291 
3292 /* Check if communication with the device works correctly. */
3293 static int b43_validate_chipaccess(struct b43_wldev *dev)
3294 {
3295         u32 v, backup0, backup4;
3296 
3297         backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
3298         backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
3299 
3300         /* Check for read/write and endianness problems. */
3301         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
3302         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
3303                 goto error;
3304         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
3305         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
3306                 goto error;
3307 
3308         /* Check if unaligned 32bit SHM_SHARED access works properly.
3309          * However, don't bail out on failure, because it's noncritical. */
3310         b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
3311         b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
3312         b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
3313         b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
3314         if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
3315                 b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
3316         b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
3317         if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
3318             b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
3319             b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
3320             b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
3321                 b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
3322 
3323         b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
3324         b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
3325 
3326         if ((dev->dev->core_rev >= 3) && (dev->dev->core_rev <= 10)) {
3327                 /* The 32bit register shadows the two 16bit registers
3328                  * with update sideeffects. Validate this. */
3329                 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
3330                 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
3331                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
3332                         goto error;
3333                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
3334                         goto error;
3335         }
3336         b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
3337 
3338         v = b43_read32(dev, B43_MMIO_MACCTL);
3339         v |= B43_MACCTL_GMODE;
3340         if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
3341                 goto error;
3342 
3343         return 0;
3344 error:
3345         b43err(dev->wl, "Failed to validate the chipaccess\n");
3346         return -ENODEV;
3347 }
3348 
3349 static void b43_security_init(struct b43_wldev *dev)
3350 {
3351         dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
3352         /* KTP is a word address, but we address SHM bytewise.
3353          * So multiply by two.
3354          */
3355         dev->ktp *= 2;
3356         /* Number of RCMTA address slots */
3357         b43_write16(dev, B43_MMIO_RCMTA_COUNT, B43_NR_PAIRWISE_KEYS);
3358         /* Clear the key memory. */
3359         b43_clear_keys(dev);
3360 }
3361 
3362 #ifdef CONFIG_B43_HWRNG
3363 static int b43_rng_read(struct hwrng *rng, u32 *data)
3364 {
3365         struct b43_wl *wl = (struct b43_wl *)rng->priv;
3366         struct b43_wldev *dev;
3367         int count = -ENODEV;
3368 
3369         mutex_lock(&wl->mutex);
3370         dev = wl->current_dev;
3371         if (likely(dev && b43_status(dev) >= B43_STAT_INITIALIZED)) {
3372                 *data = b43_read16(dev, B43_MMIO_RNG);
3373                 count = sizeof(u16);
3374         }
3375         mutex_unlock(&wl->mutex);
3376 
3377         return count;
3378 }
3379 #endif /* CONFIG_B43_HWRNG */
3380 
3381 static void b43_rng_exit(struct b43_wl *wl)
3382 {
3383 #ifdef CONFIG_B43_HWRNG
3384         if (wl->rng_initialized)
3385                 hwrng_unregister(&wl->rng);
3386 #endif /* CONFIG_B43_HWRNG */
3387 }
3388 
3389 static int b43_rng_init(struct b43_wl *wl)
3390 {
3391         int err = 0;
3392 
3393 #ifdef CONFIG_B43_HWRNG
3394         snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3395                  "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3396         wl->rng.name = wl->rng_name;
3397         wl->rng.data_read = b43_rng_read;
3398         wl->rng.priv = (unsigned long)wl;
3399         wl->rng_initialized = true;
3400         err = hwrng_register(&wl->rng);
3401         if (err) {
3402                 wl->rng_initialized = false;
3403                 b43err(wl, "Failed to register the random "
3404                        "number generator (%d)\n", err);
3405         }
3406 #endif /* CONFIG_B43_HWRNG */
3407 
3408         return err;
3409 }
3410 
3411 static void b43_tx_work(struct work_struct *work)
3412 {
3413         struct b43_wl *wl = container_of(work, struct b43_wl, tx_work);
3414         struct b43_wldev *dev;
3415         struct sk_buff *skb;
3416         int queue_num;
3417         int err = 0;
3418 
3419         mutex_lock(&wl->mutex);
3420         dev = wl->current_dev;
3421         if (unlikely(!dev || b43_status(dev) < B43_STAT_STARTED)) {
3422                 mutex_unlock(&wl->mutex);
3423                 return;
3424         }
3425 
3426         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
3427                 while (skb_queue_len(&wl->tx_queue[queue_num])) {
3428                         skb = skb_dequeue(&wl->tx_queue[queue_num]);
3429                         if (b43_using_pio_transfers(dev))
3430                                 err = b43_pio_tx(dev, skb);
3431                         else
3432                                 err = b43_dma_tx(dev, skb);
3433                         if (err == -ENOSPC) {
3434                                 wl->tx_queue_stopped[queue_num] = 1;
3435                                 ieee80211_stop_queue(wl->hw, queue_num);
3436                                 skb_queue_head(&wl->tx_queue[queue_num], skb);
3437                                 break;
3438                         }
3439                         if (unlikely(err))
3440                                 ieee80211_free_txskb(wl->hw, skb);
3441                         err = 0;
3442                 }
3443 
3444                 if (!err)
3445                         wl->tx_queue_stopped[queue_num] = 0;
3446         }
3447 
3448 #if B43_DEBUG
3449         dev->tx_count++;
3450 #endif
3451         mutex_unlock(&wl->mutex);
3452 }
3453 
3454 static void b43_op_tx(struct ieee80211_hw *hw,
3455                       struct ieee80211_tx_control *control,
3456                       struct sk_buff *skb)
3457 {
3458         struct b43_wl *wl = hw_to_b43_wl(hw);
3459 
3460         if (unlikely(skb->len < 2 + 2 + 6)) {
3461                 /* Too short, this can't be a valid frame. */
3462                 ieee80211_free_txskb(hw, skb);
3463                 return;
3464         }
3465         B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3466 
3467         skb_queue_tail(&wl->tx_queue[skb->queue_mapping], skb);
3468         if (!wl->tx_queue_stopped[skb->queue_mapping]) {
3469                 ieee80211_queue_work(wl->hw, &wl->tx_work);
3470         } else {
3471                 ieee80211_stop_queue(wl->hw, skb->queue_mapping);
3472         }
3473 }
3474 
3475 static void b43_qos_params_upload(struct b43_wldev *dev,
3476                                   const struct ieee80211_tx_queue_params *p,
3477                                   u16 shm_offset)
3478 {
3479         u16 params[B43_NR_QOSPARAMS];
3480         int bslots, tmp;
3481         unsigned int i;
3482 
3483         if (!dev->qos_enabled)
3484                 return;
3485 
3486         bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3487 
3488         memset(&params, 0, sizeof(params));
3489 
3490         params[B43_QOSPARAM_TXOP] = p->txop * 32;
3491         params[B43_QOSPARAM_CWMIN] = p->cw_min;
3492         params[B43_QOSPARAM_CWMAX] = p->cw_max;
3493         params[B43_QOSPARAM_CWCUR] = p->cw_min;
3494         params[B43_QOSPARAM_AIFS] = p->aifs;
3495         params[B43_QOSPARAM_BSLOTS] = bslots;
3496         params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3497 
3498         for (i = 0; i < ARRAY_SIZE(params); i++) {
3499                 if (i == B43_QOSPARAM_STATUS) {
3500                         tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3501                                              shm_offset + (i * 2));
3502                         /* Mark the parameters as updated. */
3503                         tmp |= 0x100;
3504                         b43_shm_write16(dev, B43_SHM_SHARED,
3505                                         shm_offset + (i * 2),
3506                                         tmp);
3507                 } else {
3508                         b43_shm_write16(dev, B43_SHM_SHARED,
3509                                         shm_offset + (i * 2),
3510                                         params[i]);
3511                 }
3512         }
3513 }
3514 
3515 /* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3516 static const u16 b43_qos_shm_offsets[] = {
3517         /* [mac80211-queue-nr] = SHM_OFFSET, */
3518         [0] = B43_QOS_VOICE,
3519         [1] = B43_QOS_VIDEO,
3520         [2] = B43_QOS_BESTEFFORT,
3521         [3] = B43_QOS_BACKGROUND,
3522 };
3523 
3524 /* Update all QOS parameters in hardware. */
3525 static void b43_qos_upload_all(struct b43_wldev *dev)
3526 {
3527         struct b43_wl *wl = dev->wl;
3528         struct b43_qos_params *params;
3529         unsigned int i;
3530 
3531         if (!dev->qos_enabled)
3532                 return;
3533 
3534         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3535                      ARRAY_SIZE(wl->qos_params));
3536 
3537         b43_mac_suspend(dev);
3538         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3539                 params = &(wl->qos_params[i]);
3540                 b43_qos_params_upload(dev, &(params->p),
3541                                       b43_qos_shm_offsets[i]);
3542         }
3543         b43_mac_enable(dev);
3544 }
3545 
3546 static void b43_qos_clear(struct b43_wl *wl)
3547 {
3548         struct b43_qos_params *params;
3549         unsigned int i;
3550 
3551         /* Initialize QoS parameters to sane defaults. */
3552 
3553         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3554                      ARRAY_SIZE(wl->qos_params));
3555 
3556         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3557                 params = &(wl->qos_params[i]);
3558 
3559                 switch (b43_qos_shm_offsets[i]) {
3560                 case B43_QOS_VOICE:
3561                         params->p.txop = 0;
3562                         params->p.aifs = 2;
3563                         params->p.cw_min = 0x0001;
3564                         params->p.cw_max = 0x0001;
3565                         break;
3566                 case B43_QOS_VIDEO:
3567                         params->p.txop = 0;
3568                         params->p.aifs = 2;
3569                         params->p.cw_min = 0x0001;
3570                         params->p.cw_max = 0x0001;
3571                         break;
3572                 case B43_QOS_BESTEFFORT:
3573                         params->p.txop = 0;
3574                         params->p.aifs = 3;
3575                         params->p.cw_min = 0x0001;
3576                         params->p.cw_max = 0x03FF;
3577                         break;
3578                 case B43_QOS_BACKGROUND:
3579                         params->p.txop = 0;
3580                         params->p.aifs = 7;
3581                         params->p.cw_min = 0x0001;
3582                         params->p.cw_max = 0x03FF;
3583                         break;
3584                 default:
3585                         B43_WARN_ON(1);
3586                 }
3587         }
3588 }
3589 
3590 /* Initialize the core's QOS capabilities */
3591 static void b43_qos_init(struct b43_wldev *dev)
3592 {
3593         if (!dev->qos_enabled) {
3594                 /* Disable QOS support. */
3595                 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_EDCF);
3596                 b43_write16(dev, B43_MMIO_IFSCTL,
3597                             b43_read16(dev, B43_MMIO_IFSCTL)
3598                             & ~B43_MMIO_IFSCTL_USE_EDCF);
3599                 b43dbg(dev->wl, "QoS disabled\n");
3600                 return;
3601         }
3602 
3603         /* Upload the current QOS parameters. */
3604         b43_qos_upload_all(dev);
3605 
3606         /* Enable QOS support. */
3607         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3608         b43_write16(dev, B43_MMIO_IFSCTL,
3609                     b43_read16(dev, B43_MMIO_IFSCTL)
3610                     | B43_MMIO_IFSCTL_USE_EDCF);
3611         b43dbg(dev->wl, "QoS enabled\n");
3612 }
3613 
3614 static int b43_op_conf_tx(struct ieee80211_hw *hw,
3615                           struct ieee80211_vif *vif, u16 _queue,
3616                           const struct ieee80211_tx_queue_params *params)
3617 {
3618         struct b43_wl *wl = hw_to_b43_wl(hw);
3619         struct b43_wldev *dev;
3620         unsigned int queue = (unsigned int)_queue;
3621         int err = -ENODEV;
3622 
3623         if (queue >= ARRAY_SIZE(wl->qos_params)) {
3624                 /* Queue not available or don't support setting
3625                  * params on this queue. Return success to not
3626                  * confuse mac80211. */
3627                 return 0;
3628         }
3629         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3630                      ARRAY_SIZE(wl->qos_params));
3631 
3632         mutex_lock(&wl->mutex);
3633         dev = wl->current_dev;
3634         if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3635                 goto out_unlock;
3636 
3637         memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3638         b43_mac_suspend(dev);
3639         b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3640                               b43_qos_shm_offsets[queue]);
3641         b43_mac_enable(dev);
3642         err = 0;
3643 
3644 out_unlock:
3645         mutex_unlock(&wl->mutex);
3646 
3647         return err;
3648 }
3649 
3650 static int b43_op_get_stats(struct ieee80211_hw *hw,
3651                             struct ieee80211_low_level_stats *stats)
3652 {
3653         struct b43_wl *wl = hw_to_b43_wl(hw);
3654 
3655         mutex_lock(&wl->mutex);
3656         memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3657         mutex_unlock(&wl->mutex);
3658 
3659         return 0;
3660 }
3661 
3662 static u64 b43_op_get_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
3663 {
3664         struct b43_wl *wl = hw_to_b43_wl(hw);
3665         struct b43_wldev *dev;
3666         u64 tsf;
3667 
3668         mutex_lock(&wl->mutex);
3669         dev = wl->current_dev;
3670 
3671         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3672                 b43_tsf_read(dev, &tsf);
3673         else
3674                 tsf = 0;
3675 
3676         mutex_unlock(&wl->mutex);
3677 
3678         return tsf;
3679 }
3680 
3681 static void b43_op_set_tsf(struct ieee80211_hw *hw,
3682                            struct ieee80211_vif *vif, u64 tsf)
3683 {
3684         struct b43_wl *wl = hw_to_b43_wl(hw);
3685         struct b43_wldev *dev;
3686 
3687         mutex_lock(&wl->mutex);
3688         dev = wl->current_dev;
3689 
3690         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3691                 b43_tsf_write(dev, tsf);
3692 
3693         mutex_unlock(&wl->mutex);
3694 }
3695 
3696 static const char *band_to_string(enum ieee80211_band band)
3697 {
3698         switch (band) {
3699         case IEEE80211_BAND_5GHZ:
3700                 return "5";
3701         case IEEE80211_BAND_2GHZ:
3702                 return "2.4";
3703         default:
3704                 break;
3705         }
3706         B43_WARN_ON(1);
3707         return "";
3708 }
3709 
3710 /* Expects wl->mutex locked */
3711 static int b43_switch_band(struct b43_wldev *dev,
3712                            struct ieee80211_channel *chan)
3713 {
3714         struct b43_phy *phy = &dev->phy;
3715         bool gmode;
3716         u32 tmp;
3717 
3718         switch (chan->band) {
3719         case IEEE80211_BAND_5GHZ:
3720                 gmode = false;
3721                 break;
3722         case IEEE80211_BAND_2GHZ:
3723                 gmode = true;
3724                 break;
3725         default:
3726                 B43_WARN_ON(1);
3727                 return -EINVAL;
3728         }
3729 
3730         if (!((gmode && phy->supports_2ghz) ||
3731               (!gmode && phy->supports_5ghz))) {
3732                 b43err(dev->wl, "This device doesn't support %s-GHz band\n",
3733                        band_to_string(chan->band));
3734                 return -ENODEV;
3735         }
3736 
3737         if (!!phy->gmode == !!gmode) {
3738                 /* This device is already running. */
3739                 return 0;
3740         }
3741 
3742         b43dbg(dev->wl, "Switching to %s GHz band\n",
3743                band_to_string(chan->band));
3744 
3745         /* Some new devices don't need disabling radio for band switching */
3746         if (!(phy->type == B43_PHYTYPE_N && phy->rev >= 3))
3747                 b43_software_rfkill(dev, true);
3748 
3749         phy->gmode = gmode;
3750         b43_phy_put_into_reset(dev);
3751         switch (dev->dev->bus_type) {
3752 #ifdef CONFIG_B43_BCMA
3753         case B43_BUS_BCMA:
3754                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
3755                 if (gmode)
3756                         tmp |= B43_BCMA_IOCTL_GMODE;
3757                 else
3758                         tmp &= ~B43_BCMA_IOCTL_GMODE;
3759                 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
3760                 break;
3761 #endif
3762 #ifdef CONFIG_B43_SSB
3763         case B43_BUS_SSB:
3764                 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3765                 if (gmode)
3766                         tmp |= B43_TMSLOW_GMODE;
3767                 else
3768                         tmp &= ~B43_TMSLOW_GMODE;
3769                 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3770                 break;
3771 #endif
3772         }
3773         b43_phy_take_out_of_reset(dev);
3774 
3775         b43_upload_initvals_band(dev);
3776 
3777         b43_phy_init(dev);
3778 
3779         return 0;
3780 }
3781 
3782 /* Write the short and long frame retry limit values. */
3783 static void b43_set_retry_limits(struct b43_wldev *dev,
3784                                  unsigned int short_retry,
3785                                  unsigned int long_retry)
3786 {
3787         /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3788          * the chip-internal counter. */
3789         short_retry = min(short_retry, (unsigned int)0xF);
3790         long_retry = min(long_retry, (unsigned int)0xF);
3791 
3792         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3793                         short_retry);
3794         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3795                         long_retry);
3796 }
3797 
3798 static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3799 {
3800         struct b43_wl *wl = hw_to_b43_wl(hw);
3801         struct b43_wldev *dev;
3802         struct b43_phy *phy;
3803         struct ieee80211_conf *conf = &hw->conf;
3804         int antenna;
3805         int err = 0;
3806         bool reload_bss = false;
3807 
3808         mutex_lock(&wl->mutex);
3809 
3810         dev = wl->current_dev;
3811 
3812         b43_mac_suspend(dev);
3813 
3814         /* Switch the band (if necessary). This might change the active core. */
3815         err = b43_switch_band(dev, conf->chandef.chan);
3816         if (err)
3817                 goto out_unlock_mutex;
3818 
3819         /* Need to reload all settings if the core changed */
3820         if (dev != wl->current_dev) {
3821                 dev = wl->current_dev;
3822                 changed = ~0;
3823                 reload_bss = true;
3824         }
3825 
3826         phy = &dev->phy;
3827 
3828         if (conf_is_ht(conf))
3829                 phy->is_40mhz =
3830                         (conf_is_ht40_minus(conf) || conf_is_ht40_plus(conf));
3831         else
3832                 phy->is_40mhz = false;
3833 
3834         if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
3835                 b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
3836                                           conf->long_frame_max_tx_count);
3837         changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
3838         if (!changed)
3839                 goto out_mac_enable;
3840 
3841         /* Switch to the requested channel.
3842          * The firmware takes care of races with the TX handler. */
3843         if (conf->chandef.chan->hw_value != phy->channel)
3844                 b43_switch_channel(dev, conf->chandef.chan->hw_value);
3845 
3846         dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_MONITOR);
3847 
3848         /* Adjust the desired TX power level. */
3849         if (conf->power_level != 0) {
3850                 if (conf->power_level != phy->desired_txpower) {
3851                         phy->desired_txpower = conf->power_level;
3852                         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
3853                                                    B43_TXPWR_IGNORE_TSSI);
3854                 }
3855         }
3856 
3857         /* Antennas for RX and management frame TX. */
3858         antenna = B43_ANTENNA_DEFAULT;
3859         b43_mgmtframe_txantenna(dev, antenna);
3860         antenna = B43_ANTENNA_DEFAULT;
3861         if (phy->ops->set_rx_antenna)
3862                 phy->ops->set_rx_antenna(dev, antenna);
3863 
3864         if (wl->radio_enabled != phy->radio_on) {
3865                 if (wl->radio_enabled) {
3866                         b43_software_rfkill(dev, false);
3867                         b43info(dev->wl, "Radio turned on by software\n");
3868                         if (!dev->radio_hw_enable) {
3869                                 b43info(dev->wl, "The hardware RF-kill button "
3870                                         "still turns the radio physically off. "
3871                                         "Press the button to turn it on.\n");
3872                         }
3873                 } else {
3874                         b43_software_rfkill(dev, true);
3875                         b43info(dev->wl, "Radio turned off by software\n");
3876                 }
3877         }
3878 
3879 out_mac_enable:
3880         b43_mac_enable(dev);
3881 out_unlock_mutex:
3882         mutex_unlock(&wl->mutex);
3883 
3884         if (wl->vif && reload_bss)
3885                 b43_op_bss_info_changed(hw, wl->vif, &wl->vif->bss_conf, ~0);
3886 
3887         return err;
3888 }
3889 
3890 static void b43_update_basic_rates(struct b43_wldev *dev, u32 brates)
3891 {
3892         struct ieee80211_supported_band *sband =
3893                 dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
3894         struct ieee80211_rate *rate;
3895         int i;
3896         u16 basic, direct, offset, basic_offset, rateptr;
3897 
3898         for (i = 0; i < sband->n_bitrates; i++) {
3899                 rate = &sband->bitrates[i];
3900 
3901                 if (b43_is_cck_rate(rate->hw_value)) {
3902                         direct = B43_SHM_SH_CCKDIRECT;
3903                         basic = B43_SHM_SH_CCKBASIC;
3904                         offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3905                         offset &= 0xF;
3906                 } else {
3907                         direct = B43_SHM_SH_OFDMDIRECT;
3908                         basic = B43_SHM_SH_OFDMBASIC;
3909                         offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3910                         offset &= 0xF;
3911                 }
3912 
3913                 rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
3914 
3915                 if (b43_is_cck_rate(rate->hw_value)) {
3916                         basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3917                         basic_offset &= 0xF;
3918                 } else {
3919                         basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3920                         basic_offset &= 0xF;
3921                 }
3922 
3923                 /*
3924                  * Get the pointer that we need to point to
3925                  * from the direct map
3926                  */
3927                 rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
3928                                          direct + 2 * basic_offset);
3929                 /* and write it to the basic map */
3930                 b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
3931                                 rateptr);
3932         }
3933 }
3934 
3935 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
3936                                     struct ieee80211_vif *vif,
3937                                     struct ieee80211_bss_conf *conf,
3938                                     u32 changed)
3939 {
3940         struct b43_wl *wl = hw_to_b43_wl(hw);
3941         struct b43_wldev *dev;
3942 
3943         mutex_lock(&wl->mutex);
3944 
3945         dev = wl->current_dev;
3946         if (!dev || b43_status(dev) < B43_STAT_STARTED)
3947                 goto out_unlock_mutex;
3948 
3949         B43_WARN_ON(wl->vif != vif);
3950 
3951         if (changed & BSS_CHANGED_BSSID) {
3952                 if (conf->bssid)
3953                         memcpy(wl->bssid, conf->bssid, ETH_ALEN);
3954                 else
3955                         memset(wl->bssid, 0, ETH_ALEN);
3956         }
3957 
3958         if (b43_status(dev) >= B43_STAT_INITIALIZED) {
3959                 if (changed & BSS_CHANGED_BEACON &&
3960                     (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3961                      b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
3962                      b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
3963                         b43_update_templates(wl);
3964 
3965                 if (changed & BSS_CHANGED_BSSID)
3966                         b43_write_mac_bssid_templates(dev);
3967         }
3968 
3969         b43_mac_suspend(dev);
3970 
3971         /* Update templates for AP/mesh mode. */
3972         if (changed & BSS_CHANGED_BEACON_INT &&
3973             (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3974              b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
3975              b43_is_mode(wl, NL80211_IFTYPE_ADHOC)) &&
3976             conf->beacon_int)
3977                 b43_set_beacon_int(dev, conf->beacon_int);
3978 
3979         if (changed & BSS_CHANGED_BASIC_RATES)
3980                 b43_update_basic_rates(dev, conf->basic_rates);
3981 
3982         if (changed & BSS_CHANGED_ERP_SLOT) {
3983                 if (conf->use_short_slot)
3984                         b43_short_slot_timing_enable(dev);
3985                 else
3986                         b43_short_slot_timing_disable(dev);
3987         }
3988 
3989         b43_mac_enable(dev);
3990 out_unlock_mutex:
3991         mutex_unlock(&wl->mutex);
3992 }
3993 
3994 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
3995                           struct ieee80211_vif *vif, struct ieee80211_sta *sta,
3996                           struct ieee80211_key_conf *key)
3997 {
3998         struct b43_wl *wl = hw_to_b43_wl(hw);
3999         struct b43_wldev *dev;
4000         u8 algorithm;
4001         u8 index;
4002         int err;
4003         static const u8 bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
4004 
4005         if (modparam_nohwcrypt)
4006                 return -ENOSPC; /* User disabled HW-crypto */
4007 
4008         if ((vif->type == NL80211_IFTYPE_ADHOC ||
4009              vif->type == NL80211_IFTYPE_MESH_POINT) &&
4010             (key->cipher == WLAN_CIPHER_SUITE_TKIP ||
4011              key->cipher == WLAN_CIPHER_SUITE_CCMP) &&
4012             !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
4013                 /*
4014                  * For now, disable hw crypto for the RSN IBSS group keys. This
4015                  * could be optimized in the future, but until that gets
4016                  * implemented, use of software crypto for group addressed
4017                  * frames is a acceptable to allow RSN IBSS to be used.
4018                  */
4019                 return -EOPNOTSUPP;
4020         }
4021 
4022         mutex_lock(&wl->mutex);
4023 
4024         dev = wl->current_dev;
4025         err = -ENODEV;
4026         if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
4027                 goto out_unlock;
4028 
4029         if (dev->fw.pcm_request_failed || !dev->hwcrypto_enabled) {
4030                 /* We don't have firmware for the crypto engine.
4031                  * Must use software-crypto. */
4032                 err = -EOPNOTSUPP;
4033                 goto out_unlock;
4034         }
4035 
4036         err = -EINVAL;
4037         switch (key->cipher) {
4038         case WLAN_CIPHER_SUITE_WEP40:
4039                 algorithm = B43_SEC_ALGO_WEP40;
4040                 break;
4041         case WLAN_CIPHER_SUITE_WEP104:
4042                 algorithm = B43_SEC_ALGO_WEP104;
4043                 break;
4044         case WLAN_CIPHER_SUITE_TKIP:
4045                 algorithm = B43_SEC_ALGO_TKIP;
4046                 break;
4047         case WLAN_CIPHER_SUITE_CCMP:
4048                 algorithm = B43_SEC_ALGO_AES;
4049                 break;
4050         default:
4051                 B43_WARN_ON(1);
4052                 goto out_unlock;
4053         }
4054         index = (u8) (key->keyidx);
4055         if (index > 3)
4056                 goto out_unlock;
4057 
4058         switch (cmd) {
4059         case SET_KEY:
4060                 if (algorithm == B43_SEC_ALGO_TKIP &&
4061                     (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE) ||
4062                     !modparam_hwtkip)) {
4063                         /* We support only pairwise key */
4064                         err = -EOPNOTSUPP;
4065                         goto out_unlock;
4066                 }
4067 
4068                 if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
4069                         if (WARN_ON(!sta)) {
4070                                 err = -EOPNOTSUPP;
4071                                 goto out_unlock;
4072                         }
4073                         /* Pairwise key with an assigned MAC address. */
4074                         err = b43_key_write(dev, -1, algorithm,
4075                                             key->key, key->keylen,
4076                                             sta->addr, key);
4077                 } else {
4078                         /* Group key */
4079                         err = b43_key_write(dev, index, algorithm,
4080                                             key->key, key->keylen, NULL, key);
4081                 }
4082                 if (err)
4083                         goto out_unlock;
4084 
4085                 if (algorithm == B43_SEC_ALGO_WEP40 ||
4086                     algorithm == B43_SEC_ALGO_WEP104) {
4087                         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
4088                 } else {
4089                         b43_hf_write(dev,
4090                                      b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
4091                 }
4092                 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
4093                 if (algorithm == B43_SEC_ALGO_TKIP)
4094                         key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
4095                 break;
4096         case DISABLE_KEY: {
4097                 err = b43_key_clear(dev, key->hw_key_idx);
4098                 if (err)
4099                         goto out_unlock;
4100                 break;
4101         }
4102         default:
4103                 B43_WARN_ON(1);
4104         }
4105 
4106 out_unlock:
4107         if (!err) {
4108                 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
4109                        "mac: %pM\n",
4110                        cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
4111                        sta ? sta->addr : bcast_addr);
4112                 b43_dump_keymemory(dev);
4113         }
4114         mutex_unlock(&wl->mutex);
4115 
4116         return err;
4117 }
4118 
4119 static void b43_op_configure_filter(struct ieee80211_hw *hw,
4120                                     unsigned int changed, unsigned int *fflags,
4121                                     u64 multicast)
4122 {
4123         struct b43_wl *wl = hw_to_b43_wl(hw);
4124         struct b43_wldev *dev;
4125 
4126         mutex_lock(&wl->mutex);
4127         dev = wl->current_dev;
4128         if (!dev) {
4129                 *fflags = 0;
4130                 goto out_unlock;
4131         }
4132 
4133         *fflags &= FIF_PROMISC_IN_BSS |
4134                   FIF_ALLMULTI |
4135                   FIF_FCSFAIL |
4136                   FIF_PLCPFAIL |
4137                   FIF_CONTROL |
4138                   FIF_OTHER_BSS |
4139                   FIF_BCN_PRBRESP_PROMISC;
4140 
4141         changed &= FIF_PROMISC_IN_BSS |
4142                    FIF_ALLMULTI |
4143                    FIF_FCSFAIL |
4144                    FIF_PLCPFAIL |
4145                    FIF_CONTROL |
4146                    FIF_OTHER_BSS |
4147                    FIF_BCN_PRBRESP_PROMISC;
4148 
4149         wl->filter_flags = *fflags;
4150 
4151         if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
4152                 b43_adjust_opmode(dev);
4153 
4154 out_unlock:
4155         mutex_unlock(&wl->mutex);
4156 }
4157 
4158 /* Locking: wl->mutex
4159  * Returns the current dev. This might be different from the passed in dev,
4160  * because the core might be gone away while we unlocked the mutex. */
4161 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev)
4162 {
4163         struct b43_wl *wl;
4164         struct b43_wldev *orig_dev;
4165         u32 mask;
4166         int queue_num;
4167 
4168         if (!dev)
4169                 return NULL;
4170         wl = dev->wl;
4171 redo:
4172         if (!dev || b43_status(dev) < B43_STAT_STARTED)
4173                 return dev;
4174 
4175         /* Cancel work. Unlock to avoid deadlocks. */
4176         mutex_unlock(&wl->mutex);
4177         cancel_delayed_work_sync(&dev->periodic_work);
4178         cancel_work_sync(&wl->tx_work);
4179         mutex_lock(&wl->mutex);
4180         dev = wl->current_dev;
4181         if (!dev || b43_status(dev) < B43_STAT_STARTED) {
4182                 /* Whoops, aliens ate up the device while we were unlocked. */
4183                 return dev;
4184         }
4185 
4186         /* Disable interrupts on the device. */
4187         b43_set_status(dev, B43_STAT_INITIALIZED);
4188         if (b43_bus_host_is_sdio(dev->dev)) {
4189                 /* wl->mutex is locked. That is enough. */
4190                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4191                 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4192         } else {
4193                 spin_lock_irq(&wl->hardirq_lock);
4194                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4195                 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4196                 spin_unlock_irq(&wl->hardirq_lock);
4197         }
4198         /* Synchronize and free the interrupt handlers. Unlock to avoid deadlocks. */
4199         orig_dev = dev;
4200         mutex_unlock(&wl->mutex);
4201         if (b43_bus_host_is_sdio(dev->dev)) {
4202                 b43_sdio_free_irq(dev);
4203         } else {
4204                 synchronize_irq(dev->dev->irq);
4205                 free_irq(dev->dev->irq, dev);
4206         }
4207         mutex_lock(&wl->mutex);
4208         dev = wl->current_dev;
4209         if (!dev)
4210                 return dev;
4211         if (dev != orig_dev) {
4212                 if (b43_status(dev) >= B43_STAT_STARTED)
4213                         goto redo;
4214                 return dev;
4215         }
4216         mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
4217         B43_WARN_ON(mask != 0xFFFFFFFF && mask);
4218 
4219         /* Drain all TX queues. */
4220         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
4221                 while (skb_queue_len(&wl->tx_queue[queue_num])) {
4222                         struct sk_buff *skb;
4223 
4224                         skb = skb_dequeue(&wl->tx_queue[queue_num]);
4225                         ieee80211_free_txskb(wl->hw, skb);
4226                 }
4227         }
4228 
4229         b43_mac_suspend(dev);
4230         b43_leds_exit(dev);
4231         b43dbg(wl, "Wireless interface stopped\n");
4232 
4233         return dev;
4234 }
4235 
4236 /* Locking: wl->mutex */
4237 static int b43_wireless_core_start(struct b43_wldev *dev)
4238 {
4239         int err;
4240 
4241         B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
4242 
4243         drain_txstatus_queue(dev);
4244         if (b43_bus_host_is_sdio(dev->dev)) {
4245                 err = b43_sdio_request_irq(dev, b43_sdio_interrupt_handler);
4246                 if (err) {
4247                         b43err(dev->wl, "Cannot request SDIO IRQ\n");
4248                         goto out;
4249                 }
4250         } else {
4251                 err = request_threaded_irq(dev->dev->irq, b43_interrupt_handler,
4252                                            b43_interrupt_thread_handler,
4253                                            IRQF_SHARED, KBUILD_MODNAME, dev);
4254                 if (err) {
4255                         b43err(dev->wl, "Cannot request IRQ-%d\n",
4256                                dev->dev->irq);
4257                         goto out;
4258                 }
4259         }
4260 
4261         /* We are ready to run. */
4262         ieee80211_wake_queues(dev->wl->hw);
4263         b43_set_status(dev, B43_STAT_STARTED);
4264 
4265         /* Start data flow (TX/RX). */
4266         b43_mac_enable(dev);
4267         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
4268 
4269         /* Start maintenance work */
4270         b43_periodic_tasks_setup(dev);
4271 
4272         b43_leds_init(dev);
4273 
4274         b43dbg(dev->wl, "Wireless interface started\n");
4275 out:
4276         return err;
4277 }
4278 
4279 static char *b43_phy_name(struct b43_wldev *dev, u8 phy_type)
4280 {
4281         switch (phy_type) {
4282         case B43_PHYTYPE_A:
4283                 return "A";
4284         case B43_PHYTYPE_B:
4285                 return "B";
4286         case B43_PHYTYPE_G:
4287                 return "G";
4288         case B43_PHYTYPE_N:
4289                 return "N";
4290         case B43_PHYTYPE_LP:
4291                 return "LP";
4292         case B43_PHYTYPE_SSLPN:
4293                 return "SSLPN";
4294         case B43_PHYTYPE_HT:
4295                 return "HT";
4296         case B43_PHYTYPE_LCN:
4297                 return "LCN";
4298         case B43_PHYTYPE_LCNXN:
4299                 return "LCNXN";
4300         case B43_PHYTYPE_LCN40:
4301                 return "LCN40";
4302         case B43_PHYTYPE_AC:
4303                 return "AC";
4304         }
4305         return "UNKNOWN";
4306 }
4307 
4308 /* Get PHY and RADIO versioning numbers */
4309 static int b43_phy_versioning(struct b43_wldev *dev)
4310 {
4311         struct b43_phy *phy = &dev->phy;
4312         u32 tmp;
4313         u8 analog_type;
4314         u8 phy_type;
4315         u8 phy_rev;
4316         u16 radio_manuf;
4317         u16 radio_ver;
4318         u16 radio_rev;
4319         int unsupported = 0;
4320 
4321         /* Get PHY versioning */
4322         tmp = b43_read16(dev, B43_MMIO_PHY_VER);
4323         analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
4324         phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
4325         phy_rev = (tmp & B43_PHYVER_VERSION);
4326         switch (phy_type) {
4327         case B43_PHYTYPE_A:
4328                 if (phy_rev >= 4)
4329                         unsupported = 1;
4330                 break;
4331         case B43_PHYTYPE_B:
4332                 if (phy_rev != 2 && phy_rev != 4 && phy_rev != 6
4333                     && phy_rev != 7)
4334                         unsupported = 1;
4335                 break;
4336         case B43_PHYTYPE_G:
4337                 if (phy_rev > 9)
4338                         unsupported = 1;
4339                 break;
4340 #ifdef CONFIG_B43_PHY_N
4341         case B43_PHYTYPE_N:
4342                 if (phy_rev > 9)
4343                         unsupported = 1;
4344                 break;
4345 #endif
4346 #ifdef CONFIG_B43_PHY_LP
4347         case B43_PHYTYPE_LP:
4348                 if (phy_rev > 2)
4349                         unsupported = 1;
4350                 break;
4351 #endif
4352 #ifdef CONFIG_B43_PHY_HT
4353         case B43_PHYTYPE_HT:
4354                 if (phy_rev > 1)
4355                         unsupported = 1;
4356                 break;
4357 #endif
4358 #ifdef CONFIG_B43_PHY_LCN
4359         case B43_PHYTYPE_LCN:
4360                 if (phy_rev > 1)
4361                         unsupported = 1;
4362                 break;
4363 #endif
4364         default:
4365                 unsupported = 1;
4366         }
4367         if (unsupported) {
4368                 b43err(dev->wl, "FOUND UNSUPPORTED PHY (Analog %u, Type %d (%s), Revision %u)\n",
4369                        analog_type, phy_type, b43_phy_name(dev, phy_type),
4370                        phy_rev);
4371                 return -EOPNOTSUPP;
4372         }
4373         b43info(dev->wl, "Found PHY: Analog %u, Type %d (%s), Revision %u\n",
4374                 analog_type, phy_type, b43_phy_name(dev, phy_type), phy_rev);
4375 
4376         /* Get RADIO versioning */
4377         if (dev->dev->core_rev >= 24) {
4378                 u16 radio24[3];
4379 
4380                 for (tmp = 0; tmp < 3; tmp++) {
4381                         b43_write16(dev, B43_MMIO_RADIO24_CONTROL, tmp);
4382                         radio24[tmp] = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4383                 }
4384 
4385                 /* Broadcom uses "id" for our "ver" and has separated "ver" */
4386                 /* radio_ver = (radio24[0] & 0xF0) >> 4; */
4387 
4388                 radio_manuf = 0x17F;
4389                 radio_ver = (radio24[2] << 8) | radio24[1];
4390                 radio_rev = (radio24[0] & 0xF);
4391         } else {
4392                 if (dev->dev->chip_id == 0x4317) {
4393                         if (dev->dev->chip_rev == 0)
4394                                 tmp = 0x3205017F;
4395                         else if (dev->dev->chip_rev == 1)
4396                                 tmp = 0x4205017F;
4397                         else
4398                                 tmp = 0x5205017F;
4399                 } else {
4400                         b43_write16(dev, B43_MMIO_RADIO_CONTROL,
4401                                     B43_RADIOCTL_ID);
4402                         tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
4403                         b43_write16(dev, B43_MMIO_RADIO_CONTROL,
4404                                     B43_RADIOCTL_ID);
4405                         tmp |= (u32)b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH)
4406                                 << 16;
4407                 }
4408                 radio_manuf = (tmp & 0x00000FFF);
4409                 radio_ver = (tmp & 0x0FFFF000) >> 12;
4410                 radio_rev = (tmp & 0xF0000000) >> 28;
4411         }
4412 
4413         if (radio_manuf != 0x17F /* Broadcom */)
4414                 unsupported = 1;
4415         switch (phy_type) {
4416         case B43_PHYTYPE_A:
4417                 if (radio_ver != 0x2060)
4418                         unsupported = 1;
4419                 if (radio_rev != 1)
4420                         unsupported = 1;
4421                 if (radio_manuf != 0x17F)
4422                         unsupported = 1;
4423                 break;
4424         case B43_PHYTYPE_B:
4425                 if ((radio_ver & 0xFFF0) != 0x2050)
4426                         unsupported = 1;
4427                 break;
4428         case B43_PHYTYPE_G:
4429                 if (radio_ver != 0x2050)
4430                         unsupported = 1;
4431                 break;
4432         case B43_PHYTYPE_N:
4433                 if (radio_ver != 0x2055 && radio_ver != 0x2056)
4434                         unsupported = 1;
4435                 break;
4436         case B43_PHYTYPE_LP:
4437                 if (radio_ver != 0x2062 && radio_ver != 0x2063)
4438                         unsupported = 1;
4439                 break;
4440         case B43_PHYTYPE_HT:
4441                 if (radio_ver != 0x2059)
4442                         unsupported = 1;
4443                 break;
4444         case B43_PHYTYPE_LCN:
4445                 if (radio_ver != 0x2064)
4446                         unsupported = 1;
4447                 break;
4448         default:
4449                 B43_WARN_ON(1);
4450         }
4451         if (unsupported) {
4452                 b43err(dev->wl, "FOUND UNSUPPORTED RADIO "
4453                        "(Manuf 0x%X, Version 0x%X, Revision %u)\n",
4454                        radio_manuf, radio_ver, radio_rev);
4455                 return -EOPNOTSUPP;
4456         }
4457         b43dbg(dev->wl, "Found Radio: Manuf 0x%X, Version 0x%X, Revision %u\n",
4458                radio_manuf, radio_ver, radio_rev);
4459 
4460         phy->radio_manuf = radio_manuf;
4461         phy->radio_ver = radio_ver;
4462         phy->radio_rev = radio_rev;
4463 
4464         phy->analog = analog_type;
4465         phy->type = phy_type;
4466         phy->rev = phy_rev;
4467 
4468         return 0;
4469 }
4470 
4471 static void setup_struct_phy_for_init(struct b43_wldev *dev,
4472                                       struct b43_phy *phy)
4473 {
4474         phy->hardware_power_control = !!modparam_hwpctl;
4475         phy->next_txpwr_check_time = jiffies;
4476         /* PHY TX errors counter. */
4477         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
4478 
4479 #if B43_DEBUG
4480         phy->phy_locked = false;
4481         phy->radio_locked = false;
4482 #endif
4483 }
4484 
4485 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
4486 {
4487         dev->dfq_valid = false;
4488 
4489         /* Assume the radio is enabled. If it's not enabled, the state will
4490          * immediately get fixed on the first periodic work run. */
4491         dev->radio_hw_enable = true;
4492 
4493         /* Stats */
4494         memset(&dev->stats, 0, sizeof(dev->stats));
4495 
4496         setup_struct_phy_for_init(dev, &dev->phy);
4497 
4498         /* IRQ related flags */
4499         dev->irq_reason = 0;
4500         memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
4501         dev->irq_mask = B43_IRQ_MASKTEMPLATE;
4502         if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
4503                 dev->irq_mask &= ~B43_IRQ_PHY_TXERR;
4504 
4505         dev->mac_suspended = 1;
4506 
4507         /* Noise calculation context */
4508         memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
4509 }
4510 
4511 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
4512 {
4513         struct ssb_sprom *sprom = dev->dev->bus_sprom;
4514         u64 hf;
4515 
4516         if (!modparam_btcoex)
4517                 return;
4518         if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
4519                 return;
4520         if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
4521                 return;
4522 
4523         hf = b43_hf_read(dev);
4524         if (sprom->boardflags_lo & B43_BFL_BTCMOD)
4525                 hf |= B43_HF_BTCOEXALT;
4526         else
4527                 hf |= B43_HF_BTCOEX;
4528         b43_hf_write(dev, hf);
4529 }
4530 
4531 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
4532 {
4533         if (!modparam_btcoex)
4534                 return;
4535         //TODO
4536 }
4537 
4538 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
4539 {
4540         struct ssb_bus *bus;
4541         u32 tmp;
4542 
4543 #ifdef CONFIG_B43_SSB
4544         if (dev->dev->bus_type != B43_BUS_SSB)
4545                 return;
4546 #else
4547         return;
4548 #endif
4549 
4550         bus = dev->dev->sdev->bus;
4551 
4552         if ((bus->chip_id == 0x4311 && bus->chip_rev == 2) ||
4553             (bus->chip_id == 0x4312)) {
4554                 tmp = ssb_read32(dev->dev->sdev, SSB_IMCFGLO);
4555                 tmp &= ~SSB_IMCFGLO_REQTO;
4556                 tmp &= ~SSB_IMCFGLO_SERTO;
4557                 tmp |= 0x3;
4558                 ssb_write32(dev->dev->sdev, SSB_IMCFGLO, tmp);
4559                 ssb_commit_settings(bus);
4560         }
4561 }
4562 
4563 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
4564 {
4565         u16 pu_delay;
4566 
4567         /* The time value is in microseconds. */
4568         if (dev->phy.type == B43_PHYTYPE_A)
4569                 pu_delay = 3700;
4570         else
4571                 pu_delay = 1050;
4572         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
4573                 pu_delay = 500;
4574         if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
4575                 pu_delay = max(pu_delay, (u16)2400);
4576 
4577         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
4578 }
4579 
4580 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
4581 static void b43_set_pretbtt(struct b43_wldev *dev)
4582 {
4583         u16 pretbtt;
4584 
4585         /* The time value is in microseconds. */
4586         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC)) {
4587                 pretbtt = 2;
4588         } else {
4589                 if (dev->phy.type == B43_PHYTYPE_A)
4590                         pretbtt = 120;
4591                 else
4592                         pretbtt = 250;
4593         }
4594         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
4595         b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
4596 }
4597 
4598 /* Shutdown a wireless core */
4599 /* Locking: wl->mutex */
4600 static void b43_wireless_core_exit(struct b43_wldev *dev)
4601 {
4602         B43_WARN_ON(dev && b43_status(dev) > B43_STAT_INITIALIZED);
4603         if (!dev || b43_status(dev) != B43_STAT_INITIALIZED)
4604                 return;
4605 
4606         b43_set_status(dev, B43_STAT_UNINIT);
4607 
4608         /* Stop the microcode PSM. */
4609         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
4610                       B43_MACCTL_PSM_JMP0);
4611 
4612         switch (dev->dev->bus_type) {
4613 #ifdef CONFIG_B43_BCMA
4614         case B43_BUS_BCMA:
4615                 bcma_core_pci_down(dev->dev->bdev->bus);
4616                 break;
4617 #endif
4618 #ifdef CONFIG_B43_SSB
4619         case B43_BUS_SSB:
4620                 /* TODO */
4621                 break;
4622 #endif
4623         }
4624 
4625         b43_dma_free(dev);
4626         b43_pio_free(dev);
4627         b43_chip_exit(dev);
4628         dev->phy.ops->switch_analog(dev, 0);
4629         if (dev->wl->current_beacon) {
4630                 dev_kfree_skb_any(dev->wl->current_beacon);
4631                 dev->wl->current_beacon = NULL;
4632         }
4633 
4634         b43_device_disable(dev, 0);
4635         b43_bus_may_powerdown(dev);
4636 }
4637 
4638 /* Initialize a wireless core */
4639 static int b43_wireless_core_init(struct b43_wldev *dev)
4640 {
4641         struct ssb_sprom *sprom = dev->dev->bus_sprom;
4642         struct b43_phy *phy = &dev->phy;
4643         int err;
4644         u64 hf;
4645 
4646         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4647 
4648         err = b43_bus_powerup(dev, 0);
4649         if (err)
4650                 goto out;
4651         if (!b43_device_is_enabled(dev))
4652                 b43_wireless_core_reset(dev, phy->gmode);
4653 
4654         /* Reset all data structures. */
4655         setup_struct_wldev_for_init(dev);
4656         phy->ops->prepare_structs(dev);
4657 
4658         /* Enable IRQ routing to this device. */
4659         switch (dev->dev->bus_type) {
4660 #ifdef CONFIG_B43_BCMA
4661         case B43_BUS_BCMA:
4662                 bcma_core_pci_irq_ctl(&dev->dev->bdev->bus->drv_pci[0],
4663                                       dev->dev->bdev, true);
4664                 bcma_core_pci_up(dev->dev->bdev->bus);
4665                 break;
4666 #endif
4667 #ifdef CONFIG_B43_SSB
4668         case B43_BUS_SSB:
4669                 ssb_pcicore_dev_irqvecs_enable(&dev->dev->sdev->bus->pcicore,
4670                                                dev->dev->sdev);
4671                 break;
4672 #endif
4673         }
4674 
4675         b43_imcfglo_timeouts_workaround(dev);
4676         b43_bluetooth_coext_disable(dev);
4677         if (phy->ops->prepare_hardware) {
4678                 err = phy->ops->prepare_hardware(dev);
4679                 if (err)
4680                         goto err_busdown;
4681         }
4682         err = b43_chip_init(dev);
4683         if (err)
4684                 goto err_busdown;
4685         b43_shm_write16(dev, B43_SHM_SHARED,
4686                         B43_SHM_SH_WLCOREREV, dev->dev->core_rev);
4687         hf = b43_hf_read(dev);
4688         if (phy->type == B43_PHYTYPE_G) {
4689                 hf |= B43_HF_SYMW;
4690                 if (phy->rev == 1)
4691                         hf |= B43_HF_GDCW;
4692                 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4693                         hf |= B43_HF_OFDMPABOOST;
4694         }
4695         if (phy->radio_ver == 0x2050) {
4696                 if (phy->radio_rev == 6)
4697                         hf |= B43_HF_4318TSSI;
4698                 if (phy->radio_rev < 6)
4699                         hf |= B43_HF_VCORECALC;
4700         }
4701         if (sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW)
4702                 hf |= B43_HF_DSCRQ; /* Disable slowclock requests from ucode. */
4703 #if defined(CONFIG_B43_SSB) && defined(CONFIG_SSB_DRIVER_PCICORE)
4704         if (dev->dev->bus_type == B43_BUS_SSB &&
4705             dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI &&
4706             dev->dev->sdev->bus->pcicore.dev->id.revision <= 10)
4707                 hf |= B43_HF_PCISCW; /* PCI slow clock workaround. */
4708 #endif
4709         hf &= ~B43_HF_SKCFPUP;
4710         b43_hf_write(dev, hf);
4711 
4712         b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4713                              B43_DEFAULT_LONG_RETRY_LIMIT);
4714         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4715         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4716 
4717         /* Disable sending probe responses from firmware.
4718          * Setting the MaxTime to one usec will always trigger
4719          * a timeout, so we never send any probe resp.
4720          * A timeout of zero is infinite. */
4721         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4722 
4723         b43_rate_memory_init(dev);
4724         b43_set_phytxctl_defaults(dev);
4725 
4726         /* Minimum Contention Window */
4727         if (phy->type == B43_PHYTYPE_B)
4728                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4729         else
4730                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4731         /* Maximum Contention Window */
4732         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4733 
4734         if (b43_bus_host_is_pcmcia(dev->dev) ||
4735             b43_bus_host_is_sdio(dev->dev)) {
4736                 dev->__using_pio_transfers = true;
4737                 err = b43_pio_init(dev);
4738         } else if (dev->use_pio) {
4739                 b43warn(dev->wl, "Forced PIO by use_pio module parameter. "
4740                         "This should not be needed and will result in lower "
4741                         "performance.\n");
4742                 dev->__using_pio_transfers = true;
4743                 err = b43_pio_init(dev);
4744         } else {
4745                 dev->__using_pio_transfers = false;
4746                 err = b43_dma_init(dev);
4747         }
4748         if (err)
4749                 goto err_chip_exit;
4750         b43_qos_init(dev);
4751         b43_set_synth_pu_delay(dev, 1);
4752         b43_bluetooth_coext_enable(dev);
4753 
4754         b43_bus_powerup(dev, !(sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW));
4755         b43_upload_card_macaddress(dev);
4756         b43_security_init(dev);
4757 
4758         ieee80211_wake_queues(dev->wl->hw);
4759 
4760         b43_set_status(dev, B43_STAT_INITIALIZED);
4761 
4762 out:
4763         return err;
4764 
4765 err_chip_exit:
4766         b43_chip_exit(dev);
4767 err_busdown:
4768         b43_bus_may_powerdown(dev);
4769         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4770         return err;
4771 }
4772 
4773 static int b43_op_add_interface(struct ieee80211_hw *hw,
4774                                 struct ieee80211_vif *vif)
4775 {
4776         struct b43_wl *wl = hw_to_b43_wl(hw);
4777         struct b43_wldev *dev;
4778         int err = -EOPNOTSUPP;
4779 
4780         /* TODO: allow WDS/AP devices to coexist */
4781 
4782         if (vif->type != NL80211_IFTYPE_AP &&
4783             vif->type != NL80211_IFTYPE_MESH_POINT &&
4784             vif->type != NL80211_IFTYPE_STATION &&
4785             vif->type != NL80211_IFTYPE_WDS &&
4786             vif->type != NL80211_IFTYPE_ADHOC)
4787                 return -EOPNOTSUPP;
4788 
4789         mutex_lock(&wl->mutex);
4790         if (wl->operating)
4791                 goto out_mutex_unlock;
4792 
4793         b43dbg(wl, "Adding Interface type %d\n", vif->type);
4794 
4795         dev = wl->current_dev;
4796         wl->operating = true;
4797         wl->vif = vif;
4798         wl->if_type = vif->type;
4799         memcpy(wl->mac_addr, vif->addr, ETH_ALEN);
4800 
4801         b43_adjust_opmode(dev);
4802         b43_set_pretbtt(dev);
4803         b43_set_synth_pu_delay(dev, 0);
4804         b43_upload_card_macaddress(dev);
4805 
4806         err = 0;
4807  out_mutex_unlock:
4808         mutex_unlock(&wl->mutex);
4809 
4810         if (err == 0)
4811                 b43_op_bss_info_changed(hw, vif, &vif->bss_conf, ~0);
4812 
4813         return err;
4814 }
4815 
4816 static void b43_op_remove_interface(struct ieee80211_hw *hw,
4817                                     struct ieee80211_vif *vif)
4818 {
4819         struct b43_wl *wl = hw_to_b43_wl(hw);
4820         struct b43_wldev *dev = wl->current_dev;
4821 
4822         b43dbg(wl, "Removing Interface type %d\n", vif->type);
4823 
4824         mutex_lock(&wl->mutex);
4825 
4826         B43_WARN_ON(!wl->operating);
4827         B43_WARN_ON(wl->vif != vif);
4828         wl->vif = NULL;
4829 
4830         wl->operating = false;
4831 
4832         b43_adjust_opmode(dev);
4833         memset(wl->mac_addr, 0, ETH_ALEN);
4834         b43_upload_card_macaddress(dev);
4835 
4836         mutex_unlock(&wl->mutex);
4837 }
4838 
4839 static int b43_op_start(struct ieee80211_hw *hw)
4840 {
4841         struct b43_wl *wl = hw_to_b43_wl(hw);
4842         struct b43_wldev *dev = wl->current_dev;
4843         int did_init = 0;
4844         int err = 0;
4845 
4846         /* Kill all old instance specific information to make sure
4847          * the card won't use it in the short timeframe between start
4848          * and mac80211 reconfiguring it. */
4849         memset(wl->bssid, 0, ETH_ALEN);
4850         memset(wl->mac_addr, 0, ETH_ALEN);
4851         wl->filter_flags = 0;
4852         wl->radiotap_enabled = false;
4853         b43_qos_clear(wl);
4854         wl->beacon0_uploaded = false;
4855         wl->beacon1_uploaded = false;
4856         wl->beacon_templates_virgin = true;
4857         wl->radio_enabled = true;
4858 
4859         mutex_lock(&wl->mutex);
4860 
4861         if (b43_status(dev) < B43_STAT_INITIALIZED) {
4862                 err = b43_wireless_core_init(dev);
4863                 if (err)
4864                         goto out_mutex_unlock;
4865                 did_init = 1;
4866         }
4867 
4868         if (b43_status(dev) < B43_STAT_STARTED) {
4869                 err = b43_wireless_core_start(dev);
4870                 if (err) {
4871                         if (did_init)
4872                                 b43_wireless_core_exit(dev);
4873                         goto out_mutex_unlock;
4874                 }
4875         }
4876 
4877         /* XXX: only do if device doesn't support rfkill irq */
4878         wiphy_rfkill_start_polling(hw->wiphy);
4879 
4880  out_mutex_unlock:
4881         mutex_unlock(&wl->mutex);
4882 
4883         /*
4884          * Configuration may have been overwritten during initialization.
4885          * Reload the configuration, but only if initialization was
4886          * successful. Reloading the configuration after a failed init
4887          * may hang the system.
4888          */
4889         if (!err)
4890                 b43_op_config(hw, ~0);
4891 
4892         return err;
4893 }
4894 
4895 static void b43_op_stop(struct ieee80211_hw *hw)
4896 {
4897         struct b43_wl *wl = hw_to_b43_wl(hw);
4898         struct b43_wldev *dev = wl->current_dev;
4899 
4900         cancel_work_sync(&(wl->beacon_update_trigger));
4901 
4902         if (!dev)
4903                 goto out;
4904 
4905         mutex_lock(&wl->mutex);
4906         if (b43_status(dev) >= B43_STAT_STARTED) {
4907                 dev = b43_wireless_core_stop(dev);
4908                 if (!dev)
4909                         goto out_unlock;
4910         }
4911         b43_wireless_core_exit(dev);
4912         wl->radio_enabled = false;
4913 
4914 out_unlock:
4915         mutex_unlock(&wl->mutex);
4916 out:
4917         cancel_work_sync(&(wl->txpower_adjust_work));
4918 }
4919 
4920 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
4921                                  struct ieee80211_sta *sta, bool set)
4922 {
4923         struct b43_wl *wl = hw_to_b43_wl(hw);
4924 
4925         /* FIXME: add locking */
4926         b43_update_templates(wl);
4927 
4928         return 0;
4929 }
4930 
4931 static void b43_op_sta_notify(struct ieee80211_hw *hw,
4932                               struct ieee80211_vif *vif,
4933                               enum sta_notify_cmd notify_cmd,
4934                               struct ieee80211_sta *sta)
4935 {
4936         struct b43_wl *wl = hw_to_b43_wl(hw);
4937 
4938         B43_WARN_ON(!vif || wl->vif != vif);
4939 }
4940 
4941 static void b43_op_sw_scan_start_notifier(struct ieee80211_hw *hw)
4942 {
4943         struct b43_wl *wl = hw_to_b43_wl(hw);
4944         struct b43_wldev *dev;
4945 
4946         mutex_lock(&wl->mutex);
4947         dev = wl->current_dev;
4948         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4949                 /* Disable CFP update during scan on other channels. */
4950                 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_SKCFPUP);
4951         }
4952         mutex_unlock(&wl->mutex);
4953 }
4954 
4955 static void b43_op_sw_scan_complete_notifier(struct ieee80211_hw *hw)
4956 {
4957         struct b43_wl *wl = hw_to_b43_wl(hw);
4958         struct b43_wldev *dev;
4959 
4960         mutex_lock(&wl->mutex);
4961         dev = wl->current_dev;
4962         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4963                 /* Re-enable CFP update. */
4964                 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_SKCFPUP);
4965         }
4966         mutex_unlock(&wl->mutex);
4967 }
4968 
4969 static int b43_op_get_survey(struct ieee80211_hw *hw, int idx,
4970                              struct survey_info *survey)
4971 {
4972         struct b43_wl *wl = hw_to_b43_wl(hw);
4973         struct b43_wldev *dev = wl->current_dev;
4974         struct ieee80211_conf *conf = &hw->conf;
4975 
4976         if (idx != 0)
4977                 return -ENOENT;
4978 
4979         survey->channel = conf->chandef.chan;
4980         survey->filled = SURVEY_INFO_NOISE_DBM;
4981         survey->noise = dev->stats.link_noise;
4982 
4983         return 0;
4984 }
4985 
4986 static const struct ieee80211_ops b43_hw_ops = {
4987         .tx                     = b43_op_tx,
4988         .conf_tx                = b43_op_conf_tx,
4989         .add_interface          = b43_op_add_interface,
4990         .remove_interface       = b43_op_remove_interface,
4991         .config                 = b43_op_config,
4992         .bss_info_changed       = b43_op_bss_info_changed,
4993         .configure_filter       = b43_op_configure_filter,
4994         .set_key                = b43_op_set_key,
4995         .update_tkip_key        = b43_op_update_tkip_key,
4996         .get_stats              = b43_op_get_stats,
4997         .get_tsf                = b43_op_get_tsf,
4998         .set_tsf                = b43_op_set_tsf,
4999         .start                  = b43_op_start,
5000         .stop                   = b43_op_stop,
5001         .set_tim                = b43_op_beacon_set_tim,
5002         .sta_notify             = b43_op_sta_notify,
5003         .sw_scan_start          = b43_op_sw_scan_start_notifier,
5004         .sw_scan_complete       = b43_op_sw_scan_complete_notifier,
5005         .get_survey             = b43_op_get_survey,
5006         .rfkill_poll            = b43_rfkill_poll,
5007 };
5008 
5009 /* Hard-reset the chip. Do not call this directly.
5010  * Use b43_controller_restart()
5011  */
5012 static void b43_chip_reset(struct work_struct *work)
5013 {
5014         struct b43_wldev *dev =
5015             container_of(work, struct b43_wldev, restart_work);
5016         struct b43_wl *wl = dev->wl;
5017         int err = 0;
5018         int prev_status;
5019 
5020         mutex_lock(&wl->mutex);
5021 
5022         prev_status = b43_status(dev);
5023         /* Bring the device down... */
5024         if (prev_status >= B43_STAT_STARTED) {
5025                 dev = b43_wireless_core_stop(dev);
5026                 if (!dev) {
5027                         err = -ENODEV;
5028                         goto out;
5029                 }
5030         }
5031         if (prev_status >= B43_STAT_INITIALIZED)
5032                 b43_wireless_core_exit(dev);
5033 
5034         /* ...and up again. */
5035         if (prev_status >= B43_STAT_INITIALIZED) {
5036                 err = b43_wireless_core_init(dev);
5037                 if (err)
5038                         goto out;
5039         }
5040         if (prev_status >= B43_STAT_STARTED) {
5041                 err = b43_wireless_core_start(dev);
5042                 if (err) {
5043                         b43_wireless_core_exit(dev);
5044                         goto out;
5045                 }
5046         }
5047 out:
5048         if (err)
5049                 wl->current_dev = NULL; /* Failed to init the dev. */
5050         mutex_unlock(&wl->mutex);
5051 
5052         if (err) {
5053                 b43err(wl, "Controller restart FAILED\n");
5054                 return;
5055         }
5056 
5057         /* reload configuration */
5058         b43_op_config(wl->hw, ~0);
5059         if (wl->vif)
5060                 b43_op_bss_info_changed(wl->hw, wl->vif, &wl->vif->bss_conf, ~0);
5061 
5062         b43info(wl, "Controller restarted\n");
5063 }
5064 
5065 static int b43_setup_bands(struct b43_wldev *dev,
5066                            bool have_2ghz_phy, bool have_5ghz_phy)
5067 {
5068         struct ieee80211_hw *hw = dev->wl->hw;
5069 
5070         if (have_2ghz_phy)
5071                 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &b43_band_2GHz;
5072         if (dev->phy.type == B43_PHYTYPE_N) {
5073                 if (have_5ghz_phy)
5074                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_nphy;
5075         } else {
5076                 if (have_5ghz_phy)
5077                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
5078         }
5079 
5080         dev->phy.supports_2ghz = have_2ghz_phy;
5081         dev->phy.supports_5ghz = have_5ghz_phy;
5082 
5083         return 0;
5084 }
5085 
5086 static void b43_wireless_core_detach(struct b43_wldev *dev)
5087 {
5088         /* We release firmware that late to not be required to re-request
5089          * is all the time when we reinit the core. */
5090         b43_release_firmware(dev);
5091         b43_phy_free(dev);
5092 }
5093 
5094 static void b43_supported_bands(struct b43_wldev *dev, bool *have_2ghz_phy,
5095                                 bool *have_5ghz_phy)
5096 {
5097         u16 dev_id = 0;
5098 
5099 #ifdef CONFIG_B43_BCMA
5100         if (dev->dev->bus_type == B43_BUS_BCMA &&
5101             dev->dev->bdev->bus->hosttype == BCMA_HOSTTYPE_PCI)
5102                 dev_id = dev->dev->bdev->bus->host_pci->device;
5103 #endif
5104 #ifdef CONFIG_B43_SSB
5105         if (dev->dev->bus_type == B43_BUS_SSB &&
5106             dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI)
5107                 dev_id = dev->dev->sdev->bus->host_pci->device;
5108 #endif
5109         /* Override with SPROM value if available */
5110         if (dev->dev->bus_sprom->dev_id)
5111                 dev_id = dev->dev->bus_sprom->dev_id;
5112 
5113         /* Note: below IDs can be "virtual" (not maching e.g. real PCI ID) */
5114         switch (dev_id) {
5115         case 0x4324: /* BCM4306 */
5116         case 0x4312: /* BCM4311 */
5117         case 0x4319: /* BCM4318 */
5118         case 0x4328: /* BCM4321 */
5119         case 0x432b: /* BCM4322 */
5120         case 0x4350: /* BCM43222 */
5121         case 0x4353: /* BCM43224 */
5122         case 0x0576: /* BCM43224 */
5123         case 0x435f: /* BCM6362 */
5124         case 0x4331: /* BCM4331 */
5125         case 0x4359: /* BCM43228 */
5126         case 0x43a0: /* BCM4360 */
5127         case 0x43b1: /* BCM4352 */
5128                 /* Dual band devices */
5129                 *have_2ghz_phy = true;
5130                 *have_5ghz_phy = true;
5131                 return;
5132         case 0x4321: /* BCM4306 */
5133         case 0x4313: /* BCM4311 */
5134         case 0x431a: /* BCM4318 */
5135         case 0x432a: /* BCM4321 */
5136         case 0x432d: /* BCM4322 */
5137         case 0x4352: /* BCM43222 */
5138         case 0x4333: /* BCM4331 */
5139         case 0x43a2: /* BCM4360 */
5140         case 0x43b3: /* BCM4352 */
5141                 /* 5 GHz only devices */
5142                 *have_2ghz_phy = false;
5143                 *have_5ghz_phy = true;
5144                 return;
5145         }
5146 
5147         /* As a fallback, try to guess using PHY type */
5148         switch (dev->phy.type) {
5149         case B43_PHYTYPE_A:
5150                 *have_2ghz_phy = false;
5151                 *have_5ghz_phy = true;
5152                 return;
5153         case B43_PHYTYPE_G:
5154         case B43_PHYTYPE_N:
5155         case B43_PHYTYPE_LP:
5156         case B43_PHYTYPE_HT:
5157         case B43_PHYTYPE_LCN:
5158                 *have_2ghz_phy = true;
5159                 *have_5ghz_phy = false;
5160                 return;
5161         }
5162 
5163         B43_WARN_ON(1);
5164 }
5165 
5166 static int b43_wireless_core_attach(struct b43_wldev *dev)
5167 {
5168         struct b43_wl *wl = dev->wl;
5169         struct b43_phy *phy = &dev->phy;
5170         int err;
5171         u32 tmp;
5172         bool have_2ghz_phy = false, have_5ghz_phy = false;
5173 
5174         /* Do NOT do any device initialization here.
5175          * Do it in wireless_core_init() instead.
5176          * This function is for gathering basic information about the HW, only.
5177          * Also some structs may be set up here. But most likely you want to have
5178          * that in core_init(), too.
5179          */
5180 
5181         err = b43_bus_powerup(dev, 0);
5182         if (err) {
5183                 b43err(wl, "Bus powerup failed\n");
5184                 goto out;
5185         }
5186 
5187         phy->do_full_init = true;
5188 
5189         /* Try to guess supported bands for the first init needs */
5190         switch (dev->dev->bus_type) {
5191 #ifdef CONFIG_B43_BCMA
5192         case B43_BUS_BCMA:
5193                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOST);
5194                 have_2ghz_phy = !!(tmp & B43_BCMA_IOST_2G_PHY);
5195                 have_5ghz_phy = !!(tmp & B43_BCMA_IOST_5G_PHY);
5196                 break;
5197 #endif
5198 #ifdef CONFIG_B43_SSB
5199         case B43_BUS_SSB:
5200                 if (dev->dev->core_rev >= 5) {
5201                         tmp = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
5202                         have_2ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_2GHZ_PHY);
5203                         have_5ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_5GHZ_PHY);
5204                 } else
5205                         B43_WARN_ON(1);
5206                 break;
5207 #endif
5208         }
5209 
5210         dev->phy.gmode = have_2ghz_phy;
5211         b43_wireless_core_reset(dev, dev->phy.gmode);
5212 
5213         /* Get the PHY type. */
5214         err = b43_phy_versioning(dev);
5215         if (err)
5216                 goto err_powerdown;
5217 
5218         /* Get real info about supported bands */
5219         b43_supported_bands(dev, &have_2ghz_phy, &have_5ghz_phy);
5220 
5221         /* We don't support 5 GHz on some PHYs yet */
5222         switch (dev->phy.type) {
5223         case B43_PHYTYPE_A:
5224         case B43_PHYTYPE_G:
5225         case B43_PHYTYPE_N:
5226         case B43_PHYTYPE_LP:
5227         case B43_PHYTYPE_HT:
5228                 b43warn(wl, "5 GHz band is unsupported on this PHY\n");
5229                 have_5ghz_phy = false;
5230         }
5231 
5232         if (!have_2ghz_phy && !have_5ghz_phy) {
5233                 b43err(wl, "b43 can't support any band on this device\n");
5234                 err = -EOPNOTSUPP;
5235                 goto err_powerdown;
5236         }
5237 
5238         err = b43_phy_allocate(dev);
5239         if (err)
5240                 goto err_powerdown;
5241 
5242         dev->phy.gmode = have_2ghz_phy;
5243         b43_wireless_core_reset(dev, dev->phy.gmode);
5244 
5245         err = b43_validate_chipaccess(dev);
5246         if (err)
5247                 goto err_phy_free;
5248         err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
5249         if (err)
5250                 goto err_phy_free;
5251 
5252         /* Now set some default "current_dev" */
5253         if (!wl->current_dev)
5254                 wl->current_dev = dev;
5255         INIT_WORK(&dev->restart_work, b43_chip_reset);
5256 
5257         dev->phy.ops->switch_analog(dev, 0);
5258         b43_device_disable(dev, 0);
5259         b43_bus_may_powerdown(dev);
5260 
5261 out:
5262         return err;
5263 
5264 err_phy_free:
5265         b43_phy_free(dev);
5266 err_powerdown:
5267         b43_bus_may_powerdown(dev);
5268         return err;
5269 }
5270 
5271 static void b43_one_core_detach(struct b43_bus_dev *dev)
5272 {
5273         struct b43_wldev *wldev;
5274         struct b43_wl *wl;
5275 
5276         /* Do not cancel ieee80211-workqueue based work here.
5277          * See comment in b43_remove(). */
5278 
5279         wldev = b43_bus_get_wldev(dev);
5280         wl = wldev->wl;
5281         b43_debugfs_remove_device(wldev);
5282         b43_wireless_core_detach(wldev);
5283         list_del(&wldev->list);
5284         b43_bus_set_wldev(dev, NULL);
5285         kfree(wldev);
5286 }
5287 
5288 static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl)
5289 {
5290         struct b43_wldev *wldev;
5291         int err = -ENOMEM;
5292 
5293         wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
5294         if (!wldev)
5295                 goto out;
5296 
5297         wldev->use_pio = b43_modparam_pio;
5298         wldev->dev = dev;
5299         wldev->wl = wl;
5300         b43_set_status(wldev, B43_STAT_UNINIT);
5301         wldev->bad_frames_preempt = modparam_bad_frames_preempt;
5302         INIT_LIST_HEAD(&wldev->list);
5303 
5304         err = b43_wireless_core_attach(wldev);
5305         if (err)
5306                 goto err_kfree_wldev;
5307 
5308         b43_bus_set_wldev(dev, wldev);
5309         b43_debugfs_add_device(wldev);
5310 
5311       out:
5312         return err;
5313 
5314       err_kfree_wldev:
5315         kfree(wldev);
5316         return err;
5317 }
5318 
5319 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice)         ( \
5320         (pdev->vendor == PCI_VENDOR_ID_##_vendor) &&                    \
5321         (pdev->device == _device) &&                                    \
5322         (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) &&       \
5323         (pdev->subsystem_device == _subdevice)                          )
5324 
5325 #ifdef CONFIG_B43_SSB
5326 static void b43_sprom_fixup(struct ssb_bus *bus)
5327 {
5328         struct pci_dev *pdev;
5329 
5330         /* boardflags workarounds */
5331         if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
5332             bus->chip_id == 0x4301 && bus->sprom.board_rev == 0x74)
5333                 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
5334         if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
5335             bus->boardinfo.type == 0x4E && bus->sprom.board_rev > 0x40)
5336                 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
5337         if (bus->bustype == SSB_BUSTYPE_PCI) {
5338                 pdev = bus->host_pci;
5339                 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
5340                     IS_PDEV(pdev, BROADCOM, 0x4320,    DELL, 0x0003) ||
5341                     IS_PDEV(pdev, BROADCOM, 0x4320,      HP, 0x12f8) ||
5342                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
5343                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
5344                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
5345                     IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
5346                         bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
5347         }
5348 }
5349 
5350 static void b43_wireless_exit(struct b43_bus_dev *dev, struct b43_wl *wl)
5351 {
5352         struct ieee80211_hw *hw = wl->hw;
5353 
5354         ssb_set_devtypedata(dev->sdev, NULL);
5355         ieee80211_free_hw(hw);
5356 }
5357 #endif
5358 
5359 static struct b43_wl *b43_wireless_init(struct b43_bus_dev *dev)
5360 {
5361         struct ssb_sprom *sprom = dev->bus_sprom;
5362         struct ieee80211_hw *hw;
5363         struct b43_wl *wl;
5364         char chip_name[6];
5365         int queue_num;
5366 
5367         hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
5368         if (!hw) {
5369                 b43err(NULL, "Could not allocate ieee80211 device\n");
5370                 return ERR_PTR(-ENOMEM);
5371         }
5372         wl = hw_to_b43_wl(hw);
5373 
5374         /* fill hw info */
5375         hw->flags = IEEE80211_HW_RX_INCLUDES_FCS |
5376                     IEEE80211_HW_SIGNAL_DBM;
5377 
5378         hw->wiphy->interface_modes =
5379                 BIT(NL80211_IFTYPE_AP) |
5380                 BIT(NL80211_IFTYPE_MESH_POINT) |
5381                 BIT(NL80211_IFTYPE_STATION) |
5382                 BIT(NL80211_IFTYPE_WDS) |
5383                 BIT(NL80211_IFTYPE_ADHOC);
5384 
5385         hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
5386 
5387         wl->hw_registred = false;
5388         hw->max_rates = 2;
5389         SET_IEEE80211_DEV(hw, dev->dev);
5390         if (is_valid_ether_addr(sprom->et1mac))
5391                 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
5392         else
5393                 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
5394 
5395         /* Initialize struct b43_wl */
5396         wl->hw = hw;
5397         mutex_init(&wl->mutex);
5398         spin_lock_init(&wl->hardirq_lock);
5399         INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
5400         INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
5401         INIT_WORK(&wl->tx_work, b43_tx_work);
5402 
5403         /* Initialize queues and flags. */
5404         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
5405                 skb_queue_head_init(&wl->tx_queue[queue_num]);
5406                 wl->tx_queue_stopped[queue_num] = 0;
5407         }
5408 
5409         snprintf(chip_name, ARRAY_SIZE(chip_name),
5410                  (dev->chip_id > 0x9999) ? "%d" : "%04X", dev->chip_id);
5411         b43info(wl, "Broadcom %s WLAN found (core revision %u)\n", chip_name,
5412                 dev->core_rev);
5413         return wl;
5414 }
5415 
5416 #ifdef CONFIG_B43_BCMA
5417 static int b43_bcma_probe(struct bcma_device *core)
5418 {
5419         struct b43_bus_dev *dev;
5420         struct b43_wl *wl;
5421         int err;
5422 
5423         if (!modparam_allhwsupport &&
5424             (core->id.rev == 0x17 || core->id.rev == 0x18)) {
5425                 pr_err("Support for cores revisions 0x17 and 0x18 disabled by module param allhwsupport=0. Try b43.allhwsupport=1\n");
5426                 return -ENOTSUPP;
5427         }
5428 
5429         dev = b43_bus_dev_bcma_init(core);
5430         if (!dev)
5431                 return -ENODEV;
5432 
5433         wl = b43_wireless_init(dev);
5434         if (IS_ERR(wl)) {
5435                 err = PTR_ERR(wl);
5436                 goto bcma_out;
5437         }
5438 
5439         err = b43_one_core_attach(dev, wl);
5440         if (err)
5441                 goto bcma_err_wireless_exit;
5442 
5443         /* setup and start work to load firmware */
5444         INIT_WORK(&wl->firmware_load, b43_request_firmware);
5445         schedule_work(&wl->firmware_load);
5446 
5447 bcma_out:
5448         return err;
5449 
5450 bcma_err_wireless_exit:
5451         ieee80211_free_hw(wl->hw);
5452         return err;
5453 }
5454 
5455 static void b43_bcma_remove(struct bcma_device *core)
5456 {
5457         struct b43_wldev *wldev = bcma_get_drvdata(core);
5458         struct b43_wl *wl = wldev->wl;
5459 
5460         /* We must cancel any work here before unregistering from ieee80211,
5461          * as the ieee80211 unreg will destroy the workqueue. */
5462         cancel_work_sync(&wldev->restart_work);
5463         cancel_work_sync(&wl->firmware_load);
5464 
5465         B43_WARN_ON(!wl);
5466         if (!wldev->fw.ucode.data)
5467                 return;                 /* NULL if firmware never loaded */
5468         if (wl->current_dev == wldev && wl->hw_registred) {
5469                 b43_leds_stop(wldev);
5470                 ieee80211_unregister_hw(wl->hw);
5471         }
5472 
5473         b43_one_core_detach(wldev->dev);
5474 
5475         /* Unregister HW RNG driver */
5476         b43_rng_exit(wl);
5477 
5478         b43_leds_unregister(wl);
5479 
5480         ieee80211_free_hw(wl->hw);
5481 }
5482 
5483 static struct bcma_driver b43_bcma_driver = {
5484         .name           = KBUILD_MODNAME,
5485         .id_table       = b43_bcma_tbl,
5486         .probe          = b43_bcma_probe,
5487         .remove         = b43_bcma_remove,
5488 };
5489 #endif
5490 
5491 #ifdef CONFIG_B43_SSB
5492 static
5493 int b43_ssb_probe(struct ssb_device *sdev, const struct ssb_device_id *id)
5494 {
5495         struct b43_bus_dev *dev;
5496         struct b43_wl *wl;
5497         int err;
5498 
5499         dev = b43_bus_dev_ssb_init(sdev);
5500         if (!dev)
5501                 return -ENOMEM;
5502 
5503         wl = ssb_get_devtypedata(sdev);
5504         if (wl) {
5505                 b43err(NULL, "Dual-core devices are not supported\n");
5506                 err = -ENOTSUPP;
5507                 goto err_ssb_kfree_dev;
5508         }
5509 
5510         b43_sprom_fixup(sdev->bus);
5511 
5512         wl = b43_wireless_init(dev);
5513         if (IS_ERR(wl)) {
5514                 err = PTR_ERR(wl);
5515                 goto err_ssb_kfree_dev;
5516         }
5517         ssb_set_devtypedata(sdev, wl);
5518         B43_WARN_ON(ssb_get_devtypedata(sdev) != wl);
5519 
5520         err = b43_one_core_attach(dev, wl);
5521         if (err)
5522                 goto err_ssb_wireless_exit;
5523 
5524         /* setup and start work to load firmware */
5525         INIT_WORK(&wl->firmware_load, b43_request_firmware);
5526         schedule_work(&wl->firmware_load);
5527 
5528         return err;
5529 
5530 err_ssb_wireless_exit:
5531         b43_wireless_exit(dev, wl);
5532 err_ssb_kfree_dev:
5533         kfree(dev);
5534         return err;
5535 }
5536 
5537 static void b43_ssb_remove(struct ssb_device *sdev)
5538 {
5539         struct b43_wl *wl = ssb_get_devtypedata(sdev);
5540         struct b43_wldev *wldev = ssb_get_drvdata(sdev);
5541         struct b43_bus_dev *dev = wldev->dev;
5542 
5543         /* We must cancel any work here before unregistering from ieee80211,
5544          * as the ieee80211 unreg will destroy the workqueue. */
5545         cancel_work_sync(&wldev->restart_work);
5546         cancel_work_sync(&wl->firmware_load);
5547 
5548         B43_WARN_ON(!wl);
5549         if (!wldev->fw.ucode.data)
5550                 return;                 /* NULL if firmware never loaded */
5551         if (wl->current_dev == wldev && wl->hw_registred) {
5552                 b43_leds_stop(wldev);
5553                 ieee80211_unregister_hw(wl->hw);
5554         }
5555 
5556         b43_one_core_detach(dev);
5557 
5558         /* Unregister HW RNG driver */
5559         b43_rng_exit(wl);
5560 
5561         b43_leds_unregister(wl);
5562         b43_wireless_exit(dev, wl);
5563 }
5564 
5565 static struct ssb_driver b43_ssb_driver = {
5566         .name           = KBUILD_MODNAME,
5567         .id_table       = b43_ssb_tbl,
5568         .probe          = b43_ssb_probe,
5569         .remove         = b43_ssb_remove,
5570 };
5571 #endif /* CONFIG_B43_SSB */
5572 
5573 /* Perform a hardware reset. This can be called from any context. */
5574 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
5575 {
5576         /* Must avoid requeueing, if we are in shutdown. */
5577         if (b43_status(dev) < B43_STAT_INITIALIZED)
5578                 return;
5579         b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
5580         ieee80211_queue_work(dev->wl->hw, &dev->restart_work);
5581 }
5582 
5583 static void b43_print_driverinfo(void)
5584 {
5585         const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
5586                    *feat_leds = "", *feat_sdio = "";
5587 
5588 #ifdef CONFIG_B43_PCI_AUTOSELECT
5589         feat_pci = "P";
5590 #endif
5591 #ifdef CONFIG_B43_PCMCIA
5592         feat_pcmcia = "M";
5593 #endif
5594 #ifdef CONFIG_B43_PHY_N
5595         feat_nphy = "N";
5596 #endif
5597 #ifdef CONFIG_B43_LEDS
5598         feat_leds = "L";
5599 #endif
5600 #ifdef CONFIG_B43_SDIO
5601         feat_sdio = "S";
5602 #endif
5603         printk(KERN_INFO "Broadcom 43xx driver loaded "
5604                "[ Features: %s%s%s%s%s ]\n",
5605                feat_pci, feat_pcmcia, feat_nphy,
5606                feat_leds, feat_sdio);
5607 }
5608 
5609 static int __init b43_init(void)
5610 {
5611         int err;
5612 
5613         b43_debugfs_init();
5614         err = b43_pcmcia_init();
5615         if (err)
5616                 goto err_dfs_exit;
5617         err = b43_sdio_init();
5618         if (err)
5619                 goto err_pcmcia_exit;
5620 #ifdef CONFIG_B43_BCMA
5621         err = bcma_driver_register(&b43_bcma_driver);
5622         if (err)
5623                 goto err_sdio_exit;
5624 #endif
5625 #ifdef CONFIG_B43_SSB
5626         err = ssb_driver_register(&b43_ssb_driver);
5627         if (err)
5628                 goto err_bcma_driver_exit;
5629 #endif
5630         b43_print_driverinfo();
5631 
5632         return err;
5633 
5634 #ifdef CONFIG_B43_SSB
5635 err_bcma_driver_exit:
5636 #endif
5637 #ifdef CONFIG_B43_BCMA
5638         bcma_driver_unregister(&b43_bcma_driver);
5639 err_sdio_exit:
5640 #endif
5641         b43_sdio_exit();
5642 err_pcmcia_exit:
5643         b43_pcmcia_exit();
5644 err_dfs_exit:
5645         b43_debugfs_exit();
5646         return err;
5647 }
5648 
5649 static void __exit b43_exit(void)
5650 {
5651 #ifdef CONFIG_B43_SSB
5652         ssb_driver_unregister(&b43_ssb_driver);
5653 #endif
5654 #ifdef CONFIG_B43_BCMA
5655         bcma_driver_unregister(&b43_bcma_driver);
5656 #endif
5657         b43_sdio_exit();
5658         b43_pcmcia_exit();
5659         b43_debugfs_exit();
5660 }
5661 
5662 module_init(b43_init)
5663 module_exit(b43_exit)
5664 

This page was automatically generated by LXR 0.3.1 (source).  •  Linux is a registered trademark of Linus Torvalds  •  Contact us