Version:  2.6.34 2.6.35 2.6.36 2.6.37 2.6.38 2.6.39 3.0 3.1 3.2 3.3 3.4 3.5 3.6 3.7 3.8 3.9 3.10 3.11 3.12 3.13 3.14

Linux/drivers/net/wireless/b43/main.c

  1 /*
  2 
  3   Broadcom B43 wireless driver
  4 
  5   Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
  6   Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
  7   Copyright (c) 2005-2009 Michael Buesch <m@bues.ch>
  8   Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
  9   Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
 10   Copyright (c) 2010-2011 Rafał Miłecki <zajec5@gmail.com>
 11 
 12   SDIO support
 13   Copyright (c) 2009 Albert Herranz <albert_herranz@yahoo.es>
 14 
 15   Some parts of the code in this file are derived from the ipw2200
 16   driver  Copyright(c) 2003 - 2004 Intel Corporation.
 17 
 18   This program is free software; you can redistribute it and/or modify
 19   it under the terms of the GNU General Public License as published by
 20   the Free Software Foundation; either version 2 of the License, or
 21   (at your option) any later version.
 22 
 23   This program is distributed in the hope that it will be useful,
 24   but WITHOUT ANY WARRANTY; without even the implied warranty of
 25   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 26   GNU General Public License for more details.
 27 
 28   You should have received a copy of the GNU General Public License
 29   along with this program; see the file COPYING.  If not, write to
 30   the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
 31   Boston, MA 02110-1301, USA.
 32 
 33 */
 34 
 35 #include <linux/delay.h>
 36 #include <linux/init.h>
 37 #include <linux/module.h>
 38 #include <linux/if_arp.h>
 39 #include <linux/etherdevice.h>
 40 #include <linux/firmware.h>
 41 #include <linux/workqueue.h>
 42 #include <linux/skbuff.h>
 43 #include <linux/io.h>
 44 #include <linux/dma-mapping.h>
 45 #include <linux/slab.h>
 46 #include <asm/unaligned.h>
 47 
 48 #include "b43.h"
 49 #include "main.h"
 50 #include "debugfs.h"
 51 #include "phy_common.h"
 52 #include "phy_g.h"
 53 #include "phy_n.h"
 54 #include "dma.h"
 55 #include "pio.h"
 56 #include "sysfs.h"
 57 #include "xmit.h"
 58 #include "lo.h"
 59 #include "pcmcia.h"
 60 #include "sdio.h"
 61 #include <linux/mmc/sdio_func.h>
 62 
 63 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
 64 MODULE_AUTHOR("Martin Langer");
 65 MODULE_AUTHOR("Stefano Brivio");
 66 MODULE_AUTHOR("Michael Buesch");
 67 MODULE_AUTHOR("Gábor Stefanik");
 68 MODULE_AUTHOR("Rafał Miłecki");
 69 MODULE_LICENSE("GPL");
 70 
 71 MODULE_FIRMWARE("b43/ucode11.fw");
 72 MODULE_FIRMWARE("b43/ucode13.fw");
 73 MODULE_FIRMWARE("b43/ucode14.fw");
 74 MODULE_FIRMWARE("b43/ucode15.fw");
 75 MODULE_FIRMWARE("b43/ucode16_mimo.fw");
 76 MODULE_FIRMWARE("b43/ucode5.fw");
 77 MODULE_FIRMWARE("b43/ucode9.fw");
 78 
 79 static int modparam_bad_frames_preempt;
 80 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
 81 MODULE_PARM_DESC(bad_frames_preempt,
 82                  "enable(1) / disable(0) Bad Frames Preemption");
 83 
 84 static char modparam_fwpostfix[16];
 85 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
 86 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
 87 
 88 static int modparam_hwpctl;
 89 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
 90 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
 91 
 92 static int modparam_nohwcrypt;
 93 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
 94 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
 95 
 96 static int modparam_hwtkip;
 97 module_param_named(hwtkip, modparam_hwtkip, int, 0444);
 98 MODULE_PARM_DESC(hwtkip, "Enable hardware tkip.");
 99 
100 static int modparam_qos = 1;
101 module_param_named(qos, modparam_qos, int, 0444);
102 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
103 
104 static int modparam_btcoex = 1;
105 module_param_named(btcoex, modparam_btcoex, int, 0444);
106 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistence (default on)");
107 
108 int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
109 module_param_named(verbose, b43_modparam_verbose, int, 0644);
110 MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
111 
112 static int b43_modparam_pio = 0;
113 module_param_named(pio, b43_modparam_pio, int, 0644);
114 MODULE_PARM_DESC(pio, "Use PIO accesses by default: 0=DMA, 1=PIO");
115 
116 static int modparam_allhwsupport = !IS_ENABLED(CONFIG_BRCMSMAC);
117 module_param_named(allhwsupport, modparam_allhwsupport, int, 0444);
118 MODULE_PARM_DESC(allhwsupport, "Enable support for all hardware (even it if overlaps with the brcmsmac driver)");
119 
120 #ifdef CONFIG_B43_BCMA
121 static const struct bcma_device_id b43_bcma_tbl[] = {
122         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x11, BCMA_ANY_CLASS),
123         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x17, BCMA_ANY_CLASS),
124         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x18, BCMA_ANY_CLASS),
125         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1D, BCMA_ANY_CLASS),
126         BCMA_CORETABLE_END
127 };
128 MODULE_DEVICE_TABLE(bcma, b43_bcma_tbl);
129 #endif
130 
131 #ifdef CONFIG_B43_SSB
132 static const struct ssb_device_id b43_ssb_tbl[] = {
133         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
134         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
135         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
136         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
137         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
138         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
139         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 12),
140         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
141         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
142         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
143         SSB_DEVTABLE_END
144 };
145 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
146 #endif
147 
148 /* Channel and ratetables are shared for all devices.
149  * They can't be const, because ieee80211 puts some precalculated
150  * data in there. This data is the same for all devices, so we don't
151  * get concurrency issues */
152 #define RATETAB_ENT(_rateid, _flags) \
153         {                                                               \
154                 .bitrate        = B43_RATE_TO_BASE100KBPS(_rateid),     \
155                 .hw_value       = (_rateid),                            \
156                 .flags          = (_flags),                             \
157         }
158 
159 /*
160  * NOTE: When changing this, sync with xmit.c's
161  *       b43_plcp_get_bitrate_idx_* functions!
162  */
163 static struct ieee80211_rate __b43_ratetable[] = {
164         RATETAB_ENT(B43_CCK_RATE_1MB, 0),
165         RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
166         RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
167         RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
168         RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
169         RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
170         RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
171         RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
172         RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
173         RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
174         RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
175         RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
176 };
177 
178 #define b43_a_ratetable         (__b43_ratetable + 4)
179 #define b43_a_ratetable_size    8
180 #define b43_b_ratetable         (__b43_ratetable + 0)
181 #define b43_b_ratetable_size    4
182 #define b43_g_ratetable         (__b43_ratetable + 0)
183 #define b43_g_ratetable_size    12
184 
185 #define CHAN4G(_channel, _freq, _flags) {                       \
186         .band                   = IEEE80211_BAND_2GHZ,          \
187         .center_freq            = (_freq),                      \
188         .hw_value               = (_channel),                   \
189         .flags                  = (_flags),                     \
190         .max_antenna_gain       = 0,                            \
191         .max_power              = 30,                           \
192 }
193 static struct ieee80211_channel b43_2ghz_chantable[] = {
194         CHAN4G(1, 2412, 0),
195         CHAN4G(2, 2417, 0),
196         CHAN4G(3, 2422, 0),
197         CHAN4G(4, 2427, 0),
198         CHAN4G(5, 2432, 0),
199         CHAN4G(6, 2437, 0),
200         CHAN4G(7, 2442, 0),
201         CHAN4G(8, 2447, 0),
202         CHAN4G(9, 2452, 0),
203         CHAN4G(10, 2457, 0),
204         CHAN4G(11, 2462, 0),
205         CHAN4G(12, 2467, 0),
206         CHAN4G(13, 2472, 0),
207         CHAN4G(14, 2484, 0),
208 };
209 #undef CHAN4G
210 
211 #define CHAN5G(_channel, _flags) {                              \
212         .band                   = IEEE80211_BAND_5GHZ,          \
213         .center_freq            = 5000 + (5 * (_channel)),      \
214         .hw_value               = (_channel),                   \
215         .flags                  = (_flags),                     \
216         .max_antenna_gain       = 0,                            \
217         .max_power              = 30,                           \
218 }
219 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
220         CHAN5G(32, 0),          CHAN5G(34, 0),
221         CHAN5G(36, 0),          CHAN5G(38, 0),
222         CHAN5G(40, 0),          CHAN5G(42, 0),
223         CHAN5G(44, 0),          CHAN5G(46, 0),
224         CHAN5G(48, 0),          CHAN5G(50, 0),
225         CHAN5G(52, 0),          CHAN5G(54, 0),
226         CHAN5G(56, 0),          CHAN5G(58, 0),
227         CHAN5G(60, 0),          CHAN5G(62, 0),
228         CHAN5G(64, 0),          CHAN5G(66, 0),
229         CHAN5G(68, 0),          CHAN5G(70, 0),
230         CHAN5G(72, 0),          CHAN5G(74, 0),
231         CHAN5G(76, 0),          CHAN5G(78, 0),
232         CHAN5G(80, 0),          CHAN5G(82, 0),
233         CHAN5G(84, 0),          CHAN5G(86, 0),
234         CHAN5G(88, 0),          CHAN5G(90, 0),
235         CHAN5G(92, 0),          CHAN5G(94, 0),
236         CHAN5G(96, 0),          CHAN5G(98, 0),
237         CHAN5G(100, 0),         CHAN5G(102, 0),
238         CHAN5G(104, 0),         CHAN5G(106, 0),
239         CHAN5G(108, 0),         CHAN5G(110, 0),
240         CHAN5G(112, 0),         CHAN5G(114, 0),
241         CHAN5G(116, 0),         CHAN5G(118, 0),
242         CHAN5G(120, 0),         CHAN5G(122, 0),
243         CHAN5G(124, 0),         CHAN5G(126, 0),
244         CHAN5G(128, 0),         CHAN5G(130, 0),
245         CHAN5G(132, 0),         CHAN5G(134, 0),
246         CHAN5G(136, 0),         CHAN5G(138, 0),
247         CHAN5G(140, 0),         CHAN5G(142, 0),
248         CHAN5G(144, 0),         CHAN5G(145, 0),
249         CHAN5G(146, 0),         CHAN5G(147, 0),
250         CHAN5G(148, 0),         CHAN5G(149, 0),
251         CHAN5G(150, 0),         CHAN5G(151, 0),
252         CHAN5G(152, 0),         CHAN5G(153, 0),
253         CHAN5G(154, 0),         CHAN5G(155, 0),
254         CHAN5G(156, 0),         CHAN5G(157, 0),
255         CHAN5G(158, 0),         CHAN5G(159, 0),
256         CHAN5G(160, 0),         CHAN5G(161, 0),
257         CHAN5G(162, 0),         CHAN5G(163, 0),
258         CHAN5G(164, 0),         CHAN5G(165, 0),
259         CHAN5G(166, 0),         CHAN5G(168, 0),
260         CHAN5G(170, 0),         CHAN5G(172, 0),
261         CHAN5G(174, 0),         CHAN5G(176, 0),
262         CHAN5G(178, 0),         CHAN5G(180, 0),
263         CHAN5G(182, 0),         CHAN5G(184, 0),
264         CHAN5G(186, 0),         CHAN5G(188, 0),
265         CHAN5G(190, 0),         CHAN5G(192, 0),
266         CHAN5G(194, 0),         CHAN5G(196, 0),
267         CHAN5G(198, 0),         CHAN5G(200, 0),
268         CHAN5G(202, 0),         CHAN5G(204, 0),
269         CHAN5G(206, 0),         CHAN5G(208, 0),
270         CHAN5G(210, 0),         CHAN5G(212, 0),
271         CHAN5G(214, 0),         CHAN5G(216, 0),
272         CHAN5G(218, 0),         CHAN5G(220, 0),
273         CHAN5G(222, 0),         CHAN5G(224, 0),
274         CHAN5G(226, 0),         CHAN5G(228, 0),
275 };
276 
277 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
278         CHAN5G(34, 0),          CHAN5G(36, 0),
279         CHAN5G(38, 0),          CHAN5G(40, 0),
280         CHAN5G(42, 0),          CHAN5G(44, 0),
281         CHAN5G(46, 0),          CHAN5G(48, 0),
282         CHAN5G(52, 0),          CHAN5G(56, 0),
283         CHAN5G(60, 0),          CHAN5G(64, 0),
284         CHAN5G(100, 0),         CHAN5G(104, 0),
285         CHAN5G(108, 0),         CHAN5G(112, 0),
286         CHAN5G(116, 0),         CHAN5G(120, 0),
287         CHAN5G(124, 0),         CHAN5G(128, 0),
288         CHAN5G(132, 0),         CHAN5G(136, 0),
289         CHAN5G(140, 0),         CHAN5G(149, 0),
290         CHAN5G(153, 0),         CHAN5G(157, 0),
291         CHAN5G(161, 0),         CHAN5G(165, 0),
292         CHAN5G(184, 0),         CHAN5G(188, 0),
293         CHAN5G(192, 0),         CHAN5G(196, 0),
294         CHAN5G(200, 0),         CHAN5G(204, 0),
295         CHAN5G(208, 0),         CHAN5G(212, 0),
296         CHAN5G(216, 0),
297 };
298 #undef CHAN5G
299 
300 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
301         .band           = IEEE80211_BAND_5GHZ,
302         .channels       = b43_5ghz_nphy_chantable,
303         .n_channels     = ARRAY_SIZE(b43_5ghz_nphy_chantable),
304         .bitrates       = b43_a_ratetable,
305         .n_bitrates     = b43_a_ratetable_size,
306 };
307 
308 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
309         .band           = IEEE80211_BAND_5GHZ,
310         .channels       = b43_5ghz_aphy_chantable,
311         .n_channels     = ARRAY_SIZE(b43_5ghz_aphy_chantable),
312         .bitrates       = b43_a_ratetable,
313         .n_bitrates     = b43_a_ratetable_size,
314 };
315 
316 static struct ieee80211_supported_band b43_band_2GHz = {
317         .band           = IEEE80211_BAND_2GHZ,
318         .channels       = b43_2ghz_chantable,
319         .n_channels     = ARRAY_SIZE(b43_2ghz_chantable),
320         .bitrates       = b43_g_ratetable,
321         .n_bitrates     = b43_g_ratetable_size,
322 };
323 
324 static void b43_wireless_core_exit(struct b43_wldev *dev);
325 static int b43_wireless_core_init(struct b43_wldev *dev);
326 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev);
327 static int b43_wireless_core_start(struct b43_wldev *dev);
328 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
329                                     struct ieee80211_vif *vif,
330                                     struct ieee80211_bss_conf *conf,
331                                     u32 changed);
332 
333 static int b43_ratelimit(struct b43_wl *wl)
334 {
335         if (!wl || !wl->current_dev)
336                 return 1;
337         if (b43_status(wl->current_dev) < B43_STAT_STARTED)
338                 return 1;
339         /* We are up and running.
340          * Ratelimit the messages to avoid DoS over the net. */
341         return net_ratelimit();
342 }
343 
344 void b43info(struct b43_wl *wl, const char *fmt, ...)
345 {
346         struct va_format vaf;
347         va_list args;
348 
349         if (b43_modparam_verbose < B43_VERBOSITY_INFO)
350                 return;
351         if (!b43_ratelimit(wl))
352                 return;
353 
354         va_start(args, fmt);
355 
356         vaf.fmt = fmt;
357         vaf.va = &args;
358 
359         printk(KERN_INFO "b43-%s: %pV",
360                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
361 
362         va_end(args);
363 }
364 
365 void b43err(struct b43_wl *wl, const char *fmt, ...)
366 {
367         struct va_format vaf;
368         va_list args;
369 
370         if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
371                 return;
372         if (!b43_ratelimit(wl))
373                 return;
374 
375         va_start(args, fmt);
376 
377         vaf.fmt = fmt;
378         vaf.va = &args;
379 
380         printk(KERN_ERR "b43-%s ERROR: %pV",
381                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
382 
383         va_end(args);
384 }
385 
386 void b43warn(struct b43_wl *wl, const char *fmt, ...)
387 {
388         struct va_format vaf;
389         va_list args;
390 
391         if (b43_modparam_verbose < B43_VERBOSITY_WARN)
392                 return;
393         if (!b43_ratelimit(wl))
394                 return;
395 
396         va_start(args, fmt);
397 
398         vaf.fmt = fmt;
399         vaf.va = &args;
400 
401         printk(KERN_WARNING "b43-%s warning: %pV",
402                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
403 
404         va_end(args);
405 }
406 
407 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
408 {
409         struct va_format vaf;
410         va_list args;
411 
412         if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
413                 return;
414 
415         va_start(args, fmt);
416 
417         vaf.fmt = fmt;
418         vaf.va = &args;
419 
420         printk(KERN_DEBUG "b43-%s debug: %pV",
421                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
422 
423         va_end(args);
424 }
425 
426 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
427 {
428         u32 macctl;
429 
430         B43_WARN_ON(offset % 4 != 0);
431 
432         macctl = b43_read32(dev, B43_MMIO_MACCTL);
433         if (macctl & B43_MACCTL_BE)
434                 val = swab32(val);
435 
436         b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
437         mmiowb();
438         b43_write32(dev, B43_MMIO_RAM_DATA, val);
439 }
440 
441 static inline void b43_shm_control_word(struct b43_wldev *dev,
442                                         u16 routing, u16 offset)
443 {
444         u32 control;
445 
446         /* "offset" is the WORD offset. */
447         control = routing;
448         control <<= 16;
449         control |= offset;
450         b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
451 }
452 
453 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
454 {
455         u32 ret;
456 
457         if (routing == B43_SHM_SHARED) {
458                 B43_WARN_ON(offset & 0x0001);
459                 if (offset & 0x0003) {
460                         /* Unaligned access */
461                         b43_shm_control_word(dev, routing, offset >> 2);
462                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
463                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
464                         ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
465 
466                         goto out;
467                 }
468                 offset >>= 2;
469         }
470         b43_shm_control_word(dev, routing, offset);
471         ret = b43_read32(dev, B43_MMIO_SHM_DATA);
472 out:
473         return ret;
474 }
475 
476 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
477 {
478         u16 ret;
479 
480         if (routing == B43_SHM_SHARED) {
481                 B43_WARN_ON(offset & 0x0001);
482                 if (offset & 0x0003) {
483                         /* Unaligned access */
484                         b43_shm_control_word(dev, routing, offset >> 2);
485                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
486 
487                         goto out;
488                 }
489                 offset >>= 2;
490         }
491         b43_shm_control_word(dev, routing, offset);
492         ret = b43_read16(dev, B43_MMIO_SHM_DATA);
493 out:
494         return ret;
495 }
496 
497 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
498 {
499         if (routing == B43_SHM_SHARED) {
500                 B43_WARN_ON(offset & 0x0001);
501                 if (offset & 0x0003) {
502                         /* Unaligned access */
503                         b43_shm_control_word(dev, routing, offset >> 2);
504                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
505                                     value & 0xFFFF);
506                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
507                         b43_write16(dev, B43_MMIO_SHM_DATA,
508                                     (value >> 16) & 0xFFFF);
509                         return;
510                 }
511                 offset >>= 2;
512         }
513         b43_shm_control_word(dev, routing, offset);
514         b43_write32(dev, B43_MMIO_SHM_DATA, value);
515 }
516 
517 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
518 {
519         if (routing == B43_SHM_SHARED) {
520                 B43_WARN_ON(offset & 0x0001);
521                 if (offset & 0x0003) {
522                         /* Unaligned access */
523                         b43_shm_control_word(dev, routing, offset >> 2);
524                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
525                         return;
526                 }
527                 offset >>= 2;
528         }
529         b43_shm_control_word(dev, routing, offset);
530         b43_write16(dev, B43_MMIO_SHM_DATA, value);
531 }
532 
533 /* Read HostFlags */
534 u64 b43_hf_read(struct b43_wldev *dev)
535 {
536         u64 ret;
537 
538         ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3);
539         ret <<= 16;
540         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2);
541         ret <<= 16;
542         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1);
543 
544         return ret;
545 }
546 
547 /* Write HostFlags */
548 void b43_hf_write(struct b43_wldev *dev, u64 value)
549 {
550         u16 lo, mi, hi;
551 
552         lo = (value & 0x00000000FFFFULL);
553         mi = (value & 0x0000FFFF0000ULL) >> 16;
554         hi = (value & 0xFFFF00000000ULL) >> 32;
555         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1, lo);
556         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2, mi);
557         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3, hi);
558 }
559 
560 /* Read the firmware capabilities bitmask (Opensource firmware only) */
561 static u16 b43_fwcapa_read(struct b43_wldev *dev)
562 {
563         B43_WARN_ON(!dev->fw.opensource);
564         return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
565 }
566 
567 void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
568 {
569         u32 low, high;
570 
571         B43_WARN_ON(dev->dev->core_rev < 3);
572 
573         /* The hardware guarantees us an atomic read, if we
574          * read the low register first. */
575         low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
576         high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
577 
578         *tsf = high;
579         *tsf <<= 32;
580         *tsf |= low;
581 }
582 
583 static void b43_time_lock(struct b43_wldev *dev)
584 {
585         b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_TBTTHOLD);
586         /* Commit the write */
587         b43_read32(dev, B43_MMIO_MACCTL);
588 }
589 
590 static void b43_time_unlock(struct b43_wldev *dev)
591 {
592         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_TBTTHOLD, 0);
593         /* Commit the write */
594         b43_read32(dev, B43_MMIO_MACCTL);
595 }
596 
597 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
598 {
599         u32 low, high;
600 
601         B43_WARN_ON(dev->dev->core_rev < 3);
602 
603         low = tsf;
604         high = (tsf >> 32);
605         /* The hardware guarantees us an atomic write, if we
606          * write the low register first. */
607         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
608         mmiowb();
609         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
610         mmiowb();
611 }
612 
613 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
614 {
615         b43_time_lock(dev);
616         b43_tsf_write_locked(dev, tsf);
617         b43_time_unlock(dev);
618 }
619 
620 static
621 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
622 {
623         static const u8 zero_addr[ETH_ALEN] = { 0 };
624         u16 data;
625 
626         if (!mac)
627                 mac = zero_addr;
628 
629         offset |= 0x0020;
630         b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
631 
632         data = mac[0];
633         data |= mac[1] << 8;
634         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
635         data = mac[2];
636         data |= mac[3] << 8;
637         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
638         data = mac[4];
639         data |= mac[5] << 8;
640         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
641 }
642 
643 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
644 {
645         const u8 *mac;
646         const u8 *bssid;
647         u8 mac_bssid[ETH_ALEN * 2];
648         int i;
649         u32 tmp;
650 
651         bssid = dev->wl->bssid;
652         mac = dev->wl->mac_addr;
653 
654         b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
655 
656         memcpy(mac_bssid, mac, ETH_ALEN);
657         memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
658 
659         /* Write our MAC address and BSSID to template ram */
660         for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
661                 tmp = (u32) (mac_bssid[i + 0]);
662                 tmp |= (u32) (mac_bssid[i + 1]) << 8;
663                 tmp |= (u32) (mac_bssid[i + 2]) << 16;
664                 tmp |= (u32) (mac_bssid[i + 3]) << 24;
665                 b43_ram_write(dev, 0x20 + i, tmp);
666         }
667 }
668 
669 static void b43_upload_card_macaddress(struct b43_wldev *dev)
670 {
671         b43_write_mac_bssid_templates(dev);
672         b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
673 }
674 
675 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
676 {
677         /* slot_time is in usec. */
678         /* This test used to exit for all but a G PHY. */
679         if (b43_current_band(dev->wl) == IEEE80211_BAND_5GHZ)
680                 return;
681         b43_write16(dev, B43_MMIO_IFSSLOT, 510 + slot_time);
682         /* Shared memory location 0x0010 is the slot time and should be
683          * set to slot_time; however, this register is initially 0 and changing
684          * the value adversely affects the transmit rate for BCM4311
685          * devices. Until this behavior is unterstood, delete this step
686          *
687          * b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
688          */
689 }
690 
691 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
692 {
693         b43_set_slot_time(dev, 9);
694 }
695 
696 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
697 {
698         b43_set_slot_time(dev, 20);
699 }
700 
701 /* DummyTransmission function, as documented on
702  * http://bcm-v4.sipsolutions.net/802.11/DummyTransmission
703  */
704 void b43_dummy_transmission(struct b43_wldev *dev, bool ofdm, bool pa_on)
705 {
706         struct b43_phy *phy = &dev->phy;
707         unsigned int i, max_loop;
708         u16 value;
709         u32 buffer[5] = {
710                 0x00000000,
711                 0x00D40000,
712                 0x00000000,
713                 0x01000000,
714                 0x00000000,
715         };
716 
717         if (ofdm) {
718                 max_loop = 0x1E;
719                 buffer[0] = 0x000201CC;
720         } else {
721                 max_loop = 0xFA;
722                 buffer[0] = 0x000B846E;
723         }
724 
725         for (i = 0; i < 5; i++)
726                 b43_ram_write(dev, i * 4, buffer[i]);
727 
728         b43_write16(dev, B43_MMIO_XMTSEL, 0x0000);
729 
730         if (dev->dev->core_rev < 11)
731                 b43_write16(dev, B43_MMIO_WEPCTL, 0x0000);
732         else
733                 b43_write16(dev, B43_MMIO_WEPCTL, 0x0100);
734 
735         value = (ofdm ? 0x41 : 0x40);
736         b43_write16(dev, B43_MMIO_TXE0_PHYCTL, value);
737         if (phy->type == B43_PHYTYPE_N || phy->type == B43_PHYTYPE_LP ||
738             phy->type == B43_PHYTYPE_LCN)
739                 b43_write16(dev, B43_MMIO_TXE0_PHYCTL1, 0x1A02);
740 
741         b43_write16(dev, B43_MMIO_TXE0_WM_0, 0x0000);
742         b43_write16(dev, B43_MMIO_TXE0_WM_1, 0x0000);
743 
744         b43_write16(dev, B43_MMIO_XMTTPLATETXPTR, 0x0000);
745         b43_write16(dev, B43_MMIO_XMTTXCNT, 0x0014);
746         b43_write16(dev, B43_MMIO_XMTSEL, 0x0826);
747         b43_write16(dev, B43_MMIO_TXE0_CTL, 0x0000);
748 
749         if (!pa_on && phy->type == B43_PHYTYPE_N)
750                 ; /*b43_nphy_pa_override(dev, false) */
751 
752         switch (phy->type) {
753         case B43_PHYTYPE_N:
754         case B43_PHYTYPE_LCN:
755                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x00D0);
756                 break;
757         case B43_PHYTYPE_LP:
758                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0050);
759                 break;
760         default:
761                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0030);
762         }
763         b43_read16(dev, B43_MMIO_TXE0_AUX);
764 
765         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
766                 b43_radio_write16(dev, 0x0051, 0x0017);
767         for (i = 0x00; i < max_loop; i++) {
768                 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
769                 if (value & 0x0080)
770                         break;
771                 udelay(10);
772         }
773         for (i = 0x00; i < 0x0A; i++) {
774                 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
775                 if (value & 0x0400)
776                         break;
777                 udelay(10);
778         }
779         for (i = 0x00; i < 0x19; i++) {
780                 value = b43_read16(dev, B43_MMIO_IFSSTAT);
781                 if (!(value & 0x0100))
782                         break;
783                 udelay(10);
784         }
785         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
786                 b43_radio_write16(dev, 0x0051, 0x0037);
787 }
788 
789 static void key_write(struct b43_wldev *dev,
790                       u8 index, u8 algorithm, const u8 *key)
791 {
792         unsigned int i;
793         u32 offset;
794         u16 value;
795         u16 kidx;
796 
797         /* Key index/algo block */
798         kidx = b43_kidx_to_fw(dev, index);
799         value = ((kidx << 4) | algorithm);
800         b43_shm_write16(dev, B43_SHM_SHARED,
801                         B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
802 
803         /* Write the key to the Key Table Pointer offset */
804         offset = dev->ktp + (index * B43_SEC_KEYSIZE);
805         for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
806                 value = key[i];
807                 value |= (u16) (key[i + 1]) << 8;
808                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
809         }
810 }
811 
812 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
813 {
814         u32 addrtmp[2] = { 0, 0, };
815         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
816 
817         if (b43_new_kidx_api(dev))
818                 pairwise_keys_start = B43_NR_GROUP_KEYS;
819 
820         B43_WARN_ON(index < pairwise_keys_start);
821         /* We have four default TX keys and possibly four default RX keys.
822          * Physical mac 0 is mapped to physical key 4 or 8, depending
823          * on the firmware version.
824          * So we must adjust the index here.
825          */
826         index -= pairwise_keys_start;
827         B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
828 
829         if (addr) {
830                 addrtmp[0] = addr[0];
831                 addrtmp[0] |= ((u32) (addr[1]) << 8);
832                 addrtmp[0] |= ((u32) (addr[2]) << 16);
833                 addrtmp[0] |= ((u32) (addr[3]) << 24);
834                 addrtmp[1] = addr[4];
835                 addrtmp[1] |= ((u32) (addr[5]) << 8);
836         }
837 
838         /* Receive match transmitter address (RCMTA) mechanism */
839         b43_shm_write32(dev, B43_SHM_RCMTA,
840                         (index * 2) + 0, addrtmp[0]);
841         b43_shm_write16(dev, B43_SHM_RCMTA,
842                         (index * 2) + 1, addrtmp[1]);
843 }
844 
845 /* The ucode will use phase1 key with TEK key to decrypt rx packets.
846  * When a packet is received, the iv32 is checked.
847  * - if it doesn't the packet is returned without modification (and software
848  *   decryption can be done). That's what happen when iv16 wrap.
849  * - if it does, the rc4 key is computed, and decryption is tried.
850  *   Either it will success and B43_RX_MAC_DEC is returned,
851  *   either it fails and B43_RX_MAC_DEC|B43_RX_MAC_DECERR is returned
852  *   and the packet is not usable (it got modified by the ucode).
853  * So in order to never have B43_RX_MAC_DECERR, we should provide
854  * a iv32 and phase1key that match. Because we drop packets in case of
855  * B43_RX_MAC_DECERR, if we have a correct iv32 but a wrong phase1key, all
856  * packets will be lost without higher layer knowing (ie no resync possible
857  * until next wrap).
858  *
859  * NOTE : this should support 50 key like RCMTA because
860  * (B43_SHM_SH_KEYIDXBLOCK - B43_SHM_SH_TKIPTSCTTAK)/14 = 50
861  */
862 static void rx_tkip_phase1_write(struct b43_wldev *dev, u8 index, u32 iv32,
863                 u16 *phase1key)
864 {
865         unsigned int i;
866         u32 offset;
867         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
868 
869         if (!modparam_hwtkip)
870                 return;
871 
872         if (b43_new_kidx_api(dev))
873                 pairwise_keys_start = B43_NR_GROUP_KEYS;
874 
875         B43_WARN_ON(index < pairwise_keys_start);
876         /* We have four default TX keys and possibly four default RX keys.
877          * Physical mac 0 is mapped to physical key 4 or 8, depending
878          * on the firmware version.
879          * So we must adjust the index here.
880          */
881         index -= pairwise_keys_start;
882         B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
883 
884         if (b43_debug(dev, B43_DBG_KEYS)) {
885                 b43dbg(dev->wl, "rx_tkip_phase1_write : idx 0x%x, iv32 0x%x\n",
886                                 index, iv32);
887         }
888         /* Write the key to the  RX tkip shared mem */
889         offset = B43_SHM_SH_TKIPTSCTTAK + index * (10 + 4);
890         for (i = 0; i < 10; i += 2) {
891                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i,
892                                 phase1key ? phase1key[i / 2] : 0);
893         }
894         b43_shm_write16(dev, B43_SHM_SHARED, offset + i, iv32);
895         b43_shm_write16(dev, B43_SHM_SHARED, offset + i + 2, iv32 >> 16);
896 }
897 
898 static void b43_op_update_tkip_key(struct ieee80211_hw *hw,
899                                    struct ieee80211_vif *vif,
900                                    struct ieee80211_key_conf *keyconf,
901                                    struct ieee80211_sta *sta,
902                                    u32 iv32, u16 *phase1key)
903 {
904         struct b43_wl *wl = hw_to_b43_wl(hw);
905         struct b43_wldev *dev;
906         int index = keyconf->hw_key_idx;
907 
908         if (B43_WARN_ON(!modparam_hwtkip))
909                 return;
910 
911         /* This is only called from the RX path through mac80211, where
912          * our mutex is already locked. */
913         B43_WARN_ON(!mutex_is_locked(&wl->mutex));
914         dev = wl->current_dev;
915         B43_WARN_ON(!dev || b43_status(dev) < B43_STAT_INITIALIZED);
916 
917         keymac_write(dev, index, NULL); /* First zero out mac to avoid race */
918 
919         rx_tkip_phase1_write(dev, index, iv32, phase1key);
920         /* only pairwise TKIP keys are supported right now */
921         if (WARN_ON(!sta))
922                 return;
923         keymac_write(dev, index, sta->addr);
924 }
925 
926 static void do_key_write(struct b43_wldev *dev,
927                          u8 index, u8 algorithm,
928                          const u8 *key, size_t key_len, const u8 *mac_addr)
929 {
930         u8 buf[B43_SEC_KEYSIZE] = { 0, };
931         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
932 
933         if (b43_new_kidx_api(dev))
934                 pairwise_keys_start = B43_NR_GROUP_KEYS;
935 
936         B43_WARN_ON(index >= ARRAY_SIZE(dev->key));
937         B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
938 
939         if (index >= pairwise_keys_start)
940                 keymac_write(dev, index, NULL); /* First zero out mac. */
941         if (algorithm == B43_SEC_ALGO_TKIP) {
942                 /*
943                  * We should provide an initial iv32, phase1key pair.
944                  * We could start with iv32=0 and compute the corresponding
945                  * phase1key, but this means calling ieee80211_get_tkip_key
946                  * with a fake skb (or export other tkip function).
947                  * Because we are lazy we hope iv32 won't start with
948                  * 0xffffffff and let's b43_op_update_tkip_key provide a
949                  * correct pair.
950                  */
951                 rx_tkip_phase1_write(dev, index, 0xffffffff, (u16*)buf);
952         } else if (index >= pairwise_keys_start) /* clear it */
953                 rx_tkip_phase1_write(dev, index, 0, NULL);
954         if (key)
955                 memcpy(buf, key, key_len);
956         key_write(dev, index, algorithm, buf);
957         if (index >= pairwise_keys_start)
958                 keymac_write(dev, index, mac_addr);
959 
960         dev->key[index].algorithm = algorithm;
961 }
962 
963 static int b43_key_write(struct b43_wldev *dev,
964                          int index, u8 algorithm,
965                          const u8 *key, size_t key_len,
966                          const u8 *mac_addr,
967                          struct ieee80211_key_conf *keyconf)
968 {
969         int i;
970         int pairwise_keys_start;
971 
972         /* For ALG_TKIP the key is encoded as a 256-bit (32 byte) data block:
973          *      - Temporal Encryption Key (128 bits)
974          *      - Temporal Authenticator Tx MIC Key (64 bits)
975          *      - Temporal Authenticator Rx MIC Key (64 bits)
976          *
977          *      Hardware only store TEK
978          */
979         if (algorithm == B43_SEC_ALGO_TKIP && key_len == 32)
980                 key_len = 16;
981         if (key_len > B43_SEC_KEYSIZE)
982                 return -EINVAL;
983         for (i = 0; i < ARRAY_SIZE(dev->key); i++) {
984                 /* Check that we don't already have this key. */
985                 B43_WARN_ON(dev->key[i].keyconf == keyconf);
986         }
987         if (index < 0) {
988                 /* Pairwise key. Get an empty slot for the key. */
989                 if (b43_new_kidx_api(dev))
990                         pairwise_keys_start = B43_NR_GROUP_KEYS;
991                 else
992                         pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
993                 for (i = pairwise_keys_start;
994                      i < pairwise_keys_start + B43_NR_PAIRWISE_KEYS;
995                      i++) {
996                         B43_WARN_ON(i >= ARRAY_SIZE(dev->key));
997                         if (!dev->key[i].keyconf) {
998                                 /* found empty */
999                                 index = i;
1000                                 break;
1001                         }
1002                 }
1003                 if (index < 0) {
1004                         b43warn(dev->wl, "Out of hardware key memory\n");
1005                         return -ENOSPC;
1006                 }
1007         } else
1008                 B43_WARN_ON(index > 3);
1009 
1010         do_key_write(dev, index, algorithm, key, key_len, mac_addr);
1011         if ((index <= 3) && !b43_new_kidx_api(dev)) {
1012                 /* Default RX key */
1013                 B43_WARN_ON(mac_addr);
1014                 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
1015         }
1016         keyconf->hw_key_idx = index;
1017         dev->key[index].keyconf = keyconf;
1018 
1019         return 0;
1020 }
1021 
1022 static int b43_key_clear(struct b43_wldev *dev, int index)
1023 {
1024         if (B43_WARN_ON((index < 0) || (index >= ARRAY_SIZE(dev->key))))
1025                 return -EINVAL;
1026         do_key_write(dev, index, B43_SEC_ALGO_NONE,
1027                      NULL, B43_SEC_KEYSIZE, NULL);
1028         if ((index <= 3) && !b43_new_kidx_api(dev)) {
1029                 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
1030                              NULL, B43_SEC_KEYSIZE, NULL);
1031         }
1032         dev->key[index].keyconf = NULL;
1033 
1034         return 0;
1035 }
1036 
1037 static void b43_clear_keys(struct b43_wldev *dev)
1038 {
1039         int i, count;
1040 
1041         if (b43_new_kidx_api(dev))
1042                 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1043         else
1044                 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1045         for (i = 0; i < count; i++)
1046                 b43_key_clear(dev, i);
1047 }
1048 
1049 static void b43_dump_keymemory(struct b43_wldev *dev)
1050 {
1051         unsigned int i, index, count, offset, pairwise_keys_start;
1052         u8 mac[ETH_ALEN];
1053         u16 algo;
1054         u32 rcmta0;
1055         u16 rcmta1;
1056         u64 hf;
1057         struct b43_key *key;
1058 
1059         if (!b43_debug(dev, B43_DBG_KEYS))
1060                 return;
1061 
1062         hf = b43_hf_read(dev);
1063         b43dbg(dev->wl, "Hardware key memory dump:  USEDEFKEYS=%u\n",
1064                !!(hf & B43_HF_USEDEFKEYS));
1065         if (b43_new_kidx_api(dev)) {
1066                 pairwise_keys_start = B43_NR_GROUP_KEYS;
1067                 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1068         } else {
1069                 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1070                 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1071         }
1072         for (index = 0; index < count; index++) {
1073                 key = &(dev->key[index]);
1074                 printk(KERN_DEBUG "Key slot %02u: %s",
1075                        index, (key->keyconf == NULL) ? " " : "*");
1076                 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
1077                 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
1078                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1079                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1080                 }
1081 
1082                 algo = b43_shm_read16(dev, B43_SHM_SHARED,
1083                                       B43_SHM_SH_KEYIDXBLOCK + (index * 2));
1084                 printk("   Algo: %04X/%02X", algo, key->algorithm);
1085 
1086                 if (index >= pairwise_keys_start) {
1087                         if (key->algorithm == B43_SEC_ALGO_TKIP) {
1088                                 printk("   TKIP: ");
1089                                 offset = B43_SHM_SH_TKIPTSCTTAK + (index - 4) * (10 + 4);
1090                                 for (i = 0; i < 14; i += 2) {
1091                                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1092                                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1093                                 }
1094                         }
1095                         rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
1096                                                 ((index - pairwise_keys_start) * 2) + 0);
1097                         rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
1098                                                 ((index - pairwise_keys_start) * 2) + 1);
1099                         *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
1100                         *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
1101                         printk("   MAC: %pM", mac);
1102                 } else
1103                         printk("   DEFAULT KEY");
1104                 printk("\n");
1105         }
1106 }
1107 
1108 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1109 {
1110         u32 macctl;
1111         u16 ucstat;
1112         bool hwps;
1113         bool awake;
1114         int i;
1115 
1116         B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1117                     (ps_flags & B43_PS_DISABLED));
1118         B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1119 
1120         if (ps_flags & B43_PS_ENABLED) {
1121                 hwps = true;
1122         } else if (ps_flags & B43_PS_DISABLED) {
1123                 hwps = false;
1124         } else {
1125                 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1126                 //      and thus is not an AP and we are associated, set bit 25
1127         }
1128         if (ps_flags & B43_PS_AWAKE) {
1129                 awake = true;
1130         } else if (ps_flags & B43_PS_ASLEEP) {
1131                 awake = false;
1132         } else {
1133                 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1134                 //      or we are associated, or FIXME, or the latest PS-Poll packet sent was
1135                 //      successful, set bit26
1136         }
1137 
1138 /* FIXME: For now we force awake-on and hwps-off */
1139         hwps = false;
1140         awake = true;
1141 
1142         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1143         if (hwps)
1144                 macctl |= B43_MACCTL_HWPS;
1145         else
1146                 macctl &= ~B43_MACCTL_HWPS;
1147         if (awake)
1148                 macctl |= B43_MACCTL_AWAKE;
1149         else
1150                 macctl &= ~B43_MACCTL_AWAKE;
1151         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1152         /* Commit write */
1153         b43_read32(dev, B43_MMIO_MACCTL);
1154         if (awake && dev->dev->core_rev >= 5) {
1155                 /* Wait for the microcode to wake up. */
1156                 for (i = 0; i < 100; i++) {
1157                         ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1158                                                 B43_SHM_SH_UCODESTAT);
1159                         if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1160                                 break;
1161                         udelay(10);
1162                 }
1163         }
1164 }
1165 
1166 #ifdef CONFIG_B43_BCMA
1167 static void b43_bcma_phy_reset(struct b43_wldev *dev)
1168 {
1169         u32 flags;
1170 
1171         /* Put PHY into reset */
1172         flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1173         flags |= B43_BCMA_IOCTL_PHY_RESET;
1174         flags |= B43_BCMA_IOCTL_PHY_BW_20MHZ; /* Make 20 MHz def */
1175         bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1176         udelay(2);
1177 
1178         /* Take PHY out of reset */
1179         flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1180         flags &= ~B43_BCMA_IOCTL_PHY_RESET;
1181         flags |= BCMA_IOCTL_FGC;
1182         bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1183         udelay(1);
1184 
1185         /* Do not force clock anymore */
1186         flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1187         flags &= ~BCMA_IOCTL_FGC;
1188         bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1189         udelay(1);
1190 }
1191 
1192 static void b43_bcma_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1193 {
1194         u32 req = B43_BCMA_CLKCTLST_80211_PLL_REQ |
1195                   B43_BCMA_CLKCTLST_PHY_PLL_REQ;
1196         u32 status = B43_BCMA_CLKCTLST_80211_PLL_ST |
1197                      B43_BCMA_CLKCTLST_PHY_PLL_ST;
1198 
1199         b43_device_enable(dev, B43_BCMA_IOCTL_PHY_CLKEN);
1200         bcma_core_set_clockmode(dev->dev->bdev, BCMA_CLKMODE_FAST);
1201         b43_bcma_phy_reset(dev);
1202         bcma_core_pll_ctl(dev->dev->bdev, req, status, true);
1203 }
1204 #endif
1205 
1206 static void b43_ssb_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1207 {
1208         struct ssb_device *sdev = dev->dev->sdev;
1209         u32 tmslow;
1210         u32 flags = 0;
1211 
1212         if (gmode)
1213                 flags |= B43_TMSLOW_GMODE;
1214         flags |= B43_TMSLOW_PHYCLKEN;
1215         flags |= B43_TMSLOW_PHYRESET;
1216         if (dev->phy.type == B43_PHYTYPE_N)
1217                 flags |= B43_TMSLOW_PHY_BANDWIDTH_20MHZ; /* Make 20 MHz def */
1218         b43_device_enable(dev, flags);
1219         msleep(2);              /* Wait for the PLL to turn on. */
1220 
1221         /* Now take the PHY out of Reset again */
1222         tmslow = ssb_read32(sdev, SSB_TMSLOW);
1223         tmslow |= SSB_TMSLOW_FGC;
1224         tmslow &= ~B43_TMSLOW_PHYRESET;
1225         ssb_write32(sdev, SSB_TMSLOW, tmslow);
1226         ssb_read32(sdev, SSB_TMSLOW);   /* flush */
1227         msleep(1);
1228         tmslow &= ~SSB_TMSLOW_FGC;
1229         ssb_write32(sdev, SSB_TMSLOW, tmslow);
1230         ssb_read32(sdev, SSB_TMSLOW);   /* flush */
1231         msleep(1);
1232 }
1233 
1234 void b43_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1235 {
1236         u32 macctl;
1237 
1238         switch (dev->dev->bus_type) {
1239 #ifdef CONFIG_B43_BCMA
1240         case B43_BUS_BCMA:
1241                 b43_bcma_wireless_core_reset(dev, gmode);
1242                 break;
1243 #endif
1244 #ifdef CONFIG_B43_SSB
1245         case B43_BUS_SSB:
1246                 b43_ssb_wireless_core_reset(dev, gmode);
1247                 break;
1248 #endif
1249         }
1250 
1251         /* Turn Analog ON, but only if we already know the PHY-type.
1252          * This protects against very early setup where we don't know the
1253          * PHY-type, yet. wireless_core_reset will be called once again later,
1254          * when we know the PHY-type. */
1255         if (dev->phy.ops)
1256                 dev->phy.ops->switch_analog(dev, 1);
1257 
1258         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1259         macctl &= ~B43_MACCTL_GMODE;
1260         if (gmode)
1261                 macctl |= B43_MACCTL_GMODE;
1262         macctl |= B43_MACCTL_IHR_ENABLED;
1263         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1264 }
1265 
1266 static void handle_irq_transmit_status(struct b43_wldev *dev)
1267 {
1268         u32 v0, v1;
1269         u16 tmp;
1270         struct b43_txstatus stat;
1271 
1272         while (1) {
1273                 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1274                 if (!(v0 & 0x00000001))
1275                         break;
1276                 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1277 
1278                 stat.cookie = (v0 >> 16);
1279                 stat.seq = (v1 & 0x0000FFFF);
1280                 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1281                 tmp = (v0 & 0x0000FFFF);
1282                 stat.frame_count = ((tmp & 0xF000) >> 12);
1283                 stat.rts_count = ((tmp & 0x0F00) >> 8);
1284                 stat.supp_reason = ((tmp & 0x001C) >> 2);
1285                 stat.pm_indicated = !!(tmp & 0x0080);
1286                 stat.intermediate = !!(tmp & 0x0040);
1287                 stat.for_ampdu = !!(tmp & 0x0020);
1288                 stat.acked = !!(tmp & 0x0002);
1289 
1290                 b43_handle_txstatus(dev, &stat);
1291         }
1292 }
1293 
1294 static void drain_txstatus_queue(struct b43_wldev *dev)
1295 {
1296         u32 dummy;
1297 
1298         if (dev->dev->core_rev < 5)
1299                 return;
1300         /* Read all entries from the microcode TXstatus FIFO
1301          * and throw them away.
1302          */
1303         while (1) {
1304                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1305                 if (!(dummy & 0x00000001))
1306                         break;
1307                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1308         }
1309 }
1310 
1311 static u32 b43_jssi_read(struct b43_wldev *dev)
1312 {
1313         u32 val = 0;
1314 
1315         val = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1);
1316         val <<= 16;
1317         val |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0);
1318 
1319         return val;
1320 }
1321 
1322 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1323 {
1324         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0,
1325                         (jssi & 0x0000FFFF));
1326         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1,
1327                         (jssi & 0xFFFF0000) >> 16);
1328 }
1329 
1330 static void b43_generate_noise_sample(struct b43_wldev *dev)
1331 {
1332         b43_jssi_write(dev, 0x7F7F7F7F);
1333         b43_write32(dev, B43_MMIO_MACCMD,
1334                     b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1335 }
1336 
1337 static void b43_calculate_link_quality(struct b43_wldev *dev)
1338 {
1339         /* Top half of Link Quality calculation. */
1340 
1341         if (dev->phy.type != B43_PHYTYPE_G)
1342                 return;
1343         if (dev->noisecalc.calculation_running)
1344                 return;
1345         dev->noisecalc.calculation_running = true;
1346         dev->noisecalc.nr_samples = 0;
1347 
1348         b43_generate_noise_sample(dev);
1349 }
1350 
1351 static void handle_irq_noise(struct b43_wldev *dev)
1352 {
1353         struct b43_phy_g *phy = dev->phy.g;
1354         u16 tmp;
1355         u8 noise[4];
1356         u8 i, j;
1357         s32 average;
1358 
1359         /* Bottom half of Link Quality calculation. */
1360 
1361         if (dev->phy.type != B43_PHYTYPE_G)
1362                 return;
1363 
1364         /* Possible race condition: It might be possible that the user
1365          * changed to a different channel in the meantime since we
1366          * started the calculation. We ignore that fact, since it's
1367          * not really that much of a problem. The background noise is
1368          * an estimation only anyway. Slightly wrong results will get damped
1369          * by the averaging of the 8 sample rounds. Additionally the
1370          * value is shortlived. So it will be replaced by the next noise
1371          * calculation round soon. */
1372 
1373         B43_WARN_ON(!dev->noisecalc.calculation_running);
1374         *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1375         if (noise[0] == 0x7F || noise[1] == 0x7F ||
1376             noise[2] == 0x7F || noise[3] == 0x7F)
1377                 goto generate_new;
1378 
1379         /* Get the noise samples. */
1380         B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1381         i = dev->noisecalc.nr_samples;
1382         noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1383         noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1384         noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1385         noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1386         dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1387         dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1388         dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1389         dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1390         dev->noisecalc.nr_samples++;
1391         if (dev->noisecalc.nr_samples == 8) {
1392                 /* Calculate the Link Quality by the noise samples. */
1393                 average = 0;
1394                 for (i = 0; i < 8; i++) {
1395                         for (j = 0; j < 4; j++)
1396                                 average += dev->noisecalc.samples[i][j];
1397                 }
1398                 average /= (8 * 4);
1399                 average *= 125;
1400                 average += 64;
1401                 average /= 128;
1402                 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1403                 tmp = (tmp / 128) & 0x1F;
1404                 if (tmp >= 8)
1405                         average += 2;
1406                 else
1407                         average -= 25;
1408                 if (tmp == 8)
1409                         average -= 72;
1410                 else
1411                         average -= 48;
1412 
1413                 dev->stats.link_noise = average;
1414                 dev->noisecalc.calculation_running = false;
1415                 return;
1416         }
1417 generate_new:
1418         b43_generate_noise_sample(dev);
1419 }
1420 
1421 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1422 {
1423         if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1424                 ///TODO: PS TBTT
1425         } else {
1426                 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1427                         b43_power_saving_ctl_bits(dev, 0);
1428         }
1429         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1430                 dev->dfq_valid = true;
1431 }
1432 
1433 static void handle_irq_atim_end(struct b43_wldev *dev)
1434 {
1435         if (dev->dfq_valid) {
1436                 b43_write32(dev, B43_MMIO_MACCMD,
1437                             b43_read32(dev, B43_MMIO_MACCMD)
1438                             | B43_MACCMD_DFQ_VALID);
1439                 dev->dfq_valid = false;
1440         }
1441 }
1442 
1443 static void handle_irq_pmq(struct b43_wldev *dev)
1444 {
1445         u32 tmp;
1446 
1447         //TODO: AP mode.
1448 
1449         while (1) {
1450                 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1451                 if (!(tmp & 0x00000008))
1452                         break;
1453         }
1454         /* 16bit write is odd, but correct. */
1455         b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1456 }
1457 
1458 static void b43_write_template_common(struct b43_wldev *dev,
1459                                       const u8 *data, u16 size,
1460                                       u16 ram_offset,
1461                                       u16 shm_size_offset, u8 rate)
1462 {
1463         u32 i, tmp;
1464         struct b43_plcp_hdr4 plcp;
1465 
1466         plcp.data = 0;
1467         b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1468         b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1469         ram_offset += sizeof(u32);
1470         /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1471          * So leave the first two bytes of the next write blank.
1472          */
1473         tmp = (u32) (data[0]) << 16;
1474         tmp |= (u32) (data[1]) << 24;
1475         b43_ram_write(dev, ram_offset, tmp);
1476         ram_offset += sizeof(u32);
1477         for (i = 2; i < size; i += sizeof(u32)) {
1478                 tmp = (u32) (data[i + 0]);
1479                 if (i + 1 < size)
1480                         tmp |= (u32) (data[i + 1]) << 8;
1481                 if (i + 2 < size)
1482                         tmp |= (u32) (data[i + 2]) << 16;
1483                 if (i + 3 < size)
1484                         tmp |= (u32) (data[i + 3]) << 24;
1485                 b43_ram_write(dev, ram_offset + i - 2, tmp);
1486         }
1487         b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1488                         size + sizeof(struct b43_plcp_hdr6));
1489 }
1490 
1491 /* Check if the use of the antenna that ieee80211 told us to
1492  * use is possible. This will fall back to DEFAULT.
1493  * "antenna_nr" is the antenna identifier we got from ieee80211. */
1494 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1495                                   u8 antenna_nr)
1496 {
1497         u8 antenna_mask;
1498 
1499         if (antenna_nr == 0) {
1500                 /* Zero means "use default antenna". That's always OK. */
1501                 return 0;
1502         }
1503 
1504         /* Get the mask of available antennas. */
1505         if (dev->phy.gmode)
1506                 antenna_mask = dev->dev->bus_sprom->ant_available_bg;
1507         else
1508                 antenna_mask = dev->dev->bus_sprom->ant_available_a;
1509 
1510         if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1511                 /* This antenna is not available. Fall back to default. */
1512                 return 0;
1513         }
1514 
1515         return antenna_nr;
1516 }
1517 
1518 /* Convert a b43 antenna number value to the PHY TX control value. */
1519 static u16 b43_antenna_to_phyctl(int antenna)
1520 {
1521         switch (antenna) {
1522         case B43_ANTENNA0:
1523                 return B43_TXH_PHY_ANT0;
1524         case B43_ANTENNA1:
1525                 return B43_TXH_PHY_ANT1;
1526         case B43_ANTENNA2:
1527                 return B43_TXH_PHY_ANT2;
1528         case B43_ANTENNA3:
1529                 return B43_TXH_PHY_ANT3;
1530         case B43_ANTENNA_AUTO0:
1531         case B43_ANTENNA_AUTO1:
1532                 return B43_TXH_PHY_ANT01AUTO;
1533         }
1534         B43_WARN_ON(1);
1535         return 0;
1536 }
1537 
1538 static void b43_write_beacon_template(struct b43_wldev *dev,
1539                                       u16 ram_offset,
1540                                       u16 shm_size_offset)
1541 {
1542         unsigned int i, len, variable_len;
1543         const struct ieee80211_mgmt *bcn;
1544         const u8 *ie;
1545         bool tim_found = false;
1546         unsigned int rate;
1547         u16 ctl;
1548         int antenna;
1549         struct ieee80211_tx_info *info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1550 
1551         bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1552         len = min((size_t) dev->wl->current_beacon->len,
1553                   0x200 - sizeof(struct b43_plcp_hdr6));
1554         rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1555 
1556         b43_write_template_common(dev, (const u8 *)bcn,
1557                                   len, ram_offset, shm_size_offset, rate);
1558 
1559         /* Write the PHY TX control parameters. */
1560         antenna = B43_ANTENNA_DEFAULT;
1561         antenna = b43_antenna_to_phyctl(antenna);
1562         ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1563         /* We can't send beacons with short preamble. Would get PHY errors. */
1564         ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1565         ctl &= ~B43_TXH_PHY_ANT;
1566         ctl &= ~B43_TXH_PHY_ENC;
1567         ctl |= antenna;
1568         if (b43_is_cck_rate(rate))
1569                 ctl |= B43_TXH_PHY_ENC_CCK;
1570         else
1571                 ctl |= B43_TXH_PHY_ENC_OFDM;
1572         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1573 
1574         /* Find the position of the TIM and the DTIM_period value
1575          * and write them to SHM. */
1576         ie = bcn->u.beacon.variable;
1577         variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1578         for (i = 0; i < variable_len - 2; ) {
1579                 uint8_t ie_id, ie_len;
1580 
1581                 ie_id = ie[i];
1582                 ie_len = ie[i + 1];
1583                 if (ie_id == 5) {
1584                         u16 tim_position;
1585                         u16 dtim_period;
1586                         /* This is the TIM Information Element */
1587 
1588                         /* Check whether the ie_len is in the beacon data range. */
1589                         if (variable_len < ie_len + 2 + i)
1590                                 break;
1591                         /* A valid TIM is at least 4 bytes long. */
1592                         if (ie_len < 4)
1593                                 break;
1594                         tim_found = true;
1595 
1596                         tim_position = sizeof(struct b43_plcp_hdr6);
1597                         tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1598                         tim_position += i;
1599 
1600                         dtim_period = ie[i + 3];
1601 
1602                         b43_shm_write16(dev, B43_SHM_SHARED,
1603                                         B43_SHM_SH_TIMBPOS, tim_position);
1604                         b43_shm_write16(dev, B43_SHM_SHARED,
1605                                         B43_SHM_SH_DTIMPER, dtim_period);
1606                         break;
1607                 }
1608                 i += ie_len + 2;
1609         }
1610         if (!tim_found) {
1611                 /*
1612                  * If ucode wants to modify TIM do it behind the beacon, this
1613                  * will happen, for example, when doing mesh networking.
1614                  */
1615                 b43_shm_write16(dev, B43_SHM_SHARED,
1616                                 B43_SHM_SH_TIMBPOS,
1617                                 len + sizeof(struct b43_plcp_hdr6));
1618                 b43_shm_write16(dev, B43_SHM_SHARED,
1619                                 B43_SHM_SH_DTIMPER, 0);
1620         }
1621         b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1622 }
1623 
1624 static void b43_upload_beacon0(struct b43_wldev *dev)
1625 {
1626         struct b43_wl *wl = dev->wl;
1627 
1628         if (wl->beacon0_uploaded)
1629                 return;
1630         b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE0, B43_SHM_SH_BTL0);
1631         wl->beacon0_uploaded = true;
1632 }
1633 
1634 static void b43_upload_beacon1(struct b43_wldev *dev)
1635 {
1636         struct b43_wl *wl = dev->wl;
1637 
1638         if (wl->beacon1_uploaded)
1639                 return;
1640         b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE1, B43_SHM_SH_BTL1);
1641         wl->beacon1_uploaded = true;
1642 }
1643 
1644 static void handle_irq_beacon(struct b43_wldev *dev)
1645 {
1646         struct b43_wl *wl = dev->wl;
1647         u32 cmd, beacon0_valid, beacon1_valid;
1648 
1649         if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1650             !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) &&
1651             !b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
1652                 return;
1653 
1654         /* This is the bottom half of the asynchronous beacon update. */
1655 
1656         /* Ignore interrupt in the future. */
1657         dev->irq_mask &= ~B43_IRQ_BEACON;
1658 
1659         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1660         beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1661         beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1662 
1663         /* Schedule interrupt manually, if busy. */
1664         if (beacon0_valid && beacon1_valid) {
1665                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1666                 dev->irq_mask |= B43_IRQ_BEACON;
1667                 return;
1668         }
1669 
1670         if (unlikely(wl->beacon_templates_virgin)) {
1671                 /* We never uploaded a beacon before.
1672                  * Upload both templates now, but only mark one valid. */
1673                 wl->beacon_templates_virgin = false;
1674                 b43_upload_beacon0(dev);
1675                 b43_upload_beacon1(dev);
1676                 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1677                 cmd |= B43_MACCMD_BEACON0_VALID;
1678                 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1679         } else {
1680                 if (!beacon0_valid) {
1681                         b43_upload_beacon0(dev);
1682                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1683                         cmd |= B43_MACCMD_BEACON0_VALID;
1684                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1685                 } else if (!beacon1_valid) {
1686                         b43_upload_beacon1(dev);
1687                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1688                         cmd |= B43_MACCMD_BEACON1_VALID;
1689                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1690                 }
1691         }
1692 }
1693 
1694 static void b43_do_beacon_update_trigger_work(struct b43_wldev *dev)
1695 {
1696         u32 old_irq_mask = dev->irq_mask;
1697 
1698         /* update beacon right away or defer to irq */
1699         handle_irq_beacon(dev);
1700         if (old_irq_mask != dev->irq_mask) {
1701                 /* The handler updated the IRQ mask. */
1702                 B43_WARN_ON(!dev->irq_mask);
1703                 if (b43_read32(dev, B43_MMIO_GEN_IRQ_MASK)) {
1704                         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1705                 } else {
1706                         /* Device interrupts are currently disabled. That means
1707                          * we just ran the hardirq handler and scheduled the
1708                          * IRQ thread. The thread will write the IRQ mask when
1709                          * it finished, so there's nothing to do here. Writing
1710                          * the mask _here_ would incorrectly re-enable IRQs. */
1711                 }
1712         }
1713 }
1714 
1715 static void b43_beacon_update_trigger_work(struct work_struct *work)
1716 {
1717         struct b43_wl *wl = container_of(work, struct b43_wl,
1718                                          beacon_update_trigger);
1719         struct b43_wldev *dev;
1720 
1721         mutex_lock(&wl->mutex);
1722         dev = wl->current_dev;
1723         if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1724                 if (b43_bus_host_is_sdio(dev->dev)) {
1725                         /* wl->mutex is enough. */
1726                         b43_do_beacon_update_trigger_work(dev);
1727                         mmiowb();
1728                 } else {
1729                         spin_lock_irq(&wl->hardirq_lock);
1730                         b43_do_beacon_update_trigger_work(dev);
1731                         mmiowb();
1732                         spin_unlock_irq(&wl->hardirq_lock);
1733                 }
1734         }
1735         mutex_unlock(&wl->mutex);
1736 }
1737 
1738 /* Asynchronously update the packet templates in template RAM.
1739  * Locking: Requires wl->mutex to be locked. */
1740 static void b43_update_templates(struct b43_wl *wl)
1741 {
1742         struct sk_buff *beacon;
1743 
1744         /* This is the top half of the ansynchronous beacon update.
1745          * The bottom half is the beacon IRQ.
1746          * Beacon update must be asynchronous to avoid sending an
1747          * invalid beacon. This can happen for example, if the firmware
1748          * transmits a beacon while we are updating it. */
1749 
1750         /* We could modify the existing beacon and set the aid bit in
1751          * the TIM field, but that would probably require resizing and
1752          * moving of data within the beacon template.
1753          * Simply request a new beacon and let mac80211 do the hard work. */
1754         beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1755         if (unlikely(!beacon))
1756                 return;
1757 
1758         if (wl->current_beacon)
1759                 dev_kfree_skb_any(wl->current_beacon);
1760         wl->current_beacon = beacon;
1761         wl->beacon0_uploaded = false;
1762         wl->beacon1_uploaded = false;
1763         ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1764 }
1765 
1766 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1767 {
1768         b43_time_lock(dev);
1769         if (dev->dev->core_rev >= 3) {
1770                 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1771                 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1772         } else {
1773                 b43_write16(dev, 0x606, (beacon_int >> 6));
1774                 b43_write16(dev, 0x610, beacon_int);
1775         }
1776         b43_time_unlock(dev);
1777         b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1778 }
1779 
1780 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1781 {
1782         u16 reason;
1783 
1784         /* Read the register that contains the reason code for the panic. */
1785         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1786         b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1787 
1788         switch (reason) {
1789         default:
1790                 b43dbg(dev->wl, "The panic reason is unknown.\n");
1791                 /* fallthrough */
1792         case B43_FWPANIC_DIE:
1793                 /* Do not restart the controller or firmware.
1794                  * The device is nonfunctional from now on.
1795                  * Restarting would result in this panic to trigger again,
1796                  * so we avoid that recursion. */
1797                 break;
1798         case B43_FWPANIC_RESTART:
1799                 b43_controller_restart(dev, "Microcode panic");
1800                 break;
1801         }
1802 }
1803 
1804 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1805 {
1806         unsigned int i, cnt;
1807         u16 reason, marker_id, marker_line;
1808         __le16 *buf;
1809 
1810         /* The proprietary firmware doesn't have this IRQ. */
1811         if (!dev->fw.opensource)
1812                 return;
1813 
1814         /* Read the register that contains the reason code for this IRQ. */
1815         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1816 
1817         switch (reason) {
1818         case B43_DEBUGIRQ_PANIC:
1819                 b43_handle_firmware_panic(dev);
1820                 break;
1821         case B43_DEBUGIRQ_DUMP_SHM:
1822                 if (!B43_DEBUG)
1823                         break; /* Only with driver debugging enabled. */
1824                 buf = kmalloc(4096, GFP_ATOMIC);
1825                 if (!buf) {
1826                         b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1827                         goto out;
1828                 }
1829                 for (i = 0; i < 4096; i += 2) {
1830                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1831                         buf[i / 2] = cpu_to_le16(tmp);
1832                 }
1833                 b43info(dev->wl, "Shared memory dump:\n");
1834                 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1835                                16, 2, buf, 4096, 1);
1836                 kfree(buf);
1837                 break;
1838         case B43_DEBUGIRQ_DUMP_REGS:
1839                 if (!B43_DEBUG)
1840                         break; /* Only with driver debugging enabled. */
1841                 b43info(dev->wl, "Microcode register dump:\n");
1842                 for (i = 0, cnt = 0; i < 64; i++) {
1843                         u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1844                         if (cnt == 0)
1845                                 printk(KERN_INFO);
1846                         printk("r%02u: 0x%04X  ", i, tmp);
1847                         cnt++;
1848                         if (cnt == 6) {
1849                                 printk("\n");
1850                                 cnt = 0;
1851                         }
1852                 }
1853                 printk("\n");
1854                 break;
1855         case B43_DEBUGIRQ_MARKER:
1856                 if (!B43_DEBUG)
1857                         break; /* Only with driver debugging enabled. */
1858                 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1859                                            B43_MARKER_ID_REG);
1860                 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1861                                              B43_MARKER_LINE_REG);
1862                 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1863                         "at line number %u\n",
1864                         marker_id, marker_line);
1865                 break;
1866         default:
1867                 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1868                        reason);
1869         }
1870 out:
1871         /* Acknowledge the debug-IRQ, so the firmware can continue. */
1872         b43_shm_write16(dev, B43_SHM_SCRATCH,
1873                         B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1874 }
1875 
1876 static void b43_do_interrupt_thread(struct b43_wldev *dev)
1877 {
1878         u32 reason;
1879         u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1880         u32 merged_dma_reason = 0;
1881         int i;
1882 
1883         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
1884                 return;
1885 
1886         reason = dev->irq_reason;
1887         for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1888                 dma_reason[i] = dev->dma_reason[i];
1889                 merged_dma_reason |= dma_reason[i];
1890         }
1891 
1892         if (unlikely(reason & B43_IRQ_MAC_TXERR))
1893                 b43err(dev->wl, "MAC transmission error\n");
1894 
1895         if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1896                 b43err(dev->wl, "PHY transmission error\n");
1897                 rmb();
1898                 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1899                         atomic_set(&dev->phy.txerr_cnt,
1900                                    B43_PHY_TX_BADNESS_LIMIT);
1901                         b43err(dev->wl, "Too many PHY TX errors, "
1902                                         "restarting the controller\n");
1903                         b43_controller_restart(dev, "PHY TX errors");
1904                 }
1905         }
1906 
1907         if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK))) {
1908                 b43err(dev->wl,
1909                         "Fatal DMA error: 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X\n",
1910                         dma_reason[0], dma_reason[1],
1911                         dma_reason[2], dma_reason[3],
1912                         dma_reason[4], dma_reason[5]);
1913                 b43err(dev->wl, "This device does not support DMA "
1914                                "on your system. It will now be switched to PIO.\n");
1915                 /* Fall back to PIO transfers if we get fatal DMA errors! */
1916                 dev->use_pio = true;
1917                 b43_controller_restart(dev, "DMA error");
1918                 return;
1919         }
1920 
1921         if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1922                 handle_irq_ucode_debug(dev);
1923         if (reason & B43_IRQ_TBTT_INDI)
1924                 handle_irq_tbtt_indication(dev);
1925         if (reason & B43_IRQ_ATIM_END)
1926                 handle_irq_atim_end(dev);
1927         if (reason & B43_IRQ_BEACON)
1928                 handle_irq_beacon(dev);
1929         if (reason & B43_IRQ_PMQ)
1930                 handle_irq_pmq(dev);
1931         if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1932                 ;/* TODO */
1933         if (reason & B43_IRQ_NOISESAMPLE_OK)
1934                 handle_irq_noise(dev);
1935 
1936         /* Check the DMA reason registers for received data. */
1937         if (dma_reason[0] & B43_DMAIRQ_RDESC_UFLOW) {
1938                 if (B43_DEBUG)
1939                         b43warn(dev->wl, "RX descriptor underrun\n");
1940                 b43_dma_handle_rx_overflow(dev->dma.rx_ring);
1941         }
1942         if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
1943                 if (b43_using_pio_transfers(dev))
1944                         b43_pio_rx(dev->pio.rx_queue);
1945                 else
1946                         b43_dma_rx(dev->dma.rx_ring);
1947         }
1948         B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1949         B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
1950         B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
1951         B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1952         B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1953 
1954         if (reason & B43_IRQ_TX_OK)
1955                 handle_irq_transmit_status(dev);
1956 
1957         /* Re-enable interrupts on the device by restoring the current interrupt mask. */
1958         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1959 
1960 #if B43_DEBUG
1961         if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
1962                 dev->irq_count++;
1963                 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
1964                         if (reason & (1 << i))
1965                                 dev->irq_bit_count[i]++;
1966                 }
1967         }
1968 #endif
1969 }
1970 
1971 /* Interrupt thread handler. Handles device interrupts in thread context. */
1972 static irqreturn_t b43_interrupt_thread_handler(int irq, void *dev_id)
1973 {
1974         struct b43_wldev *dev = dev_id;
1975 
1976         mutex_lock(&dev->wl->mutex);
1977         b43_do_interrupt_thread(dev);
1978         mmiowb();
1979         mutex_unlock(&dev->wl->mutex);
1980 
1981         return IRQ_HANDLED;
1982 }
1983 
1984 static irqreturn_t b43_do_interrupt(struct b43_wldev *dev)
1985 {
1986         u32 reason;
1987 
1988         /* This code runs under wl->hardirq_lock, but _only_ on non-SDIO busses.
1989          * On SDIO, this runs under wl->mutex. */
1990 
1991         reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1992         if (reason == 0xffffffff)       /* shared IRQ */
1993                 return IRQ_NONE;
1994         reason &= dev->irq_mask;
1995         if (!reason)
1996                 return IRQ_NONE;
1997 
1998         dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
1999             & 0x0001FC00;
2000         dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
2001             & 0x0000DC00;
2002         dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
2003             & 0x0000DC00;
2004         dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
2005             & 0x0001DC00;
2006         dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
2007             & 0x0000DC00;
2008 /* Unused ring
2009         dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
2010             & 0x0000DC00;
2011 */
2012 
2013         /* ACK the interrupt. */
2014         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
2015         b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
2016         b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
2017         b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
2018         b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
2019         b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
2020 /* Unused ring
2021         b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
2022 */
2023 
2024         /* Disable IRQs on the device. The IRQ thread handler will re-enable them. */
2025         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
2026         /* Save the reason bitmasks for the IRQ thread handler. */
2027         dev->irq_reason = reason;
2028 
2029         return IRQ_WAKE_THREAD;
2030 }
2031 
2032 /* Interrupt handler top-half. This runs with interrupts disabled. */
2033 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
2034 {
2035         struct b43_wldev *dev = dev_id;
2036         irqreturn_t ret;
2037 
2038         if (unlikely(b43_status(dev) < B43_STAT_STARTED))
2039                 return IRQ_NONE;
2040 
2041         spin_lock(&dev->wl->hardirq_lock);
2042         ret = b43_do_interrupt(dev);
2043         mmiowb();
2044         spin_unlock(&dev->wl->hardirq_lock);
2045 
2046         return ret;
2047 }
2048 
2049 /* SDIO interrupt handler. This runs in process context. */
2050 static void b43_sdio_interrupt_handler(struct b43_wldev *dev)
2051 {
2052         struct b43_wl *wl = dev->wl;
2053         irqreturn_t ret;
2054 
2055         mutex_lock(&wl->mutex);
2056 
2057         ret = b43_do_interrupt(dev);
2058         if (ret == IRQ_WAKE_THREAD)
2059                 b43_do_interrupt_thread(dev);
2060 
2061         mutex_unlock(&wl->mutex);
2062 }
2063 
2064 void b43_do_release_fw(struct b43_firmware_file *fw)
2065 {
2066         release_firmware(fw->data);
2067         fw->data = NULL;
2068         fw->filename = NULL;
2069 }
2070 
2071 static void b43_release_firmware(struct b43_wldev *dev)
2072 {
2073         complete(&dev->fw_load_complete);
2074         b43_do_release_fw(&dev->fw.ucode);
2075         b43_do_release_fw(&dev->fw.pcm);
2076         b43_do_release_fw(&dev->fw.initvals);
2077         b43_do_release_fw(&dev->fw.initvals_band);
2078 }
2079 
2080 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
2081 {
2082         const char text[] =
2083                 "You must go to " \
2084                 "http://wireless.kernel.org/en/users/Drivers/b43#devicefirmware " \
2085                 "and download the correct firmware for this driver version. " \
2086                 "Please carefully read all instructions on this website.\n";
2087 
2088         if (error)
2089                 b43err(wl, text);
2090         else
2091                 b43warn(wl, text);
2092 }
2093 
2094 static void b43_fw_cb(const struct firmware *firmware, void *context)
2095 {
2096         struct b43_request_fw_context *ctx = context;
2097 
2098         ctx->blob = firmware;
2099         complete(&ctx->dev->fw_load_complete);
2100 }
2101 
2102 int b43_do_request_fw(struct b43_request_fw_context *ctx,
2103                       const char *name,
2104                       struct b43_firmware_file *fw, bool async)
2105 {
2106         struct b43_fw_header *hdr;
2107         u32 size;
2108         int err;
2109 
2110         if (!name) {
2111                 /* Don't fetch anything. Free possibly cached firmware. */
2112                 /* FIXME: We should probably keep it anyway, to save some headache
2113                  * on suspend/resume with multiband devices. */
2114                 b43_do_release_fw(fw);
2115                 return 0;
2116         }
2117         if (fw->filename) {
2118                 if ((fw->type == ctx->req_type) &&
2119                     (strcmp(fw->filename, name) == 0))
2120                         return 0; /* Already have this fw. */
2121                 /* Free the cached firmware first. */
2122                 /* FIXME: We should probably do this later after we successfully
2123                  * got the new fw. This could reduce headache with multiband devices.
2124                  * We could also redesign this to cache the firmware for all possible
2125                  * bands all the time. */
2126                 b43_do_release_fw(fw);
2127         }
2128 
2129         switch (ctx->req_type) {
2130         case B43_FWTYPE_PROPRIETARY:
2131                 snprintf(ctx->fwname, sizeof(ctx->fwname),
2132                          "b43%s/%s.fw",
2133                          modparam_fwpostfix, name);
2134                 break;
2135         case B43_FWTYPE_OPENSOURCE:
2136                 snprintf(ctx->fwname, sizeof(ctx->fwname),
2137                          "b43-open%s/%s.fw",
2138                          modparam_fwpostfix, name);
2139                 break;
2140         default:
2141                 B43_WARN_ON(1);
2142                 return -ENOSYS;
2143         }
2144         if (async) {
2145                 /* do this part asynchronously */
2146                 init_completion(&ctx->dev->fw_load_complete);
2147                 err = request_firmware_nowait(THIS_MODULE, 1, ctx->fwname,
2148                                               ctx->dev->dev->dev, GFP_KERNEL,
2149                                               ctx, b43_fw_cb);
2150                 if (err < 0) {
2151                         pr_err("Unable to load firmware\n");
2152                         return err;
2153                 }
2154                 wait_for_completion(&ctx->dev->fw_load_complete);
2155                 if (ctx->blob)
2156                         goto fw_ready;
2157         /* On some ARM systems, the async request will fail, but the next sync
2158          * request works. For this reason, we fall through here
2159          */
2160         }
2161         err = request_firmware(&ctx->blob, ctx->fwname,
2162                                ctx->dev->dev->dev);
2163         if (err == -ENOENT) {
2164                 snprintf(ctx->errors[ctx->req_type],
2165                          sizeof(ctx->errors[ctx->req_type]),
2166                          "Firmware file \"%s\" not found\n",
2167                          ctx->fwname);
2168                 return err;
2169         } else if (err) {
2170                 snprintf(ctx->errors[ctx->req_type],
2171                          sizeof(ctx->errors[ctx->req_type]),
2172                          "Firmware file \"%s\" request failed (err=%d)\n",
2173                          ctx->fwname, err);
2174                 return err;
2175         }
2176 fw_ready:
2177         if (ctx->blob->size < sizeof(struct b43_fw_header))
2178                 goto err_format;
2179         hdr = (struct b43_fw_header *)(ctx->blob->data);
2180         switch (hdr->type) {
2181         case B43_FW_TYPE_UCODE:
2182         case B43_FW_TYPE_PCM:
2183                 size = be32_to_cpu(hdr->size);
2184                 if (size != ctx->blob->size - sizeof(struct b43_fw_header))
2185                         goto err_format;
2186                 /* fallthrough */
2187         case B43_FW_TYPE_IV:
2188                 if (hdr->ver != 1)
2189                         goto err_format;
2190                 break;
2191         default:
2192                 goto err_format;
2193         }
2194 
2195         fw->data = ctx->blob;
2196         fw->filename = name;
2197         fw->type = ctx->req_type;
2198 
2199         return 0;
2200 
2201 err_format:
2202         snprintf(ctx->errors[ctx->req_type],
2203                  sizeof(ctx->errors[ctx->req_type]),
2204                  "Firmware file \"%s\" format error.\n", ctx->fwname);
2205         release_firmware(ctx->blob);
2206 
2207         return -EPROTO;
2208 }
2209 
2210 static int b43_try_request_fw(struct b43_request_fw_context *ctx)
2211 {
2212         struct b43_wldev *dev = ctx->dev;
2213         struct b43_firmware *fw = &ctx->dev->fw;
2214         const u8 rev = ctx->dev->dev->core_rev;
2215         const char *filename;
2216         u32 tmshigh;
2217         int err;
2218 
2219         /* Files for HT and LCN were found by trying one by one */
2220 
2221         /* Get microcode */
2222         if ((rev >= 5) && (rev <= 10)) {
2223                 filename = "ucode5";
2224         } else if ((rev >= 11) && (rev <= 12)) {
2225                 filename = "ucode11";
2226         } else if (rev == 13) {
2227                 filename = "ucode13";
2228         } else if (rev == 14) {
2229                 filename = "ucode14";
2230         } else if (rev == 15) {
2231                 filename = "ucode15";
2232         } else {
2233                 switch (dev->phy.type) {
2234                 case B43_PHYTYPE_N:
2235                         if (rev >= 16)
2236                                 filename = "ucode16_mimo";
2237                         else
2238                                 goto err_no_ucode;
2239                         break;
2240                 case B43_PHYTYPE_HT:
2241                         if (rev == 29)
2242                                 filename = "ucode29_mimo";
2243                         else
2244                                 goto err_no_ucode;
2245                         break;
2246                 case B43_PHYTYPE_LCN:
2247                         if (rev == 24)
2248                                 filename = "ucode24_mimo";
2249                         else
2250                                 goto err_no_ucode;
2251                         break;
2252                 default:
2253                         goto err_no_ucode;
2254                 }
2255         }
2256         err = b43_do_request_fw(ctx, filename, &fw->ucode, true);
2257         if (err)
2258                 goto err_load;
2259 
2260         /* Get PCM code */
2261         if ((rev >= 5) && (rev <= 10))
2262                 filename = "pcm5";
2263         else if (rev >= 11)
2264                 filename = NULL;
2265         else
2266                 goto err_no_pcm;
2267         fw->pcm_request_failed = false;
2268         err = b43_do_request_fw(ctx, filename, &fw->pcm, false);
2269         if (err == -ENOENT) {
2270                 /* We did not find a PCM file? Not fatal, but
2271                  * core rev <= 10 must do without hwcrypto then. */
2272                 fw->pcm_request_failed = true;
2273         } else if (err)
2274                 goto err_load;
2275 
2276         /* Get initvals */
2277         switch (dev->phy.type) {
2278         case B43_PHYTYPE_A:
2279                 if ((rev >= 5) && (rev <= 10)) {
2280                         tmshigh = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
2281                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2282                                 filename = "a0g1initvals5";
2283                         else
2284                                 filename = "a0g0initvals5";
2285                 } else
2286                         goto err_no_initvals;
2287                 break;
2288         case B43_PHYTYPE_G:
2289                 if ((rev >= 5) && (rev <= 10))
2290                         filename = "b0g0initvals5";
2291                 else if (rev >= 13)
2292                         filename = "b0g0initvals13";
2293                 else
2294                         goto err_no_initvals;
2295                 break;
2296         case B43_PHYTYPE_N:
2297                 if (rev >= 16)
2298                         filename = "n0initvals16";
2299                 else if ((rev >= 11) && (rev <= 12))
2300                         filename = "n0initvals11";
2301                 else
2302                         goto err_no_initvals;
2303                 break;
2304         case B43_PHYTYPE_LP:
2305                 if (rev == 13)
2306                         filename = "lp0initvals13";
2307                 else if (rev == 14)
2308                         filename = "lp0initvals14";
2309                 else if (rev >= 15)
2310                         filename = "lp0initvals15";
2311                 else
2312                         goto err_no_initvals;
2313                 break;
2314         case B43_PHYTYPE_HT:
2315                 if (rev == 29)
2316                         filename = "ht0initvals29";
2317                 else
2318                         goto err_no_initvals;
2319                 break;
2320         case B43_PHYTYPE_LCN:
2321                 if (rev == 24)
2322                         filename = "lcn0initvals24";
2323                 else
2324                         goto err_no_initvals;
2325                 break;
2326         default:
2327                 goto err_no_initvals;
2328         }
2329         err = b43_do_request_fw(ctx, filename, &fw->initvals, false);
2330         if (err)
2331                 goto err_load;
2332 
2333         /* Get bandswitch initvals */
2334         switch (dev->phy.type) {
2335         case B43_PHYTYPE_A:
2336                 if ((rev >= 5) && (rev <= 10)) {
2337                         tmshigh = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
2338                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2339                                 filename = "a0g1bsinitvals5";
2340                         else
2341                                 filename = "a0g0bsinitvals5";
2342                 } else if (rev >= 11)
2343                         filename = NULL;
2344                 else
2345                         goto err_no_initvals;
2346                 break;
2347         case B43_PHYTYPE_G:
2348                 if ((rev >= 5) && (rev <= 10))
2349                         filename = "b0g0bsinitvals5";
2350                 else if (rev >= 11)
2351                         filename = NULL;
2352                 else
2353                         goto err_no_initvals;
2354                 break;
2355         case B43_PHYTYPE_N:
2356                 if (rev >= 16)
2357                         filename = "n0bsinitvals16";
2358                 else if ((rev >= 11) && (rev <= 12))
2359                         filename = "n0bsinitvals11";
2360                 else
2361                         goto err_no_initvals;
2362                 break;
2363         case B43_PHYTYPE_LP:
2364                 if (rev == 13)
2365                         filename = "lp0bsinitvals13";
2366                 else if (rev == 14)
2367                         filename = "lp0bsinitvals14";
2368                 else if (rev >= 15)
2369                         filename = "lp0bsinitvals15";
2370                 else
2371                         goto err_no_initvals;
2372                 break;
2373         case B43_PHYTYPE_HT:
2374                 if (rev == 29)
2375                         filename = "ht0bsinitvals29";
2376                 else
2377                         goto err_no_initvals;
2378                 break;
2379         case B43_PHYTYPE_LCN:
2380                 if (rev == 24)
2381                         filename = "lcn0bsinitvals24";
2382                 else
2383                         goto err_no_initvals;
2384                 break;
2385         default:
2386                 goto err_no_initvals;
2387         }
2388         err = b43_do_request_fw(ctx, filename, &fw->initvals_band, false);
2389         if (err)
2390                 goto err_load;
2391 
2392         fw->opensource = (ctx->req_type == B43_FWTYPE_OPENSOURCE);
2393 
2394         return 0;
2395 
2396 err_no_ucode:
2397         err = ctx->fatal_failure = -EOPNOTSUPP;
2398         b43err(dev->wl, "The driver does not know which firmware (ucode) "
2399                "is required for your device (wl-core rev %u)\n", rev);
2400         goto error;
2401 
2402 err_no_pcm:
2403         err = ctx->fatal_failure = -EOPNOTSUPP;
2404         b43err(dev->wl, "The driver does not know which firmware (PCM) "
2405                "is required for your device (wl-core rev %u)\n", rev);
2406         goto error;
2407 
2408 err_no_initvals:
2409         err = ctx->fatal_failure = -EOPNOTSUPP;
2410         b43err(dev->wl, "The driver does not know which firmware (initvals) "
2411                "is required for your device (wl-core rev %u)\n", rev);
2412         goto error;
2413 
2414 err_load:
2415         /* We failed to load this firmware image. The error message
2416          * already is in ctx->errors. Return and let our caller decide
2417          * what to do. */
2418         goto error;
2419 
2420 error:
2421         b43_release_firmware(dev);
2422         return err;
2423 }
2424 
2425 static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl);
2426 static void b43_one_core_detach(struct b43_bus_dev *dev);
2427 static int b43_rng_init(struct b43_wl *wl);
2428 
2429 static void b43_request_firmware(struct work_struct *work)
2430 {
2431         struct b43_wl *wl = container_of(work,
2432                             struct b43_wl, firmware_load);
2433         struct b43_wldev *dev = wl->current_dev;
2434         struct b43_request_fw_context *ctx;
2435         unsigned int i;
2436         int err;
2437         const char *errmsg;
2438 
2439         ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2440         if (!ctx)
2441                 return;
2442         ctx->dev = dev;
2443 
2444         ctx->req_type = B43_FWTYPE_PROPRIETARY;
2445         err = b43_try_request_fw(ctx);
2446         if (!err)
2447                 goto start_ieee80211; /* Successfully loaded it. */
2448         /* Was fw version known? */
2449         if (ctx->fatal_failure)
2450                 goto out;
2451 
2452         /* proprietary fw not found, try open source */
2453         ctx->req_type = B43_FWTYPE_OPENSOURCE;
2454         err = b43_try_request_fw(ctx);
2455         if (!err)
2456                 goto start_ieee80211; /* Successfully loaded it. */
2457         if(ctx->fatal_failure)
2458                 goto out;
2459 
2460         /* Could not find a usable firmware. Print the errors. */
2461         for (i = 0; i < B43_NR_FWTYPES; i++) {
2462                 errmsg = ctx->errors[i];
2463                 if (strlen(errmsg))
2464                         b43err(dev->wl, "%s", errmsg);
2465         }
2466         b43_print_fw_helptext(dev->wl, 1);
2467         goto out;
2468 
2469 start_ieee80211:
2470         wl->hw->queues = B43_QOS_QUEUE_NUM;
2471         if (!modparam_qos || dev->fw.opensource)
2472                 wl->hw->queues = 1;
2473 
2474         err = ieee80211_register_hw(wl->hw);
2475         if (err)
2476                 goto err_one_core_detach;
2477         wl->hw_registred = true;
2478         b43_leds_register(wl->current_dev);
2479 
2480         /* Register HW RNG driver */
2481         b43_rng_init(wl);
2482 
2483         goto out;
2484 
2485 err_one_core_detach:
2486         b43_one_core_detach(dev->dev);
2487 
2488 out:
2489         kfree(ctx);
2490 }
2491 
2492 static int b43_upload_microcode(struct b43_wldev *dev)
2493 {
2494         struct wiphy *wiphy = dev->wl->hw->wiphy;
2495         const size_t hdr_len = sizeof(struct b43_fw_header);
2496         const __be32 *data;
2497         unsigned int i, len;
2498         u16 fwrev, fwpatch, fwdate, fwtime;
2499         u32 tmp, macctl;
2500         int err = 0;
2501 
2502         /* Jump the microcode PSM to offset 0 */
2503         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2504         B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2505         macctl |= B43_MACCTL_PSM_JMP0;
2506         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2507         /* Zero out all microcode PSM registers and shared memory. */
2508         for (i = 0; i < 64; i++)
2509                 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2510         for (i = 0; i < 4096; i += 2)
2511                 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2512 
2513         /* Upload Microcode. */
2514         data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2515         len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2516         b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2517         for (i = 0; i < len; i++) {
2518                 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2519                 udelay(10);
2520         }
2521 
2522         if (dev->fw.pcm.data) {
2523                 /* Upload PCM data. */
2524                 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2525                 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2526                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2527                 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2528                 /* No need for autoinc bit in SHM_HW */
2529                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2530                 for (i = 0; i < len; i++) {
2531                         b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2532                         udelay(10);
2533                 }
2534         }
2535 
2536         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2537 
2538         /* Start the microcode PSM */
2539         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_JMP0,
2540                       B43_MACCTL_PSM_RUN);
2541 
2542         /* Wait for the microcode to load and respond */
2543         i = 0;
2544         while (1) {
2545                 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2546                 if (tmp == B43_IRQ_MAC_SUSPENDED)
2547                         break;
2548                 i++;
2549                 if (i >= 20) {
2550                         b43err(dev->wl, "Microcode not responding\n");
2551                         b43_print_fw_helptext(dev->wl, 1);
2552                         err = -ENODEV;
2553                         goto error;
2554                 }
2555                 msleep(50);
2556         }
2557         b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);       /* dummy read */
2558 
2559         /* Get and check the revisions. */
2560         fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2561         fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2562         fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2563         fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2564 
2565         if (fwrev <= 0x128) {
2566                 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2567                        "binary drivers older than version 4.x is unsupported. "
2568                        "You must upgrade your firmware files.\n");
2569                 b43_print_fw_helptext(dev->wl, 1);
2570                 err = -EOPNOTSUPP;
2571                 goto error;
2572         }
2573         dev->fw.rev = fwrev;
2574         dev->fw.patch = fwpatch;
2575         if (dev->fw.rev >= 598)
2576                 dev->fw.hdr_format = B43_FW_HDR_598;
2577         else if (dev->fw.rev >= 410)
2578                 dev->fw.hdr_format = B43_FW_HDR_410;
2579         else
2580                 dev->fw.hdr_format = B43_FW_HDR_351;
2581         WARN_ON(dev->fw.opensource != (fwdate == 0xFFFF));
2582 
2583         dev->qos_enabled = dev->wl->hw->queues > 1;
2584         /* Default to firmware/hardware crypto acceleration. */
2585         dev->hwcrypto_enabled = true;
2586 
2587         if (dev->fw.opensource) {
2588                 u16 fwcapa;
2589 
2590                 /* Patchlevel info is encoded in the "time" field. */
2591                 dev->fw.patch = fwtime;
2592                 b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2593                         dev->fw.rev, dev->fw.patch);
2594 
2595                 fwcapa = b43_fwcapa_read(dev);
2596                 if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2597                         b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2598                         /* Disable hardware crypto and fall back to software crypto. */
2599                         dev->hwcrypto_enabled = false;
2600                 }
2601                 /* adding QoS support should use an offline discovery mechanism */
2602                 WARN(fwcapa & B43_FWCAPA_QOS, "QoS in OpenFW not supported\n");
2603         } else {
2604                 b43info(dev->wl, "Loading firmware version %u.%u "
2605                         "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2606                         fwrev, fwpatch,
2607                         (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2608                         (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2609                 if (dev->fw.pcm_request_failed) {
2610                         b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2611                                 "Hardware accelerated cryptography is disabled.\n");
2612                         b43_print_fw_helptext(dev->wl, 0);
2613                 }
2614         }
2615 
2616         snprintf(wiphy->fw_version, sizeof(wiphy->fw_version), "%u.%u",
2617                         dev->fw.rev, dev->fw.patch);
2618         wiphy->hw_version = dev->dev->core_id;
2619 
2620         if (dev->fw.hdr_format == B43_FW_HDR_351) {
2621                 /* We're over the deadline, but we keep support for old fw
2622                  * until it turns out to be in major conflict with something new. */
2623                 b43warn(dev->wl, "You are using an old firmware image. "
2624                         "Support for old firmware will be removed soon "
2625                         "(official deadline was July 2008).\n");
2626                 b43_print_fw_helptext(dev->wl, 0);
2627         }
2628 
2629         return 0;
2630 
2631 error:
2632         /* Stop the microcode PSM. */
2633         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
2634                       B43_MACCTL_PSM_JMP0);
2635 
2636         return err;
2637 }
2638 
2639 static int b43_write_initvals(struct b43_wldev *dev,
2640                               const struct b43_iv *ivals,
2641                               size_t count,
2642                               size_t array_size)
2643 {
2644         const struct b43_iv *iv;
2645         u16 offset;
2646         size_t i;
2647         bool bit32;
2648 
2649         BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2650         iv = ivals;
2651         for (i = 0; i < count; i++) {
2652                 if (array_size < sizeof(iv->offset_size))
2653                         goto err_format;
2654                 array_size -= sizeof(iv->offset_size);
2655                 offset = be16_to_cpu(iv->offset_size);
2656                 bit32 = !!(offset & B43_IV_32BIT);
2657                 offset &= B43_IV_OFFSET_MASK;
2658                 if (offset >= 0x1000)
2659                         goto err_format;
2660                 if (bit32) {
2661                         u32 value;
2662 
2663                         if (array_size < sizeof(iv->data.d32))
2664                                 goto err_format;
2665                         array_size -= sizeof(iv->data.d32);
2666 
2667                         value = get_unaligned_be32(&iv->data.d32);
2668                         b43_write32(dev, offset, value);
2669 
2670                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2671                                                         sizeof(__be16) +
2672                                                         sizeof(__be32));
2673                 } else {
2674                         u16 value;
2675 
2676                         if (array_size < sizeof(iv->data.d16))
2677                                 goto err_format;
2678                         array_size -= sizeof(iv->data.d16);
2679 
2680                         value = be16_to_cpu(iv->data.d16);
2681                         b43_write16(dev, offset, value);
2682 
2683                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2684                                                         sizeof(__be16) +
2685                                                         sizeof(__be16));
2686                 }
2687         }
2688         if (array_size)
2689                 goto err_format;
2690 
2691         return 0;
2692 
2693 err_format:
2694         b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2695         b43_print_fw_helptext(dev->wl, 1);
2696 
2697         return -EPROTO;
2698 }
2699 
2700 static int b43_upload_initvals(struct b43_wldev *dev)
2701 {
2702         const size_t hdr_len = sizeof(struct b43_fw_header);
2703         const struct b43_fw_header *hdr;
2704         struct b43_firmware *fw = &dev->fw;
2705         const struct b43_iv *ivals;
2706         size_t count;
2707         int err;
2708 
2709         hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2710         ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2711         count = be32_to_cpu(hdr->size);
2712         err = b43_write_initvals(dev, ivals, count,
2713                                  fw->initvals.data->size - hdr_len);
2714         if (err)
2715                 goto out;
2716         if (fw->initvals_band.data) {
2717                 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2718                 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2719                 count = be32_to_cpu(hdr->size);
2720                 err = b43_write_initvals(dev, ivals, count,
2721                                          fw->initvals_band.data->size - hdr_len);
2722                 if (err)
2723                         goto out;
2724         }
2725 out:
2726 
2727         return err;
2728 }
2729 
2730 /* Initialize the GPIOs
2731  * http://bcm-specs.sipsolutions.net/GPIO
2732  */
2733 static struct ssb_device *b43_ssb_gpio_dev(struct b43_wldev *dev)
2734 {
2735         struct ssb_bus *bus = dev->dev->sdev->bus;
2736 
2737 #ifdef CONFIG_SSB_DRIVER_PCICORE
2738         return (bus->chipco.dev ? bus->chipco.dev : bus->pcicore.dev);
2739 #else
2740         return bus->chipco.dev;
2741 #endif
2742 }
2743 
2744 static int b43_gpio_init(struct b43_wldev *dev)
2745 {
2746         struct ssb_device *gpiodev;
2747         u32 mask, set;
2748 
2749         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_GPOUTSMSK, 0);
2750         b43_maskset16(dev, B43_MMIO_GPIO_MASK, ~0, 0xF);
2751 
2752         mask = 0x0000001F;
2753         set = 0x0000000F;
2754         if (dev->dev->chip_id == 0x4301) {
2755                 mask |= 0x0060;
2756                 set |= 0x0060;
2757         } else if (dev->dev->chip_id == 0x5354) {
2758                 /* Don't allow overtaking buttons GPIOs */
2759                 set &= 0x2; /* 0x2 is LED GPIO on BCM5354 */
2760         }
2761 
2762         if (0 /* FIXME: conditional unknown */ ) {
2763                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2764                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2765                             | 0x0100);
2766                 /* BT Coexistance Input */
2767                 mask |= 0x0080;
2768                 set |= 0x0080;
2769                 /* BT Coexistance Out */
2770                 mask |= 0x0100;
2771                 set |= 0x0100;
2772         }
2773         if (dev->dev->bus_sprom->boardflags_lo & B43_BFL_PACTRL) {
2774                 /* PA is controlled by gpio 9, let ucode handle it */
2775                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2776                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2777                             | 0x0200);
2778                 mask |= 0x0200;
2779                 set |= 0x0200;
2780         }
2781 
2782         switch (dev->dev->bus_type) {
2783 #ifdef CONFIG_B43_BCMA
2784         case B43_BUS_BCMA:
2785                 bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, mask, set);
2786                 break;
2787 #endif
2788 #ifdef CONFIG_B43_SSB
2789         case B43_BUS_SSB:
2790                 gpiodev = b43_ssb_gpio_dev(dev);
2791                 if (gpiodev)
2792                         ssb_write32(gpiodev, B43_GPIO_CONTROL,
2793                                     (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2794                                     & ~mask) | set);
2795                 break;
2796 #endif
2797         }
2798 
2799         return 0;
2800 }
2801 
2802 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2803 static void b43_gpio_cleanup(struct b43_wldev *dev)
2804 {
2805         struct ssb_device *gpiodev;
2806 
2807         switch (dev->dev->bus_type) {
2808 #ifdef CONFIG_B43_BCMA
2809         case B43_BUS_BCMA:
2810                 bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, ~0, 0);
2811                 break;
2812 #endif
2813 #ifdef CONFIG_B43_SSB
2814         case B43_BUS_SSB:
2815                 gpiodev = b43_ssb_gpio_dev(dev);
2816                 if (gpiodev)
2817                         ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2818                 break;
2819 #endif
2820         }
2821 }
2822 
2823 /* http://bcm-specs.sipsolutions.net/EnableMac */
2824 void b43_mac_enable(struct b43_wldev *dev)
2825 {
2826         if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2827                 u16 fwstate;
2828 
2829                 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2830                                          B43_SHM_SH_UCODESTAT);
2831                 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2832                     (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2833                         b43err(dev->wl, "b43_mac_enable(): The firmware "
2834                                "should be suspended, but current state is %u\n",
2835                                fwstate);
2836                 }
2837         }
2838 
2839         dev->mac_suspended--;
2840         B43_WARN_ON(dev->mac_suspended < 0);
2841         if (dev->mac_suspended == 0) {
2842                 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_ENABLED);
2843                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2844                             B43_IRQ_MAC_SUSPENDED);
2845                 /* Commit writes */
2846                 b43_read32(dev, B43_MMIO_MACCTL);
2847                 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2848                 b43_power_saving_ctl_bits(dev, 0);
2849         }
2850 }
2851 
2852 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2853 void b43_mac_suspend(struct b43_wldev *dev)
2854 {
2855         int i;
2856         u32 tmp;
2857 
2858         might_sleep();
2859         B43_WARN_ON(dev->mac_suspended < 0);
2860 
2861         if (dev->mac_suspended == 0) {
2862                 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2863                 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_ENABLED, 0);
2864                 /* force pci to flush the write */
2865                 b43_read32(dev, B43_MMIO_MACCTL);
2866                 for (i = 35; i; i--) {
2867                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2868                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2869                                 goto out;
2870                         udelay(10);
2871                 }
2872                 /* Hm, it seems this will take some time. Use msleep(). */
2873                 for (i = 40; i; i--) {
2874                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2875                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2876                                 goto out;
2877                         msleep(1);
2878                 }
2879                 b43err(dev->wl, "MAC suspend failed\n");
2880         }
2881 out:
2882         dev->mac_suspended++;
2883 }
2884 
2885 /* http://bcm-v4.sipsolutions.net/802.11/PHY/N/MacPhyClkSet */
2886 void b43_mac_phy_clock_set(struct b43_wldev *dev, bool on)
2887 {
2888         u32 tmp;
2889 
2890         switch (dev->dev->bus_type) {
2891 #ifdef CONFIG_B43_BCMA
2892         case B43_BUS_BCMA:
2893                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
2894                 if (on)
2895                         tmp |= B43_BCMA_IOCTL_MACPHYCLKEN;
2896                 else
2897                         tmp &= ~B43_BCMA_IOCTL_MACPHYCLKEN;
2898                 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
2899                 break;
2900 #endif
2901 #ifdef CONFIG_B43_SSB
2902         case B43_BUS_SSB:
2903                 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
2904                 if (on)
2905                         tmp |= B43_TMSLOW_MACPHYCLKEN;
2906                 else
2907                         tmp &= ~B43_TMSLOW_MACPHYCLKEN;
2908                 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
2909                 break;
2910 #endif
2911         }
2912 }
2913 
2914 static void b43_adjust_opmode(struct b43_wldev *dev)
2915 {
2916         struct b43_wl *wl = dev->wl;
2917         u32 ctl;
2918         u16 cfp_pretbtt;
2919 
2920         ctl = b43_read32(dev, B43_MMIO_MACCTL);
2921         /* Reset status to STA infrastructure mode. */
2922         ctl &= ~B43_MACCTL_AP;
2923         ctl &= ~B43_MACCTL_KEEP_CTL;
2924         ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2925         ctl &= ~B43_MACCTL_KEEP_BAD;
2926         ctl &= ~B43_MACCTL_PROMISC;
2927         ctl &= ~B43_MACCTL_BEACPROMISC;
2928         ctl |= B43_MACCTL_INFRA;
2929 
2930         if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
2931             b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
2932                 ctl |= B43_MACCTL_AP;
2933         else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
2934                 ctl &= ~B43_MACCTL_INFRA;
2935 
2936         if (wl->filter_flags & FIF_CONTROL)
2937                 ctl |= B43_MACCTL_KEEP_CTL;
2938         if (wl->filter_flags & FIF_FCSFAIL)
2939                 ctl |= B43_MACCTL_KEEP_BAD;
2940         if (wl->filter_flags & FIF_PLCPFAIL)
2941                 ctl |= B43_MACCTL_KEEP_BADPLCP;
2942         if (wl->filter_flags & FIF_PROMISC_IN_BSS)
2943                 ctl |= B43_MACCTL_PROMISC;
2944         if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2945                 ctl |= B43_MACCTL_BEACPROMISC;
2946 
2947         /* Workaround: On old hardware the HW-MAC-address-filter
2948          * doesn't work properly, so always run promisc in filter
2949          * it in software. */
2950         if (dev->dev->core_rev <= 4)
2951                 ctl |= B43_MACCTL_PROMISC;
2952 
2953         b43_write32(dev, B43_MMIO_MACCTL, ctl);
2954 
2955         cfp_pretbtt = 2;
2956         if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2957                 if (dev->dev->chip_id == 0x4306 &&
2958                     dev->dev->chip_rev == 3)
2959                         cfp_pretbtt = 100;
2960                 else
2961                         cfp_pretbtt = 50;
2962         }
2963         b43_write16(dev, 0x612, cfp_pretbtt);
2964 
2965         /* FIXME: We don't currently implement the PMQ mechanism,
2966          *        so always disable it. If we want to implement PMQ,
2967          *        we need to enable it here (clear DISCPMQ) in AP mode.
2968          */
2969         if (0  /* ctl & B43_MACCTL_AP */)
2970                 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_DISCPMQ, 0);
2971         else
2972                 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_DISCPMQ);
2973 }
2974 
2975 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
2976 {
2977         u16 offset;
2978 
2979         if (is_ofdm) {
2980                 offset = 0x480;
2981                 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
2982         } else {
2983                 offset = 0x4C0;
2984                 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
2985         }
2986         b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
2987                         b43_shm_read16(dev, B43_SHM_SHARED, offset));
2988 }
2989 
2990 static void b43_rate_memory_init(struct b43_wldev *dev)
2991 {
2992         switch (dev->phy.type) {
2993         case B43_PHYTYPE_A:
2994         case B43_PHYTYPE_G:
2995         case B43_PHYTYPE_N:
2996         case B43_PHYTYPE_LP:
2997         case B43_PHYTYPE_HT:
2998         case B43_PHYTYPE_LCN:
2999                 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
3000                 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
3001                 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
3002                 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
3003                 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
3004                 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
3005                 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
3006                 if (dev->phy.type == B43_PHYTYPE_A)
3007                         break;
3008                 /* fallthrough */
3009         case B43_PHYTYPE_B:
3010                 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
3011                 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
3012                 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
3013                 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
3014                 break;
3015         default:
3016                 B43_WARN_ON(1);
3017         }
3018 }
3019 
3020 /* Set the default values for the PHY TX Control Words. */
3021 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
3022 {
3023         u16 ctl = 0;
3024 
3025         ctl |= B43_TXH_PHY_ENC_CCK;
3026         ctl |= B43_TXH_PHY_ANT01AUTO;
3027         ctl |= B43_TXH_PHY_TXPWR;
3028 
3029         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
3030         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
3031         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
3032 }
3033 
3034 /* Set the TX-Antenna for management frames sent by firmware. */
3035 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
3036 {
3037         u16 ant;
3038         u16 tmp;
3039 
3040         ant = b43_antenna_to_phyctl(antenna);
3041 
3042         /* For ACK/CTS */
3043         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
3044         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3045         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
3046         /* For Probe Resposes */
3047         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
3048         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3049         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
3050 }
3051 
3052 /* This is the opposite of b43_chip_init() */
3053 static void b43_chip_exit(struct b43_wldev *dev)
3054 {
3055         b43_phy_exit(dev);
3056         b43_gpio_cleanup(dev);
3057         /* firmware is released later */
3058 }
3059 
3060 /* Initialize the chip
3061  * http://bcm-specs.sipsolutions.net/ChipInit
3062  */
3063 static int b43_chip_init(struct b43_wldev *dev)
3064 {
3065         struct b43_phy *phy = &dev->phy;
3066         int err;
3067         u32 macctl;
3068         u16 value16;
3069 
3070         /* Initialize the MAC control */
3071         macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
3072         if (dev->phy.gmode)
3073                 macctl |= B43_MACCTL_GMODE;
3074         macctl |= B43_MACCTL_INFRA;
3075         b43_write32(dev, B43_MMIO_MACCTL, macctl);
3076 
3077         err = b43_upload_microcode(dev);
3078         if (err)
3079                 goto out;       /* firmware is released later */
3080 
3081         err = b43_gpio_init(dev);
3082         if (err)
3083                 goto out;       /* firmware is released later */
3084 
3085         err = b43_upload_initvals(dev);
3086         if (err)
3087                 goto err_gpio_clean;
3088 
3089         /* Turn the Analog on and initialize the PHY. */
3090         phy->ops->switch_analog(dev, 1);
3091         err = b43_phy_init(dev);
3092         if (err)
3093                 goto err_gpio_clean;
3094 
3095         /* Disable Interference Mitigation. */
3096         if (phy->ops->interf_mitigation)
3097                 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
3098 
3099         /* Select the antennae */
3100         if (phy->ops->set_rx_antenna)
3101                 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
3102         b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
3103 
3104         if (phy->type == B43_PHYTYPE_B) {
3105                 value16 = b43_read16(dev, 0x005E);
3106                 value16 |= 0x0004;
3107                 b43_write16(dev, 0x005E, value16);
3108         }
3109         b43_write32(dev, 0x0100, 0x01000000);
3110         if (dev->dev->core_rev < 5)
3111                 b43_write32(dev, 0x010C, 0x01000000);
3112 
3113         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_INFRA, 0);
3114         b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_INFRA);
3115 
3116         /* Probe Response Timeout value */
3117         /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
3118         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 0);
3119 
3120         /* Initially set the wireless operation mode. */
3121         b43_adjust_opmode(dev);
3122 
3123         if (dev->dev->core_rev < 3) {
3124                 b43_write16(dev, 0x060E, 0x0000);
3125                 b43_write16(dev, 0x0610, 0x8000);
3126                 b43_write16(dev, 0x0604, 0x0000);
3127                 b43_write16(dev, 0x0606, 0x0200);
3128         } else {
3129                 b43_write32(dev, 0x0188, 0x80000000);
3130                 b43_write32(dev, 0x018C, 0x02000000);
3131         }
3132         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
3133         b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001FC00);
3134         b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
3135         b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
3136         b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
3137         b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
3138         b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
3139 
3140         b43_mac_phy_clock_set(dev, true);
3141 
3142         switch (dev->dev->bus_type) {
3143 #ifdef CONFIG_B43_BCMA
3144         case B43_BUS_BCMA:
3145                 /* FIXME: 0xE74 is quite common, but should be read from CC */
3146                 b43_write16(dev, B43_MMIO_POWERUP_DELAY, 0xE74);
3147                 break;
3148 #endif
3149 #ifdef CONFIG_B43_SSB
3150         case B43_BUS_SSB:
3151                 b43_write16(dev, B43_MMIO_POWERUP_DELAY,
3152                             dev->dev->sdev->bus->chipco.fast_pwrup_delay);
3153                 break;
3154 #endif
3155         }
3156 
3157         err = 0;
3158         b43dbg(dev->wl, "Chip initialized\n");
3159 out:
3160         return err;
3161 
3162 err_gpio_clean:
3163         b43_gpio_cleanup(dev);
3164         return err;
3165 }
3166 
3167 static void b43_periodic_every60sec(struct b43_wldev *dev)
3168 {
3169         const struct b43_phy_operations *ops = dev->phy.ops;
3170 
3171         if (ops->pwork_60sec)
3172                 ops->pwork_60sec(dev);
3173 
3174         /* Force check the TX power emission now. */
3175         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
3176 }
3177 
3178 static void b43_periodic_every30sec(struct b43_wldev *dev)
3179 {
3180         /* Update device statistics. */
3181         b43_calculate_link_quality(dev);
3182 }
3183 
3184 static void b43_periodic_every15sec(struct b43_wldev *dev)
3185 {
3186         struct b43_phy *phy = &dev->phy;
3187         u16 wdr;
3188 
3189         if (dev->fw.opensource) {
3190                 /* Check if the firmware is still alive.
3191                  * It will reset the watchdog counter to 0 in its idle loop. */
3192                 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
3193                 if (unlikely(wdr)) {
3194                         b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
3195                         b43_controller_restart(dev, "Firmware watchdog");
3196                         return;
3197                 } else {
3198                         b43_shm_write16(dev, B43_SHM_SCRATCH,
3199                                         B43_WATCHDOG_REG, 1);
3200                 }
3201         }
3202 
3203         if (phy->ops->pwork_15sec)
3204                 phy->ops->pwork_15sec(dev);
3205 
3206         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3207         wmb();
3208 
3209 #if B43_DEBUG
3210         if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
3211                 unsigned int i;
3212 
3213                 b43dbg(dev->wl, "Stats: %7u IRQs/sec, %7u TX/sec, %7u RX/sec\n",
3214                        dev->irq_count / 15,
3215                        dev->tx_count / 15,
3216                        dev->rx_count / 15);
3217                 dev->irq_count = 0;
3218                 dev->tx_count = 0;
3219                 dev->rx_count = 0;
3220                 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
3221                         if (dev->irq_bit_count[i]) {
3222                                 b43dbg(dev->wl, "Stats: %7u IRQ-%02u/sec (0x%08X)\n",
3223                                        dev->irq_bit_count[i] / 15, i, (1 << i));
3224                                 dev->irq_bit_count[i] = 0;
3225                         }
3226                 }
3227         }
3228 #endif
3229 }
3230 
3231 static void do_periodic_work(struct b43_wldev *dev)
3232 {
3233         unsigned int state;
3234 
3235         state = dev->periodic_state;
3236         if (state % 4 == 0)
3237                 b43_periodic_every60sec(dev);
3238         if (state % 2 == 0)
3239                 b43_periodic_every30sec(dev);
3240         b43_periodic_every15sec(dev);
3241 }
3242 
3243 /* Periodic work locking policy:
3244  *      The whole periodic work handler is protected by
3245  *      wl->mutex. If another lock is needed somewhere in the
3246  *      pwork callchain, it's acquired in-place, where it's needed.
3247  */
3248 static void b43_periodic_work_handler(struct work_struct *work)
3249 {
3250         struct b43_wldev *dev = container_of(work, struct b43_wldev,
3251                                              periodic_work.work);
3252         struct b43_wl *wl = dev->wl;
3253         unsigned long delay;
3254 
3255         mutex_lock(&wl->mutex);
3256 
3257         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
3258                 goto out;
3259         if (b43_debug(dev, B43_DBG_PWORK_STOP))
3260                 goto out_requeue;
3261 
3262         do_periodic_work(dev);
3263 
3264         dev->periodic_state++;
3265 out_requeue:
3266         if (b43_debug(dev, B43_DBG_PWORK_FAST))
3267                 delay = msecs_to_jiffies(50);
3268         else
3269                 delay = round_jiffies_relative(HZ * 15);
3270         ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
3271 out:
3272         mutex_unlock(&wl->mutex);
3273 }
3274 
3275 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
3276 {
3277         struct delayed_work *work = &dev->periodic_work;
3278 
3279         dev->periodic_state = 0;
3280         INIT_DELAYED_WORK(work, b43_periodic_work_handler);
3281         ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
3282 }
3283 
3284 /* Check if communication with the device works correctly. */
3285 static int b43_validate_chipaccess(struct b43_wldev *dev)
3286 {
3287         u32 v, backup0, backup4;
3288 
3289         backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
3290         backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
3291 
3292         /* Check for read/write and endianness problems. */
3293         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
3294         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
3295                 goto error;
3296         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
3297         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
3298                 goto error;
3299 
3300         /* Check if unaligned 32bit SHM_SHARED access works properly.
3301          * However, don't bail out on failure, because it's noncritical. */
3302         b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
3303         b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
3304         b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
3305         b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
3306         if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
3307                 b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
3308         b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
3309         if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
3310             b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
3311             b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
3312             b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
3313                 b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
3314 
3315         b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
3316         b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
3317 
3318         if ((dev->dev->core_rev >= 3) && (dev->dev->core_rev <= 10)) {
3319                 /* The 32bit register shadows the two 16bit registers
3320                  * with update sideeffects. Validate this. */
3321                 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
3322                 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
3323                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
3324                         goto error;
3325                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
3326                         goto error;
3327         }
3328         b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
3329 
3330         v = b43_read32(dev, B43_MMIO_MACCTL);
3331         v |= B43_MACCTL_GMODE;
3332         if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
3333                 goto error;
3334 
3335         return 0;
3336 error:
3337         b43err(dev->wl, "Failed to validate the chipaccess\n");
3338         return -ENODEV;
3339 }
3340 
3341 static void b43_security_init(struct b43_wldev *dev)
3342 {
3343         dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
3344         /* KTP is a word address, but we address SHM bytewise.
3345          * So multiply by two.
3346          */
3347         dev->ktp *= 2;
3348         /* Number of RCMTA address slots */
3349         b43_write16(dev, B43_MMIO_RCMTA_COUNT, B43_NR_PAIRWISE_KEYS);
3350         /* Clear the key memory. */
3351         b43_clear_keys(dev);
3352 }
3353 
3354 #ifdef CONFIG_B43_HWRNG
3355 static int b43_rng_read(struct hwrng *rng, u32 *data)
3356 {
3357         struct b43_wl *wl = (struct b43_wl *)rng->priv;
3358         struct b43_wldev *dev;
3359         int count = -ENODEV;
3360 
3361         mutex_lock(&wl->mutex);
3362         dev = wl->current_dev;
3363         if (likely(dev && b43_status(dev) >= B43_STAT_INITIALIZED)) {
3364                 *data = b43_read16(dev, B43_MMIO_RNG);
3365                 count = sizeof(u16);
3366         }
3367         mutex_unlock(&wl->mutex);
3368 
3369         return count;
3370 }
3371 #endif /* CONFIG_B43_HWRNG */
3372 
3373 static void b43_rng_exit(struct b43_wl *wl)
3374 {
3375 #ifdef CONFIG_B43_HWRNG
3376         if (wl->rng_initialized)
3377                 hwrng_unregister(&wl->rng);
3378 #endif /* CONFIG_B43_HWRNG */
3379 }
3380 
3381 static int b43_rng_init(struct b43_wl *wl)
3382 {
3383         int err = 0;
3384 
3385 #ifdef CONFIG_B43_HWRNG
3386         snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3387                  "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3388         wl->rng.name = wl->rng_name;
3389         wl->rng.data_read = b43_rng_read;
3390         wl->rng.priv = (unsigned long)wl;
3391         wl->rng_initialized = true;
3392         err = hwrng_register(&wl->rng);
3393         if (err) {
3394                 wl->rng_initialized = false;
3395                 b43err(wl, "Failed to register the random "
3396                        "number generator (%d)\n", err);
3397         }
3398 #endif /* CONFIG_B43_HWRNG */
3399 
3400         return err;
3401 }
3402 
3403 static void b43_tx_work(struct work_struct *work)
3404 {
3405         struct b43_wl *wl = container_of(work, struct b43_wl, tx_work);
3406         struct b43_wldev *dev;
3407         struct sk_buff *skb;
3408         int queue_num;
3409         int err = 0;
3410 
3411         mutex_lock(&wl->mutex);
3412         dev = wl->current_dev;
3413         if (unlikely(!dev || b43_status(dev) < B43_STAT_STARTED)) {
3414                 mutex_unlock(&wl->mutex);
3415                 return;
3416         }
3417 
3418         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
3419                 while (skb_queue_len(&wl->tx_queue[queue_num])) {
3420                         skb = skb_dequeue(&wl->tx_queue[queue_num]);
3421                         if (b43_using_pio_transfers(dev))
3422                                 err = b43_pio_tx(dev, skb);
3423                         else
3424                                 err = b43_dma_tx(dev, skb);
3425                         if (err == -ENOSPC) {
3426                                 wl->tx_queue_stopped[queue_num] = 1;
3427                                 ieee80211_stop_queue(wl->hw, queue_num);
3428                                 skb_queue_head(&wl->tx_queue[queue_num], skb);
3429                                 break;
3430                         }
3431                         if (unlikely(err))
3432                                 ieee80211_free_txskb(wl->hw, skb);
3433                         err = 0;
3434                 }
3435 
3436                 if (!err)
3437                         wl->tx_queue_stopped[queue_num] = 0;
3438         }
3439 
3440 #if B43_DEBUG
3441         dev->tx_count++;
3442 #endif
3443         mutex_unlock(&wl->mutex);
3444 }
3445 
3446 static void b43_op_tx(struct ieee80211_hw *hw,
3447                       struct ieee80211_tx_control *control,
3448                       struct sk_buff *skb)
3449 {
3450         struct b43_wl *wl = hw_to_b43_wl(hw);
3451 
3452         if (unlikely(skb->len < 2 + 2 + 6)) {
3453                 /* Too short, this can't be a valid frame. */
3454                 ieee80211_free_txskb(hw, skb);
3455                 return;
3456         }
3457         B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3458 
3459         skb_queue_tail(&wl->tx_queue[skb->queue_mapping], skb);
3460         if (!wl->tx_queue_stopped[skb->queue_mapping]) {
3461                 ieee80211_queue_work(wl->hw, &wl->tx_work);
3462         } else {
3463                 ieee80211_stop_queue(wl->hw, skb->queue_mapping);
3464         }
3465 }
3466 
3467 static void b43_qos_params_upload(struct b43_wldev *dev,
3468                                   const struct ieee80211_tx_queue_params *p,
3469                                   u16 shm_offset)
3470 {
3471         u16 params[B43_NR_QOSPARAMS];
3472         int bslots, tmp;
3473         unsigned int i;
3474 
3475         if (!dev->qos_enabled)
3476                 return;
3477 
3478         bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3479 
3480         memset(&params, 0, sizeof(params));
3481 
3482         params[B43_QOSPARAM_TXOP] = p->txop * 32;
3483         params[B43_QOSPARAM_CWMIN] = p->cw_min;
3484         params[B43_QOSPARAM_CWMAX] = p->cw_max;
3485         params[B43_QOSPARAM_CWCUR] = p->cw_min;
3486         params[B43_QOSPARAM_AIFS] = p->aifs;
3487         params[B43_QOSPARAM_BSLOTS] = bslots;
3488         params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3489 
3490         for (i = 0; i < ARRAY_SIZE(params); i++) {
3491                 if (i == B43_QOSPARAM_STATUS) {
3492                         tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3493                                              shm_offset + (i * 2));
3494                         /* Mark the parameters as updated. */
3495                         tmp |= 0x100;
3496                         b43_shm_write16(dev, B43_SHM_SHARED,
3497                                         shm_offset + (i * 2),
3498                                         tmp);
3499                 } else {
3500                         b43_shm_write16(dev, B43_SHM_SHARED,
3501                                         shm_offset + (i * 2),
3502                                         params[i]);
3503                 }
3504         }
3505 }
3506 
3507 /* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3508 static const u16 b43_qos_shm_offsets[] = {
3509         /* [mac80211-queue-nr] = SHM_OFFSET, */
3510         [0] = B43_QOS_VOICE,
3511         [1] = B43_QOS_VIDEO,
3512         [2] = B43_QOS_BESTEFFORT,
3513         [3] = B43_QOS_BACKGROUND,
3514 };
3515 
3516 /* Update all QOS parameters in hardware. */
3517 static void b43_qos_upload_all(struct b43_wldev *dev)
3518 {
3519         struct b43_wl *wl = dev->wl;
3520         struct b43_qos_params *params;
3521         unsigned int i;
3522 
3523         if (!dev->qos_enabled)
3524                 return;
3525 
3526         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3527                      ARRAY_SIZE(wl->qos_params));
3528 
3529         b43_mac_suspend(dev);
3530         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3531                 params = &(wl->qos_params[i]);
3532                 b43_qos_params_upload(dev, &(params->p),
3533                                       b43_qos_shm_offsets[i]);
3534         }
3535         b43_mac_enable(dev);
3536 }
3537 
3538 static void b43_qos_clear(struct b43_wl *wl)
3539 {
3540         struct b43_qos_params *params;
3541         unsigned int i;
3542 
3543         /* Initialize QoS parameters to sane defaults. */
3544 
3545         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3546                      ARRAY_SIZE(wl->qos_params));
3547 
3548         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3549                 params = &(wl->qos_params[i]);
3550 
3551                 switch (b43_qos_shm_offsets[i]) {
3552                 case B43_QOS_VOICE:
3553                         params->p.txop = 0;
3554                         params->p.aifs = 2;
3555                         params->p.cw_min = 0x0001;
3556                         params->p.cw_max = 0x0001;
3557                         break;
3558                 case B43_QOS_VIDEO:
3559                         params->p.txop = 0;
3560                         params->p.aifs = 2;
3561                         params->p.cw_min = 0x0001;
3562                         params->p.cw_max = 0x0001;
3563                         break;
3564                 case B43_QOS_BESTEFFORT:
3565                         params->p.txop = 0;
3566                         params->p.aifs = 3;
3567                         params->p.cw_min = 0x0001;
3568                         params->p.cw_max = 0x03FF;
3569                         break;
3570                 case B43_QOS_BACKGROUND:
3571                         params->p.txop = 0;
3572                         params->p.aifs = 7;
3573                         params->p.cw_min = 0x0001;
3574                         params->p.cw_max = 0x03FF;
3575                         break;
3576                 default:
3577                         B43_WARN_ON(1);
3578                 }
3579         }
3580 }
3581 
3582 /* Initialize the core's QOS capabilities */
3583 static void b43_qos_init(struct b43_wldev *dev)
3584 {
3585         if (!dev->qos_enabled) {
3586                 /* Disable QOS support. */
3587                 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_EDCF);
3588                 b43_write16(dev, B43_MMIO_IFSCTL,
3589                             b43_read16(dev, B43_MMIO_IFSCTL)
3590                             & ~B43_MMIO_IFSCTL_USE_EDCF);
3591                 b43dbg(dev->wl, "QoS disabled\n");
3592                 return;
3593         }
3594 
3595         /* Upload the current QOS parameters. */
3596         b43_qos_upload_all(dev);
3597 
3598         /* Enable QOS support. */
3599         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3600         b43_write16(dev, B43_MMIO_IFSCTL,
3601                     b43_read16(dev, B43_MMIO_IFSCTL)
3602                     | B43_MMIO_IFSCTL_USE_EDCF);
3603         b43dbg(dev->wl, "QoS enabled\n");
3604 }
3605 
3606 static int b43_op_conf_tx(struct ieee80211_hw *hw,
3607                           struct ieee80211_vif *vif, u16 _queue,
3608                           const struct ieee80211_tx_queue_params *params)
3609 {
3610         struct b43_wl *wl = hw_to_b43_wl(hw);
3611         struct b43_wldev *dev;
3612         unsigned int queue = (unsigned int)_queue;
3613         int err = -ENODEV;
3614 
3615         if (queue >= ARRAY_SIZE(wl->qos_params)) {
3616                 /* Queue not available or don't support setting
3617                  * params on this queue. Return success to not
3618                  * confuse mac80211. */
3619                 return 0;
3620         }
3621         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3622                      ARRAY_SIZE(wl->qos_params));
3623 
3624         mutex_lock(&wl->mutex);
3625         dev = wl->current_dev;
3626         if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3627                 goto out_unlock;
3628 
3629         memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3630         b43_mac_suspend(dev);
3631         b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3632                               b43_qos_shm_offsets[queue]);
3633         b43_mac_enable(dev);
3634         err = 0;
3635 
3636 out_unlock:
3637         mutex_unlock(&wl->mutex);
3638 
3639         return err;
3640 }
3641 
3642 static int b43_op_get_stats(struct ieee80211_hw *hw,
3643                             struct ieee80211_low_level_stats *stats)
3644 {
3645         struct b43_wl *wl = hw_to_b43_wl(hw);
3646 
3647         mutex_lock(&wl->mutex);
3648         memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3649         mutex_unlock(&wl->mutex);
3650 
3651         return 0;
3652 }
3653 
3654 static u64 b43_op_get_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
3655 {
3656         struct b43_wl *wl = hw_to_b43_wl(hw);
3657         struct b43_wldev *dev;
3658         u64 tsf;
3659 
3660         mutex_lock(&wl->mutex);
3661         dev = wl->current_dev;
3662 
3663         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3664                 b43_tsf_read(dev, &tsf);
3665         else
3666                 tsf = 0;
3667 
3668         mutex_unlock(&wl->mutex);
3669 
3670         return tsf;
3671 }
3672 
3673 static void b43_op_set_tsf(struct ieee80211_hw *hw,
3674                            struct ieee80211_vif *vif, u64 tsf)
3675 {
3676         struct b43_wl *wl = hw_to_b43_wl(hw);
3677         struct b43_wldev *dev;
3678 
3679         mutex_lock(&wl->mutex);
3680         dev = wl->current_dev;
3681 
3682         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3683                 b43_tsf_write(dev, tsf);
3684 
3685         mutex_unlock(&wl->mutex);
3686 }
3687 
3688 static void b43_put_phy_into_reset(struct b43_wldev *dev)
3689 {
3690         u32 tmp;
3691 
3692         switch (dev->dev->bus_type) {
3693 #ifdef CONFIG_B43_BCMA
3694         case B43_BUS_BCMA:
3695                 b43err(dev->wl,
3696                        "Putting PHY into reset not supported on BCMA\n");
3697                 break;
3698 #endif
3699 #ifdef CONFIG_B43_SSB
3700         case B43_BUS_SSB:
3701                 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3702                 tmp &= ~B43_TMSLOW_GMODE;
3703                 tmp |= B43_TMSLOW_PHYRESET;
3704                 tmp |= SSB_TMSLOW_FGC;
3705                 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3706                 msleep(1);
3707 
3708                 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3709                 tmp &= ~SSB_TMSLOW_FGC;
3710                 tmp |= B43_TMSLOW_PHYRESET;
3711                 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3712                 msleep(1);
3713 
3714                 break;
3715 #endif
3716         }
3717 }
3718 
3719 static const char *band_to_string(enum ieee80211_band band)
3720 {
3721         switch (band) {
3722         case IEEE80211_BAND_5GHZ:
3723                 return "5";
3724         case IEEE80211_BAND_2GHZ:
3725                 return "2.4";
3726         default:
3727                 break;
3728         }
3729         B43_WARN_ON(1);
3730         return "";
3731 }
3732 
3733 /* Expects wl->mutex locked */
3734 static int b43_switch_band(struct b43_wl *wl, struct ieee80211_channel *chan)
3735 {
3736         struct b43_wldev *up_dev = NULL;
3737         struct b43_wldev *down_dev;
3738         struct b43_wldev *d;
3739         int err;
3740         bool uninitialized_var(gmode);
3741         int prev_status;
3742 
3743         /* Find a device and PHY which supports the band. */
3744         list_for_each_entry(d, &wl->devlist, list) {
3745                 switch (chan->band) {
3746                 case IEEE80211_BAND_5GHZ:
3747                         if (d->phy.supports_5ghz) {
3748                                 up_dev = d;
3749                                 gmode = false;
3750                         }
3751                         break;
3752                 case IEEE80211_BAND_2GHZ:
3753                         if (d->phy.supports_2ghz) {
3754                                 up_dev = d;
3755                                 gmode = true;
3756                         }
3757                         break;
3758                 default:
3759                         B43_WARN_ON(1);
3760                         return -EINVAL;
3761                 }
3762                 if (up_dev)
3763                         break;
3764         }
3765         if (!up_dev) {
3766                 b43err(wl, "Could not find a device for %s-GHz band operation\n",
3767                        band_to_string(chan->band));
3768                 return -ENODEV;
3769         }
3770         if ((up_dev == wl->current_dev) &&
3771             (!!wl->current_dev->phy.gmode == !!gmode)) {
3772                 /* This device is already running. */
3773                 return 0;
3774         }
3775         b43dbg(wl, "Switching to %s-GHz band\n",
3776                band_to_string(chan->band));
3777         down_dev = wl->current_dev;
3778 
3779         prev_status = b43_status(down_dev);
3780         /* Shutdown the currently running core. */
3781         if (prev_status >= B43_STAT_STARTED)
3782                 down_dev = b43_wireless_core_stop(down_dev);
3783         if (prev_status >= B43_STAT_INITIALIZED)
3784                 b43_wireless_core_exit(down_dev);
3785 
3786         if (down_dev != up_dev) {
3787                 /* We switch to a different core, so we put PHY into
3788                  * RESET on the old core. */
3789                 b43_put_phy_into_reset(down_dev);
3790         }
3791 
3792         /* Now start the new core. */
3793         up_dev->phy.gmode = gmode;
3794         if (prev_status >= B43_STAT_INITIALIZED) {
3795                 err = b43_wireless_core_init(up_dev);
3796                 if (err) {
3797                         b43err(wl, "Fatal: Could not initialize device for "
3798                                "selected %s-GHz band\n",
3799                                band_to_string(chan->band));
3800                         goto init_failure;
3801                 }
3802         }
3803         if (prev_status >= B43_STAT_STARTED) {
3804                 err = b43_wireless_core_start(up_dev);
3805                 if (err) {
3806                         b43err(wl, "Fatal: Could not start device for "
3807                                "selected %s-GHz band\n",
3808                                band_to_string(chan->band));
3809                         b43_wireless_core_exit(up_dev);
3810                         goto init_failure;
3811                 }
3812         }
3813         B43_WARN_ON(b43_status(up_dev) != prev_status);
3814 
3815         wl->current_dev = up_dev;
3816 
3817         return 0;
3818 init_failure:
3819         /* Whoops, failed to init the new core. No core is operating now. */
3820         wl->current_dev = NULL;
3821         return err;
3822 }
3823 
3824 /* Write the short and long frame retry limit values. */
3825 static void b43_set_retry_limits(struct b43_wldev *dev,
3826                                  unsigned int short_retry,
3827                                  unsigned int long_retry)
3828 {
3829         /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3830          * the chip-internal counter. */
3831         short_retry = min(short_retry, (unsigned int)0xF);
3832         long_retry = min(long_retry, (unsigned int)0xF);
3833 
3834         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3835                         short_retry);
3836         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3837                         long_retry);
3838 }
3839 
3840 static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3841 {
3842         struct b43_wl *wl = hw_to_b43_wl(hw);
3843         struct b43_wldev *dev;
3844         struct b43_phy *phy;
3845         struct ieee80211_conf *conf = &hw->conf;
3846         int antenna;
3847         int err = 0;
3848         bool reload_bss = false;
3849 
3850         mutex_lock(&wl->mutex);
3851 
3852         dev = wl->current_dev;
3853 
3854         /* Switch the band (if necessary). This might change the active core. */
3855         err = b43_switch_band(wl, conf->chandef.chan);
3856         if (err)
3857                 goto out_unlock_mutex;
3858 
3859         /* Need to reload all settings if the core changed */
3860         if (dev != wl->current_dev) {
3861                 dev = wl->current_dev;
3862                 changed = ~0;
3863                 reload_bss = true;
3864         }
3865 
3866         phy = &dev->phy;
3867 
3868         if (conf_is_ht(conf))
3869                 phy->is_40mhz =
3870                         (conf_is_ht40_minus(conf) || conf_is_ht40_plus(conf));
3871         else
3872                 phy->is_40mhz = false;
3873 
3874         b43_mac_suspend(dev);
3875 
3876         if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
3877                 b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
3878                                           conf->long_frame_max_tx_count);
3879         changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
3880         if (!changed)
3881                 goto out_mac_enable;
3882 
3883         /* Switch to the requested channel.
3884          * The firmware takes care of races with the TX handler. */
3885         if (conf->chandef.chan->hw_value != phy->channel)
3886                 b43_switch_channel(dev, conf->chandef.chan->hw_value);
3887 
3888         dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_MONITOR);
3889 
3890         /* Adjust the desired TX power level. */
3891         if (conf->power_level != 0) {
3892                 if (conf->power_level != phy->desired_txpower) {
3893                         phy->desired_txpower = conf->power_level;
3894                         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
3895                                                    B43_TXPWR_IGNORE_TSSI);
3896                 }
3897         }
3898 
3899         /* Antennas for RX and management frame TX. */
3900         antenna = B43_ANTENNA_DEFAULT;
3901         b43_mgmtframe_txantenna(dev, antenna);
3902         antenna = B43_ANTENNA_DEFAULT;
3903         if (phy->ops->set_rx_antenna)
3904                 phy->ops->set_rx_antenna(dev, antenna);
3905 
3906         if (wl->radio_enabled != phy->radio_on) {
3907                 if (wl->radio_enabled) {
3908                         b43_software_rfkill(dev, false);
3909                         b43info(dev->wl, "Radio turned on by software\n");
3910                         if (!dev->radio_hw_enable) {
3911                                 b43info(dev->wl, "The hardware RF-kill button "
3912                                         "still turns the radio physically off. "
3913                                         "Press the button to turn it on.\n");
3914                         }
3915                 } else {
3916                         b43_software_rfkill(dev, true);
3917                         b43info(dev->wl, "Radio turned off by software\n");
3918                 }
3919         }
3920 
3921 out_mac_enable:
3922         b43_mac_enable(dev);
3923 out_unlock_mutex:
3924         mutex_unlock(&wl->mutex);
3925 
3926         if (wl->vif && reload_bss)
3927                 b43_op_bss_info_changed(hw, wl->vif, &wl->vif->bss_conf, ~0);
3928 
3929         return err;
3930 }
3931 
3932 static void b43_update_basic_rates(struct b43_wldev *dev, u32 brates)
3933 {
3934         struct ieee80211_supported_band *sband =
3935                 dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
3936         struct ieee80211_rate *rate;
3937         int i;
3938         u16 basic, direct, offset, basic_offset, rateptr;
3939 
3940         for (i = 0; i < sband->n_bitrates; i++) {
3941                 rate = &sband->bitrates[i];
3942 
3943                 if (b43_is_cck_rate(rate->hw_value)) {
3944                         direct = B43_SHM_SH_CCKDIRECT;
3945                         basic = B43_SHM_SH_CCKBASIC;
3946                         offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3947                         offset &= 0xF;
3948                 } else {
3949                         direct = B43_SHM_SH_OFDMDIRECT;
3950                         basic = B43_SHM_SH_OFDMBASIC;
3951                         offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3952                         offset &= 0xF;
3953                 }
3954 
3955                 rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
3956 
3957                 if (b43_is_cck_rate(rate->hw_value)) {
3958                         basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3959                         basic_offset &= 0xF;
3960                 } else {
3961                         basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3962                         basic_offset &= 0xF;
3963                 }
3964 
3965                 /*
3966                  * Get the pointer that we need to point to
3967                  * from the direct map
3968                  */
3969                 rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
3970                                          direct + 2 * basic_offset);
3971                 /* and write it to the basic map */
3972                 b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
3973                                 rateptr);
3974         }
3975 }
3976 
3977 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
3978                                     struct ieee80211_vif *vif,
3979                                     struct ieee80211_bss_conf *conf,
3980                                     u32 changed)
3981 {
3982         struct b43_wl *wl = hw_to_b43_wl(hw);
3983         struct b43_wldev *dev;
3984 
3985         mutex_lock(&wl->mutex);
3986 
3987         dev = wl->current_dev;
3988         if (!dev || b43_status(dev) < B43_STAT_STARTED)
3989                 goto out_unlock_mutex;
3990 
3991         B43_WARN_ON(wl->vif != vif);
3992 
3993         if (changed & BSS_CHANGED_BSSID) {
3994                 if (conf->bssid)
3995                         memcpy(wl->bssid, conf->bssid, ETH_ALEN);
3996                 else
3997                         memset(wl->bssid, 0, ETH_ALEN);
3998         }
3999 
4000         if (b43_status(dev) >= B43_STAT_INITIALIZED) {
4001                 if (changed & BSS_CHANGED_BEACON &&
4002                     (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
4003                      b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
4004                      b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
4005                         b43_update_templates(wl);
4006 
4007                 if (changed & BSS_CHANGED_BSSID)
4008                         b43_write_mac_bssid_templates(dev);
4009         }
4010 
4011         b43_mac_suspend(dev);
4012 
4013         /* Update templates for AP/mesh mode. */
4014         if (changed & BSS_CHANGED_BEACON_INT &&
4015             (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
4016              b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
4017              b43_is_mode(wl, NL80211_IFTYPE_ADHOC)) &&
4018             conf->beacon_int)
4019                 b43_set_beacon_int(dev, conf->beacon_int);
4020 
4021         if (changed & BSS_CHANGED_BASIC_RATES)
4022                 b43_update_basic_rates(dev, conf->basic_rates);
4023 
4024         if (changed & BSS_CHANGED_ERP_SLOT) {
4025                 if (conf->use_short_slot)
4026                         b43_short_slot_timing_enable(dev);
4027                 else
4028                         b43_short_slot_timing_disable(dev);
4029         }
4030 
4031         b43_mac_enable(dev);
4032 out_unlock_mutex:
4033         mutex_unlock(&wl->mutex);
4034 }
4035 
4036 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
4037                           struct ieee80211_vif *vif, struct ieee80211_sta *sta,
4038                           struct ieee80211_key_conf *key)
4039 {
4040         struct b43_wl *wl = hw_to_b43_wl(hw);
4041         struct b43_wldev *dev;
4042         u8 algorithm;
4043         u8 index;
4044         int err;
4045         static const u8 bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
4046 
4047         if (modparam_nohwcrypt)
4048                 return -ENOSPC; /* User disabled HW-crypto */
4049 
4050         if ((vif->type == NL80211_IFTYPE_ADHOC ||
4051              vif->type == NL80211_IFTYPE_MESH_POINT) &&
4052             (key->cipher == WLAN_CIPHER_SUITE_TKIP ||
4053              key->cipher == WLAN_CIPHER_SUITE_CCMP) &&
4054             !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
4055                 /*
4056                  * For now, disable hw crypto for the RSN IBSS group keys. This
4057                  * could be optimized in the future, but until that gets
4058                  * implemented, use of software crypto for group addressed
4059                  * frames is a acceptable to allow RSN IBSS to be used.
4060                  */
4061                 return -EOPNOTSUPP;
4062         }
4063 
4064         mutex_lock(&wl->mutex);
4065 
4066         dev = wl->current_dev;
4067         err = -ENODEV;
4068         if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
4069                 goto out_unlock;
4070 
4071         if (dev->fw.pcm_request_failed || !dev->hwcrypto_enabled) {
4072                 /* We don't have firmware for the crypto engine.
4073                  * Must use software-crypto. */
4074                 err = -EOPNOTSUPP;
4075                 goto out_unlock;
4076         }
4077 
4078         err = -EINVAL;
4079         switch (key->cipher) {
4080         case WLAN_CIPHER_SUITE_WEP40:
4081                 algorithm = B43_SEC_ALGO_WEP40;
4082                 break;
4083         case WLAN_CIPHER_SUITE_WEP104:
4084                 algorithm = B43_SEC_ALGO_WEP104;
4085                 break;
4086         case WLAN_CIPHER_SUITE_TKIP:
4087                 algorithm = B43_SEC_ALGO_TKIP;
4088                 break;
4089         case WLAN_CIPHER_SUITE_CCMP:
4090                 algorithm = B43_SEC_ALGO_AES;
4091                 break;
4092         default:
4093                 B43_WARN_ON(1);
4094                 goto out_unlock;
4095         }
4096         index = (u8) (key->keyidx);
4097         if (index > 3)
4098                 goto out_unlock;
4099 
4100         switch (cmd) {
4101         case SET_KEY:
4102                 if (algorithm == B43_SEC_ALGO_TKIP &&
4103                     (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE) ||
4104                     !modparam_hwtkip)) {
4105                         /* We support only pairwise key */
4106                         err = -EOPNOTSUPP;
4107                         goto out_unlock;
4108                 }
4109 
4110                 if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
4111                         if (WARN_ON(!sta)) {
4112                                 err = -EOPNOTSUPP;
4113                                 goto out_unlock;
4114                         }
4115                         /* Pairwise key with an assigned MAC address. */
4116                         err = b43_key_write(dev, -1, algorithm,
4117                                             key->key, key->keylen,
4118                                             sta->addr, key);
4119                 } else {
4120                         /* Group key */
4121                         err = b43_key_write(dev, index, algorithm,
4122                                             key->key, key->keylen, NULL, key);
4123                 }
4124                 if (err)
4125                         goto out_unlock;
4126 
4127                 if (algorithm == B43_SEC_ALGO_WEP40 ||
4128                     algorithm == B43_SEC_ALGO_WEP104) {
4129                         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
4130                 } else {
4131                         b43_hf_write(dev,
4132                                      b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
4133                 }
4134                 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
4135                 if (algorithm == B43_SEC_ALGO_TKIP)
4136                         key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
4137                 break;
4138         case DISABLE_KEY: {
4139                 err = b43_key_clear(dev, key->hw_key_idx);
4140                 if (err)
4141                         goto out_unlock;
4142                 break;
4143         }
4144         default:
4145                 B43_WARN_ON(1);
4146         }
4147 
4148 out_unlock:
4149         if (!err) {
4150                 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
4151                        "mac: %pM\n",
4152                        cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
4153                        sta ? sta->addr : bcast_addr);
4154                 b43_dump_keymemory(dev);
4155         }
4156         mutex_unlock(&wl->mutex);
4157 
4158         return err;
4159 }
4160 
4161 static void b43_op_configure_filter(struct ieee80211_hw *hw,
4162                                     unsigned int changed, unsigned int *fflags,
4163                                     u64 multicast)
4164 {
4165         struct b43_wl *wl = hw_to_b43_wl(hw);
4166         struct b43_wldev *dev;
4167 
4168         mutex_lock(&wl->mutex);
4169         dev = wl->current_dev;
4170         if (!dev) {
4171                 *fflags = 0;
4172                 goto out_unlock;
4173         }
4174 
4175         *fflags &= FIF_PROMISC_IN_BSS |
4176                   FIF_ALLMULTI |
4177                   FIF_FCSFAIL |
4178                   FIF_PLCPFAIL |
4179                   FIF_CONTROL |
4180                   FIF_OTHER_BSS |
4181                   FIF_BCN_PRBRESP_PROMISC;
4182 
4183         changed &= FIF_PROMISC_IN_BSS |
4184                    FIF_ALLMULTI |
4185                    FIF_FCSFAIL |
4186                    FIF_PLCPFAIL |
4187                    FIF_CONTROL |
4188                    FIF_OTHER_BSS |
4189                    FIF_BCN_PRBRESP_PROMISC;
4190 
4191         wl->filter_flags = *fflags;
4192 
4193         if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
4194                 b43_adjust_opmode(dev);
4195 
4196 out_unlock:
4197         mutex_unlock(&wl->mutex);
4198 }
4199 
4200 /* Locking: wl->mutex
4201  * Returns the current dev. This might be different from the passed in dev,
4202  * because the core might be gone away while we unlocked the mutex. */
4203 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev)
4204 {
4205         struct b43_wl *wl;
4206         struct b43_wldev *orig_dev;
4207         u32 mask;
4208         int queue_num;
4209 
4210         if (!dev)
4211                 return NULL;
4212         wl = dev->wl;
4213 redo:
4214         if (!dev || b43_status(dev) < B43_STAT_STARTED)
4215                 return dev;
4216 
4217         /* Cancel work. Unlock to avoid deadlocks. */
4218         mutex_unlock(&wl->mutex);
4219         cancel_delayed_work_sync(&dev->periodic_work);
4220         cancel_work_sync(&wl->tx_work);
4221         mutex_lock(&wl->mutex);
4222         dev = wl->current_dev;
4223         if (!dev || b43_status(dev) < B43_STAT_STARTED) {
4224                 /* Whoops, aliens ate up the device while we were unlocked. */
4225                 return dev;
4226         }
4227 
4228         /* Disable interrupts on the device. */
4229         b43_set_status(dev, B43_STAT_INITIALIZED);
4230         if (b43_bus_host_is_sdio(dev->dev)) {
4231                 /* wl->mutex is locked. That is enough. */
4232                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4233                 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4234         } else {
4235                 spin_lock_irq(&wl->hardirq_lock);
4236                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4237                 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4238                 spin_unlock_irq(&wl->hardirq_lock);
4239         }
4240         /* Synchronize and free the interrupt handlers. Unlock to avoid deadlocks. */
4241         orig_dev = dev;
4242         mutex_unlock(&wl->mutex);
4243         if (b43_bus_host_is_sdio(dev->dev)) {
4244                 b43_sdio_free_irq(dev);
4245         } else {
4246                 synchronize_irq(dev->dev->irq);
4247                 free_irq(dev->dev->irq, dev);
4248         }
4249         mutex_lock(&wl->mutex);
4250         dev = wl->current_dev;
4251         if (!dev)
4252                 return dev;
4253         if (dev != orig_dev) {
4254                 if (b43_status(dev) >= B43_STAT_STARTED)
4255                         goto redo;
4256                 return dev;
4257         }
4258         mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
4259         B43_WARN_ON(mask != 0xFFFFFFFF && mask);
4260 
4261         /* Drain all TX queues. */
4262         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
4263                 while (skb_queue_len(&wl->tx_queue[queue_num])) {
4264                         struct sk_buff *skb;
4265 
4266                         skb = skb_dequeue(&wl->tx_queue[queue_num]);
4267                         ieee80211_free_txskb(wl->hw, skb);
4268                 }
4269         }
4270 
4271         b43_mac_suspend(dev);
4272         b43_leds_exit(dev);
4273         b43dbg(wl, "Wireless interface stopped\n");
4274 
4275         return dev;
4276 }
4277 
4278 /* Locking: wl->mutex */
4279 static int b43_wireless_core_start(struct b43_wldev *dev)
4280 {
4281         int err;
4282 
4283         B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
4284 
4285         drain_txstatus_queue(dev);
4286         if (b43_bus_host_is_sdio(dev->dev)) {
4287                 err = b43_sdio_request_irq(dev, b43_sdio_interrupt_handler);
4288                 if (err) {
4289                         b43err(dev->wl, "Cannot request SDIO IRQ\n");
4290                         goto out;
4291                 }
4292         } else {
4293                 err = request_threaded_irq(dev->dev->irq, b43_interrupt_handler,
4294                                            b43_interrupt_thread_handler,
4295                                            IRQF_SHARED, KBUILD_MODNAME, dev);
4296                 if (err) {
4297                         b43err(dev->wl, "Cannot request IRQ-%d\n",
4298                                dev->dev->irq);
4299                         goto out;
4300                 }
4301         }
4302 
4303         /* We are ready to run. */
4304         ieee80211_wake_queues(dev->wl->hw);
4305         b43_set_status(dev, B43_STAT_STARTED);
4306 
4307         /* Start data flow (TX/RX). */
4308         b43_mac_enable(dev);
4309         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
4310 
4311         /* Start maintenance work */
4312         b43_periodic_tasks_setup(dev);
4313 
4314         b43_leds_init(dev);
4315 
4316         b43dbg(dev->wl, "Wireless interface started\n");
4317 out:
4318         return err;
4319 }
4320 
4321 static char *b43_phy_name(struct b43_wldev *dev, u8 phy_type)
4322 {
4323         switch (phy_type) {
4324         case B43_PHYTYPE_A:
4325                 return "A";
4326         case B43_PHYTYPE_B:
4327                 return "B";
4328         case B43_PHYTYPE_G:
4329                 return "G";
4330         case B43_PHYTYPE_N:
4331                 return "N";
4332         case B43_PHYTYPE_LP:
4333                 return "LP";
4334         case B43_PHYTYPE_SSLPN:
4335                 return "SSLPN";
4336         case B43_PHYTYPE_HT:
4337                 return "HT";
4338         case B43_PHYTYPE_LCN:
4339                 return "LCN";
4340         case B43_PHYTYPE_LCNXN:
4341                 return "LCNXN";
4342         case B43_PHYTYPE_LCN40:
4343                 return "LCN40";
4344         case B43_PHYTYPE_AC:
4345                 return "AC";
4346         }
4347         return "UNKNOWN";
4348 }
4349 
4350 /* Get PHY and RADIO versioning numbers */
4351 static int b43_phy_versioning(struct b43_wldev *dev)
4352 {
4353         struct b43_phy *phy = &dev->phy;
4354         u32 tmp;
4355         u8 analog_type;
4356         u8 phy_type;
4357         u8 phy_rev;
4358         u16 radio_manuf;
4359         u16 radio_ver;
4360         u16 radio_rev;
4361         int unsupported = 0;
4362 
4363         /* Get PHY versioning */
4364         tmp = b43_read16(dev, B43_MMIO_PHY_VER);
4365         analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
4366         phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
4367         phy_rev = (tmp & B43_PHYVER_VERSION);
4368         switch (phy_type) {
4369         case B43_PHYTYPE_A:
4370                 if (phy_rev >= 4)
4371                         unsupported = 1;
4372                 break;
4373         case B43_PHYTYPE_B:
4374                 if (phy_rev != 2 && phy_rev != 4 && phy_rev != 6
4375                     && phy_rev != 7)
4376                         unsupported = 1;
4377                 break;
4378         case B43_PHYTYPE_G:
4379                 if (phy_rev > 9)
4380                         unsupported = 1;
4381                 break;
4382 #ifdef CONFIG_B43_PHY_N
4383         case B43_PHYTYPE_N:
4384                 if (phy_rev > 9)
4385                         unsupported = 1;
4386                 break;
4387 #endif
4388 #ifdef CONFIG_B43_PHY_LP
4389         case B43_PHYTYPE_LP:
4390                 if (phy_rev > 2)
4391                         unsupported = 1;
4392                 break;
4393 #endif
4394 #ifdef CONFIG_B43_PHY_HT
4395         case B43_PHYTYPE_HT:
4396                 if (phy_rev > 1)
4397                         unsupported = 1;
4398                 break;
4399 #endif
4400 #ifdef CONFIG_B43_PHY_LCN
4401         case B43_PHYTYPE_LCN:
4402                 if (phy_rev > 1)
4403                         unsupported = 1;
4404                 break;
4405 #endif
4406         default:
4407                 unsupported = 1;
4408         }
4409         if (unsupported) {
4410                 b43err(dev->wl, "FOUND UNSUPPORTED PHY (Analog %u, Type %d (%s), Revision %u)\n",
4411                        analog_type, phy_type, b43_phy_name(dev, phy_type),
4412                        phy_rev);
4413                 return -EOPNOTSUPP;
4414         }
4415         b43info(dev->wl, "Found PHY: Analog %u, Type %d (%s), Revision %u\n",
4416                 analog_type, phy_type, b43_phy_name(dev, phy_type), phy_rev);
4417 
4418         /* Get RADIO versioning */
4419         if (dev->dev->core_rev >= 24) {
4420                 u16 radio24[3];
4421 
4422                 for (tmp = 0; tmp < 3; tmp++) {
4423                         b43_write16(dev, B43_MMIO_RADIO24_CONTROL, tmp);
4424                         radio24[tmp] = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4425                 }
4426 
4427                 /* Broadcom uses "id" for our "ver" and has separated "ver" */
4428                 /* radio_ver = (radio24[0] & 0xF0) >> 4; */
4429 
4430                 radio_manuf = 0x17F;
4431                 radio_ver = (radio24[2] << 8) | radio24[1];
4432                 radio_rev = (radio24[0] & 0xF);
4433         } else {
4434                 if (dev->dev->chip_id == 0x4317) {
4435                         if (dev->dev->chip_rev == 0)
4436                                 tmp = 0x3205017F;
4437                         else if (dev->dev->chip_rev == 1)
4438                                 tmp = 0x4205017F;
4439                         else
4440                                 tmp = 0x5205017F;
4441                 } else {
4442                         b43_write16(dev, B43_MMIO_RADIO_CONTROL,
4443                                     B43_RADIOCTL_ID);
4444                         tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
4445                         b43_write16(dev, B43_MMIO_RADIO_CONTROL,
4446                                     B43_RADIOCTL_ID);
4447                         tmp |= (u32)b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH)
4448                                 << 16;
4449                 }
4450                 radio_manuf = (tmp & 0x00000FFF);
4451                 radio_ver = (tmp & 0x0FFFF000) >> 12;
4452                 radio_rev = (tmp & 0xF0000000) >> 28;
4453         }
4454 
4455         if (radio_manuf != 0x17F /* Broadcom */)
4456                 unsupported = 1;
4457         switch (phy_type) {
4458         case B43_PHYTYPE_A:
4459                 if (radio_ver != 0x2060)
4460                         unsupported = 1;
4461                 if (radio_rev != 1)
4462                         unsupported = 1;
4463                 if (radio_manuf != 0x17F)
4464                         unsupported = 1;
4465                 break;
4466         case B43_PHYTYPE_B:
4467                 if ((radio_ver & 0xFFF0) != 0x2050)
4468                         unsupported = 1;
4469                 break;
4470         case B43_PHYTYPE_G:
4471                 if (radio_ver != 0x2050)
4472                         unsupported = 1;
4473                 break;
4474         case B43_PHYTYPE_N:
4475                 if (radio_ver != 0x2055 && radio_ver != 0x2056)
4476                         unsupported = 1;
4477                 break;
4478         case B43_PHYTYPE_LP:
4479                 if (radio_ver != 0x2062 && radio_ver != 0x2063)
4480                         unsupported = 1;
4481                 break;
4482         case B43_PHYTYPE_HT:
4483                 if (radio_ver != 0x2059)
4484                         unsupported = 1;
4485                 break;
4486         case B43_PHYTYPE_LCN:
4487                 if (radio_ver != 0x2064)
4488                         unsupported = 1;
4489                 break;
4490         default:
4491                 B43_WARN_ON(1);
4492         }
4493         if (unsupported) {
4494                 b43err(dev->wl, "FOUND UNSUPPORTED RADIO "
4495                        "(Manuf 0x%X, Version 0x%X, Revision %u)\n",
4496                        radio_manuf, radio_ver, radio_rev);
4497                 return -EOPNOTSUPP;
4498         }
4499         b43dbg(dev->wl, "Found Radio: Manuf 0x%X, Version 0x%X, Revision %u\n",
4500                radio_manuf, radio_ver, radio_rev);
4501 
4502         phy->radio_manuf = radio_manuf;
4503         phy->radio_ver = radio_ver;
4504         phy->radio_rev = radio_rev;
4505 
4506         phy->analog = analog_type;
4507         phy->type = phy_type;
4508         phy->rev = phy_rev;
4509 
4510         return 0;
4511 }
4512 
4513 static void setup_struct_phy_for_init(struct b43_wldev *dev,
4514                                       struct b43_phy *phy)
4515 {
4516         phy->hardware_power_control = !!modparam_hwpctl;
4517         phy->next_txpwr_check_time = jiffies;
4518         /* PHY TX errors counter. */
4519         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
4520 
4521 #if B43_DEBUG
4522         phy->phy_locked = false;
4523         phy->radio_locked = false;
4524 #endif
4525 }
4526 
4527 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
4528 {
4529         dev->dfq_valid = false;
4530 
4531         /* Assume the radio is enabled. If it's not enabled, the state will
4532          * immediately get fixed on the first periodic work run. */
4533         dev->radio_hw_enable = true;
4534 
4535         /* Stats */
4536         memset(&dev->stats, 0, sizeof(dev->stats));
4537 
4538         setup_struct_phy_for_init(dev, &dev->phy);
4539 
4540         /* IRQ related flags */
4541         dev->irq_reason = 0;
4542         memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
4543         dev->irq_mask = B43_IRQ_MASKTEMPLATE;
4544         if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
4545                 dev->irq_mask &= ~B43_IRQ_PHY_TXERR;
4546 
4547         dev->mac_suspended = 1;
4548 
4549         /* Noise calculation context */
4550         memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
4551 }
4552 
4553 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
4554 {
4555         struct ssb_sprom *sprom = dev->dev->bus_sprom;
4556         u64 hf;
4557 
4558         if (!modparam_btcoex)
4559                 return;
4560         if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
4561                 return;
4562         if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
4563                 return;
4564 
4565         hf = b43_hf_read(dev);
4566         if (sprom->boardflags_lo & B43_BFL_BTCMOD)
4567                 hf |= B43_HF_BTCOEXALT;
4568         else
4569                 hf |= B43_HF_BTCOEX;
4570         b43_hf_write(dev, hf);
4571 }
4572 
4573 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
4574 {
4575         if (!modparam_btcoex)
4576                 return;
4577         //TODO
4578 }
4579 
4580 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
4581 {
4582         struct ssb_bus *bus;
4583         u32 tmp;
4584 
4585         if (dev->dev->bus_type != B43_BUS_SSB)
4586                 return;
4587 
4588         bus = dev->dev->sdev->bus;
4589 
4590         if ((bus->chip_id == 0x4311 && bus->chip_rev == 2) ||
4591             (bus->chip_id == 0x4312)) {
4592                 tmp = ssb_read32(dev->dev->sdev, SSB_IMCFGLO);
4593                 tmp &= ~SSB_IMCFGLO_REQTO;
4594                 tmp &= ~SSB_IMCFGLO_SERTO;
4595                 tmp |= 0x3;
4596                 ssb_write32(dev->dev->sdev, SSB_IMCFGLO, tmp);
4597                 ssb_commit_settings(bus);
4598         }
4599 }
4600 
4601 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
4602 {
4603         u16 pu_delay;
4604 
4605         /* The time value is in microseconds. */
4606         if (dev->phy.type == B43_PHYTYPE_A)
4607                 pu_delay = 3700;
4608         else
4609                 pu_delay = 1050;
4610         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
4611                 pu_delay = 500;
4612         if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
4613                 pu_delay = max(pu_delay, (u16)2400);
4614 
4615         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
4616 }
4617 
4618 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
4619 static void b43_set_pretbtt(struct b43_wldev *dev)
4620 {
4621         u16 pretbtt;
4622 
4623         /* The time value is in microseconds. */
4624         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC)) {
4625                 pretbtt = 2;
4626         } else {
4627                 if (dev->phy.type == B43_PHYTYPE_A)
4628                         pretbtt = 120;
4629                 else
4630                         pretbtt = 250;
4631         }
4632         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
4633         b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
4634 }
4635 
4636 /* Shutdown a wireless core */
4637 /* Locking: wl->mutex */
4638 static void b43_wireless_core_exit(struct b43_wldev *dev)
4639 {
4640         B43_WARN_ON(dev && b43_status(dev) > B43_STAT_INITIALIZED);
4641         if (!dev || b43_status(dev) != B43_STAT_INITIALIZED)
4642                 return;
4643 
4644         b43_set_status(dev, B43_STAT_UNINIT);
4645 
4646         /* Stop the microcode PSM. */
4647         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
4648                       B43_MACCTL_PSM_JMP0);
4649 
4650         switch (dev->dev->bus_type) {
4651 #ifdef CONFIG_B43_BCMA
4652         case B43_BUS_BCMA:
4653                 bcma_core_pci_down(dev->dev->bdev->bus);
4654                 break;
4655 #endif
4656 #ifdef CONFIG_B43_SSB
4657         case B43_BUS_SSB:
4658                 /* TODO */
4659                 break;
4660 #endif
4661         }
4662 
4663         b43_dma_free(dev);
4664         b43_pio_free(dev);
4665         b43_chip_exit(dev);
4666         dev->phy.ops->switch_analog(dev, 0);
4667         if (dev->wl->current_beacon) {
4668                 dev_kfree_skb_any(dev->wl->current_beacon);
4669                 dev->wl->current_beacon = NULL;
4670         }
4671 
4672         b43_device_disable(dev, 0);
4673         b43_bus_may_powerdown(dev);
4674 }
4675 
4676 /* Initialize a wireless core */
4677 static int b43_wireless_core_init(struct b43_wldev *dev)
4678 {
4679         struct ssb_sprom *sprom = dev->dev->bus_sprom;
4680         struct b43_phy *phy = &dev->phy;
4681         int err;
4682         u64 hf;
4683 
4684         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4685 
4686         err = b43_bus_powerup(dev, 0);
4687         if (err)
4688                 goto out;
4689         if (!b43_device_is_enabled(dev))
4690                 b43_wireless_core_reset(dev, phy->gmode);
4691 
4692         /* Reset all data structures. */
4693         setup_struct_wldev_for_init(dev);
4694         phy->ops->prepare_structs(dev);
4695 
4696         /* Enable IRQ routing to this device. */
4697         switch (dev->dev->bus_type) {
4698 #ifdef CONFIG_B43_BCMA
4699         case B43_BUS_BCMA:
4700                 bcma_core_pci_irq_ctl(&dev->dev->bdev->bus->drv_pci[0],
4701                                       dev->dev->bdev, true);
4702                 bcma_core_pci_up(dev->dev->bdev->bus);
4703                 break;
4704 #endif
4705 #ifdef CONFIG_B43_SSB
4706         case B43_BUS_SSB:
4707                 ssb_pcicore_dev_irqvecs_enable(&dev->dev->sdev->bus->pcicore,
4708                                                dev->dev->sdev);
4709                 break;
4710 #endif
4711         }
4712 
4713         b43_imcfglo_timeouts_workaround(dev);
4714         b43_bluetooth_coext_disable(dev);
4715         if (phy->ops->prepare_hardware) {
4716                 err = phy->ops->prepare_hardware(dev);
4717                 if (err)
4718                         goto err_busdown;
4719         }
4720         err = b43_chip_init(dev);
4721         if (err)
4722                 goto err_busdown;
4723         b43_shm_write16(dev, B43_SHM_SHARED,
4724                         B43_SHM_SH_WLCOREREV, dev->dev->core_rev);
4725         hf = b43_hf_read(dev);
4726         if (phy->type == B43_PHYTYPE_G) {
4727                 hf |= B43_HF_SYMW;
4728                 if (phy->rev == 1)
4729                         hf |= B43_HF_GDCW;
4730                 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4731                         hf |= B43_HF_OFDMPABOOST;
4732         }
4733         if (phy->radio_ver == 0x2050) {
4734                 if (phy->radio_rev == 6)
4735                         hf |= B43_HF_4318TSSI;
4736                 if (phy->radio_rev < 6)
4737                         hf |= B43_HF_VCORECALC;
4738         }
4739         if (sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW)
4740                 hf |= B43_HF_DSCRQ; /* Disable slowclock requests from ucode. */
4741 #ifdef CONFIG_SSB_DRIVER_PCICORE
4742         if (dev->dev->bus_type == B43_BUS_SSB &&
4743             dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI &&
4744             dev->dev->sdev->bus->pcicore.dev->id.revision <= 10)
4745                 hf |= B43_HF_PCISCW; /* PCI slow clock workaround. */
4746 #endif
4747         hf &= ~B43_HF_SKCFPUP;
4748         b43_hf_write(dev, hf);
4749 
4750         b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4751                              B43_DEFAULT_LONG_RETRY_LIMIT);
4752         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4753         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4754 
4755         /* Disable sending probe responses from firmware.
4756          * Setting the MaxTime to one usec will always trigger
4757          * a timeout, so we never send any probe resp.
4758          * A timeout of zero is infinite. */
4759         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4760 
4761         b43_rate_memory_init(dev);
4762         b43_set_phytxctl_defaults(dev);
4763 
4764         /* Minimum Contention Window */
4765         if (phy->type == B43_PHYTYPE_B)
4766                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4767         else
4768                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4769         /* Maximum Contention Window */
4770         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4771 
4772         if (b43_bus_host_is_pcmcia(dev->dev) ||
4773             b43_bus_host_is_sdio(dev->dev)) {
4774                 dev->__using_pio_transfers = true;
4775                 err = b43_pio_init(dev);
4776         } else if (dev->use_pio) {
4777                 b43warn(dev->wl, "Forced PIO by use_pio module parameter. "
4778                         "This should not be needed and will result in lower "
4779                         "performance.\n");
4780                 dev->__using_pio_transfers = true;
4781                 err = b43_pio_init(dev);
4782         } else {
4783                 dev->__using_pio_transfers = false;
4784                 err = b43_dma_init(dev);
4785         }
4786         if (err)
4787                 goto err_chip_exit;
4788         b43_qos_init(dev);
4789         b43_set_synth_pu_delay(dev, 1);
4790         b43_bluetooth_coext_enable(dev);
4791 
4792         b43_bus_powerup(dev, !(sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW));
4793         b43_upload_card_macaddress(dev);
4794         b43_security_init(dev);
4795 
4796         ieee80211_wake_queues(dev->wl->hw);
4797 
4798         b43_set_status(dev, B43_STAT_INITIALIZED);
4799 
4800 out:
4801         return err;
4802 
4803 err_chip_exit:
4804         b43_chip_exit(dev);
4805 err_busdown:
4806         b43_bus_may_powerdown(dev);
4807         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4808         return err;
4809 }
4810 
4811 static int b43_op_add_interface(struct ieee80211_hw *hw,
4812                                 struct ieee80211_vif *vif)
4813 {
4814         struct b43_wl *wl = hw_to_b43_wl(hw);
4815         struct b43_wldev *dev;
4816         int err = -EOPNOTSUPP;
4817 
4818         /* TODO: allow WDS/AP devices to coexist */
4819 
4820         if (vif->type != NL80211_IFTYPE_AP &&
4821             vif->type != NL80211_IFTYPE_MESH_POINT &&
4822             vif->type != NL80211_IFTYPE_STATION &&
4823             vif->type != NL80211_IFTYPE_WDS &&
4824             vif->type != NL80211_IFTYPE_ADHOC)
4825                 return -EOPNOTSUPP;
4826 
4827         mutex_lock(&wl->mutex);
4828         if (wl->operating)
4829                 goto out_mutex_unlock;
4830 
4831         b43dbg(wl, "Adding Interface type %d\n", vif->type);
4832 
4833         dev = wl->current_dev;
4834         wl->operating = true;
4835         wl->vif = vif;
4836         wl->if_type = vif->type;
4837         memcpy(wl->mac_addr, vif->addr, ETH_ALEN);
4838 
4839         b43_adjust_opmode(dev);
4840         b43_set_pretbtt(dev);
4841         b43_set_synth_pu_delay(dev, 0);
4842         b43_upload_card_macaddress(dev);
4843 
4844         err = 0;
4845  out_mutex_unlock:
4846         mutex_unlock(&wl->mutex);
4847 
4848         if (err == 0)
4849                 b43_op_bss_info_changed(hw, vif, &vif->bss_conf, ~0);
4850 
4851         return err;
4852 }
4853 
4854 static void b43_op_remove_interface(struct ieee80211_hw *hw,
4855                                     struct ieee80211_vif *vif)
4856 {
4857         struct b43_wl *wl = hw_to_b43_wl(hw);
4858         struct b43_wldev *dev = wl->current_dev;
4859 
4860         b43dbg(wl, "Removing Interface type %d\n", vif->type);
4861 
4862         mutex_lock(&wl->mutex);
4863 
4864         B43_WARN_ON(!wl->operating);
4865         B43_WARN_ON(wl->vif != vif);
4866         wl->vif = NULL;
4867 
4868         wl->operating = false;
4869 
4870         b43_adjust_opmode(dev);
4871         memset(wl->mac_addr, 0, ETH_ALEN);
4872         b43_upload_card_macaddress(dev);
4873 
4874         mutex_unlock(&wl->mutex);
4875 }
4876 
4877 static int b43_op_start(struct ieee80211_hw *hw)
4878 {
4879         struct b43_wl *wl = hw_to_b43_wl(hw);
4880         struct b43_wldev *dev = wl->current_dev;
4881         int did_init = 0;
4882         int err = 0;
4883 
4884         /* Kill all old instance specific information to make sure
4885          * the card won't use it in the short timeframe between start
4886          * and mac80211 reconfiguring it. */
4887         memset(wl->bssid, 0, ETH_ALEN);
4888         memset(wl->mac_addr, 0, ETH_ALEN);
4889         wl->filter_flags = 0;
4890         wl->radiotap_enabled = false;
4891         b43_qos_clear(wl);
4892         wl->beacon0_uploaded = false;
4893         wl->beacon1_uploaded = false;
4894         wl->beacon_templates_virgin = true;
4895         wl->radio_enabled = true;
4896 
4897         mutex_lock(&wl->mutex);
4898 
4899         if (b43_status(dev) < B43_STAT_INITIALIZED) {
4900                 err = b43_wireless_core_init(dev);
4901                 if (err)
4902                         goto out_mutex_unlock;
4903                 did_init = 1;
4904         }
4905 
4906         if (b43_status(dev) < B43_STAT_STARTED) {
4907                 err = b43_wireless_core_start(dev);
4908                 if (err) {
4909                         if (did_init)
4910                                 b43_wireless_core_exit(dev);
4911                         goto out_mutex_unlock;
4912                 }
4913         }
4914 
4915         /* XXX: only do if device doesn't support rfkill irq */
4916         wiphy_rfkill_start_polling(hw->wiphy);
4917 
4918  out_mutex_unlock:
4919         mutex_unlock(&wl->mutex);
4920 
4921         /*
4922          * Configuration may have been overwritten during initialization.
4923          * Reload the configuration, but only if initialization was
4924          * successful. Reloading the configuration after a failed init
4925          * may hang the system.
4926          */
4927         if (!err)
4928                 b43_op_config(hw, ~0);
4929 
4930         return err;
4931 }
4932 
4933 static void b43_op_stop(struct ieee80211_hw *hw)
4934 {
4935         struct b43_wl *wl = hw_to_b43_wl(hw);
4936         struct b43_wldev *dev = wl->current_dev;
4937 
4938         cancel_work_sync(&(wl->beacon_update_trigger));
4939 
4940         if (!dev)
4941                 goto out;
4942 
4943         mutex_lock(&wl->mutex);
4944         if (b43_status(dev) >= B43_STAT_STARTED) {
4945                 dev = b43_wireless_core_stop(dev);
4946                 if (!dev)
4947                         goto out_unlock;
4948         }
4949         b43_wireless_core_exit(dev);
4950         wl->radio_enabled = false;
4951 
4952 out_unlock:
4953         mutex_unlock(&wl->mutex);
4954 out:
4955         cancel_work_sync(&(wl->txpower_adjust_work));
4956 }
4957 
4958 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
4959                                  struct ieee80211_sta *sta, bool set)
4960 {
4961         struct b43_wl *wl = hw_to_b43_wl(hw);
4962 
4963         /* FIXME: add locking */
4964         b43_update_templates(wl);
4965 
4966         return 0;
4967 }
4968 
4969 static void b43_op_sta_notify(struct ieee80211_hw *hw,
4970                               struct ieee80211_vif *vif,
4971                               enum sta_notify_cmd notify_cmd,
4972                               struct ieee80211_sta *sta)
4973 {
4974         struct b43_wl *wl = hw_to_b43_wl(hw);
4975 
4976         B43_WARN_ON(!vif || wl->vif != vif);
4977 }
4978 
4979 static void b43_op_sw_scan_start_notifier(struct ieee80211_hw *hw)
4980 {
4981         struct b43_wl *wl = hw_to_b43_wl(hw);
4982         struct b43_wldev *dev;
4983 
4984         mutex_lock(&wl->mutex);
4985         dev = wl->current_dev;
4986         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4987                 /* Disable CFP update during scan on other channels. */
4988                 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_SKCFPUP);
4989         }
4990         mutex_unlock(&wl->mutex);
4991 }
4992 
4993 static void b43_op_sw_scan_complete_notifier(struct ieee80211_hw *hw)
4994 {
4995         struct b43_wl *wl = hw_to_b43_wl(hw);
4996         struct b43_wldev *dev;
4997 
4998         mutex_lock(&wl->mutex);
4999         dev = wl->current_dev;
5000         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
5001                 /* Re-enable CFP update. */
5002                 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_SKCFPUP);
5003         }
5004         mutex_unlock(&wl->mutex);
5005 }
5006 
5007 static int b43_op_get_survey(struct ieee80211_hw *hw, int idx,
5008                              struct survey_info *survey)
5009 {
5010         struct b43_wl *wl = hw_to_b43_wl(hw);
5011         struct b43_wldev *dev = wl->current_dev;
5012         struct ieee80211_conf *conf = &hw->conf;
5013 
5014         if (idx != 0)
5015                 return -ENOENT;
5016 
5017         survey->channel = conf->chandef.chan;
5018         survey->filled = SURVEY_INFO_NOISE_DBM;
5019         survey->noise = dev->stats.link_noise;
5020 
5021         return 0;
5022 }
5023 
5024 static const struct ieee80211_ops b43_hw_ops = {
5025         .tx                     = b43_op_tx,
5026         .conf_tx                = b43_op_conf_tx,
5027         .add_interface          = b43_op_add_interface,
5028         .remove_interface       = b43_op_remove_interface,
5029         .config                 = b43_op_config,
5030         .bss_info_changed       = b43_op_bss_info_changed,
5031         .configure_filter       = b43_op_configure_filter,
5032         .set_key                = b43_op_set_key,
5033         .update_tkip_key        = b43_op_update_tkip_key,
5034         .get_stats              = b43_op_get_stats,
5035         .get_tsf                = b43_op_get_tsf,
5036         .set_tsf                = b43_op_set_tsf,
5037         .start                  = b43_op_start,
5038         .stop                   = b43_op_stop,
5039         .set_tim                = b43_op_beacon_set_tim,
5040         .sta_notify             = b43_op_sta_notify,
5041         .sw_scan_start          = b43_op_sw_scan_start_notifier,
5042         .sw_scan_complete       = b43_op_sw_scan_complete_notifier,
5043         .get_survey             = b43_op_get_survey,
5044         .rfkill_poll            = b43_rfkill_poll,
5045 };
5046 
5047 /* Hard-reset the chip. Do not call this directly.
5048  * Use b43_controller_restart()
5049  */
5050 static void b43_chip_reset(struct work_struct *work)
5051 {
5052         struct b43_wldev *dev =
5053             container_of(work, struct b43_wldev, restart_work);
5054         struct b43_wl *wl = dev->wl;
5055         int err = 0;
5056         int prev_status;
5057 
5058         mutex_lock(&wl->mutex);
5059 
5060         prev_status = b43_status(dev);
5061         /* Bring the device down... */
5062         if (prev_status >= B43_STAT_STARTED) {
5063                 dev = b43_wireless_core_stop(dev);
5064                 if (!dev) {
5065                         err = -ENODEV;
5066                         goto out;
5067                 }
5068         }
5069         if (prev_status >= B43_STAT_INITIALIZED)
5070                 b43_wireless_core_exit(dev);
5071 
5072         /* ...and up again. */
5073         if (prev_status >= B43_STAT_INITIALIZED) {
5074                 err = b43_wireless_core_init(dev);
5075                 if (err)
5076                         goto out;
5077         }
5078         if (prev_status >= B43_STAT_STARTED) {
5079                 err = b43_wireless_core_start(dev);
5080                 if (err) {
5081                         b43_wireless_core_exit(dev);
5082                         goto out;
5083                 }
5084         }
5085 out:
5086         if (err)
5087                 wl->current_dev = NULL; /* Failed to init the dev. */
5088         mutex_unlock(&wl->mutex);
5089 
5090         if (err) {
5091                 b43err(wl, "Controller restart FAILED\n");
5092                 return;
5093         }
5094 
5095         /* reload configuration */
5096         b43_op_config(wl->hw, ~0);
5097         if (wl->vif)
5098                 b43_op_bss_info_changed(wl->hw, wl->vif, &wl->vif->bss_conf, ~0);
5099 
5100         b43info(wl, "Controller restarted\n");
5101 }
5102 
5103 static int b43_setup_bands(struct b43_wldev *dev,
5104                            bool have_2ghz_phy, bool have_5ghz_phy)
5105 {
5106         struct ieee80211_hw *hw = dev->wl->hw;
5107 
5108         if (have_2ghz_phy)
5109                 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &b43_band_2GHz;
5110         if (dev->phy.type == B43_PHYTYPE_N) {
5111                 if (have_5ghz_phy)
5112                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_nphy;
5113         } else {
5114                 if (have_5ghz_phy)
5115                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
5116         }
5117 
5118         dev->phy.supports_2ghz = have_2ghz_phy;
5119         dev->phy.supports_5ghz = have_5ghz_phy;
5120 
5121         return 0;
5122 }
5123 
5124 static void b43_wireless_core_detach(struct b43_wldev *dev)
5125 {
5126         /* We release firmware that late to not be required to re-request
5127          * is all the time when we reinit the core. */
5128         b43_release_firmware(dev);
5129         b43_phy_free(dev);
5130 }
5131 
5132 static int b43_wireless_core_attach(struct b43_wldev *dev)
5133 {
5134         struct b43_wl *wl = dev->wl;
5135         struct pci_dev *pdev = NULL;
5136         int err;
5137         u32 tmp;
5138         bool have_2ghz_phy = false, have_5ghz_phy = false;
5139 
5140         /* Do NOT do any device initialization here.
5141          * Do it in wireless_core_init() instead.
5142          * This function is for gathering basic information about the HW, only.
5143          * Also some structs may be set up here. But most likely you want to have
5144          * that in core_init(), too.
5145          */
5146 
5147 #ifdef CONFIG_B43_SSB
5148         if (dev->dev->bus_type == B43_BUS_SSB &&
5149             dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI)
5150                 pdev = dev->dev->sdev->bus->host_pci;
5151 #endif
5152 
5153         err = b43_bus_powerup(dev, 0);
5154         if (err) {
5155                 b43err(wl, "Bus powerup failed\n");
5156                 goto out;
5157         }
5158 
5159         /* Get the PHY type. */
5160         switch (dev->dev->bus_type) {
5161 #ifdef CONFIG_B43_BCMA
5162         case B43_BUS_BCMA:
5163                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOST);
5164                 have_2ghz_phy = !!(tmp & B43_BCMA_IOST_2G_PHY);
5165                 have_5ghz_phy = !!(tmp & B43_BCMA_IOST_5G_PHY);
5166                 break;
5167 #endif
5168 #ifdef CONFIG_B43_SSB
5169         case B43_BUS_SSB:
5170                 if (dev->dev->core_rev >= 5) {
5171                         tmp = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
5172                         have_2ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_2GHZ_PHY);
5173                         have_5ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_5GHZ_PHY);
5174                 } else
5175                         B43_WARN_ON(1);
5176                 break;
5177 #endif
5178         }
5179 
5180         dev->phy.gmode = have_2ghz_phy;
5181         dev->phy.radio_on = true;
5182         b43_wireless_core_reset(dev, dev->phy.gmode);
5183 
5184         err = b43_phy_versioning(dev);
5185         if (err)
5186                 goto err_powerdown;
5187         /* Check if this device supports multiband. */
5188         if (!pdev ||
5189             (pdev->device != 0x4312 &&
5190              pdev->device != 0x4319 && pdev->device != 0x4324)) {
5191                 /* No multiband support. */
5192                 have_2ghz_phy = false;
5193                 have_5ghz_phy = false;
5194                 switch (dev->phy.type) {
5195                 case B43_PHYTYPE_A:
5196                         have_5ghz_phy = true;
5197                         break;
5198                 case B43_PHYTYPE_LP: //FIXME not always!
5199 #if 0 //FIXME enabling 5GHz causes a NULL pointer dereference
5200                         have_5ghz_phy = 1;
5201 #endif
5202                 case B43_PHYTYPE_G:
5203                 case B43_PHYTYPE_N:
5204                 case B43_PHYTYPE_HT:
5205                 case B43_PHYTYPE_LCN:
5206                         have_2ghz_phy = true;
5207                         break;
5208                 default:
5209                         B43_WARN_ON(1);
5210                 }
5211         }
5212         if (dev->phy.type == B43_PHYTYPE_A) {
5213                 /* FIXME */
5214                 b43err(wl, "IEEE 802.11a devices are unsupported\n");
5215                 err = -EOPNOTSUPP;
5216                 goto err_powerdown;
5217         }
5218         if (1 /* disable A-PHY */) {
5219                 /* FIXME: For now we disable the A-PHY on multi-PHY devices. */
5220                 if (dev->phy.type != B43_PHYTYPE_N &&
5221                     dev->phy.type != B43_PHYTYPE_LP) {
5222                         have_2ghz_phy = true;
5223                         have_5ghz_phy = false;
5224                 }
5225         }
5226 
5227         err = b43_phy_allocate(dev);
5228         if (err)
5229                 goto err_powerdown;
5230 
5231         dev->phy.gmode = have_2ghz_phy;
5232         b43_wireless_core_reset(dev, dev->phy.gmode);
5233 
5234         err = b43_validate_chipaccess(dev);
5235         if (err)
5236                 goto err_phy_free;
5237         err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
5238         if (err)
5239                 goto err_phy_free;
5240 
5241         /* Now set some default "current_dev" */
5242         if (!wl->current_dev)
5243                 wl->current_dev = dev;
5244         INIT_WORK(&dev->restart_work, b43_chip_reset);
5245 
5246         dev->phy.ops->switch_analog(dev, 0);
5247         b43_device_disable(dev, 0);
5248         b43_bus_may_powerdown(dev);
5249 
5250 out:
5251         return err;
5252 
5253 err_phy_free:
5254         b43_phy_free(dev);
5255 err_powerdown:
5256         b43_bus_may_powerdown(dev);
5257         return err;
5258 }
5259 
5260 static void b43_one_core_detach(struct b43_bus_dev *dev)
5261 {
5262         struct b43_wldev *wldev;
5263         struct b43_wl *wl;
5264 
5265         /* Do not cancel ieee80211-workqueue based work here.
5266          * See comment in b43_remove(). */
5267 
5268         wldev = b43_bus_get_wldev(dev);
5269         wl = wldev->wl;
5270         b43_debugfs_remove_device(wldev);
5271         b43_wireless_core_detach(wldev);
5272         list_del(&wldev->list);
5273         wl->nr_devs--;
5274         b43_bus_set_wldev(dev, NULL);
5275         kfree(wldev);
5276 }
5277 
5278 static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl)
5279 {
5280         struct b43_wldev *wldev;
5281         int err = -ENOMEM;
5282 
5283         wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
5284         if (!wldev)
5285                 goto out;
5286 
5287         wldev->use_pio = b43_modparam_pio;
5288         wldev->dev = dev;
5289         wldev->wl = wl;
5290         b43_set_status(wldev, B43_STAT_UNINIT);
5291         wldev->bad_frames_preempt = modparam_bad_frames_preempt;
5292         INIT_LIST_HEAD(&wldev->list);
5293 
5294         err = b43_wireless_core_attach(wldev);
5295         if (err)
5296                 goto err_kfree_wldev;
5297 
5298         list_add(&wldev->list, &wl->devlist);
5299         wl->nr_devs++;
5300         b43_bus_set_wldev(dev, wldev);
5301         b43_debugfs_add_device(wldev);
5302 
5303       out:
5304         return err;
5305 
5306       err_kfree_wldev:
5307         kfree(wldev);
5308         return err;
5309 }
5310 
5311 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice)         ( \
5312         (pdev->vendor == PCI_VENDOR_ID_##_vendor) &&                    \
5313         (pdev->device == _device) &&                                    \
5314         (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) &&       \
5315         (pdev->subsystem_device == _subdevice)                          )
5316 
5317 static void b43_sprom_fixup(struct ssb_bus *bus)
5318 {
5319         struct pci_dev *pdev;
5320 
5321         /* boardflags workarounds */
5322         if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
5323             bus->chip_id == 0x4301 && bus->sprom.board_rev == 0x74)
5324                 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
5325         if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
5326             bus->boardinfo.type == 0x4E && bus->sprom.board_rev > 0x40)
5327                 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
5328         if (bus->bustype == SSB_BUSTYPE_PCI) {
5329                 pdev = bus->host_pci;
5330                 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
5331                     IS_PDEV(pdev, BROADCOM, 0x4320,    DELL, 0x0003) ||
5332                     IS_PDEV(pdev, BROADCOM, 0x4320,      HP, 0x12f8) ||
5333                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
5334                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
5335                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
5336                     IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
5337                         bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
5338         }
5339 }
5340 
5341 static void b43_wireless_exit(struct b43_bus_dev *dev, struct b43_wl *wl)
5342 {
5343         struct ieee80211_hw *hw = wl->hw;
5344 
5345         ssb_set_devtypedata(dev->sdev, NULL);
5346         ieee80211_free_hw(hw);
5347 }
5348 
5349 static struct b43_wl *b43_wireless_init(struct b43_bus_dev *dev)
5350 {
5351         struct ssb_sprom *sprom = dev->bus_sprom;
5352         struct ieee80211_hw *hw;
5353         struct b43_wl *wl;
5354         char chip_name[6];
5355         int queue_num;
5356 
5357         hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
5358         if (!hw) {
5359                 b43err(NULL, "Could not allocate ieee80211 device\n");
5360                 return ERR_PTR(-ENOMEM);
5361         }
5362         wl = hw_to_b43_wl(hw);
5363 
5364         /* fill hw info */
5365         hw->flags = IEEE80211_HW_RX_INCLUDES_FCS |
5366                     IEEE80211_HW_SIGNAL_DBM;
5367 
5368         hw->wiphy->interface_modes =
5369                 BIT(NL80211_IFTYPE_AP) |
5370                 BIT(NL80211_IFTYPE_MESH_POINT) |
5371                 BIT(NL80211_IFTYPE_STATION) |
5372                 BIT(NL80211_IFTYPE_WDS) |
5373                 BIT(NL80211_IFTYPE_ADHOC);
5374 
5375         hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
5376 
5377         wl->hw_registred = false;
5378         hw->max_rates = 2;
5379         SET_IEEE80211_DEV(hw, dev->dev);
5380         if (is_valid_ether_addr(sprom->et1mac))
5381                 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
5382         else
5383                 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
5384 
5385         /* Initialize struct b43_wl */
5386         wl->hw = hw;
5387         mutex_init(&wl->mutex);
5388         spin_lock_init(&wl->hardirq_lock);
5389         INIT_LIST_HEAD(&wl->devlist);
5390         INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
5391         INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
5392         INIT_WORK(&wl->tx_work, b43_tx_work);
5393 
5394         /* Initialize queues and flags. */
5395         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
5396                 skb_queue_head_init(&wl->tx_queue[queue_num]);
5397                 wl->tx_queue_stopped[queue_num] = 0;
5398         }
5399 
5400         snprintf(chip_name, ARRAY_SIZE(chip_name),
5401                  (dev->chip_id > 0x9999) ? "%d" : "%04X", dev->chip_id);
5402         b43info(wl, "Broadcom %s WLAN found (core revision %u)\n", chip_name,
5403                 dev->core_rev);
5404         return wl;
5405 }
5406 
5407 #ifdef CONFIG_B43_BCMA
5408 static int b43_bcma_probe(struct bcma_device *core)
5409 {
5410         struct b43_bus_dev *dev;
5411         struct b43_wl *wl;
5412         int err;
5413 
5414         if (!modparam_allhwsupport &&
5415             (core->id.rev == 0x17 || core->id.rev == 0x18)) {
5416                 pr_err("Support for cores revisions 0x17 and 0x18 disabled by module param allhwsupport=0. Try b43.allhwsupport=1\n");
5417                 return -ENOTSUPP;
5418         }
5419 
5420         dev = b43_bus_dev_bcma_init(core);
5421         if (!dev)
5422                 return -ENODEV;
5423 
5424         wl = b43_wireless_init(dev);
5425         if (IS_ERR(wl)) {
5426                 err = PTR_ERR(wl);
5427                 goto bcma_out;
5428         }
5429 
5430         err = b43_one_core_attach(dev, wl);
5431         if (err)
5432                 goto bcma_err_wireless_exit;
5433 
5434         /* setup and start work to load firmware */
5435         INIT_WORK(&wl->firmware_load, b43_request_firmware);
5436         schedule_work(&wl->firmware_load);
5437 
5438 bcma_out:
5439         return err;
5440 
5441 bcma_err_wireless_exit:
5442         ieee80211_free_hw(wl->hw);
5443         return err;
5444 }
5445 
5446 static void b43_bcma_remove(struct bcma_device *core)
5447 {
5448         struct b43_wldev *wldev = bcma_get_drvdata(core);
5449         struct b43_wl *wl = wldev->wl;
5450 
5451         /* We must cancel any work here before unregistering from ieee80211,
5452          * as the ieee80211 unreg will destroy the workqueue. */
5453         cancel_work_sync(&wldev->restart_work);
5454         cancel_work_sync(&wl->firmware_load);
5455 
5456         B43_WARN_ON(!wl);
5457         if (!wldev->fw.ucode.data)
5458                 return;                 /* NULL if firmware never loaded */
5459         if (wl->current_dev == wldev && wl->hw_registred) {
5460                 b43_leds_stop(wldev);
5461                 ieee80211_unregister_hw(wl->hw);
5462         }
5463 
5464         b43_one_core_detach(wldev->dev);
5465 
5466         /* Unregister HW RNG driver */
5467         b43_rng_exit(wl);
5468 
5469         b43_leds_unregister(wl);
5470 
5471         ieee80211_free_hw(wl->hw);
5472 }
5473 
5474 static struct bcma_driver b43_bcma_driver = {
5475         .name           = KBUILD_MODNAME,
5476         .id_table       = b43_bcma_tbl,
5477         .probe          = b43_bcma_probe,
5478         .remove         = b43_bcma_remove,
5479 };
5480 #endif
5481 
5482 #ifdef CONFIG_B43_SSB
5483 static
5484 int b43_ssb_probe(struct ssb_device *sdev, const struct ssb_device_id *id)
5485 {
5486         struct b43_bus_dev *dev;
5487         struct b43_wl *wl;
5488         int err;
5489         int first = 0;
5490 
5491         dev = b43_bus_dev_ssb_init(sdev);
5492         if (!dev)
5493                 return -ENOMEM;
5494 
5495         wl = ssb_get_devtypedata(sdev);
5496         if (!wl) {
5497                 /* Probing the first core. Must setup common struct b43_wl */
5498                 first = 1;
5499                 b43_sprom_fixup(sdev->bus);
5500                 wl = b43_wireless_init(dev);
5501                 if (IS_ERR(wl)) {
5502                         err = PTR_ERR(wl);
5503                         goto out;
5504                 }
5505                 ssb_set_devtypedata(sdev, wl);
5506                 B43_WARN_ON(ssb_get_devtypedata(sdev) != wl);
5507         }
5508         err = b43_one_core_attach(dev, wl);
5509         if (err)
5510                 goto err_wireless_exit;
5511 
5512         /* setup and start work to load firmware */
5513         INIT_WORK(&wl->firmware_load, b43_request_firmware);
5514         schedule_work(&wl->firmware_load);
5515 
5516       out:
5517         return err;
5518 
5519       err_wireless_exit:
5520         if (first)
5521                 b43_wireless_exit(dev, wl);
5522         return err;
5523 }
5524 
5525 static void b43_ssb_remove(struct ssb_device *sdev)
5526 {
5527         struct b43_wl *wl = ssb_get_devtypedata(sdev);
5528         struct b43_wldev *wldev = ssb_get_drvdata(sdev);
5529         struct b43_bus_dev *dev = wldev->dev;
5530 
5531         /* We must cancel any work here before unregistering from ieee80211,
5532          * as the ieee80211 unreg will destroy the workqueue. */
5533         cancel_work_sync(&wldev->restart_work);
5534         cancel_work_sync(&wl->firmware_load);
5535 
5536         B43_WARN_ON(!wl);
5537         if (!wldev->fw.ucode.data)
5538                 return;                 /* NULL if firmware never loaded */
5539         if (wl->current_dev == wldev && wl->hw_registred) {
5540                 b43_leds_stop(wldev);
5541                 ieee80211_unregister_hw(wl->hw);
5542         }
5543 
5544         b43_one_core_detach(dev);
5545 
5546         /* Unregister HW RNG driver */
5547         b43_rng_exit(wl);
5548 
5549         if (list_empty(&wl->devlist)) {
5550                 b43_leds_unregister(wl);
5551                 /* Last core on the chip unregistered.
5552                  * We can destroy common struct b43_wl.
5553                  */
5554                 b43_wireless_exit(dev, wl);
5555         }
5556 }
5557 
5558 static struct ssb_driver b43_ssb_driver = {
5559         .name           = KBUILD_MODNAME,
5560         .id_table       = b43_ssb_tbl,
5561         .probe          = b43_ssb_probe,
5562         .remove         = b43_ssb_remove,
5563 };
5564 #endif /* CONFIG_B43_SSB */
5565 
5566 /* Perform a hardware reset. This can be called from any context. */
5567 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
5568 {
5569         /* Must avoid requeueing, if we are in shutdown. */
5570         if (b43_status(dev) < B43_STAT_INITIALIZED)
5571                 return;
5572         b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
5573         ieee80211_queue_work(dev->wl->hw, &dev->restart_work);
5574 }
5575 
5576 static void b43_print_driverinfo(void)
5577 {
5578         const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
5579                    *feat_leds = "", *feat_sdio = "";
5580 
5581 #ifdef CONFIG_B43_PCI_AUTOSELECT
5582         feat_pci = "P";
5583 #endif
5584 #ifdef CONFIG_B43_PCMCIA
5585         feat_pcmcia = "M";
5586 #endif
5587 #ifdef CONFIG_B43_PHY_N
5588         feat_nphy = "N";
5589 #endif
5590 #ifdef CONFIG_B43_LEDS
5591         feat_leds = "L";
5592 #endif
5593 #ifdef CONFIG_B43_SDIO
5594         feat_sdio = "S";
5595 #endif
5596         printk(KERN_INFO "Broadcom 43xx driver loaded "
5597                "[ Features: %s%s%s%s%s ]\n",
5598                feat_pci, feat_pcmcia, feat_nphy,
5599                feat_leds, feat_sdio);
5600 }
5601 
5602 static int __init b43_init(void)
5603 {
5604         int err;
5605 
5606         b43_debugfs_init();
5607         err = b43_pcmcia_init();
5608         if (err)
5609                 goto err_dfs_exit;
5610         err = b43_sdio_init();
5611         if (err)
5612                 goto err_pcmcia_exit;
5613 #ifdef CONFIG_B43_BCMA
5614         err = bcma_driver_register(&b43_bcma_driver);
5615         if (err)
5616                 goto err_sdio_exit;
5617 #endif
5618 #ifdef CONFIG_B43_SSB
5619         err = ssb_driver_register(&b43_ssb_driver);
5620         if (err)
5621                 goto err_bcma_driver_exit;
5622 #endif
5623         b43_print_driverinfo();
5624 
5625         return err;
5626 
5627 #ifdef CONFIG_B43_SSB
5628 err_bcma_driver_exit:
5629 #endif
5630 #ifdef CONFIG_B43_BCMA
5631         bcma_driver_unregister(&b43_bcma_driver);
5632 err_sdio_exit:
5633 #endif
5634         b43_sdio_exit();
5635 err_pcmcia_exit:
5636         b43_pcmcia_exit();
5637 err_dfs_exit:
5638         b43_debugfs_exit();
5639         return err;
5640 }
5641 
5642 static void __exit b43_exit(void)
5643 {
5644 #ifdef CONFIG_B43_SSB
5645         ssb_driver_unregister(&b43_ssb_driver);
5646 #endif
5647 #ifdef CONFIG_B43_BCMA
5648         bcma_driver_unregister(&b43_bcma_driver);
5649 #endif
5650         b43_sdio_exit();
5651         b43_pcmcia_exit();
5652         b43_debugfs_exit();
5653 }
5654 
5655 module_init(b43_init)
5656 module_exit(b43_exit)
5657 

This page was automatically generated by LXR 0.3.1 (source).  •  Linux is a registered trademark of Linus Torvalds  •  Contact us