Loading...
1/*
2
3 Broadcom B43 wireless driver
4
5 Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6 Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7 Copyright (c) 2005-2009 Michael Buesch <m@bues.ch>
8 Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9 Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
10 Copyright (c) 2010-2011 Rafał Miłecki <zajec5@gmail.com>
11
12 SDIO support
13 Copyright (c) 2009 Albert Herranz <albert_herranz@yahoo.es>
14
15 Some parts of the code in this file are derived from the ipw2200
16 driver Copyright(c) 2003 - 2004 Intel Corporation.
17
18 This program is free software; you can redistribute it and/or modify
19 it under the terms of the GNU General Public License as published by
20 the Free Software Foundation; either version 2 of the License, or
21 (at your option) any later version.
22
23 This program is distributed in the hope that it will be useful,
24 but WITHOUT ANY WARRANTY; without even the implied warranty of
25 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
26 GNU General Public License for more details.
27
28 You should have received a copy of the GNU General Public License
29 along with this program; see the file COPYING. If not, write to
30 the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
31 Boston, MA 02110-1301, USA.
32
33*/
34
35#include <linux/delay.h>
36#include <linux/init.h>
37#include <linux/module.h>
38#include <linux/if_arp.h>
39#include <linux/etherdevice.h>
40#include <linux/firmware.h>
41#include <linux/workqueue.h>
42#include <linux/skbuff.h>
43#include <linux/io.h>
44#include <linux/dma-mapping.h>
45#include <linux/slab.h>
46#include <asm/unaligned.h>
47
48#include "b43.h"
49#include "main.h"
50#include "debugfs.h"
51#include "phy_common.h"
52#include "phy_g.h"
53#include "phy_n.h"
54#include "dma.h"
55#include "pio.h"
56#include "sysfs.h"
57#include "xmit.h"
58#include "lo.h"
59#include "sdio.h"
60#include <linux/mmc/sdio_func.h>
61
62MODULE_DESCRIPTION("Broadcom B43 wireless driver");
63MODULE_AUTHOR("Martin Langer");
64MODULE_AUTHOR("Stefano Brivio");
65MODULE_AUTHOR("Michael Buesch");
66MODULE_AUTHOR("Gábor Stefanik");
67MODULE_AUTHOR("Rafał Miłecki");
68MODULE_LICENSE("GPL");
69
70MODULE_FIRMWARE("b43/ucode11.fw");
71MODULE_FIRMWARE("b43/ucode13.fw");
72MODULE_FIRMWARE("b43/ucode14.fw");
73MODULE_FIRMWARE("b43/ucode15.fw");
74MODULE_FIRMWARE("b43/ucode16_lp.fw");
75MODULE_FIRMWARE("b43/ucode16_mimo.fw");
76MODULE_FIRMWARE("b43/ucode24_lcn.fw");
77MODULE_FIRMWARE("b43/ucode25_lcn.fw");
78MODULE_FIRMWARE("b43/ucode25_mimo.fw");
79MODULE_FIRMWARE("b43/ucode26_mimo.fw");
80MODULE_FIRMWARE("b43/ucode29_mimo.fw");
81MODULE_FIRMWARE("b43/ucode33_lcn40.fw");
82MODULE_FIRMWARE("b43/ucode30_mimo.fw");
83MODULE_FIRMWARE("b43/ucode5.fw");
84MODULE_FIRMWARE("b43/ucode40.fw");
85MODULE_FIRMWARE("b43/ucode42.fw");
86MODULE_FIRMWARE("b43/ucode9.fw");
87
88static int modparam_bad_frames_preempt;
89module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
90MODULE_PARM_DESC(bad_frames_preempt,
91 "enable(1) / disable(0) Bad Frames Preemption");
92
93static char modparam_fwpostfix[16];
94module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
95MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
96
97static int modparam_hwpctl;
98module_param_named(hwpctl, modparam_hwpctl, int, 0444);
99MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
100
101static int modparam_nohwcrypt;
102module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
103MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
104
105static int modparam_hwtkip;
106module_param_named(hwtkip, modparam_hwtkip, int, 0444);
107MODULE_PARM_DESC(hwtkip, "Enable hardware tkip.");
108
109static int modparam_qos = 1;
110module_param_named(qos, modparam_qos, int, 0444);
111MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
112
113static int modparam_btcoex = 1;
114module_param_named(btcoex, modparam_btcoex, int, 0444);
115MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistence (default on)");
116
117int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
118module_param_named(verbose, b43_modparam_verbose, int, 0644);
119MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
120
121static int b43_modparam_pio = 0;
122module_param_named(pio, b43_modparam_pio, int, 0644);
123MODULE_PARM_DESC(pio, "Use PIO accesses by default: 0=DMA, 1=PIO");
124
125static int modparam_allhwsupport = !IS_ENABLED(CONFIG_BRCMSMAC);
126module_param_named(allhwsupport, modparam_allhwsupport, int, 0444);
127MODULE_PARM_DESC(allhwsupport, "Enable support for all hardware (even it if overlaps with the brcmsmac driver)");
128
129#ifdef CONFIG_B43_BCMA
130static const struct bcma_device_id b43_bcma_tbl[] = {
131 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x11, BCMA_ANY_CLASS),
132 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x15, BCMA_ANY_CLASS),
133 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x17, BCMA_ANY_CLASS),
134 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x18, BCMA_ANY_CLASS),
135 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1C, BCMA_ANY_CLASS),
136 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1D, BCMA_ANY_CLASS),
137 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1E, BCMA_ANY_CLASS),
138 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x28, BCMA_ANY_CLASS),
139 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x2A, BCMA_ANY_CLASS),
140 {},
141};
142MODULE_DEVICE_TABLE(bcma, b43_bcma_tbl);
143#endif
144
145#ifdef CONFIG_B43_SSB
146static const struct ssb_device_id b43_ssb_tbl[] = {
147 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
148 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
149 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
150 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
151 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
152 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
153 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 12),
154 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
155 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
156 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
157 {},
158};
159MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
160#endif
161
162/* Channel and ratetables are shared for all devices.
163 * They can't be const, because ieee80211 puts some precalculated
164 * data in there. This data is the same for all devices, so we don't
165 * get concurrency issues */
166#define RATETAB_ENT(_rateid, _flags) \
167 { \
168 .bitrate = B43_RATE_TO_BASE100KBPS(_rateid), \
169 .hw_value = (_rateid), \
170 .flags = (_flags), \
171 }
172
173/*
174 * NOTE: When changing this, sync with xmit.c's
175 * b43_plcp_get_bitrate_idx_* functions!
176 */
177static struct ieee80211_rate __b43_ratetable[] = {
178 RATETAB_ENT(B43_CCK_RATE_1MB, 0),
179 RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
180 RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
181 RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
182 RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
183 RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
184 RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
185 RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
186 RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
187 RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
188 RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
189 RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
190};
191
192#define b43_a_ratetable (__b43_ratetable + 4)
193#define b43_a_ratetable_size 8
194#define b43_b_ratetable (__b43_ratetable + 0)
195#define b43_b_ratetable_size 4
196#define b43_g_ratetable (__b43_ratetable + 0)
197#define b43_g_ratetable_size 12
198
199#define CHAN2G(_channel, _freq, _flags) { \
200 .band = NL80211_BAND_2GHZ, \
201 .center_freq = (_freq), \
202 .hw_value = (_channel), \
203 .flags = (_flags), \
204 .max_antenna_gain = 0, \
205 .max_power = 30, \
206}
207static struct ieee80211_channel b43_2ghz_chantable[] = {
208 CHAN2G(1, 2412, 0),
209 CHAN2G(2, 2417, 0),
210 CHAN2G(3, 2422, 0),
211 CHAN2G(4, 2427, 0),
212 CHAN2G(5, 2432, 0),
213 CHAN2G(6, 2437, 0),
214 CHAN2G(7, 2442, 0),
215 CHAN2G(8, 2447, 0),
216 CHAN2G(9, 2452, 0),
217 CHAN2G(10, 2457, 0),
218 CHAN2G(11, 2462, 0),
219 CHAN2G(12, 2467, 0),
220 CHAN2G(13, 2472, 0),
221 CHAN2G(14, 2484, 0),
222};
223
224/* No support for the last 3 channels (12, 13, 14) */
225#define b43_2ghz_chantable_limited_size 11
226#undef CHAN2G
227
228#define CHAN4G(_channel, _flags) { \
229 .band = NL80211_BAND_5GHZ, \
230 .center_freq = 4000 + (5 * (_channel)), \
231 .hw_value = (_channel), \
232 .flags = (_flags), \
233 .max_antenna_gain = 0, \
234 .max_power = 30, \
235}
236#define CHAN5G(_channel, _flags) { \
237 .band = NL80211_BAND_5GHZ, \
238 .center_freq = 5000 + (5 * (_channel)), \
239 .hw_value = (_channel), \
240 .flags = (_flags), \
241 .max_antenna_gain = 0, \
242 .max_power = 30, \
243}
244static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
245 CHAN4G(184, 0), CHAN4G(186, 0),
246 CHAN4G(188, 0), CHAN4G(190, 0),
247 CHAN4G(192, 0), CHAN4G(194, 0),
248 CHAN4G(196, 0), CHAN4G(198, 0),
249 CHAN4G(200, 0), CHAN4G(202, 0),
250 CHAN4G(204, 0), CHAN4G(206, 0),
251 CHAN4G(208, 0), CHAN4G(210, 0),
252 CHAN4G(212, 0), CHAN4G(214, 0),
253 CHAN4G(216, 0), CHAN4G(218, 0),
254 CHAN4G(220, 0), CHAN4G(222, 0),
255 CHAN4G(224, 0), CHAN4G(226, 0),
256 CHAN4G(228, 0),
257 CHAN5G(32, 0), CHAN5G(34, 0),
258 CHAN5G(36, 0), CHAN5G(38, 0),
259 CHAN5G(40, 0), CHAN5G(42, 0),
260 CHAN5G(44, 0), CHAN5G(46, 0),
261 CHAN5G(48, 0), CHAN5G(50, 0),
262 CHAN5G(52, 0), CHAN5G(54, 0),
263 CHAN5G(56, 0), CHAN5G(58, 0),
264 CHAN5G(60, 0), CHAN5G(62, 0),
265 CHAN5G(64, 0), CHAN5G(66, 0),
266 CHAN5G(68, 0), CHAN5G(70, 0),
267 CHAN5G(72, 0), CHAN5G(74, 0),
268 CHAN5G(76, 0), CHAN5G(78, 0),
269 CHAN5G(80, 0), CHAN5G(82, 0),
270 CHAN5G(84, 0), CHAN5G(86, 0),
271 CHAN5G(88, 0), CHAN5G(90, 0),
272 CHAN5G(92, 0), CHAN5G(94, 0),
273 CHAN5G(96, 0), CHAN5G(98, 0),
274 CHAN5G(100, 0), CHAN5G(102, 0),
275 CHAN5G(104, 0), CHAN5G(106, 0),
276 CHAN5G(108, 0), CHAN5G(110, 0),
277 CHAN5G(112, 0), CHAN5G(114, 0),
278 CHAN5G(116, 0), CHAN5G(118, 0),
279 CHAN5G(120, 0), CHAN5G(122, 0),
280 CHAN5G(124, 0), CHAN5G(126, 0),
281 CHAN5G(128, 0), CHAN5G(130, 0),
282 CHAN5G(132, 0), CHAN5G(134, 0),
283 CHAN5G(136, 0), CHAN5G(138, 0),
284 CHAN5G(140, 0), CHAN5G(142, 0),
285 CHAN5G(144, 0), CHAN5G(145, 0),
286 CHAN5G(146, 0), CHAN5G(147, 0),
287 CHAN5G(148, 0), CHAN5G(149, 0),
288 CHAN5G(150, 0), CHAN5G(151, 0),
289 CHAN5G(152, 0), CHAN5G(153, 0),
290 CHAN5G(154, 0), CHAN5G(155, 0),
291 CHAN5G(156, 0), CHAN5G(157, 0),
292 CHAN5G(158, 0), CHAN5G(159, 0),
293 CHAN5G(160, 0), CHAN5G(161, 0),
294 CHAN5G(162, 0), CHAN5G(163, 0),
295 CHAN5G(164, 0), CHAN5G(165, 0),
296 CHAN5G(166, 0), CHAN5G(168, 0),
297 CHAN5G(170, 0), CHAN5G(172, 0),
298 CHAN5G(174, 0), CHAN5G(176, 0),
299 CHAN5G(178, 0), CHAN5G(180, 0),
300 CHAN5G(182, 0),
301};
302
303static struct ieee80211_channel b43_5ghz_nphy_chantable_limited[] = {
304 CHAN5G(36, 0), CHAN5G(40, 0),
305 CHAN5G(44, 0), CHAN5G(48, 0),
306 CHAN5G(149, 0), CHAN5G(153, 0),
307 CHAN5G(157, 0), CHAN5G(161, 0),
308 CHAN5G(165, 0),
309};
310
311static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
312 CHAN5G(34, 0), CHAN5G(36, 0),
313 CHAN5G(38, 0), CHAN5G(40, 0),
314 CHAN5G(42, 0), CHAN5G(44, 0),
315 CHAN5G(46, 0), CHAN5G(48, 0),
316 CHAN5G(52, 0), CHAN5G(56, 0),
317 CHAN5G(60, 0), CHAN5G(64, 0),
318 CHAN5G(100, 0), CHAN5G(104, 0),
319 CHAN5G(108, 0), CHAN5G(112, 0),
320 CHAN5G(116, 0), CHAN5G(120, 0),
321 CHAN5G(124, 0), CHAN5G(128, 0),
322 CHAN5G(132, 0), CHAN5G(136, 0),
323 CHAN5G(140, 0), CHAN5G(149, 0),
324 CHAN5G(153, 0), CHAN5G(157, 0),
325 CHAN5G(161, 0), CHAN5G(165, 0),
326 CHAN5G(184, 0), CHAN5G(188, 0),
327 CHAN5G(192, 0), CHAN5G(196, 0),
328 CHAN5G(200, 0), CHAN5G(204, 0),
329 CHAN5G(208, 0), CHAN5G(212, 0),
330 CHAN5G(216, 0),
331};
332#undef CHAN4G
333#undef CHAN5G
334
335static struct ieee80211_supported_band b43_band_5GHz_nphy = {
336 .band = NL80211_BAND_5GHZ,
337 .channels = b43_5ghz_nphy_chantable,
338 .n_channels = ARRAY_SIZE(b43_5ghz_nphy_chantable),
339 .bitrates = b43_a_ratetable,
340 .n_bitrates = b43_a_ratetable_size,
341};
342
343static struct ieee80211_supported_band b43_band_5GHz_nphy_limited = {
344 .band = NL80211_BAND_5GHZ,
345 .channels = b43_5ghz_nphy_chantable_limited,
346 .n_channels = ARRAY_SIZE(b43_5ghz_nphy_chantable_limited),
347 .bitrates = b43_a_ratetable,
348 .n_bitrates = b43_a_ratetable_size,
349};
350
351static struct ieee80211_supported_band b43_band_5GHz_aphy = {
352 .band = NL80211_BAND_5GHZ,
353 .channels = b43_5ghz_aphy_chantable,
354 .n_channels = ARRAY_SIZE(b43_5ghz_aphy_chantable),
355 .bitrates = b43_a_ratetable,
356 .n_bitrates = b43_a_ratetable_size,
357};
358
359static struct ieee80211_supported_band b43_band_2GHz = {
360 .band = NL80211_BAND_2GHZ,
361 .channels = b43_2ghz_chantable,
362 .n_channels = ARRAY_SIZE(b43_2ghz_chantable),
363 .bitrates = b43_g_ratetable,
364 .n_bitrates = b43_g_ratetable_size,
365};
366
367static struct ieee80211_supported_band b43_band_2ghz_limited = {
368 .band = NL80211_BAND_2GHZ,
369 .channels = b43_2ghz_chantable,
370 .n_channels = b43_2ghz_chantable_limited_size,
371 .bitrates = b43_g_ratetable,
372 .n_bitrates = b43_g_ratetable_size,
373};
374
375static void b43_wireless_core_exit(struct b43_wldev *dev);
376static int b43_wireless_core_init(struct b43_wldev *dev);
377static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev);
378static int b43_wireless_core_start(struct b43_wldev *dev);
379static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
380 struct ieee80211_vif *vif,
381 struct ieee80211_bss_conf *conf,
382 u32 changed);
383
384static int b43_ratelimit(struct b43_wl *wl)
385{
386 if (!wl || !wl->current_dev)
387 return 1;
388 if (b43_status(wl->current_dev) < B43_STAT_STARTED)
389 return 1;
390 /* We are up and running.
391 * Ratelimit the messages to avoid DoS over the net. */
392 return net_ratelimit();
393}
394
395void b43info(struct b43_wl *wl, const char *fmt, ...)
396{
397 struct va_format vaf;
398 va_list args;
399
400 if (b43_modparam_verbose < B43_VERBOSITY_INFO)
401 return;
402 if (!b43_ratelimit(wl))
403 return;
404
405 va_start(args, fmt);
406
407 vaf.fmt = fmt;
408 vaf.va = &args;
409
410 printk(KERN_INFO "b43-%s: %pV",
411 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
412
413 va_end(args);
414}
415
416void b43err(struct b43_wl *wl, const char *fmt, ...)
417{
418 struct va_format vaf;
419 va_list args;
420
421 if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
422 return;
423 if (!b43_ratelimit(wl))
424 return;
425
426 va_start(args, fmt);
427
428 vaf.fmt = fmt;
429 vaf.va = &args;
430
431 printk(KERN_ERR "b43-%s ERROR: %pV",
432 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
433
434 va_end(args);
435}
436
437void b43warn(struct b43_wl *wl, const char *fmt, ...)
438{
439 struct va_format vaf;
440 va_list args;
441
442 if (b43_modparam_verbose < B43_VERBOSITY_WARN)
443 return;
444 if (!b43_ratelimit(wl))
445 return;
446
447 va_start(args, fmt);
448
449 vaf.fmt = fmt;
450 vaf.va = &args;
451
452 printk(KERN_WARNING "b43-%s warning: %pV",
453 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
454
455 va_end(args);
456}
457
458void b43dbg(struct b43_wl *wl, const char *fmt, ...)
459{
460 struct va_format vaf;
461 va_list args;
462
463 if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
464 return;
465
466 va_start(args, fmt);
467
468 vaf.fmt = fmt;
469 vaf.va = &args;
470
471 printk(KERN_DEBUG "b43-%s debug: %pV",
472 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
473
474 va_end(args);
475}
476
477static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
478{
479 u32 macctl;
480
481 B43_WARN_ON(offset % 4 != 0);
482
483 macctl = b43_read32(dev, B43_MMIO_MACCTL);
484 if (macctl & B43_MACCTL_BE)
485 val = swab32(val);
486
487 b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
488 mmiowb();
489 b43_write32(dev, B43_MMIO_RAM_DATA, val);
490}
491
492static inline void b43_shm_control_word(struct b43_wldev *dev,
493 u16 routing, u16 offset)
494{
495 u32 control;
496
497 /* "offset" is the WORD offset. */
498 control = routing;
499 control <<= 16;
500 control |= offset;
501 b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
502}
503
504u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
505{
506 u32 ret;
507
508 if (routing == B43_SHM_SHARED) {
509 B43_WARN_ON(offset & 0x0001);
510 if (offset & 0x0003) {
511 /* Unaligned access */
512 b43_shm_control_word(dev, routing, offset >> 2);
513 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
514 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
515 ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
516
517 goto out;
518 }
519 offset >>= 2;
520 }
521 b43_shm_control_word(dev, routing, offset);
522 ret = b43_read32(dev, B43_MMIO_SHM_DATA);
523out:
524 return ret;
525}
526
527u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
528{
529 u16 ret;
530
531 if (routing == B43_SHM_SHARED) {
532 B43_WARN_ON(offset & 0x0001);
533 if (offset & 0x0003) {
534 /* Unaligned access */
535 b43_shm_control_word(dev, routing, offset >> 2);
536 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
537
538 goto out;
539 }
540 offset >>= 2;
541 }
542 b43_shm_control_word(dev, routing, offset);
543 ret = b43_read16(dev, B43_MMIO_SHM_DATA);
544out:
545 return ret;
546}
547
548void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
549{
550 if (routing == B43_SHM_SHARED) {
551 B43_WARN_ON(offset & 0x0001);
552 if (offset & 0x0003) {
553 /* Unaligned access */
554 b43_shm_control_word(dev, routing, offset >> 2);
555 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
556 value & 0xFFFF);
557 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
558 b43_write16(dev, B43_MMIO_SHM_DATA,
559 (value >> 16) & 0xFFFF);
560 return;
561 }
562 offset >>= 2;
563 }
564 b43_shm_control_word(dev, routing, offset);
565 b43_write32(dev, B43_MMIO_SHM_DATA, value);
566}
567
568void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
569{
570 if (routing == B43_SHM_SHARED) {
571 B43_WARN_ON(offset & 0x0001);
572 if (offset & 0x0003) {
573 /* Unaligned access */
574 b43_shm_control_word(dev, routing, offset >> 2);
575 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
576 return;
577 }
578 offset >>= 2;
579 }
580 b43_shm_control_word(dev, routing, offset);
581 b43_write16(dev, B43_MMIO_SHM_DATA, value);
582}
583
584/* Read HostFlags */
585u64 b43_hf_read(struct b43_wldev *dev)
586{
587 u64 ret;
588
589 ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3);
590 ret <<= 16;
591 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2);
592 ret <<= 16;
593 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1);
594
595 return ret;
596}
597
598/* Write HostFlags */
599void b43_hf_write(struct b43_wldev *dev, u64 value)
600{
601 u16 lo, mi, hi;
602
603 lo = (value & 0x00000000FFFFULL);
604 mi = (value & 0x0000FFFF0000ULL) >> 16;
605 hi = (value & 0xFFFF00000000ULL) >> 32;
606 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1, lo);
607 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2, mi);
608 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3, hi);
609}
610
611/* Read the firmware capabilities bitmask (Opensource firmware only) */
612static u16 b43_fwcapa_read(struct b43_wldev *dev)
613{
614 B43_WARN_ON(!dev->fw.opensource);
615 return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
616}
617
618void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
619{
620 u32 low, high;
621
622 B43_WARN_ON(dev->dev->core_rev < 3);
623
624 /* The hardware guarantees us an atomic read, if we
625 * read the low register first. */
626 low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
627 high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
628
629 *tsf = high;
630 *tsf <<= 32;
631 *tsf |= low;
632}
633
634static void b43_time_lock(struct b43_wldev *dev)
635{
636 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_TBTTHOLD);
637 /* Commit the write */
638 b43_read32(dev, B43_MMIO_MACCTL);
639}
640
641static void b43_time_unlock(struct b43_wldev *dev)
642{
643 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_TBTTHOLD, 0);
644 /* Commit the write */
645 b43_read32(dev, B43_MMIO_MACCTL);
646}
647
648static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
649{
650 u32 low, high;
651
652 B43_WARN_ON(dev->dev->core_rev < 3);
653
654 low = tsf;
655 high = (tsf >> 32);
656 /* The hardware guarantees us an atomic write, if we
657 * write the low register first. */
658 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
659 mmiowb();
660 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
661 mmiowb();
662}
663
664void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
665{
666 b43_time_lock(dev);
667 b43_tsf_write_locked(dev, tsf);
668 b43_time_unlock(dev);
669}
670
671static
672void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
673{
674 static const u8 zero_addr[ETH_ALEN] = { 0 };
675 u16 data;
676
677 if (!mac)
678 mac = zero_addr;
679
680 offset |= 0x0020;
681 b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
682
683 data = mac[0];
684 data |= mac[1] << 8;
685 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
686 data = mac[2];
687 data |= mac[3] << 8;
688 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
689 data = mac[4];
690 data |= mac[5] << 8;
691 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
692}
693
694static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
695{
696 const u8 *mac;
697 const u8 *bssid;
698 u8 mac_bssid[ETH_ALEN * 2];
699 int i;
700 u32 tmp;
701
702 bssid = dev->wl->bssid;
703 mac = dev->wl->mac_addr;
704
705 b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
706
707 memcpy(mac_bssid, mac, ETH_ALEN);
708 memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
709
710 /* Write our MAC address and BSSID to template ram */
711 for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
712 tmp = (u32) (mac_bssid[i + 0]);
713 tmp |= (u32) (mac_bssid[i + 1]) << 8;
714 tmp |= (u32) (mac_bssid[i + 2]) << 16;
715 tmp |= (u32) (mac_bssid[i + 3]) << 24;
716 b43_ram_write(dev, 0x20 + i, tmp);
717 }
718}
719
720static void b43_upload_card_macaddress(struct b43_wldev *dev)
721{
722 b43_write_mac_bssid_templates(dev);
723 b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
724}
725
726static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
727{
728 /* slot_time is in usec. */
729 /* This test used to exit for all but a G PHY. */
730 if (b43_current_band(dev->wl) == NL80211_BAND_5GHZ)
731 return;
732 b43_write16(dev, B43_MMIO_IFSSLOT, 510 + slot_time);
733 /* Shared memory location 0x0010 is the slot time and should be
734 * set to slot_time; however, this register is initially 0 and changing
735 * the value adversely affects the transmit rate for BCM4311
736 * devices. Until this behavior is unterstood, delete this step
737 *
738 * b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
739 */
740}
741
742static void b43_short_slot_timing_enable(struct b43_wldev *dev)
743{
744 b43_set_slot_time(dev, 9);
745}
746
747static void b43_short_slot_timing_disable(struct b43_wldev *dev)
748{
749 b43_set_slot_time(dev, 20);
750}
751
752/* DummyTransmission function, as documented on
753 * http://bcm-v4.sipsolutions.net/802.11/DummyTransmission
754 */
755void b43_dummy_transmission(struct b43_wldev *dev, bool ofdm, bool pa_on)
756{
757 struct b43_phy *phy = &dev->phy;
758 unsigned int i, max_loop;
759 u16 value;
760 u32 buffer[5] = {
761 0x00000000,
762 0x00D40000,
763 0x00000000,
764 0x01000000,
765 0x00000000,
766 };
767
768 if (ofdm) {
769 max_loop = 0x1E;
770 buffer[0] = 0x000201CC;
771 } else {
772 max_loop = 0xFA;
773 buffer[0] = 0x000B846E;
774 }
775
776 for (i = 0; i < 5; i++)
777 b43_ram_write(dev, i * 4, buffer[i]);
778
779 b43_write16(dev, B43_MMIO_XMTSEL, 0x0000);
780
781 if (dev->dev->core_rev < 11)
782 b43_write16(dev, B43_MMIO_WEPCTL, 0x0000);
783 else
784 b43_write16(dev, B43_MMIO_WEPCTL, 0x0100);
785
786 value = (ofdm ? 0x41 : 0x40);
787 b43_write16(dev, B43_MMIO_TXE0_PHYCTL, value);
788 if (phy->type == B43_PHYTYPE_N || phy->type == B43_PHYTYPE_LP ||
789 phy->type == B43_PHYTYPE_LCN)
790 b43_write16(dev, B43_MMIO_TXE0_PHYCTL1, 0x1A02);
791
792 b43_write16(dev, B43_MMIO_TXE0_WM_0, 0x0000);
793 b43_write16(dev, B43_MMIO_TXE0_WM_1, 0x0000);
794
795 b43_write16(dev, B43_MMIO_XMTTPLATETXPTR, 0x0000);
796 b43_write16(dev, B43_MMIO_XMTTXCNT, 0x0014);
797 b43_write16(dev, B43_MMIO_XMTSEL, 0x0826);
798 b43_write16(dev, B43_MMIO_TXE0_CTL, 0x0000);
799
800 if (!pa_on && phy->type == B43_PHYTYPE_N)
801 ; /*b43_nphy_pa_override(dev, false) */
802
803 switch (phy->type) {
804 case B43_PHYTYPE_N:
805 case B43_PHYTYPE_LCN:
806 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x00D0);
807 break;
808 case B43_PHYTYPE_LP:
809 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0050);
810 break;
811 default:
812 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0030);
813 }
814 b43_read16(dev, B43_MMIO_TXE0_AUX);
815
816 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
817 b43_radio_write16(dev, 0x0051, 0x0017);
818 for (i = 0x00; i < max_loop; i++) {
819 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
820 if (value & 0x0080)
821 break;
822 udelay(10);
823 }
824 for (i = 0x00; i < 0x0A; i++) {
825 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
826 if (value & 0x0400)
827 break;
828 udelay(10);
829 }
830 for (i = 0x00; i < 0x19; i++) {
831 value = b43_read16(dev, B43_MMIO_IFSSTAT);
832 if (!(value & 0x0100))
833 break;
834 udelay(10);
835 }
836 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
837 b43_radio_write16(dev, 0x0051, 0x0037);
838}
839
840static void key_write(struct b43_wldev *dev,
841 u8 index, u8 algorithm, const u8 *key)
842{
843 unsigned int i;
844 u32 offset;
845 u16 value;
846 u16 kidx;
847
848 /* Key index/algo block */
849 kidx = b43_kidx_to_fw(dev, index);
850 value = ((kidx << 4) | algorithm);
851 b43_shm_write16(dev, B43_SHM_SHARED,
852 B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
853
854 /* Write the key to the Key Table Pointer offset */
855 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
856 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
857 value = key[i];
858 value |= (u16) (key[i + 1]) << 8;
859 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
860 }
861}
862
863static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
864{
865 u32 addrtmp[2] = { 0, 0, };
866 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
867
868 if (b43_new_kidx_api(dev))
869 pairwise_keys_start = B43_NR_GROUP_KEYS;
870
871 B43_WARN_ON(index < pairwise_keys_start);
872 /* We have four default TX keys and possibly four default RX keys.
873 * Physical mac 0 is mapped to physical key 4 or 8, depending
874 * on the firmware version.
875 * So we must adjust the index here.
876 */
877 index -= pairwise_keys_start;
878 B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
879
880 if (addr) {
881 addrtmp[0] = addr[0];
882 addrtmp[0] |= ((u32) (addr[1]) << 8);
883 addrtmp[0] |= ((u32) (addr[2]) << 16);
884 addrtmp[0] |= ((u32) (addr[3]) << 24);
885 addrtmp[1] = addr[4];
886 addrtmp[1] |= ((u32) (addr[5]) << 8);
887 }
888
889 /* Receive match transmitter address (RCMTA) mechanism */
890 b43_shm_write32(dev, B43_SHM_RCMTA,
891 (index * 2) + 0, addrtmp[0]);
892 b43_shm_write16(dev, B43_SHM_RCMTA,
893 (index * 2) + 1, addrtmp[1]);
894}
895
896/* The ucode will use phase1 key with TEK key to decrypt rx packets.
897 * When a packet is received, the iv32 is checked.
898 * - if it doesn't the packet is returned without modification (and software
899 * decryption can be done). That's what happen when iv16 wrap.
900 * - if it does, the rc4 key is computed, and decryption is tried.
901 * Either it will success and B43_RX_MAC_DEC is returned,
902 * either it fails and B43_RX_MAC_DEC|B43_RX_MAC_DECERR is returned
903 * and the packet is not usable (it got modified by the ucode).
904 * So in order to never have B43_RX_MAC_DECERR, we should provide
905 * a iv32 and phase1key that match. Because we drop packets in case of
906 * B43_RX_MAC_DECERR, if we have a correct iv32 but a wrong phase1key, all
907 * packets will be lost without higher layer knowing (ie no resync possible
908 * until next wrap).
909 *
910 * NOTE : this should support 50 key like RCMTA because
911 * (B43_SHM_SH_KEYIDXBLOCK - B43_SHM_SH_TKIPTSCTTAK)/14 = 50
912 */
913static void rx_tkip_phase1_write(struct b43_wldev *dev, u8 index, u32 iv32,
914 u16 *phase1key)
915{
916 unsigned int i;
917 u32 offset;
918 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
919
920 if (!modparam_hwtkip)
921 return;
922
923 if (b43_new_kidx_api(dev))
924 pairwise_keys_start = B43_NR_GROUP_KEYS;
925
926 B43_WARN_ON(index < pairwise_keys_start);
927 /* We have four default TX keys and possibly four default RX keys.
928 * Physical mac 0 is mapped to physical key 4 or 8, depending
929 * on the firmware version.
930 * So we must adjust the index here.
931 */
932 index -= pairwise_keys_start;
933 B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
934
935 if (b43_debug(dev, B43_DBG_KEYS)) {
936 b43dbg(dev->wl, "rx_tkip_phase1_write : idx 0x%x, iv32 0x%x\n",
937 index, iv32);
938 }
939 /* Write the key to the RX tkip shared mem */
940 offset = B43_SHM_SH_TKIPTSCTTAK + index * (10 + 4);
941 for (i = 0; i < 10; i += 2) {
942 b43_shm_write16(dev, B43_SHM_SHARED, offset + i,
943 phase1key ? phase1key[i / 2] : 0);
944 }
945 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, iv32);
946 b43_shm_write16(dev, B43_SHM_SHARED, offset + i + 2, iv32 >> 16);
947}
948
949static void b43_op_update_tkip_key(struct ieee80211_hw *hw,
950 struct ieee80211_vif *vif,
951 struct ieee80211_key_conf *keyconf,
952 struct ieee80211_sta *sta,
953 u32 iv32, u16 *phase1key)
954{
955 struct b43_wl *wl = hw_to_b43_wl(hw);
956 struct b43_wldev *dev;
957 int index = keyconf->hw_key_idx;
958
959 if (B43_WARN_ON(!modparam_hwtkip))
960 return;
961
962 /* This is only called from the RX path through mac80211, where
963 * our mutex is already locked. */
964 B43_WARN_ON(!mutex_is_locked(&wl->mutex));
965 dev = wl->current_dev;
966 B43_WARN_ON(!dev || b43_status(dev) < B43_STAT_INITIALIZED);
967
968 keymac_write(dev, index, NULL); /* First zero out mac to avoid race */
969
970 rx_tkip_phase1_write(dev, index, iv32, phase1key);
971 /* only pairwise TKIP keys are supported right now */
972 if (WARN_ON(!sta))
973 return;
974 keymac_write(dev, index, sta->addr);
975}
976
977static void do_key_write(struct b43_wldev *dev,
978 u8 index, u8 algorithm,
979 const u8 *key, size_t key_len, const u8 *mac_addr)
980{
981 u8 buf[B43_SEC_KEYSIZE] = { 0, };
982 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
983
984 if (b43_new_kidx_api(dev))
985 pairwise_keys_start = B43_NR_GROUP_KEYS;
986
987 B43_WARN_ON(index >= ARRAY_SIZE(dev->key));
988 B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
989
990 if (index >= pairwise_keys_start)
991 keymac_write(dev, index, NULL); /* First zero out mac. */
992 if (algorithm == B43_SEC_ALGO_TKIP) {
993 /*
994 * We should provide an initial iv32, phase1key pair.
995 * We could start with iv32=0 and compute the corresponding
996 * phase1key, but this means calling ieee80211_get_tkip_key
997 * with a fake skb (or export other tkip function).
998 * Because we are lazy we hope iv32 won't start with
999 * 0xffffffff and let's b43_op_update_tkip_key provide a
1000 * correct pair.
1001 */
1002 rx_tkip_phase1_write(dev, index, 0xffffffff, (u16*)buf);
1003 } else if (index >= pairwise_keys_start) /* clear it */
1004 rx_tkip_phase1_write(dev, index, 0, NULL);
1005 if (key)
1006 memcpy(buf, key, key_len);
1007 key_write(dev, index, algorithm, buf);
1008 if (index >= pairwise_keys_start)
1009 keymac_write(dev, index, mac_addr);
1010
1011 dev->key[index].algorithm = algorithm;
1012}
1013
1014static int b43_key_write(struct b43_wldev *dev,
1015 int index, u8 algorithm,
1016 const u8 *key, size_t key_len,
1017 const u8 *mac_addr,
1018 struct ieee80211_key_conf *keyconf)
1019{
1020 int i;
1021 int pairwise_keys_start;
1022
1023 /* For ALG_TKIP the key is encoded as a 256-bit (32 byte) data block:
1024 * - Temporal Encryption Key (128 bits)
1025 * - Temporal Authenticator Tx MIC Key (64 bits)
1026 * - Temporal Authenticator Rx MIC Key (64 bits)
1027 *
1028 * Hardware only store TEK
1029 */
1030 if (algorithm == B43_SEC_ALGO_TKIP && key_len == 32)
1031 key_len = 16;
1032 if (key_len > B43_SEC_KEYSIZE)
1033 return -EINVAL;
1034 for (i = 0; i < ARRAY_SIZE(dev->key); i++) {
1035 /* Check that we don't already have this key. */
1036 B43_WARN_ON(dev->key[i].keyconf == keyconf);
1037 }
1038 if (index < 0) {
1039 /* Pairwise key. Get an empty slot for the key. */
1040 if (b43_new_kidx_api(dev))
1041 pairwise_keys_start = B43_NR_GROUP_KEYS;
1042 else
1043 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1044 for (i = pairwise_keys_start;
1045 i < pairwise_keys_start + B43_NR_PAIRWISE_KEYS;
1046 i++) {
1047 B43_WARN_ON(i >= ARRAY_SIZE(dev->key));
1048 if (!dev->key[i].keyconf) {
1049 /* found empty */
1050 index = i;
1051 break;
1052 }
1053 }
1054 if (index < 0) {
1055 b43warn(dev->wl, "Out of hardware key memory\n");
1056 return -ENOSPC;
1057 }
1058 } else
1059 B43_WARN_ON(index > 3);
1060
1061 do_key_write(dev, index, algorithm, key, key_len, mac_addr);
1062 if ((index <= 3) && !b43_new_kidx_api(dev)) {
1063 /* Default RX key */
1064 B43_WARN_ON(mac_addr);
1065 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
1066 }
1067 keyconf->hw_key_idx = index;
1068 dev->key[index].keyconf = keyconf;
1069
1070 return 0;
1071}
1072
1073static int b43_key_clear(struct b43_wldev *dev, int index)
1074{
1075 if (B43_WARN_ON((index < 0) || (index >= ARRAY_SIZE(dev->key))))
1076 return -EINVAL;
1077 do_key_write(dev, index, B43_SEC_ALGO_NONE,
1078 NULL, B43_SEC_KEYSIZE, NULL);
1079 if ((index <= 3) && !b43_new_kidx_api(dev)) {
1080 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
1081 NULL, B43_SEC_KEYSIZE, NULL);
1082 }
1083 dev->key[index].keyconf = NULL;
1084
1085 return 0;
1086}
1087
1088static void b43_clear_keys(struct b43_wldev *dev)
1089{
1090 int i, count;
1091
1092 if (b43_new_kidx_api(dev))
1093 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1094 else
1095 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1096 for (i = 0; i < count; i++)
1097 b43_key_clear(dev, i);
1098}
1099
1100static void b43_dump_keymemory(struct b43_wldev *dev)
1101{
1102 unsigned int i, index, count, offset, pairwise_keys_start;
1103 u8 mac[ETH_ALEN];
1104 u16 algo;
1105 u32 rcmta0;
1106 u16 rcmta1;
1107 u64 hf;
1108 struct b43_key *key;
1109
1110 if (!b43_debug(dev, B43_DBG_KEYS))
1111 return;
1112
1113 hf = b43_hf_read(dev);
1114 b43dbg(dev->wl, "Hardware key memory dump: USEDEFKEYS=%u\n",
1115 !!(hf & B43_HF_USEDEFKEYS));
1116 if (b43_new_kidx_api(dev)) {
1117 pairwise_keys_start = B43_NR_GROUP_KEYS;
1118 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1119 } else {
1120 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1121 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1122 }
1123 for (index = 0; index < count; index++) {
1124 key = &(dev->key[index]);
1125 printk(KERN_DEBUG "Key slot %02u: %s",
1126 index, (key->keyconf == NULL) ? " " : "*");
1127 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
1128 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
1129 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1130 printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1131 }
1132
1133 algo = b43_shm_read16(dev, B43_SHM_SHARED,
1134 B43_SHM_SH_KEYIDXBLOCK + (index * 2));
1135 printk(" Algo: %04X/%02X", algo, key->algorithm);
1136
1137 if (index >= pairwise_keys_start) {
1138 if (key->algorithm == B43_SEC_ALGO_TKIP) {
1139 printk(" TKIP: ");
1140 offset = B43_SHM_SH_TKIPTSCTTAK + (index - 4) * (10 + 4);
1141 for (i = 0; i < 14; i += 2) {
1142 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1143 printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1144 }
1145 }
1146 rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
1147 ((index - pairwise_keys_start) * 2) + 0);
1148 rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
1149 ((index - pairwise_keys_start) * 2) + 1);
1150 *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
1151 *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
1152 printk(" MAC: %pM", mac);
1153 } else
1154 printk(" DEFAULT KEY");
1155 printk("\n");
1156 }
1157}
1158
1159void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1160{
1161 u32 macctl;
1162 u16 ucstat;
1163 bool hwps;
1164 bool awake;
1165 int i;
1166
1167 B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1168 (ps_flags & B43_PS_DISABLED));
1169 B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1170
1171 if (ps_flags & B43_PS_ENABLED) {
1172 hwps = true;
1173 } else if (ps_flags & B43_PS_DISABLED) {
1174 hwps = false;
1175 } else {
1176 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1177 // and thus is not an AP and we are associated, set bit 25
1178 }
1179 if (ps_flags & B43_PS_AWAKE) {
1180 awake = true;
1181 } else if (ps_flags & B43_PS_ASLEEP) {
1182 awake = false;
1183 } else {
1184 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1185 // or we are associated, or FIXME, or the latest PS-Poll packet sent was
1186 // successful, set bit26
1187 }
1188
1189/* FIXME: For now we force awake-on and hwps-off */
1190 hwps = false;
1191 awake = true;
1192
1193 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1194 if (hwps)
1195 macctl |= B43_MACCTL_HWPS;
1196 else
1197 macctl &= ~B43_MACCTL_HWPS;
1198 if (awake)
1199 macctl |= B43_MACCTL_AWAKE;
1200 else
1201 macctl &= ~B43_MACCTL_AWAKE;
1202 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1203 /* Commit write */
1204 b43_read32(dev, B43_MMIO_MACCTL);
1205 if (awake && dev->dev->core_rev >= 5) {
1206 /* Wait for the microcode to wake up. */
1207 for (i = 0; i < 100; i++) {
1208 ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1209 B43_SHM_SH_UCODESTAT);
1210 if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1211 break;
1212 udelay(10);
1213 }
1214 }
1215}
1216
1217/* http://bcm-v4.sipsolutions.net/802.11/PHY/BmacCorePllReset */
1218void b43_wireless_core_phy_pll_reset(struct b43_wldev *dev)
1219{
1220 struct bcma_drv_cc *bcma_cc __maybe_unused;
1221 struct ssb_chipcommon *ssb_cc __maybe_unused;
1222
1223 switch (dev->dev->bus_type) {
1224#ifdef CONFIG_B43_BCMA
1225 case B43_BUS_BCMA:
1226 bcma_cc = &dev->dev->bdev->bus->drv_cc;
1227
1228 bcma_cc_write32(bcma_cc, BCMA_CC_PMU_CHIPCTL_ADDR, 0);
1229 bcma_cc_mask32(bcma_cc, BCMA_CC_PMU_CHIPCTL_DATA, ~0x4);
1230 bcma_cc_set32(bcma_cc, BCMA_CC_PMU_CHIPCTL_DATA, 0x4);
1231 bcma_cc_mask32(bcma_cc, BCMA_CC_PMU_CHIPCTL_DATA, ~0x4);
1232 break;
1233#endif
1234#ifdef CONFIG_B43_SSB
1235 case B43_BUS_SSB:
1236 ssb_cc = &dev->dev->sdev->bus->chipco;
1237
1238 chipco_write32(ssb_cc, SSB_CHIPCO_CHIPCTL_ADDR, 0);
1239 chipco_mask32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, ~0x4);
1240 chipco_set32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, 0x4);
1241 chipco_mask32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, ~0x4);
1242 break;
1243#endif
1244 }
1245}
1246
1247#ifdef CONFIG_B43_BCMA
1248static void b43_bcma_phy_reset(struct b43_wldev *dev)
1249{
1250 u32 flags;
1251
1252 /* Put PHY into reset */
1253 flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1254 flags |= B43_BCMA_IOCTL_PHY_RESET;
1255 flags |= B43_BCMA_IOCTL_PHY_BW_20MHZ; /* Make 20 MHz def */
1256 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1257 udelay(2);
1258
1259 b43_phy_take_out_of_reset(dev);
1260}
1261
1262static void b43_bcma_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1263{
1264 u32 req = B43_BCMA_CLKCTLST_80211_PLL_REQ |
1265 B43_BCMA_CLKCTLST_PHY_PLL_REQ;
1266 u32 status = B43_BCMA_CLKCTLST_80211_PLL_ST |
1267 B43_BCMA_CLKCTLST_PHY_PLL_ST;
1268 u32 flags;
1269
1270 flags = B43_BCMA_IOCTL_PHY_CLKEN;
1271 if (gmode)
1272 flags |= B43_BCMA_IOCTL_GMODE;
1273 b43_device_enable(dev, flags);
1274
1275 if (dev->phy.type == B43_PHYTYPE_AC) {
1276 u16 tmp;
1277
1278 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1279 tmp &= ~B43_BCMA_IOCTL_DAC;
1280 tmp |= 0x100;
1281 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1282
1283 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1284 tmp &= ~B43_BCMA_IOCTL_PHY_CLKEN;
1285 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1286
1287 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1288 tmp |= B43_BCMA_IOCTL_PHY_CLKEN;
1289 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1290 }
1291
1292 bcma_core_set_clockmode(dev->dev->bdev, BCMA_CLKMODE_FAST);
1293 b43_bcma_phy_reset(dev);
1294 bcma_core_pll_ctl(dev->dev->bdev, req, status, true);
1295}
1296#endif
1297
1298#ifdef CONFIG_B43_SSB
1299static void b43_ssb_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1300{
1301 u32 flags = 0;
1302
1303 if (gmode)
1304 flags |= B43_TMSLOW_GMODE;
1305 flags |= B43_TMSLOW_PHYCLKEN;
1306 flags |= B43_TMSLOW_PHYRESET;
1307 if (dev->phy.type == B43_PHYTYPE_N)
1308 flags |= B43_TMSLOW_PHY_BANDWIDTH_20MHZ; /* Make 20 MHz def */
1309 b43_device_enable(dev, flags);
1310 msleep(2); /* Wait for the PLL to turn on. */
1311
1312 b43_phy_take_out_of_reset(dev);
1313}
1314#endif
1315
1316void b43_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1317{
1318 u32 macctl;
1319
1320 switch (dev->dev->bus_type) {
1321#ifdef CONFIG_B43_BCMA
1322 case B43_BUS_BCMA:
1323 b43_bcma_wireless_core_reset(dev, gmode);
1324 break;
1325#endif
1326#ifdef CONFIG_B43_SSB
1327 case B43_BUS_SSB:
1328 b43_ssb_wireless_core_reset(dev, gmode);
1329 break;
1330#endif
1331 }
1332
1333 /* Turn Analog ON, but only if we already know the PHY-type.
1334 * This protects against very early setup where we don't know the
1335 * PHY-type, yet. wireless_core_reset will be called once again later,
1336 * when we know the PHY-type. */
1337 if (dev->phy.ops)
1338 dev->phy.ops->switch_analog(dev, 1);
1339
1340 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1341 macctl &= ~B43_MACCTL_GMODE;
1342 if (gmode)
1343 macctl |= B43_MACCTL_GMODE;
1344 macctl |= B43_MACCTL_IHR_ENABLED;
1345 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1346}
1347
1348static void handle_irq_transmit_status(struct b43_wldev *dev)
1349{
1350 u32 v0, v1;
1351 u16 tmp;
1352 struct b43_txstatus stat;
1353
1354 while (1) {
1355 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1356 if (!(v0 & 0x00000001))
1357 break;
1358 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1359
1360 stat.cookie = (v0 >> 16);
1361 stat.seq = (v1 & 0x0000FFFF);
1362 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1363 tmp = (v0 & 0x0000FFFF);
1364 stat.frame_count = ((tmp & 0xF000) >> 12);
1365 stat.rts_count = ((tmp & 0x0F00) >> 8);
1366 stat.supp_reason = ((tmp & 0x001C) >> 2);
1367 stat.pm_indicated = !!(tmp & 0x0080);
1368 stat.intermediate = !!(tmp & 0x0040);
1369 stat.for_ampdu = !!(tmp & 0x0020);
1370 stat.acked = !!(tmp & 0x0002);
1371
1372 b43_handle_txstatus(dev, &stat);
1373 }
1374}
1375
1376static void drain_txstatus_queue(struct b43_wldev *dev)
1377{
1378 u32 dummy;
1379
1380 if (dev->dev->core_rev < 5)
1381 return;
1382 /* Read all entries from the microcode TXstatus FIFO
1383 * and throw them away.
1384 */
1385 while (1) {
1386 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1387 if (!(dummy & 0x00000001))
1388 break;
1389 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1390 }
1391}
1392
1393static u32 b43_jssi_read(struct b43_wldev *dev)
1394{
1395 u32 val = 0;
1396
1397 val = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1);
1398 val <<= 16;
1399 val |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0);
1400
1401 return val;
1402}
1403
1404static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1405{
1406 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0,
1407 (jssi & 0x0000FFFF));
1408 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1,
1409 (jssi & 0xFFFF0000) >> 16);
1410}
1411
1412static void b43_generate_noise_sample(struct b43_wldev *dev)
1413{
1414 b43_jssi_write(dev, 0x7F7F7F7F);
1415 b43_write32(dev, B43_MMIO_MACCMD,
1416 b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1417}
1418
1419static void b43_calculate_link_quality(struct b43_wldev *dev)
1420{
1421 /* Top half of Link Quality calculation. */
1422
1423 if (dev->phy.type != B43_PHYTYPE_G)
1424 return;
1425 if (dev->noisecalc.calculation_running)
1426 return;
1427 dev->noisecalc.calculation_running = true;
1428 dev->noisecalc.nr_samples = 0;
1429
1430 b43_generate_noise_sample(dev);
1431}
1432
1433static void handle_irq_noise(struct b43_wldev *dev)
1434{
1435 struct b43_phy_g *phy = dev->phy.g;
1436 u16 tmp;
1437 u8 noise[4];
1438 u8 i, j;
1439 s32 average;
1440
1441 /* Bottom half of Link Quality calculation. */
1442
1443 if (dev->phy.type != B43_PHYTYPE_G)
1444 return;
1445
1446 /* Possible race condition: It might be possible that the user
1447 * changed to a different channel in the meantime since we
1448 * started the calculation. We ignore that fact, since it's
1449 * not really that much of a problem. The background noise is
1450 * an estimation only anyway. Slightly wrong results will get damped
1451 * by the averaging of the 8 sample rounds. Additionally the
1452 * value is shortlived. So it will be replaced by the next noise
1453 * calculation round soon. */
1454
1455 B43_WARN_ON(!dev->noisecalc.calculation_running);
1456 *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1457 if (noise[0] == 0x7F || noise[1] == 0x7F ||
1458 noise[2] == 0x7F || noise[3] == 0x7F)
1459 goto generate_new;
1460
1461 /* Get the noise samples. */
1462 B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1463 i = dev->noisecalc.nr_samples;
1464 noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1465 noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1466 noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1467 noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1468 dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1469 dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1470 dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1471 dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1472 dev->noisecalc.nr_samples++;
1473 if (dev->noisecalc.nr_samples == 8) {
1474 /* Calculate the Link Quality by the noise samples. */
1475 average = 0;
1476 for (i = 0; i < 8; i++) {
1477 for (j = 0; j < 4; j++)
1478 average += dev->noisecalc.samples[i][j];
1479 }
1480 average /= (8 * 4);
1481 average *= 125;
1482 average += 64;
1483 average /= 128;
1484 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1485 tmp = (tmp / 128) & 0x1F;
1486 if (tmp >= 8)
1487 average += 2;
1488 else
1489 average -= 25;
1490 if (tmp == 8)
1491 average -= 72;
1492 else
1493 average -= 48;
1494
1495 dev->stats.link_noise = average;
1496 dev->noisecalc.calculation_running = false;
1497 return;
1498 }
1499generate_new:
1500 b43_generate_noise_sample(dev);
1501}
1502
1503static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1504{
1505 if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1506 ///TODO: PS TBTT
1507 } else {
1508 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1509 b43_power_saving_ctl_bits(dev, 0);
1510 }
1511 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1512 dev->dfq_valid = true;
1513}
1514
1515static void handle_irq_atim_end(struct b43_wldev *dev)
1516{
1517 if (dev->dfq_valid) {
1518 b43_write32(dev, B43_MMIO_MACCMD,
1519 b43_read32(dev, B43_MMIO_MACCMD)
1520 | B43_MACCMD_DFQ_VALID);
1521 dev->dfq_valid = false;
1522 }
1523}
1524
1525static void handle_irq_pmq(struct b43_wldev *dev)
1526{
1527 u32 tmp;
1528
1529 //TODO: AP mode.
1530
1531 while (1) {
1532 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1533 if (!(tmp & 0x00000008))
1534 break;
1535 }
1536 /* 16bit write is odd, but correct. */
1537 b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1538}
1539
1540static void b43_write_template_common(struct b43_wldev *dev,
1541 const u8 *data, u16 size,
1542 u16 ram_offset,
1543 u16 shm_size_offset, u8 rate)
1544{
1545 u32 i, tmp;
1546 struct b43_plcp_hdr4 plcp;
1547
1548 plcp.data = 0;
1549 b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1550 b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1551 ram_offset += sizeof(u32);
1552 /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1553 * So leave the first two bytes of the next write blank.
1554 */
1555 tmp = (u32) (data[0]) << 16;
1556 tmp |= (u32) (data[1]) << 24;
1557 b43_ram_write(dev, ram_offset, tmp);
1558 ram_offset += sizeof(u32);
1559 for (i = 2; i < size; i += sizeof(u32)) {
1560 tmp = (u32) (data[i + 0]);
1561 if (i + 1 < size)
1562 tmp |= (u32) (data[i + 1]) << 8;
1563 if (i + 2 < size)
1564 tmp |= (u32) (data[i + 2]) << 16;
1565 if (i + 3 < size)
1566 tmp |= (u32) (data[i + 3]) << 24;
1567 b43_ram_write(dev, ram_offset + i - 2, tmp);
1568 }
1569 b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1570 size + sizeof(struct b43_plcp_hdr6));
1571}
1572
1573/* Check if the use of the antenna that ieee80211 told us to
1574 * use is possible. This will fall back to DEFAULT.
1575 * "antenna_nr" is the antenna identifier we got from ieee80211. */
1576u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1577 u8 antenna_nr)
1578{
1579 u8 antenna_mask;
1580
1581 if (antenna_nr == 0) {
1582 /* Zero means "use default antenna". That's always OK. */
1583 return 0;
1584 }
1585
1586 /* Get the mask of available antennas. */
1587 if (dev->phy.gmode)
1588 antenna_mask = dev->dev->bus_sprom->ant_available_bg;
1589 else
1590 antenna_mask = dev->dev->bus_sprom->ant_available_a;
1591
1592 if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1593 /* This antenna is not available. Fall back to default. */
1594 return 0;
1595 }
1596
1597 return antenna_nr;
1598}
1599
1600/* Convert a b43 antenna number value to the PHY TX control value. */
1601static u16 b43_antenna_to_phyctl(int antenna)
1602{
1603 switch (antenna) {
1604 case B43_ANTENNA0:
1605 return B43_TXH_PHY_ANT0;
1606 case B43_ANTENNA1:
1607 return B43_TXH_PHY_ANT1;
1608 case B43_ANTENNA2:
1609 return B43_TXH_PHY_ANT2;
1610 case B43_ANTENNA3:
1611 return B43_TXH_PHY_ANT3;
1612 case B43_ANTENNA_AUTO0:
1613 case B43_ANTENNA_AUTO1:
1614 return B43_TXH_PHY_ANT01AUTO;
1615 }
1616 B43_WARN_ON(1);
1617 return 0;
1618}
1619
1620static void b43_write_beacon_template(struct b43_wldev *dev,
1621 u16 ram_offset,
1622 u16 shm_size_offset)
1623{
1624 unsigned int i, len, variable_len;
1625 const struct ieee80211_mgmt *bcn;
1626 const u8 *ie;
1627 bool tim_found = false;
1628 unsigned int rate;
1629 u16 ctl;
1630 int antenna;
1631 struct ieee80211_tx_info *info;
1632 unsigned long flags;
1633 struct sk_buff *beacon_skb;
1634
1635 spin_lock_irqsave(&dev->wl->beacon_lock, flags);
1636 info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1637 rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1638 /* Clone the beacon, so it cannot go away, while we write it to hw. */
1639 beacon_skb = skb_clone(dev->wl->current_beacon, GFP_ATOMIC);
1640 spin_unlock_irqrestore(&dev->wl->beacon_lock, flags);
1641
1642 if (!beacon_skb) {
1643 b43dbg(dev->wl, "Could not upload beacon. "
1644 "Failed to clone beacon skb.");
1645 return;
1646 }
1647
1648 bcn = (const struct ieee80211_mgmt *)(beacon_skb->data);
1649 len = min_t(size_t, beacon_skb->len,
1650 0x200 - sizeof(struct b43_plcp_hdr6));
1651
1652 b43_write_template_common(dev, (const u8 *)bcn,
1653 len, ram_offset, shm_size_offset, rate);
1654
1655 /* Write the PHY TX control parameters. */
1656 antenna = B43_ANTENNA_DEFAULT;
1657 antenna = b43_antenna_to_phyctl(antenna);
1658 ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1659 /* We can't send beacons with short preamble. Would get PHY errors. */
1660 ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1661 ctl &= ~B43_TXH_PHY_ANT;
1662 ctl &= ~B43_TXH_PHY_ENC;
1663 ctl |= antenna;
1664 if (b43_is_cck_rate(rate))
1665 ctl |= B43_TXH_PHY_ENC_CCK;
1666 else
1667 ctl |= B43_TXH_PHY_ENC_OFDM;
1668 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1669
1670 /* Find the position of the TIM and the DTIM_period value
1671 * and write them to SHM. */
1672 ie = bcn->u.beacon.variable;
1673 variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1674 for (i = 0; i < variable_len - 2; ) {
1675 uint8_t ie_id, ie_len;
1676
1677 ie_id = ie[i];
1678 ie_len = ie[i + 1];
1679 if (ie_id == 5) {
1680 u16 tim_position;
1681 u16 dtim_period;
1682 /* This is the TIM Information Element */
1683
1684 /* Check whether the ie_len is in the beacon data range. */
1685 if (variable_len < ie_len + 2 + i)
1686 break;
1687 /* A valid TIM is at least 4 bytes long. */
1688 if (ie_len < 4)
1689 break;
1690 tim_found = true;
1691
1692 tim_position = sizeof(struct b43_plcp_hdr6);
1693 tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1694 tim_position += i;
1695
1696 dtim_period = ie[i + 3];
1697
1698 b43_shm_write16(dev, B43_SHM_SHARED,
1699 B43_SHM_SH_TIMBPOS, tim_position);
1700 b43_shm_write16(dev, B43_SHM_SHARED,
1701 B43_SHM_SH_DTIMPER, dtim_period);
1702 break;
1703 }
1704 i += ie_len + 2;
1705 }
1706 if (!tim_found) {
1707 /*
1708 * If ucode wants to modify TIM do it behind the beacon, this
1709 * will happen, for example, when doing mesh networking.
1710 */
1711 b43_shm_write16(dev, B43_SHM_SHARED,
1712 B43_SHM_SH_TIMBPOS,
1713 len + sizeof(struct b43_plcp_hdr6));
1714 b43_shm_write16(dev, B43_SHM_SHARED,
1715 B43_SHM_SH_DTIMPER, 0);
1716 }
1717 b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1718
1719 dev_kfree_skb_any(beacon_skb);
1720}
1721
1722static void b43_upload_beacon0(struct b43_wldev *dev)
1723{
1724 struct b43_wl *wl = dev->wl;
1725
1726 if (wl->beacon0_uploaded)
1727 return;
1728 b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE0, B43_SHM_SH_BTL0);
1729 wl->beacon0_uploaded = true;
1730}
1731
1732static void b43_upload_beacon1(struct b43_wldev *dev)
1733{
1734 struct b43_wl *wl = dev->wl;
1735
1736 if (wl->beacon1_uploaded)
1737 return;
1738 b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE1, B43_SHM_SH_BTL1);
1739 wl->beacon1_uploaded = true;
1740}
1741
1742static void handle_irq_beacon(struct b43_wldev *dev)
1743{
1744 struct b43_wl *wl = dev->wl;
1745 u32 cmd, beacon0_valid, beacon1_valid;
1746
1747 if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1748 !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) &&
1749 !b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
1750 return;
1751
1752 /* This is the bottom half of the asynchronous beacon update. */
1753
1754 /* Ignore interrupt in the future. */
1755 dev->irq_mask &= ~B43_IRQ_BEACON;
1756
1757 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1758 beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1759 beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1760
1761 /* Schedule interrupt manually, if busy. */
1762 if (beacon0_valid && beacon1_valid) {
1763 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1764 dev->irq_mask |= B43_IRQ_BEACON;
1765 return;
1766 }
1767
1768 if (unlikely(wl->beacon_templates_virgin)) {
1769 /* We never uploaded a beacon before.
1770 * Upload both templates now, but only mark one valid. */
1771 wl->beacon_templates_virgin = false;
1772 b43_upload_beacon0(dev);
1773 b43_upload_beacon1(dev);
1774 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1775 cmd |= B43_MACCMD_BEACON0_VALID;
1776 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1777 } else {
1778 if (!beacon0_valid) {
1779 b43_upload_beacon0(dev);
1780 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1781 cmd |= B43_MACCMD_BEACON0_VALID;
1782 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1783 } else if (!beacon1_valid) {
1784 b43_upload_beacon1(dev);
1785 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1786 cmd |= B43_MACCMD_BEACON1_VALID;
1787 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1788 }
1789 }
1790}
1791
1792static void b43_do_beacon_update_trigger_work(struct b43_wldev *dev)
1793{
1794 u32 old_irq_mask = dev->irq_mask;
1795
1796 /* update beacon right away or defer to irq */
1797 handle_irq_beacon(dev);
1798 if (old_irq_mask != dev->irq_mask) {
1799 /* The handler updated the IRQ mask. */
1800 B43_WARN_ON(!dev->irq_mask);
1801 if (b43_read32(dev, B43_MMIO_GEN_IRQ_MASK)) {
1802 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1803 } else {
1804 /* Device interrupts are currently disabled. That means
1805 * we just ran the hardirq handler and scheduled the
1806 * IRQ thread. The thread will write the IRQ mask when
1807 * it finished, so there's nothing to do here. Writing
1808 * the mask _here_ would incorrectly re-enable IRQs. */
1809 }
1810 }
1811}
1812
1813static void b43_beacon_update_trigger_work(struct work_struct *work)
1814{
1815 struct b43_wl *wl = container_of(work, struct b43_wl,
1816 beacon_update_trigger);
1817 struct b43_wldev *dev;
1818
1819 mutex_lock(&wl->mutex);
1820 dev = wl->current_dev;
1821 if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1822 if (b43_bus_host_is_sdio(dev->dev)) {
1823 /* wl->mutex is enough. */
1824 b43_do_beacon_update_trigger_work(dev);
1825 mmiowb();
1826 } else {
1827 spin_lock_irq(&wl->hardirq_lock);
1828 b43_do_beacon_update_trigger_work(dev);
1829 mmiowb();
1830 spin_unlock_irq(&wl->hardirq_lock);
1831 }
1832 }
1833 mutex_unlock(&wl->mutex);
1834}
1835
1836/* Asynchronously update the packet templates in template RAM. */
1837static void b43_update_templates(struct b43_wl *wl)
1838{
1839 struct sk_buff *beacon, *old_beacon;
1840 unsigned long flags;
1841
1842 /* This is the top half of the asynchronous beacon update.
1843 * The bottom half is the beacon IRQ.
1844 * Beacon update must be asynchronous to avoid sending an
1845 * invalid beacon. This can happen for example, if the firmware
1846 * transmits a beacon while we are updating it. */
1847
1848 /* We could modify the existing beacon and set the aid bit in
1849 * the TIM field, but that would probably require resizing and
1850 * moving of data within the beacon template.
1851 * Simply request a new beacon and let mac80211 do the hard work. */
1852 beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1853 if (unlikely(!beacon))
1854 return;
1855
1856 spin_lock_irqsave(&wl->beacon_lock, flags);
1857 old_beacon = wl->current_beacon;
1858 wl->current_beacon = beacon;
1859 wl->beacon0_uploaded = false;
1860 wl->beacon1_uploaded = false;
1861 spin_unlock_irqrestore(&wl->beacon_lock, flags);
1862
1863 ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1864
1865 if (old_beacon)
1866 dev_kfree_skb_any(old_beacon);
1867}
1868
1869static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1870{
1871 b43_time_lock(dev);
1872 if (dev->dev->core_rev >= 3) {
1873 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1874 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1875 } else {
1876 b43_write16(dev, 0x606, (beacon_int >> 6));
1877 b43_write16(dev, 0x610, beacon_int);
1878 }
1879 b43_time_unlock(dev);
1880 b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1881}
1882
1883static void b43_handle_firmware_panic(struct b43_wldev *dev)
1884{
1885 u16 reason;
1886
1887 /* Read the register that contains the reason code for the panic. */
1888 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1889 b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1890
1891 switch (reason) {
1892 default:
1893 b43dbg(dev->wl, "The panic reason is unknown.\n");
1894 /* fallthrough */
1895 case B43_FWPANIC_DIE:
1896 /* Do not restart the controller or firmware.
1897 * The device is nonfunctional from now on.
1898 * Restarting would result in this panic to trigger again,
1899 * so we avoid that recursion. */
1900 break;
1901 case B43_FWPANIC_RESTART:
1902 b43_controller_restart(dev, "Microcode panic");
1903 break;
1904 }
1905}
1906
1907static void handle_irq_ucode_debug(struct b43_wldev *dev)
1908{
1909 unsigned int i, cnt;
1910 u16 reason, marker_id, marker_line;
1911 __le16 *buf;
1912
1913 /* The proprietary firmware doesn't have this IRQ. */
1914 if (!dev->fw.opensource)
1915 return;
1916
1917 /* Read the register that contains the reason code for this IRQ. */
1918 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1919
1920 switch (reason) {
1921 case B43_DEBUGIRQ_PANIC:
1922 b43_handle_firmware_panic(dev);
1923 break;
1924 case B43_DEBUGIRQ_DUMP_SHM:
1925 if (!B43_DEBUG)
1926 break; /* Only with driver debugging enabled. */
1927 buf = kmalloc(4096, GFP_ATOMIC);
1928 if (!buf) {
1929 b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1930 goto out;
1931 }
1932 for (i = 0; i < 4096; i += 2) {
1933 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1934 buf[i / 2] = cpu_to_le16(tmp);
1935 }
1936 b43info(dev->wl, "Shared memory dump:\n");
1937 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1938 16, 2, buf, 4096, 1);
1939 kfree(buf);
1940 break;
1941 case B43_DEBUGIRQ_DUMP_REGS:
1942 if (!B43_DEBUG)
1943 break; /* Only with driver debugging enabled. */
1944 b43info(dev->wl, "Microcode register dump:\n");
1945 for (i = 0, cnt = 0; i < 64; i++) {
1946 u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1947 if (cnt == 0)
1948 printk(KERN_INFO);
1949 printk("r%02u: 0x%04X ", i, tmp);
1950 cnt++;
1951 if (cnt == 6) {
1952 printk("\n");
1953 cnt = 0;
1954 }
1955 }
1956 printk("\n");
1957 break;
1958 case B43_DEBUGIRQ_MARKER:
1959 if (!B43_DEBUG)
1960 break; /* Only with driver debugging enabled. */
1961 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1962 B43_MARKER_ID_REG);
1963 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1964 B43_MARKER_LINE_REG);
1965 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1966 "at line number %u\n",
1967 marker_id, marker_line);
1968 break;
1969 default:
1970 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1971 reason);
1972 }
1973out:
1974 /* Acknowledge the debug-IRQ, so the firmware can continue. */
1975 b43_shm_write16(dev, B43_SHM_SCRATCH,
1976 B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1977}
1978
1979static void b43_do_interrupt_thread(struct b43_wldev *dev)
1980{
1981 u32 reason;
1982 u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1983 u32 merged_dma_reason = 0;
1984 int i;
1985
1986 if (unlikely(b43_status(dev) != B43_STAT_STARTED))
1987 return;
1988
1989 reason = dev->irq_reason;
1990 for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1991 dma_reason[i] = dev->dma_reason[i];
1992 merged_dma_reason |= dma_reason[i];
1993 }
1994
1995 if (unlikely(reason & B43_IRQ_MAC_TXERR))
1996 b43err(dev->wl, "MAC transmission error\n");
1997
1998 if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1999 b43err(dev->wl, "PHY transmission error\n");
2000 rmb();
2001 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
2002 atomic_set(&dev->phy.txerr_cnt,
2003 B43_PHY_TX_BADNESS_LIMIT);
2004 b43err(dev->wl, "Too many PHY TX errors, "
2005 "restarting the controller\n");
2006 b43_controller_restart(dev, "PHY TX errors");
2007 }
2008 }
2009
2010 if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK))) {
2011 b43err(dev->wl,
2012 "Fatal DMA error: 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X\n",
2013 dma_reason[0], dma_reason[1],
2014 dma_reason[2], dma_reason[3],
2015 dma_reason[4], dma_reason[5]);
2016 b43err(dev->wl, "This device does not support DMA "
2017 "on your system. It will now be switched to PIO.\n");
2018 /* Fall back to PIO transfers if we get fatal DMA errors! */
2019 dev->use_pio = true;
2020 b43_controller_restart(dev, "DMA error");
2021 return;
2022 }
2023
2024 if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
2025 handle_irq_ucode_debug(dev);
2026 if (reason & B43_IRQ_TBTT_INDI)
2027 handle_irq_tbtt_indication(dev);
2028 if (reason & B43_IRQ_ATIM_END)
2029 handle_irq_atim_end(dev);
2030 if (reason & B43_IRQ_BEACON)
2031 handle_irq_beacon(dev);
2032 if (reason & B43_IRQ_PMQ)
2033 handle_irq_pmq(dev);
2034 if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
2035 ;/* TODO */
2036 if (reason & B43_IRQ_NOISESAMPLE_OK)
2037 handle_irq_noise(dev);
2038
2039 /* Check the DMA reason registers for received data. */
2040 if (dma_reason[0] & B43_DMAIRQ_RDESC_UFLOW) {
2041 if (B43_DEBUG)
2042 b43warn(dev->wl, "RX descriptor underrun\n");
2043 b43_dma_handle_rx_overflow(dev->dma.rx_ring);
2044 }
2045 if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
2046 if (b43_using_pio_transfers(dev))
2047 b43_pio_rx(dev->pio.rx_queue);
2048 else
2049 b43_dma_rx(dev->dma.rx_ring);
2050 }
2051 B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
2052 B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
2053 B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
2054 B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
2055 B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
2056
2057 if (reason & B43_IRQ_TX_OK)
2058 handle_irq_transmit_status(dev);
2059
2060 /* Re-enable interrupts on the device by restoring the current interrupt mask. */
2061 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
2062
2063#if B43_DEBUG
2064 if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
2065 dev->irq_count++;
2066 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
2067 if (reason & (1 << i))
2068 dev->irq_bit_count[i]++;
2069 }
2070 }
2071#endif
2072}
2073
2074/* Interrupt thread handler. Handles device interrupts in thread context. */
2075static irqreturn_t b43_interrupt_thread_handler(int irq, void *dev_id)
2076{
2077 struct b43_wldev *dev = dev_id;
2078
2079 mutex_lock(&dev->wl->mutex);
2080 b43_do_interrupt_thread(dev);
2081 mmiowb();
2082 mutex_unlock(&dev->wl->mutex);
2083
2084 return IRQ_HANDLED;
2085}
2086
2087static irqreturn_t b43_do_interrupt(struct b43_wldev *dev)
2088{
2089 u32 reason;
2090
2091 /* This code runs under wl->hardirq_lock, but _only_ on non-SDIO busses.
2092 * On SDIO, this runs under wl->mutex. */
2093
2094 reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2095 if (reason == 0xffffffff) /* shared IRQ */
2096 return IRQ_NONE;
2097 reason &= dev->irq_mask;
2098 if (!reason)
2099 return IRQ_NONE;
2100
2101 dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
2102 & 0x0001FC00;
2103 dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
2104 & 0x0000DC00;
2105 dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
2106 & 0x0000DC00;
2107 dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
2108 & 0x0001DC00;
2109 dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
2110 & 0x0000DC00;
2111/* Unused ring
2112 dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
2113 & 0x0000DC00;
2114*/
2115
2116 /* ACK the interrupt. */
2117 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
2118 b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
2119 b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
2120 b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
2121 b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
2122 b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
2123/* Unused ring
2124 b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
2125*/
2126
2127 /* Disable IRQs on the device. The IRQ thread handler will re-enable them. */
2128 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
2129 /* Save the reason bitmasks for the IRQ thread handler. */
2130 dev->irq_reason = reason;
2131
2132 return IRQ_WAKE_THREAD;
2133}
2134
2135/* Interrupt handler top-half. This runs with interrupts disabled. */
2136static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
2137{
2138 struct b43_wldev *dev = dev_id;
2139 irqreturn_t ret;
2140
2141 if (unlikely(b43_status(dev) < B43_STAT_STARTED))
2142 return IRQ_NONE;
2143
2144 spin_lock(&dev->wl->hardirq_lock);
2145 ret = b43_do_interrupt(dev);
2146 mmiowb();
2147 spin_unlock(&dev->wl->hardirq_lock);
2148
2149 return ret;
2150}
2151
2152/* SDIO interrupt handler. This runs in process context. */
2153static void b43_sdio_interrupt_handler(struct b43_wldev *dev)
2154{
2155 struct b43_wl *wl = dev->wl;
2156 irqreturn_t ret;
2157
2158 mutex_lock(&wl->mutex);
2159
2160 ret = b43_do_interrupt(dev);
2161 if (ret == IRQ_WAKE_THREAD)
2162 b43_do_interrupt_thread(dev);
2163
2164 mutex_unlock(&wl->mutex);
2165}
2166
2167void b43_do_release_fw(struct b43_firmware_file *fw)
2168{
2169 release_firmware(fw->data);
2170 fw->data = NULL;
2171 fw->filename = NULL;
2172}
2173
2174static void b43_release_firmware(struct b43_wldev *dev)
2175{
2176 complete(&dev->fw_load_complete);
2177 b43_do_release_fw(&dev->fw.ucode);
2178 b43_do_release_fw(&dev->fw.pcm);
2179 b43_do_release_fw(&dev->fw.initvals);
2180 b43_do_release_fw(&dev->fw.initvals_band);
2181}
2182
2183static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
2184{
2185 const char text[] =
2186 "You must go to " \
2187 "http://wireless.kernel.org/en/users/Drivers/b43#devicefirmware " \
2188 "and download the correct firmware for this driver version. " \
2189 "Please carefully read all instructions on this website.\n";
2190
2191 if (error)
2192 b43err(wl, text);
2193 else
2194 b43warn(wl, text);
2195}
2196
2197static void b43_fw_cb(const struct firmware *firmware, void *context)
2198{
2199 struct b43_request_fw_context *ctx = context;
2200
2201 ctx->blob = firmware;
2202 complete(&ctx->dev->fw_load_complete);
2203}
2204
2205int b43_do_request_fw(struct b43_request_fw_context *ctx,
2206 const char *name,
2207 struct b43_firmware_file *fw, bool async)
2208{
2209 struct b43_fw_header *hdr;
2210 u32 size;
2211 int err;
2212
2213 if (!name) {
2214 /* Don't fetch anything. Free possibly cached firmware. */
2215 /* FIXME: We should probably keep it anyway, to save some headache
2216 * on suspend/resume with multiband devices. */
2217 b43_do_release_fw(fw);
2218 return 0;
2219 }
2220 if (fw->filename) {
2221 if ((fw->type == ctx->req_type) &&
2222 (strcmp(fw->filename, name) == 0))
2223 return 0; /* Already have this fw. */
2224 /* Free the cached firmware first. */
2225 /* FIXME: We should probably do this later after we successfully
2226 * got the new fw. This could reduce headache with multiband devices.
2227 * We could also redesign this to cache the firmware for all possible
2228 * bands all the time. */
2229 b43_do_release_fw(fw);
2230 }
2231
2232 switch (ctx->req_type) {
2233 case B43_FWTYPE_PROPRIETARY:
2234 snprintf(ctx->fwname, sizeof(ctx->fwname),
2235 "b43%s/%s.fw",
2236 modparam_fwpostfix, name);
2237 break;
2238 case B43_FWTYPE_OPENSOURCE:
2239 snprintf(ctx->fwname, sizeof(ctx->fwname),
2240 "b43-open%s/%s.fw",
2241 modparam_fwpostfix, name);
2242 break;
2243 default:
2244 B43_WARN_ON(1);
2245 return -ENOSYS;
2246 }
2247 if (async) {
2248 /* do this part asynchronously */
2249 init_completion(&ctx->dev->fw_load_complete);
2250 err = request_firmware_nowait(THIS_MODULE, 1, ctx->fwname,
2251 ctx->dev->dev->dev, GFP_KERNEL,
2252 ctx, b43_fw_cb);
2253 if (err < 0) {
2254 pr_err("Unable to load firmware\n");
2255 return err;
2256 }
2257 wait_for_completion(&ctx->dev->fw_load_complete);
2258 if (ctx->blob)
2259 goto fw_ready;
2260 /* On some ARM systems, the async request will fail, but the next sync
2261 * request works. For this reason, we fall through here
2262 */
2263 }
2264 err = request_firmware(&ctx->blob, ctx->fwname,
2265 ctx->dev->dev->dev);
2266 if (err == -ENOENT) {
2267 snprintf(ctx->errors[ctx->req_type],
2268 sizeof(ctx->errors[ctx->req_type]),
2269 "Firmware file \"%s\" not found\n",
2270 ctx->fwname);
2271 return err;
2272 } else if (err) {
2273 snprintf(ctx->errors[ctx->req_type],
2274 sizeof(ctx->errors[ctx->req_type]),
2275 "Firmware file \"%s\" request failed (err=%d)\n",
2276 ctx->fwname, err);
2277 return err;
2278 }
2279fw_ready:
2280 if (ctx->blob->size < sizeof(struct b43_fw_header))
2281 goto err_format;
2282 hdr = (struct b43_fw_header *)(ctx->blob->data);
2283 switch (hdr->type) {
2284 case B43_FW_TYPE_UCODE:
2285 case B43_FW_TYPE_PCM:
2286 size = be32_to_cpu(hdr->size);
2287 if (size != ctx->blob->size - sizeof(struct b43_fw_header))
2288 goto err_format;
2289 /* fallthrough */
2290 case B43_FW_TYPE_IV:
2291 if (hdr->ver != 1)
2292 goto err_format;
2293 break;
2294 default:
2295 goto err_format;
2296 }
2297
2298 fw->data = ctx->blob;
2299 fw->filename = name;
2300 fw->type = ctx->req_type;
2301
2302 return 0;
2303
2304err_format:
2305 snprintf(ctx->errors[ctx->req_type],
2306 sizeof(ctx->errors[ctx->req_type]),
2307 "Firmware file \"%s\" format error.\n", ctx->fwname);
2308 release_firmware(ctx->blob);
2309
2310 return -EPROTO;
2311}
2312
2313/* http://bcm-v4.sipsolutions.net/802.11/Init/Firmware */
2314static int b43_try_request_fw(struct b43_request_fw_context *ctx)
2315{
2316 struct b43_wldev *dev = ctx->dev;
2317 struct b43_firmware *fw = &ctx->dev->fw;
2318 struct b43_phy *phy = &dev->phy;
2319 const u8 rev = ctx->dev->dev->core_rev;
2320 const char *filename;
2321 int err;
2322
2323 /* Get microcode */
2324 filename = NULL;
2325 switch (rev) {
2326 case 42:
2327 if (phy->type == B43_PHYTYPE_AC)
2328 filename = "ucode42";
2329 break;
2330 case 40:
2331 if (phy->type == B43_PHYTYPE_AC)
2332 filename = "ucode40";
2333 break;
2334 case 33:
2335 if (phy->type == B43_PHYTYPE_LCN40)
2336 filename = "ucode33_lcn40";
2337 break;
2338 case 30:
2339 if (phy->type == B43_PHYTYPE_N)
2340 filename = "ucode30_mimo";
2341 break;
2342 case 29:
2343 if (phy->type == B43_PHYTYPE_HT)
2344 filename = "ucode29_mimo";
2345 break;
2346 case 26:
2347 if (phy->type == B43_PHYTYPE_HT)
2348 filename = "ucode26_mimo";
2349 break;
2350 case 28:
2351 case 25:
2352 if (phy->type == B43_PHYTYPE_N)
2353 filename = "ucode25_mimo";
2354 else if (phy->type == B43_PHYTYPE_LCN)
2355 filename = "ucode25_lcn";
2356 break;
2357 case 24:
2358 if (phy->type == B43_PHYTYPE_LCN)
2359 filename = "ucode24_lcn";
2360 break;
2361 case 23:
2362 if (phy->type == B43_PHYTYPE_N)
2363 filename = "ucode16_mimo";
2364 break;
2365 case 16 ... 19:
2366 if (phy->type == B43_PHYTYPE_N)
2367 filename = "ucode16_mimo";
2368 else if (phy->type == B43_PHYTYPE_LP)
2369 filename = "ucode16_lp";
2370 break;
2371 case 15:
2372 filename = "ucode15";
2373 break;
2374 case 14:
2375 filename = "ucode14";
2376 break;
2377 case 13:
2378 filename = "ucode13";
2379 break;
2380 case 11 ... 12:
2381 filename = "ucode11";
2382 break;
2383 case 5 ... 10:
2384 filename = "ucode5";
2385 break;
2386 }
2387 if (!filename)
2388 goto err_no_ucode;
2389 err = b43_do_request_fw(ctx, filename, &fw->ucode, true);
2390 if (err)
2391 goto err_load;
2392
2393 /* Get PCM code */
2394 if ((rev >= 5) && (rev <= 10))
2395 filename = "pcm5";
2396 else if (rev >= 11)
2397 filename = NULL;
2398 else
2399 goto err_no_pcm;
2400 fw->pcm_request_failed = false;
2401 err = b43_do_request_fw(ctx, filename, &fw->pcm, false);
2402 if (err == -ENOENT) {
2403 /* We did not find a PCM file? Not fatal, but
2404 * core rev <= 10 must do without hwcrypto then. */
2405 fw->pcm_request_failed = true;
2406 } else if (err)
2407 goto err_load;
2408
2409 /* Get initvals */
2410 filename = NULL;
2411 switch (dev->phy.type) {
2412 case B43_PHYTYPE_G:
2413 if (rev == 13)
2414 filename = "b0g0initvals13";
2415 else if (rev >= 5 && rev <= 10)
2416 filename = "b0g0initvals5";
2417 break;
2418 case B43_PHYTYPE_N:
2419 if (rev == 30)
2420 filename = "n16initvals30";
2421 else if (rev == 28 || rev == 25)
2422 filename = "n0initvals25";
2423 else if (rev == 24)
2424 filename = "n0initvals24";
2425 else if (rev == 23)
2426 filename = "n0initvals16"; /* What about n0initvals22? */
2427 else if (rev >= 16 && rev <= 18)
2428 filename = "n0initvals16";
2429 else if (rev >= 11 && rev <= 12)
2430 filename = "n0initvals11";
2431 break;
2432 case B43_PHYTYPE_LP:
2433 if (rev >= 16 && rev <= 18)
2434 filename = "lp0initvals16";
2435 else if (rev == 15)
2436 filename = "lp0initvals15";
2437 else if (rev == 14)
2438 filename = "lp0initvals14";
2439 else if (rev == 13)
2440 filename = "lp0initvals13";
2441 break;
2442 case B43_PHYTYPE_HT:
2443 if (rev == 29)
2444 filename = "ht0initvals29";
2445 else if (rev == 26)
2446 filename = "ht0initvals26";
2447 break;
2448 case B43_PHYTYPE_LCN:
2449 if (rev == 24)
2450 filename = "lcn0initvals24";
2451 break;
2452 case B43_PHYTYPE_LCN40:
2453 if (rev == 33)
2454 filename = "lcn400initvals33";
2455 break;
2456 case B43_PHYTYPE_AC:
2457 if (rev == 42)
2458 filename = "ac1initvals42";
2459 else if (rev == 40)
2460 filename = "ac0initvals40";
2461 break;
2462 }
2463 if (!filename)
2464 goto err_no_initvals;
2465 err = b43_do_request_fw(ctx, filename, &fw->initvals, false);
2466 if (err)
2467 goto err_load;
2468
2469 /* Get bandswitch initvals */
2470 filename = NULL;
2471 switch (dev->phy.type) {
2472 case B43_PHYTYPE_G:
2473 if (rev == 13)
2474 filename = "b0g0bsinitvals13";
2475 else if (rev >= 5 && rev <= 10)
2476 filename = "b0g0bsinitvals5";
2477 break;
2478 case B43_PHYTYPE_N:
2479 if (rev == 30)
2480 filename = "n16bsinitvals30";
2481 else if (rev == 28 || rev == 25)
2482 filename = "n0bsinitvals25";
2483 else if (rev == 24)
2484 filename = "n0bsinitvals24";
2485 else if (rev == 23)
2486 filename = "n0bsinitvals16"; /* What about n0bsinitvals22? */
2487 else if (rev >= 16 && rev <= 18)
2488 filename = "n0bsinitvals16";
2489 else if (rev >= 11 && rev <= 12)
2490 filename = "n0bsinitvals11";
2491 break;
2492 case B43_PHYTYPE_LP:
2493 if (rev >= 16 && rev <= 18)
2494 filename = "lp0bsinitvals16";
2495 else if (rev == 15)
2496 filename = "lp0bsinitvals15";
2497 else if (rev == 14)
2498 filename = "lp0bsinitvals14";
2499 else if (rev == 13)
2500 filename = "lp0bsinitvals13";
2501 break;
2502 case B43_PHYTYPE_HT:
2503 if (rev == 29)
2504 filename = "ht0bsinitvals29";
2505 else if (rev == 26)
2506 filename = "ht0bsinitvals26";
2507 break;
2508 case B43_PHYTYPE_LCN:
2509 if (rev == 24)
2510 filename = "lcn0bsinitvals24";
2511 break;
2512 case B43_PHYTYPE_LCN40:
2513 if (rev == 33)
2514 filename = "lcn400bsinitvals33";
2515 break;
2516 case B43_PHYTYPE_AC:
2517 if (rev == 42)
2518 filename = "ac1bsinitvals42";
2519 else if (rev == 40)
2520 filename = "ac0bsinitvals40";
2521 break;
2522 }
2523 if (!filename)
2524 goto err_no_initvals;
2525 err = b43_do_request_fw(ctx, filename, &fw->initvals_band, false);
2526 if (err)
2527 goto err_load;
2528
2529 fw->opensource = (ctx->req_type == B43_FWTYPE_OPENSOURCE);
2530
2531 return 0;
2532
2533err_no_ucode:
2534 err = ctx->fatal_failure = -EOPNOTSUPP;
2535 b43err(dev->wl, "The driver does not know which firmware (ucode) "
2536 "is required for your device (wl-core rev %u)\n", rev);
2537 goto error;
2538
2539err_no_pcm:
2540 err = ctx->fatal_failure = -EOPNOTSUPP;
2541 b43err(dev->wl, "The driver does not know which firmware (PCM) "
2542 "is required for your device (wl-core rev %u)\n", rev);
2543 goto error;
2544
2545err_no_initvals:
2546 err = ctx->fatal_failure = -EOPNOTSUPP;
2547 b43err(dev->wl, "The driver does not know which firmware (initvals) "
2548 "is required for your device (wl-core rev %u)\n", rev);
2549 goto error;
2550
2551err_load:
2552 /* We failed to load this firmware image. The error message
2553 * already is in ctx->errors. Return and let our caller decide
2554 * what to do. */
2555 goto error;
2556
2557error:
2558 b43_release_firmware(dev);
2559 return err;
2560}
2561
2562static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl);
2563static void b43_one_core_detach(struct b43_bus_dev *dev);
2564static int b43_rng_init(struct b43_wl *wl);
2565
2566static void b43_request_firmware(struct work_struct *work)
2567{
2568 struct b43_wl *wl = container_of(work,
2569 struct b43_wl, firmware_load);
2570 struct b43_wldev *dev = wl->current_dev;
2571 struct b43_request_fw_context *ctx;
2572 unsigned int i;
2573 int err;
2574 const char *errmsg;
2575
2576 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2577 if (!ctx)
2578 return;
2579 ctx->dev = dev;
2580
2581 ctx->req_type = B43_FWTYPE_PROPRIETARY;
2582 err = b43_try_request_fw(ctx);
2583 if (!err)
2584 goto start_ieee80211; /* Successfully loaded it. */
2585 /* Was fw version known? */
2586 if (ctx->fatal_failure)
2587 goto out;
2588
2589 /* proprietary fw not found, try open source */
2590 ctx->req_type = B43_FWTYPE_OPENSOURCE;
2591 err = b43_try_request_fw(ctx);
2592 if (!err)
2593 goto start_ieee80211; /* Successfully loaded it. */
2594 if(ctx->fatal_failure)
2595 goto out;
2596
2597 /* Could not find a usable firmware. Print the errors. */
2598 for (i = 0; i < B43_NR_FWTYPES; i++) {
2599 errmsg = ctx->errors[i];
2600 if (strlen(errmsg))
2601 b43err(dev->wl, "%s", errmsg);
2602 }
2603 b43_print_fw_helptext(dev->wl, 1);
2604 goto out;
2605
2606start_ieee80211:
2607 wl->hw->queues = B43_QOS_QUEUE_NUM;
2608 if (!modparam_qos || dev->fw.opensource)
2609 wl->hw->queues = 1;
2610
2611 err = ieee80211_register_hw(wl->hw);
2612 if (err)
2613 goto err_one_core_detach;
2614 wl->hw_registred = true;
2615 b43_leds_register(wl->current_dev);
2616
2617 /* Register HW RNG driver */
2618 b43_rng_init(wl);
2619
2620 goto out;
2621
2622err_one_core_detach:
2623 b43_one_core_detach(dev->dev);
2624
2625out:
2626 kfree(ctx);
2627}
2628
2629static int b43_upload_microcode(struct b43_wldev *dev)
2630{
2631 struct wiphy *wiphy = dev->wl->hw->wiphy;
2632 const size_t hdr_len = sizeof(struct b43_fw_header);
2633 const __be32 *data;
2634 unsigned int i, len;
2635 u16 fwrev, fwpatch, fwdate, fwtime;
2636 u32 tmp, macctl;
2637 int err = 0;
2638
2639 /* Jump the microcode PSM to offset 0 */
2640 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2641 B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2642 macctl |= B43_MACCTL_PSM_JMP0;
2643 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2644 /* Zero out all microcode PSM registers and shared memory. */
2645 for (i = 0; i < 64; i++)
2646 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2647 for (i = 0; i < 4096; i += 2)
2648 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2649
2650 /* Upload Microcode. */
2651 data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2652 len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2653 b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2654 for (i = 0; i < len; i++) {
2655 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2656 udelay(10);
2657 }
2658
2659 if (dev->fw.pcm.data) {
2660 /* Upload PCM data. */
2661 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2662 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2663 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2664 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2665 /* No need for autoinc bit in SHM_HW */
2666 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2667 for (i = 0; i < len; i++) {
2668 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2669 udelay(10);
2670 }
2671 }
2672
2673 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2674
2675 /* Start the microcode PSM */
2676 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_JMP0,
2677 B43_MACCTL_PSM_RUN);
2678
2679 /* Wait for the microcode to load and respond */
2680 i = 0;
2681 while (1) {
2682 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2683 if (tmp == B43_IRQ_MAC_SUSPENDED)
2684 break;
2685 i++;
2686 if (i >= 20) {
2687 b43err(dev->wl, "Microcode not responding\n");
2688 b43_print_fw_helptext(dev->wl, 1);
2689 err = -ENODEV;
2690 goto error;
2691 }
2692 msleep(50);
2693 }
2694 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON); /* dummy read */
2695
2696 /* Get and check the revisions. */
2697 fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2698 fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2699 fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2700 fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2701
2702 if (fwrev <= 0x128) {
2703 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2704 "binary drivers older than version 4.x is unsupported. "
2705 "You must upgrade your firmware files.\n");
2706 b43_print_fw_helptext(dev->wl, 1);
2707 err = -EOPNOTSUPP;
2708 goto error;
2709 }
2710 dev->fw.rev = fwrev;
2711 dev->fw.patch = fwpatch;
2712 if (dev->fw.rev >= 598)
2713 dev->fw.hdr_format = B43_FW_HDR_598;
2714 else if (dev->fw.rev >= 410)
2715 dev->fw.hdr_format = B43_FW_HDR_410;
2716 else
2717 dev->fw.hdr_format = B43_FW_HDR_351;
2718 WARN_ON(dev->fw.opensource != (fwdate == 0xFFFF));
2719
2720 dev->qos_enabled = dev->wl->hw->queues > 1;
2721 /* Default to firmware/hardware crypto acceleration. */
2722 dev->hwcrypto_enabled = true;
2723
2724 if (dev->fw.opensource) {
2725 u16 fwcapa;
2726
2727 /* Patchlevel info is encoded in the "time" field. */
2728 dev->fw.patch = fwtime;
2729 b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2730 dev->fw.rev, dev->fw.patch);
2731
2732 fwcapa = b43_fwcapa_read(dev);
2733 if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2734 b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2735 /* Disable hardware crypto and fall back to software crypto. */
2736 dev->hwcrypto_enabled = false;
2737 }
2738 /* adding QoS support should use an offline discovery mechanism */
2739 WARN(fwcapa & B43_FWCAPA_QOS, "QoS in OpenFW not supported\n");
2740 } else {
2741 b43info(dev->wl, "Loading firmware version %u.%u "
2742 "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2743 fwrev, fwpatch,
2744 (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2745 (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2746 if (dev->fw.pcm_request_failed) {
2747 b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2748 "Hardware accelerated cryptography is disabled.\n");
2749 b43_print_fw_helptext(dev->wl, 0);
2750 }
2751 }
2752
2753 snprintf(wiphy->fw_version, sizeof(wiphy->fw_version), "%u.%u",
2754 dev->fw.rev, dev->fw.patch);
2755 wiphy->hw_version = dev->dev->core_id;
2756
2757 if (dev->fw.hdr_format == B43_FW_HDR_351) {
2758 /* We're over the deadline, but we keep support for old fw
2759 * until it turns out to be in major conflict with something new. */
2760 b43warn(dev->wl, "You are using an old firmware image. "
2761 "Support for old firmware will be removed soon "
2762 "(official deadline was July 2008).\n");
2763 b43_print_fw_helptext(dev->wl, 0);
2764 }
2765
2766 return 0;
2767
2768error:
2769 /* Stop the microcode PSM. */
2770 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
2771 B43_MACCTL_PSM_JMP0);
2772
2773 return err;
2774}
2775
2776static int b43_write_initvals(struct b43_wldev *dev,
2777 const struct b43_iv *ivals,
2778 size_t count,
2779 size_t array_size)
2780{
2781 const struct b43_iv *iv;
2782 u16 offset;
2783 size_t i;
2784 bool bit32;
2785
2786 BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2787 iv = ivals;
2788 for (i = 0; i < count; i++) {
2789 if (array_size < sizeof(iv->offset_size))
2790 goto err_format;
2791 array_size -= sizeof(iv->offset_size);
2792 offset = be16_to_cpu(iv->offset_size);
2793 bit32 = !!(offset & B43_IV_32BIT);
2794 offset &= B43_IV_OFFSET_MASK;
2795 if (offset >= 0x1000)
2796 goto err_format;
2797 if (bit32) {
2798 u32 value;
2799
2800 if (array_size < sizeof(iv->data.d32))
2801 goto err_format;
2802 array_size -= sizeof(iv->data.d32);
2803
2804 value = get_unaligned_be32(&iv->data.d32);
2805 b43_write32(dev, offset, value);
2806
2807 iv = (const struct b43_iv *)((const uint8_t *)iv +
2808 sizeof(__be16) +
2809 sizeof(__be32));
2810 } else {
2811 u16 value;
2812
2813 if (array_size < sizeof(iv->data.d16))
2814 goto err_format;
2815 array_size -= sizeof(iv->data.d16);
2816
2817 value = be16_to_cpu(iv->data.d16);
2818 b43_write16(dev, offset, value);
2819
2820 iv = (const struct b43_iv *)((const uint8_t *)iv +
2821 sizeof(__be16) +
2822 sizeof(__be16));
2823 }
2824 }
2825 if (array_size)
2826 goto err_format;
2827
2828 return 0;
2829
2830err_format:
2831 b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2832 b43_print_fw_helptext(dev->wl, 1);
2833
2834 return -EPROTO;
2835}
2836
2837static int b43_upload_initvals(struct b43_wldev *dev)
2838{
2839 const size_t hdr_len = sizeof(struct b43_fw_header);
2840 const struct b43_fw_header *hdr;
2841 struct b43_firmware *fw = &dev->fw;
2842 const struct b43_iv *ivals;
2843 size_t count;
2844
2845 hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2846 ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2847 count = be32_to_cpu(hdr->size);
2848 return b43_write_initvals(dev, ivals, count,
2849 fw->initvals.data->size - hdr_len);
2850}
2851
2852static int b43_upload_initvals_band(struct b43_wldev *dev)
2853{
2854 const size_t hdr_len = sizeof(struct b43_fw_header);
2855 const struct b43_fw_header *hdr;
2856 struct b43_firmware *fw = &dev->fw;
2857 const struct b43_iv *ivals;
2858 size_t count;
2859
2860 if (!fw->initvals_band.data)
2861 return 0;
2862
2863 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2864 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2865 count = be32_to_cpu(hdr->size);
2866 return b43_write_initvals(dev, ivals, count,
2867 fw->initvals_band.data->size - hdr_len);
2868}
2869
2870/* Initialize the GPIOs
2871 * http://bcm-specs.sipsolutions.net/GPIO
2872 */
2873
2874#ifdef CONFIG_B43_SSB
2875static struct ssb_device *b43_ssb_gpio_dev(struct b43_wldev *dev)
2876{
2877 struct ssb_bus *bus = dev->dev->sdev->bus;
2878
2879#ifdef CONFIG_SSB_DRIVER_PCICORE
2880 return (bus->chipco.dev ? bus->chipco.dev : bus->pcicore.dev);
2881#else
2882 return bus->chipco.dev;
2883#endif
2884}
2885#endif
2886
2887static int b43_gpio_init(struct b43_wldev *dev)
2888{
2889#ifdef CONFIG_B43_SSB
2890 struct ssb_device *gpiodev;
2891#endif
2892 u32 mask, set;
2893
2894 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_GPOUTSMSK, 0);
2895 b43_maskset16(dev, B43_MMIO_GPIO_MASK, ~0, 0xF);
2896
2897 mask = 0x0000001F;
2898 set = 0x0000000F;
2899 if (dev->dev->chip_id == 0x4301) {
2900 mask |= 0x0060;
2901 set |= 0x0060;
2902 } else if (dev->dev->chip_id == 0x5354) {
2903 /* Don't allow overtaking buttons GPIOs */
2904 set &= 0x2; /* 0x2 is LED GPIO on BCM5354 */
2905 }
2906
2907 if (0 /* FIXME: conditional unknown */ ) {
2908 b43_write16(dev, B43_MMIO_GPIO_MASK,
2909 b43_read16(dev, B43_MMIO_GPIO_MASK)
2910 | 0x0100);
2911 /* BT Coexistance Input */
2912 mask |= 0x0080;
2913 set |= 0x0080;
2914 /* BT Coexistance Out */
2915 mask |= 0x0100;
2916 set |= 0x0100;
2917 }
2918 if (dev->dev->bus_sprom->boardflags_lo & B43_BFL_PACTRL) {
2919 /* PA is controlled by gpio 9, let ucode handle it */
2920 b43_write16(dev, B43_MMIO_GPIO_MASK,
2921 b43_read16(dev, B43_MMIO_GPIO_MASK)
2922 | 0x0200);
2923 mask |= 0x0200;
2924 set |= 0x0200;
2925 }
2926
2927 switch (dev->dev->bus_type) {
2928#ifdef CONFIG_B43_BCMA
2929 case B43_BUS_BCMA:
2930 bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, mask, set);
2931 break;
2932#endif
2933#ifdef CONFIG_B43_SSB
2934 case B43_BUS_SSB:
2935 gpiodev = b43_ssb_gpio_dev(dev);
2936 if (gpiodev)
2937 ssb_write32(gpiodev, B43_GPIO_CONTROL,
2938 (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2939 & ~mask) | set);
2940 break;
2941#endif
2942 }
2943
2944 return 0;
2945}
2946
2947/* Turn off all GPIO stuff. Call this on module unload, for example. */
2948static void b43_gpio_cleanup(struct b43_wldev *dev)
2949{
2950#ifdef CONFIG_B43_SSB
2951 struct ssb_device *gpiodev;
2952#endif
2953
2954 switch (dev->dev->bus_type) {
2955#ifdef CONFIG_B43_BCMA
2956 case B43_BUS_BCMA:
2957 bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, ~0, 0);
2958 break;
2959#endif
2960#ifdef CONFIG_B43_SSB
2961 case B43_BUS_SSB:
2962 gpiodev = b43_ssb_gpio_dev(dev);
2963 if (gpiodev)
2964 ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2965 break;
2966#endif
2967 }
2968}
2969
2970/* http://bcm-specs.sipsolutions.net/EnableMac */
2971void b43_mac_enable(struct b43_wldev *dev)
2972{
2973 if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2974 u16 fwstate;
2975
2976 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2977 B43_SHM_SH_UCODESTAT);
2978 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2979 (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2980 b43err(dev->wl, "b43_mac_enable(): The firmware "
2981 "should be suspended, but current state is %u\n",
2982 fwstate);
2983 }
2984 }
2985
2986 dev->mac_suspended--;
2987 B43_WARN_ON(dev->mac_suspended < 0);
2988 if (dev->mac_suspended == 0) {
2989 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_ENABLED);
2990 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2991 B43_IRQ_MAC_SUSPENDED);
2992 /* Commit writes */
2993 b43_read32(dev, B43_MMIO_MACCTL);
2994 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2995 b43_power_saving_ctl_bits(dev, 0);
2996 }
2997}
2998
2999/* http://bcm-specs.sipsolutions.net/SuspendMAC */
3000void b43_mac_suspend(struct b43_wldev *dev)
3001{
3002 int i;
3003 u32 tmp;
3004
3005 might_sleep();
3006 B43_WARN_ON(dev->mac_suspended < 0);
3007
3008 if (dev->mac_suspended == 0) {
3009 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
3010 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_ENABLED, 0);
3011 /* force pci to flush the write */
3012 b43_read32(dev, B43_MMIO_MACCTL);
3013 for (i = 35; i; i--) {
3014 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
3015 if (tmp & B43_IRQ_MAC_SUSPENDED)
3016 goto out;
3017 udelay(10);
3018 }
3019 /* Hm, it seems this will take some time. Use msleep(). */
3020 for (i = 40; i; i--) {
3021 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
3022 if (tmp & B43_IRQ_MAC_SUSPENDED)
3023 goto out;
3024 msleep(1);
3025 }
3026 b43err(dev->wl, "MAC suspend failed\n");
3027 }
3028out:
3029 dev->mac_suspended++;
3030}
3031
3032/* http://bcm-v4.sipsolutions.net/802.11/PHY/N/MacPhyClkSet */
3033void b43_mac_phy_clock_set(struct b43_wldev *dev, bool on)
3034{
3035 u32 tmp;
3036
3037 switch (dev->dev->bus_type) {
3038#ifdef CONFIG_B43_BCMA
3039 case B43_BUS_BCMA:
3040 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
3041 if (on)
3042 tmp |= B43_BCMA_IOCTL_MACPHYCLKEN;
3043 else
3044 tmp &= ~B43_BCMA_IOCTL_MACPHYCLKEN;
3045 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
3046 break;
3047#endif
3048#ifdef CONFIG_B43_SSB
3049 case B43_BUS_SSB:
3050 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3051 if (on)
3052 tmp |= B43_TMSLOW_MACPHYCLKEN;
3053 else
3054 tmp &= ~B43_TMSLOW_MACPHYCLKEN;
3055 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3056 break;
3057#endif
3058 }
3059}
3060
3061/* brcms_b_switch_macfreq */
3062void b43_mac_switch_freq(struct b43_wldev *dev, u8 spurmode)
3063{
3064 u16 chip_id = dev->dev->chip_id;
3065
3066 if (chip_id == BCMA_CHIP_ID_BCM4331) {
3067 switch (spurmode) {
3068 case 2: /* 168 Mhz: 2^26/168 = 0x61862 */
3069 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x1862);
3070 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3071 break;
3072 case 1: /* 164 Mhz: 2^26/164 = 0x63e70 */
3073 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x3e70);
3074 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3075 break;
3076 default: /* 160 Mhz: 2^26/160 = 0x66666 */
3077 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x6666);
3078 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3079 break;
3080 }
3081 } else if (chip_id == BCMA_CHIP_ID_BCM43131 ||
3082 chip_id == BCMA_CHIP_ID_BCM43217 ||
3083 chip_id == BCMA_CHIP_ID_BCM43222 ||
3084 chip_id == BCMA_CHIP_ID_BCM43224 ||
3085 chip_id == BCMA_CHIP_ID_BCM43225 ||
3086 chip_id == BCMA_CHIP_ID_BCM43227 ||
3087 chip_id == BCMA_CHIP_ID_BCM43228) {
3088 switch (spurmode) {
3089 case 2: /* 126 Mhz */
3090 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x2082);
3091 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3092 break;
3093 case 1: /* 123 Mhz */
3094 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x5341);
3095 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3096 break;
3097 default: /* 120 Mhz */
3098 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x8889);
3099 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3100 break;
3101 }
3102 } else if (dev->phy.type == B43_PHYTYPE_LCN) {
3103 switch (spurmode) {
3104 case 1: /* 82 Mhz */
3105 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x7CE0);
3106 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0xC);
3107 break;
3108 default: /* 80 Mhz */
3109 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0xCCCD);
3110 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0xC);
3111 break;
3112 }
3113 }
3114}
3115
3116static void b43_adjust_opmode(struct b43_wldev *dev)
3117{
3118 struct b43_wl *wl = dev->wl;
3119 u32 ctl;
3120 u16 cfp_pretbtt;
3121
3122 ctl = b43_read32(dev, B43_MMIO_MACCTL);
3123 /* Reset status to STA infrastructure mode. */
3124 ctl &= ~B43_MACCTL_AP;
3125 ctl &= ~B43_MACCTL_KEEP_CTL;
3126 ctl &= ~B43_MACCTL_KEEP_BADPLCP;
3127 ctl &= ~B43_MACCTL_KEEP_BAD;
3128 ctl &= ~B43_MACCTL_PROMISC;
3129 ctl &= ~B43_MACCTL_BEACPROMISC;
3130 ctl |= B43_MACCTL_INFRA;
3131
3132 if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3133 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
3134 ctl |= B43_MACCTL_AP;
3135 else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
3136 ctl &= ~B43_MACCTL_INFRA;
3137
3138 if (wl->filter_flags & FIF_CONTROL)
3139 ctl |= B43_MACCTL_KEEP_CTL;
3140 if (wl->filter_flags & FIF_FCSFAIL)
3141 ctl |= B43_MACCTL_KEEP_BAD;
3142 if (wl->filter_flags & FIF_PLCPFAIL)
3143 ctl |= B43_MACCTL_KEEP_BADPLCP;
3144 if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
3145 ctl |= B43_MACCTL_BEACPROMISC;
3146
3147 /* Workaround: On old hardware the HW-MAC-address-filter
3148 * doesn't work properly, so always run promisc in filter
3149 * it in software. */
3150 if (dev->dev->core_rev <= 4)
3151 ctl |= B43_MACCTL_PROMISC;
3152
3153 b43_write32(dev, B43_MMIO_MACCTL, ctl);
3154
3155 cfp_pretbtt = 2;
3156 if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
3157 if (dev->dev->chip_id == 0x4306 &&
3158 dev->dev->chip_rev == 3)
3159 cfp_pretbtt = 100;
3160 else
3161 cfp_pretbtt = 50;
3162 }
3163 b43_write16(dev, 0x612, cfp_pretbtt);
3164
3165 /* FIXME: We don't currently implement the PMQ mechanism,
3166 * so always disable it. If we want to implement PMQ,
3167 * we need to enable it here (clear DISCPMQ) in AP mode.
3168 */
3169 if (0 /* ctl & B43_MACCTL_AP */)
3170 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_DISCPMQ, 0);
3171 else
3172 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_DISCPMQ);
3173}
3174
3175static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
3176{
3177 u16 offset;
3178
3179 if (is_ofdm) {
3180 offset = 0x480;
3181 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
3182 } else {
3183 offset = 0x4C0;
3184 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
3185 }
3186 b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
3187 b43_shm_read16(dev, B43_SHM_SHARED, offset));
3188}
3189
3190static void b43_rate_memory_init(struct b43_wldev *dev)
3191{
3192 switch (dev->phy.type) {
3193 case B43_PHYTYPE_G:
3194 case B43_PHYTYPE_N:
3195 case B43_PHYTYPE_LP:
3196 case B43_PHYTYPE_HT:
3197 case B43_PHYTYPE_LCN:
3198 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
3199 b43_rate_memory_write(dev, B43_OFDM_RATE_9MB, 1);
3200 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
3201 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
3202 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
3203 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
3204 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
3205 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
3206 /* fallthrough */
3207 case B43_PHYTYPE_B:
3208 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
3209 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
3210 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
3211 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
3212 break;
3213 default:
3214 B43_WARN_ON(1);
3215 }
3216}
3217
3218/* Set the default values for the PHY TX Control Words. */
3219static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
3220{
3221 u16 ctl = 0;
3222
3223 ctl |= B43_TXH_PHY_ENC_CCK;
3224 ctl |= B43_TXH_PHY_ANT01AUTO;
3225 ctl |= B43_TXH_PHY_TXPWR;
3226
3227 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
3228 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
3229 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
3230}
3231
3232/* Set the TX-Antenna for management frames sent by firmware. */
3233static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
3234{
3235 u16 ant;
3236 u16 tmp;
3237
3238 ant = b43_antenna_to_phyctl(antenna);
3239
3240 /* For ACK/CTS */
3241 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
3242 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3243 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
3244 /* For Probe Resposes */
3245 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
3246 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3247 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
3248}
3249
3250/* This is the opposite of b43_chip_init() */
3251static void b43_chip_exit(struct b43_wldev *dev)
3252{
3253 b43_phy_exit(dev);
3254 b43_gpio_cleanup(dev);
3255 /* firmware is released later */
3256}
3257
3258/* Initialize the chip
3259 * http://bcm-specs.sipsolutions.net/ChipInit
3260 */
3261static int b43_chip_init(struct b43_wldev *dev)
3262{
3263 struct b43_phy *phy = &dev->phy;
3264 int err;
3265 u32 macctl;
3266 u16 value16;
3267
3268 /* Initialize the MAC control */
3269 macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
3270 if (dev->phy.gmode)
3271 macctl |= B43_MACCTL_GMODE;
3272 macctl |= B43_MACCTL_INFRA;
3273 b43_write32(dev, B43_MMIO_MACCTL, macctl);
3274
3275 err = b43_upload_microcode(dev);
3276 if (err)
3277 goto out; /* firmware is released later */
3278
3279 err = b43_gpio_init(dev);
3280 if (err)
3281 goto out; /* firmware is released later */
3282
3283 err = b43_upload_initvals(dev);
3284 if (err)
3285 goto err_gpio_clean;
3286
3287 err = b43_upload_initvals_band(dev);
3288 if (err)
3289 goto err_gpio_clean;
3290
3291 /* Turn the Analog on and initialize the PHY. */
3292 phy->ops->switch_analog(dev, 1);
3293 err = b43_phy_init(dev);
3294 if (err)
3295 goto err_gpio_clean;
3296
3297 /* Disable Interference Mitigation. */
3298 if (phy->ops->interf_mitigation)
3299 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
3300
3301 /* Select the antennae */
3302 if (phy->ops->set_rx_antenna)
3303 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
3304 b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
3305
3306 if (phy->type == B43_PHYTYPE_B) {
3307 value16 = b43_read16(dev, 0x005E);
3308 value16 |= 0x0004;
3309 b43_write16(dev, 0x005E, value16);
3310 }
3311 b43_write32(dev, 0x0100, 0x01000000);
3312 if (dev->dev->core_rev < 5)
3313 b43_write32(dev, 0x010C, 0x01000000);
3314
3315 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_INFRA, 0);
3316 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_INFRA);
3317
3318 /* Probe Response Timeout value */
3319 /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
3320 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 0);
3321
3322 /* Initially set the wireless operation mode. */
3323 b43_adjust_opmode(dev);
3324
3325 if (dev->dev->core_rev < 3) {
3326 b43_write16(dev, 0x060E, 0x0000);
3327 b43_write16(dev, 0x0610, 0x8000);
3328 b43_write16(dev, 0x0604, 0x0000);
3329 b43_write16(dev, 0x0606, 0x0200);
3330 } else {
3331 b43_write32(dev, 0x0188, 0x80000000);
3332 b43_write32(dev, 0x018C, 0x02000000);
3333 }
3334 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
3335 b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001FC00);
3336 b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
3337 b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
3338 b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
3339 b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
3340 b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
3341
3342 b43_mac_phy_clock_set(dev, true);
3343
3344 switch (dev->dev->bus_type) {
3345#ifdef CONFIG_B43_BCMA
3346 case B43_BUS_BCMA:
3347 /* FIXME: 0xE74 is quite common, but should be read from CC */
3348 b43_write16(dev, B43_MMIO_POWERUP_DELAY, 0xE74);
3349 break;
3350#endif
3351#ifdef CONFIG_B43_SSB
3352 case B43_BUS_SSB:
3353 b43_write16(dev, B43_MMIO_POWERUP_DELAY,
3354 dev->dev->sdev->bus->chipco.fast_pwrup_delay);
3355 break;
3356#endif
3357 }
3358
3359 err = 0;
3360 b43dbg(dev->wl, "Chip initialized\n");
3361out:
3362 return err;
3363
3364err_gpio_clean:
3365 b43_gpio_cleanup(dev);
3366 return err;
3367}
3368
3369static void b43_periodic_every60sec(struct b43_wldev *dev)
3370{
3371 const struct b43_phy_operations *ops = dev->phy.ops;
3372
3373 if (ops->pwork_60sec)
3374 ops->pwork_60sec(dev);
3375
3376 /* Force check the TX power emission now. */
3377 b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
3378}
3379
3380static void b43_periodic_every30sec(struct b43_wldev *dev)
3381{
3382 /* Update device statistics. */
3383 b43_calculate_link_quality(dev);
3384}
3385
3386static void b43_periodic_every15sec(struct b43_wldev *dev)
3387{
3388 struct b43_phy *phy = &dev->phy;
3389 u16 wdr;
3390
3391 if (dev->fw.opensource) {
3392 /* Check if the firmware is still alive.
3393 * It will reset the watchdog counter to 0 in its idle loop. */
3394 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
3395 if (unlikely(wdr)) {
3396 b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
3397 b43_controller_restart(dev, "Firmware watchdog");
3398 return;
3399 } else {
3400 b43_shm_write16(dev, B43_SHM_SCRATCH,
3401 B43_WATCHDOG_REG, 1);
3402 }
3403 }
3404
3405 if (phy->ops->pwork_15sec)
3406 phy->ops->pwork_15sec(dev);
3407
3408 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3409 wmb();
3410
3411#if B43_DEBUG
3412 if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
3413 unsigned int i;
3414
3415 b43dbg(dev->wl, "Stats: %7u IRQs/sec, %7u TX/sec, %7u RX/sec\n",
3416 dev->irq_count / 15,
3417 dev->tx_count / 15,
3418 dev->rx_count / 15);
3419 dev->irq_count = 0;
3420 dev->tx_count = 0;
3421 dev->rx_count = 0;
3422 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
3423 if (dev->irq_bit_count[i]) {
3424 b43dbg(dev->wl, "Stats: %7u IRQ-%02u/sec (0x%08X)\n",
3425 dev->irq_bit_count[i] / 15, i, (1 << i));
3426 dev->irq_bit_count[i] = 0;
3427 }
3428 }
3429 }
3430#endif
3431}
3432
3433static void do_periodic_work(struct b43_wldev *dev)
3434{
3435 unsigned int state;
3436
3437 state = dev->periodic_state;
3438 if (state % 4 == 0)
3439 b43_periodic_every60sec(dev);
3440 if (state % 2 == 0)
3441 b43_periodic_every30sec(dev);
3442 b43_periodic_every15sec(dev);
3443}
3444
3445/* Periodic work locking policy:
3446 * The whole periodic work handler is protected by
3447 * wl->mutex. If another lock is needed somewhere in the
3448 * pwork callchain, it's acquired in-place, where it's needed.
3449 */
3450static void b43_periodic_work_handler(struct work_struct *work)
3451{
3452 struct b43_wldev *dev = container_of(work, struct b43_wldev,
3453 periodic_work.work);
3454 struct b43_wl *wl = dev->wl;
3455 unsigned long delay;
3456
3457 mutex_lock(&wl->mutex);
3458
3459 if (unlikely(b43_status(dev) != B43_STAT_STARTED))
3460 goto out;
3461 if (b43_debug(dev, B43_DBG_PWORK_STOP))
3462 goto out_requeue;
3463
3464 do_periodic_work(dev);
3465
3466 dev->periodic_state++;
3467out_requeue:
3468 if (b43_debug(dev, B43_DBG_PWORK_FAST))
3469 delay = msecs_to_jiffies(50);
3470 else
3471 delay = round_jiffies_relative(HZ * 15);
3472 ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
3473out:
3474 mutex_unlock(&wl->mutex);
3475}
3476
3477static void b43_periodic_tasks_setup(struct b43_wldev *dev)
3478{
3479 struct delayed_work *work = &dev->periodic_work;
3480
3481 dev->periodic_state = 0;
3482 INIT_DELAYED_WORK(work, b43_periodic_work_handler);
3483 ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
3484}
3485
3486/* Check if communication with the device works correctly. */
3487static int b43_validate_chipaccess(struct b43_wldev *dev)
3488{
3489 u32 v, backup0, backup4;
3490
3491 backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
3492 backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
3493
3494 /* Check for read/write and endianness problems. */
3495 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
3496 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
3497 goto error;
3498 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
3499 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
3500 goto error;
3501
3502 /* Check if unaligned 32bit SHM_SHARED access works properly.
3503 * However, don't bail out on failure, because it's noncritical. */
3504 b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
3505 b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
3506 b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
3507 b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
3508 if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
3509 b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
3510 b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
3511 if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
3512 b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
3513 b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
3514 b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
3515 b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
3516
3517 b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
3518 b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
3519
3520 if ((dev->dev->core_rev >= 3) && (dev->dev->core_rev <= 10)) {
3521 /* The 32bit register shadows the two 16bit registers
3522 * with update sideeffects. Validate this. */
3523 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
3524 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
3525 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
3526 goto error;
3527 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
3528 goto error;
3529 }
3530 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
3531
3532 v = b43_read32(dev, B43_MMIO_MACCTL);
3533 v |= B43_MACCTL_GMODE;
3534 if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
3535 goto error;
3536
3537 return 0;
3538error:
3539 b43err(dev->wl, "Failed to validate the chipaccess\n");
3540 return -ENODEV;
3541}
3542
3543static void b43_security_init(struct b43_wldev *dev)
3544{
3545 dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
3546 /* KTP is a word address, but we address SHM bytewise.
3547 * So multiply by two.
3548 */
3549 dev->ktp *= 2;
3550 /* Number of RCMTA address slots */
3551 b43_write16(dev, B43_MMIO_RCMTA_COUNT, B43_NR_PAIRWISE_KEYS);
3552 /* Clear the key memory. */
3553 b43_clear_keys(dev);
3554}
3555
3556#ifdef CONFIG_B43_HWRNG
3557static int b43_rng_read(struct hwrng *rng, u32 *data)
3558{
3559 struct b43_wl *wl = (struct b43_wl *)rng->priv;
3560 struct b43_wldev *dev;
3561 int count = -ENODEV;
3562
3563 mutex_lock(&wl->mutex);
3564 dev = wl->current_dev;
3565 if (likely(dev && b43_status(dev) >= B43_STAT_INITIALIZED)) {
3566 *data = b43_read16(dev, B43_MMIO_RNG);
3567 count = sizeof(u16);
3568 }
3569 mutex_unlock(&wl->mutex);
3570
3571 return count;
3572}
3573#endif /* CONFIG_B43_HWRNG */
3574
3575static void b43_rng_exit(struct b43_wl *wl)
3576{
3577#ifdef CONFIG_B43_HWRNG
3578 if (wl->rng_initialized)
3579 hwrng_unregister(&wl->rng);
3580#endif /* CONFIG_B43_HWRNG */
3581}
3582
3583static int b43_rng_init(struct b43_wl *wl)
3584{
3585 int err = 0;
3586
3587#ifdef CONFIG_B43_HWRNG
3588 snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3589 "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3590 wl->rng.name = wl->rng_name;
3591 wl->rng.data_read = b43_rng_read;
3592 wl->rng.priv = (unsigned long)wl;
3593 wl->rng_initialized = true;
3594 err = hwrng_register(&wl->rng);
3595 if (err) {
3596 wl->rng_initialized = false;
3597 b43err(wl, "Failed to register the random "
3598 "number generator (%d)\n", err);
3599 }
3600#endif /* CONFIG_B43_HWRNG */
3601
3602 return err;
3603}
3604
3605static void b43_tx_work(struct work_struct *work)
3606{
3607 struct b43_wl *wl = container_of(work, struct b43_wl, tx_work);
3608 struct b43_wldev *dev;
3609 struct sk_buff *skb;
3610 int queue_num;
3611 int err = 0;
3612
3613 mutex_lock(&wl->mutex);
3614 dev = wl->current_dev;
3615 if (unlikely(!dev || b43_status(dev) < B43_STAT_STARTED)) {
3616 mutex_unlock(&wl->mutex);
3617 return;
3618 }
3619
3620 for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
3621 while (skb_queue_len(&wl->tx_queue[queue_num])) {
3622 skb = skb_dequeue(&wl->tx_queue[queue_num]);
3623 if (b43_using_pio_transfers(dev))
3624 err = b43_pio_tx(dev, skb);
3625 else
3626 err = b43_dma_tx(dev, skb);
3627 if (err == -ENOSPC) {
3628 wl->tx_queue_stopped[queue_num] = 1;
3629 ieee80211_stop_queue(wl->hw, queue_num);
3630 skb_queue_head(&wl->tx_queue[queue_num], skb);
3631 break;
3632 }
3633 if (unlikely(err))
3634 ieee80211_free_txskb(wl->hw, skb);
3635 err = 0;
3636 }
3637
3638 if (!err)
3639 wl->tx_queue_stopped[queue_num] = 0;
3640 }
3641
3642#if B43_DEBUG
3643 dev->tx_count++;
3644#endif
3645 mutex_unlock(&wl->mutex);
3646}
3647
3648static void b43_op_tx(struct ieee80211_hw *hw,
3649 struct ieee80211_tx_control *control,
3650 struct sk_buff *skb)
3651{
3652 struct b43_wl *wl = hw_to_b43_wl(hw);
3653
3654 if (unlikely(skb->len < 2 + 2 + 6)) {
3655 /* Too short, this can't be a valid frame. */
3656 ieee80211_free_txskb(hw, skb);
3657 return;
3658 }
3659 B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3660
3661 skb_queue_tail(&wl->tx_queue[skb->queue_mapping], skb);
3662 if (!wl->tx_queue_stopped[skb->queue_mapping]) {
3663 ieee80211_queue_work(wl->hw, &wl->tx_work);
3664 } else {
3665 ieee80211_stop_queue(wl->hw, skb->queue_mapping);
3666 }
3667}
3668
3669static void b43_qos_params_upload(struct b43_wldev *dev,
3670 const struct ieee80211_tx_queue_params *p,
3671 u16 shm_offset)
3672{
3673 u16 params[B43_NR_QOSPARAMS];
3674 int bslots, tmp;
3675 unsigned int i;
3676
3677 if (!dev->qos_enabled)
3678 return;
3679
3680 bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3681
3682 memset(¶ms, 0, sizeof(params));
3683
3684 params[B43_QOSPARAM_TXOP] = p->txop * 32;
3685 params[B43_QOSPARAM_CWMIN] = p->cw_min;
3686 params[B43_QOSPARAM_CWMAX] = p->cw_max;
3687 params[B43_QOSPARAM_CWCUR] = p->cw_min;
3688 params[B43_QOSPARAM_AIFS] = p->aifs;
3689 params[B43_QOSPARAM_BSLOTS] = bslots;
3690 params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3691
3692 for (i = 0; i < ARRAY_SIZE(params); i++) {
3693 if (i == B43_QOSPARAM_STATUS) {
3694 tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3695 shm_offset + (i * 2));
3696 /* Mark the parameters as updated. */
3697 tmp |= 0x100;
3698 b43_shm_write16(dev, B43_SHM_SHARED,
3699 shm_offset + (i * 2),
3700 tmp);
3701 } else {
3702 b43_shm_write16(dev, B43_SHM_SHARED,
3703 shm_offset + (i * 2),
3704 params[i]);
3705 }
3706 }
3707}
3708
3709/* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3710static const u16 b43_qos_shm_offsets[] = {
3711 /* [mac80211-queue-nr] = SHM_OFFSET, */
3712 [0] = B43_QOS_VOICE,
3713 [1] = B43_QOS_VIDEO,
3714 [2] = B43_QOS_BESTEFFORT,
3715 [3] = B43_QOS_BACKGROUND,
3716};
3717
3718/* Update all QOS parameters in hardware. */
3719static void b43_qos_upload_all(struct b43_wldev *dev)
3720{
3721 struct b43_wl *wl = dev->wl;
3722 struct b43_qos_params *params;
3723 unsigned int i;
3724
3725 if (!dev->qos_enabled)
3726 return;
3727
3728 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3729 ARRAY_SIZE(wl->qos_params));
3730
3731 b43_mac_suspend(dev);
3732 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3733 params = &(wl->qos_params[i]);
3734 b43_qos_params_upload(dev, &(params->p),
3735 b43_qos_shm_offsets[i]);
3736 }
3737 b43_mac_enable(dev);
3738}
3739
3740static void b43_qos_clear(struct b43_wl *wl)
3741{
3742 struct b43_qos_params *params;
3743 unsigned int i;
3744
3745 /* Initialize QoS parameters to sane defaults. */
3746
3747 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3748 ARRAY_SIZE(wl->qos_params));
3749
3750 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3751 params = &(wl->qos_params[i]);
3752
3753 switch (b43_qos_shm_offsets[i]) {
3754 case B43_QOS_VOICE:
3755 params->p.txop = 0;
3756 params->p.aifs = 2;
3757 params->p.cw_min = 0x0001;
3758 params->p.cw_max = 0x0001;
3759 break;
3760 case B43_QOS_VIDEO:
3761 params->p.txop = 0;
3762 params->p.aifs = 2;
3763 params->p.cw_min = 0x0001;
3764 params->p.cw_max = 0x0001;
3765 break;
3766 case B43_QOS_BESTEFFORT:
3767 params->p.txop = 0;
3768 params->p.aifs = 3;
3769 params->p.cw_min = 0x0001;
3770 params->p.cw_max = 0x03FF;
3771 break;
3772 case B43_QOS_BACKGROUND:
3773 params->p.txop = 0;
3774 params->p.aifs = 7;
3775 params->p.cw_min = 0x0001;
3776 params->p.cw_max = 0x03FF;
3777 break;
3778 default:
3779 B43_WARN_ON(1);
3780 }
3781 }
3782}
3783
3784/* Initialize the core's QOS capabilities */
3785static void b43_qos_init(struct b43_wldev *dev)
3786{
3787 if (!dev->qos_enabled) {
3788 /* Disable QOS support. */
3789 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_EDCF);
3790 b43_write16(dev, B43_MMIO_IFSCTL,
3791 b43_read16(dev, B43_MMIO_IFSCTL)
3792 & ~B43_MMIO_IFSCTL_USE_EDCF);
3793 b43dbg(dev->wl, "QoS disabled\n");
3794 return;
3795 }
3796
3797 /* Upload the current QOS parameters. */
3798 b43_qos_upload_all(dev);
3799
3800 /* Enable QOS support. */
3801 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3802 b43_write16(dev, B43_MMIO_IFSCTL,
3803 b43_read16(dev, B43_MMIO_IFSCTL)
3804 | B43_MMIO_IFSCTL_USE_EDCF);
3805 b43dbg(dev->wl, "QoS enabled\n");
3806}
3807
3808static int b43_op_conf_tx(struct ieee80211_hw *hw,
3809 struct ieee80211_vif *vif, u16 _queue,
3810 const struct ieee80211_tx_queue_params *params)
3811{
3812 struct b43_wl *wl = hw_to_b43_wl(hw);
3813 struct b43_wldev *dev;
3814 unsigned int queue = (unsigned int)_queue;
3815 int err = -ENODEV;
3816
3817 if (queue >= ARRAY_SIZE(wl->qos_params)) {
3818 /* Queue not available or don't support setting
3819 * params on this queue. Return success to not
3820 * confuse mac80211. */
3821 return 0;
3822 }
3823 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3824 ARRAY_SIZE(wl->qos_params));
3825
3826 mutex_lock(&wl->mutex);
3827 dev = wl->current_dev;
3828 if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3829 goto out_unlock;
3830
3831 memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3832 b43_mac_suspend(dev);
3833 b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3834 b43_qos_shm_offsets[queue]);
3835 b43_mac_enable(dev);
3836 err = 0;
3837
3838out_unlock:
3839 mutex_unlock(&wl->mutex);
3840
3841 return err;
3842}
3843
3844static int b43_op_get_stats(struct ieee80211_hw *hw,
3845 struct ieee80211_low_level_stats *stats)
3846{
3847 struct b43_wl *wl = hw_to_b43_wl(hw);
3848
3849 mutex_lock(&wl->mutex);
3850 memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3851 mutex_unlock(&wl->mutex);
3852
3853 return 0;
3854}
3855
3856static u64 b43_op_get_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
3857{
3858 struct b43_wl *wl = hw_to_b43_wl(hw);
3859 struct b43_wldev *dev;
3860 u64 tsf;
3861
3862 mutex_lock(&wl->mutex);
3863 dev = wl->current_dev;
3864
3865 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3866 b43_tsf_read(dev, &tsf);
3867 else
3868 tsf = 0;
3869
3870 mutex_unlock(&wl->mutex);
3871
3872 return tsf;
3873}
3874
3875static void b43_op_set_tsf(struct ieee80211_hw *hw,
3876 struct ieee80211_vif *vif, u64 tsf)
3877{
3878 struct b43_wl *wl = hw_to_b43_wl(hw);
3879 struct b43_wldev *dev;
3880
3881 mutex_lock(&wl->mutex);
3882 dev = wl->current_dev;
3883
3884 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3885 b43_tsf_write(dev, tsf);
3886
3887 mutex_unlock(&wl->mutex);
3888}
3889
3890static const char *band_to_string(enum nl80211_band band)
3891{
3892 switch (band) {
3893 case NL80211_BAND_5GHZ:
3894 return "5";
3895 case NL80211_BAND_2GHZ:
3896 return "2.4";
3897 default:
3898 break;
3899 }
3900 B43_WARN_ON(1);
3901 return "";
3902}
3903
3904/* Expects wl->mutex locked */
3905static int b43_switch_band(struct b43_wldev *dev,
3906 struct ieee80211_channel *chan)
3907{
3908 struct b43_phy *phy = &dev->phy;
3909 bool gmode;
3910 u32 tmp;
3911
3912 switch (chan->band) {
3913 case NL80211_BAND_5GHZ:
3914 gmode = false;
3915 break;
3916 case NL80211_BAND_2GHZ:
3917 gmode = true;
3918 break;
3919 default:
3920 B43_WARN_ON(1);
3921 return -EINVAL;
3922 }
3923
3924 if (!((gmode && phy->supports_2ghz) ||
3925 (!gmode && phy->supports_5ghz))) {
3926 b43err(dev->wl, "This device doesn't support %s-GHz band\n",
3927 band_to_string(chan->band));
3928 return -ENODEV;
3929 }
3930
3931 if (!!phy->gmode == !!gmode) {
3932 /* This device is already running. */
3933 return 0;
3934 }
3935
3936 b43dbg(dev->wl, "Switching to %s GHz band\n",
3937 band_to_string(chan->band));
3938
3939 /* Some new devices don't need disabling radio for band switching */
3940 if (!(phy->type == B43_PHYTYPE_N && phy->rev >= 3))
3941 b43_software_rfkill(dev, true);
3942
3943 phy->gmode = gmode;
3944 b43_phy_put_into_reset(dev);
3945 switch (dev->dev->bus_type) {
3946#ifdef CONFIG_B43_BCMA
3947 case B43_BUS_BCMA:
3948 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
3949 if (gmode)
3950 tmp |= B43_BCMA_IOCTL_GMODE;
3951 else
3952 tmp &= ~B43_BCMA_IOCTL_GMODE;
3953 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
3954 break;
3955#endif
3956#ifdef CONFIG_B43_SSB
3957 case B43_BUS_SSB:
3958 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3959 if (gmode)
3960 tmp |= B43_TMSLOW_GMODE;
3961 else
3962 tmp &= ~B43_TMSLOW_GMODE;
3963 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3964 break;
3965#endif
3966 }
3967 b43_phy_take_out_of_reset(dev);
3968
3969 b43_upload_initvals_band(dev);
3970
3971 b43_phy_init(dev);
3972
3973 return 0;
3974}
3975
3976static void b43_set_beacon_listen_interval(struct b43_wldev *dev, u16 interval)
3977{
3978 interval = min_t(u16, interval, (u16)0xFF);
3979 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BCN_LI, interval);
3980}
3981
3982/* Write the short and long frame retry limit values. */
3983static void b43_set_retry_limits(struct b43_wldev *dev,
3984 unsigned int short_retry,
3985 unsigned int long_retry)
3986{
3987 /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3988 * the chip-internal counter. */
3989 short_retry = min(short_retry, (unsigned int)0xF);
3990 long_retry = min(long_retry, (unsigned int)0xF);
3991
3992 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3993 short_retry);
3994 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3995 long_retry);
3996}
3997
3998static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3999{
4000 struct b43_wl *wl = hw_to_b43_wl(hw);
4001 struct b43_wldev *dev = wl->current_dev;
4002 struct b43_phy *phy = &dev->phy;
4003 struct ieee80211_conf *conf = &hw->conf;
4004 int antenna;
4005 int err = 0;
4006
4007 mutex_lock(&wl->mutex);
4008 b43_mac_suspend(dev);
4009
4010 if (changed & IEEE80211_CONF_CHANGE_LISTEN_INTERVAL)
4011 b43_set_beacon_listen_interval(dev, conf->listen_interval);
4012
4013 if (changed & IEEE80211_CONF_CHANGE_CHANNEL) {
4014 phy->chandef = &conf->chandef;
4015 phy->channel = conf->chandef.chan->hw_value;
4016
4017 /* Switch the band (if necessary). */
4018 err = b43_switch_band(dev, conf->chandef.chan);
4019 if (err)
4020 goto out_mac_enable;
4021
4022 /* Switch to the requested channel.
4023 * The firmware takes care of races with the TX handler.
4024 */
4025 b43_switch_channel(dev, phy->channel);
4026 }
4027
4028 if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
4029 b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
4030 conf->long_frame_max_tx_count);
4031 changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
4032 if (!changed)
4033 goto out_mac_enable;
4034
4035 dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_MONITOR);
4036
4037 /* Adjust the desired TX power level. */
4038 if (conf->power_level != 0) {
4039 if (conf->power_level != phy->desired_txpower) {
4040 phy->desired_txpower = conf->power_level;
4041 b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
4042 B43_TXPWR_IGNORE_TSSI);
4043 }
4044 }
4045
4046 /* Antennas for RX and management frame TX. */
4047 antenna = B43_ANTENNA_DEFAULT;
4048 b43_mgmtframe_txantenna(dev, antenna);
4049 antenna = B43_ANTENNA_DEFAULT;
4050 if (phy->ops->set_rx_antenna)
4051 phy->ops->set_rx_antenna(dev, antenna);
4052
4053 if (wl->radio_enabled != phy->radio_on) {
4054 if (wl->radio_enabled) {
4055 b43_software_rfkill(dev, false);
4056 b43info(dev->wl, "Radio turned on by software\n");
4057 if (!dev->radio_hw_enable) {
4058 b43info(dev->wl, "The hardware RF-kill button "
4059 "still turns the radio physically off. "
4060 "Press the button to turn it on.\n");
4061 }
4062 } else {
4063 b43_software_rfkill(dev, true);
4064 b43info(dev->wl, "Radio turned off by software\n");
4065 }
4066 }
4067
4068out_mac_enable:
4069 b43_mac_enable(dev);
4070 mutex_unlock(&wl->mutex);
4071
4072 return err;
4073}
4074
4075static void b43_update_basic_rates(struct b43_wldev *dev, u32 brates)
4076{
4077 struct ieee80211_supported_band *sband =
4078 dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
4079 struct ieee80211_rate *rate;
4080 int i;
4081 u16 basic, direct, offset, basic_offset, rateptr;
4082
4083 for (i = 0; i < sband->n_bitrates; i++) {
4084 rate = &sband->bitrates[i];
4085
4086 if (b43_is_cck_rate(rate->hw_value)) {
4087 direct = B43_SHM_SH_CCKDIRECT;
4088 basic = B43_SHM_SH_CCKBASIC;
4089 offset = b43_plcp_get_ratecode_cck(rate->hw_value);
4090 offset &= 0xF;
4091 } else {
4092 direct = B43_SHM_SH_OFDMDIRECT;
4093 basic = B43_SHM_SH_OFDMBASIC;
4094 offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
4095 offset &= 0xF;
4096 }
4097
4098 rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
4099
4100 if (b43_is_cck_rate(rate->hw_value)) {
4101 basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
4102 basic_offset &= 0xF;
4103 } else {
4104 basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
4105 basic_offset &= 0xF;
4106 }
4107
4108 /*
4109 * Get the pointer that we need to point to
4110 * from the direct map
4111 */
4112 rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
4113 direct + 2 * basic_offset);
4114 /* and write it to the basic map */
4115 b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
4116 rateptr);
4117 }
4118}
4119
4120static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
4121 struct ieee80211_vif *vif,
4122 struct ieee80211_bss_conf *conf,
4123 u32 changed)
4124{
4125 struct b43_wl *wl = hw_to_b43_wl(hw);
4126 struct b43_wldev *dev;
4127
4128 mutex_lock(&wl->mutex);
4129
4130 dev = wl->current_dev;
4131 if (!dev || b43_status(dev) < B43_STAT_STARTED)
4132 goto out_unlock_mutex;
4133
4134 B43_WARN_ON(wl->vif != vif);
4135
4136 if (changed & BSS_CHANGED_BSSID) {
4137 if (conf->bssid)
4138 memcpy(wl->bssid, conf->bssid, ETH_ALEN);
4139 else
4140 eth_zero_addr(wl->bssid);
4141 }
4142
4143 if (b43_status(dev) >= B43_STAT_INITIALIZED) {
4144 if (changed & BSS_CHANGED_BEACON &&
4145 (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
4146 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
4147 b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
4148 b43_update_templates(wl);
4149
4150 if (changed & BSS_CHANGED_BSSID)
4151 b43_write_mac_bssid_templates(dev);
4152 }
4153
4154 b43_mac_suspend(dev);
4155
4156 /* Update templates for AP/mesh mode. */
4157 if (changed & BSS_CHANGED_BEACON_INT &&
4158 (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
4159 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
4160 b43_is_mode(wl, NL80211_IFTYPE_ADHOC)) &&
4161 conf->beacon_int)
4162 b43_set_beacon_int(dev, conf->beacon_int);
4163
4164 if (changed & BSS_CHANGED_BASIC_RATES)
4165 b43_update_basic_rates(dev, conf->basic_rates);
4166
4167 if (changed & BSS_CHANGED_ERP_SLOT) {
4168 if (conf->use_short_slot)
4169 b43_short_slot_timing_enable(dev);
4170 else
4171 b43_short_slot_timing_disable(dev);
4172 }
4173
4174 b43_mac_enable(dev);
4175out_unlock_mutex:
4176 mutex_unlock(&wl->mutex);
4177}
4178
4179static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
4180 struct ieee80211_vif *vif, struct ieee80211_sta *sta,
4181 struct ieee80211_key_conf *key)
4182{
4183 struct b43_wl *wl = hw_to_b43_wl(hw);
4184 struct b43_wldev *dev;
4185 u8 algorithm;
4186 u8 index;
4187 int err;
4188 static const u8 bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
4189
4190 if (modparam_nohwcrypt)
4191 return -ENOSPC; /* User disabled HW-crypto */
4192
4193 if ((vif->type == NL80211_IFTYPE_ADHOC ||
4194 vif->type == NL80211_IFTYPE_MESH_POINT) &&
4195 (key->cipher == WLAN_CIPHER_SUITE_TKIP ||
4196 key->cipher == WLAN_CIPHER_SUITE_CCMP) &&
4197 !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
4198 /*
4199 * For now, disable hw crypto for the RSN IBSS group keys. This
4200 * could be optimized in the future, but until that gets
4201 * implemented, use of software crypto for group addressed
4202 * frames is a acceptable to allow RSN IBSS to be used.
4203 */
4204 return -EOPNOTSUPP;
4205 }
4206
4207 mutex_lock(&wl->mutex);
4208
4209 dev = wl->current_dev;
4210 err = -ENODEV;
4211 if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
4212 goto out_unlock;
4213
4214 if (dev->fw.pcm_request_failed || !dev->hwcrypto_enabled) {
4215 /* We don't have firmware for the crypto engine.
4216 * Must use software-crypto. */
4217 err = -EOPNOTSUPP;
4218 goto out_unlock;
4219 }
4220
4221 err = -EINVAL;
4222 switch (key->cipher) {
4223 case WLAN_CIPHER_SUITE_WEP40:
4224 algorithm = B43_SEC_ALGO_WEP40;
4225 break;
4226 case WLAN_CIPHER_SUITE_WEP104:
4227 algorithm = B43_SEC_ALGO_WEP104;
4228 break;
4229 case WLAN_CIPHER_SUITE_TKIP:
4230 algorithm = B43_SEC_ALGO_TKIP;
4231 break;
4232 case WLAN_CIPHER_SUITE_CCMP:
4233 algorithm = B43_SEC_ALGO_AES;
4234 break;
4235 default:
4236 B43_WARN_ON(1);
4237 goto out_unlock;
4238 }
4239 index = (u8) (key->keyidx);
4240 if (index > 3)
4241 goto out_unlock;
4242
4243 switch (cmd) {
4244 case SET_KEY:
4245 if (algorithm == B43_SEC_ALGO_TKIP &&
4246 (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE) ||
4247 !modparam_hwtkip)) {
4248 /* We support only pairwise key */
4249 err = -EOPNOTSUPP;
4250 goto out_unlock;
4251 }
4252
4253 if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
4254 if (WARN_ON(!sta)) {
4255 err = -EOPNOTSUPP;
4256 goto out_unlock;
4257 }
4258 /* Pairwise key with an assigned MAC address. */
4259 err = b43_key_write(dev, -1, algorithm,
4260 key->key, key->keylen,
4261 sta->addr, key);
4262 } else {
4263 /* Group key */
4264 err = b43_key_write(dev, index, algorithm,
4265 key->key, key->keylen, NULL, key);
4266 }
4267 if (err)
4268 goto out_unlock;
4269
4270 if (algorithm == B43_SEC_ALGO_WEP40 ||
4271 algorithm == B43_SEC_ALGO_WEP104) {
4272 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
4273 } else {
4274 b43_hf_write(dev,
4275 b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
4276 }
4277 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
4278 if (algorithm == B43_SEC_ALGO_TKIP)
4279 key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
4280 break;
4281 case DISABLE_KEY: {
4282 err = b43_key_clear(dev, key->hw_key_idx);
4283 if (err)
4284 goto out_unlock;
4285 break;
4286 }
4287 default:
4288 B43_WARN_ON(1);
4289 }
4290
4291out_unlock:
4292 if (!err) {
4293 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
4294 "mac: %pM\n",
4295 cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
4296 sta ? sta->addr : bcast_addr);
4297 b43_dump_keymemory(dev);
4298 }
4299 mutex_unlock(&wl->mutex);
4300
4301 return err;
4302}
4303
4304static void b43_op_configure_filter(struct ieee80211_hw *hw,
4305 unsigned int changed, unsigned int *fflags,
4306 u64 multicast)
4307{
4308 struct b43_wl *wl = hw_to_b43_wl(hw);
4309 struct b43_wldev *dev;
4310
4311 mutex_lock(&wl->mutex);
4312 dev = wl->current_dev;
4313 if (!dev) {
4314 *fflags = 0;
4315 goto out_unlock;
4316 }
4317
4318 *fflags &= FIF_ALLMULTI |
4319 FIF_FCSFAIL |
4320 FIF_PLCPFAIL |
4321 FIF_CONTROL |
4322 FIF_OTHER_BSS |
4323 FIF_BCN_PRBRESP_PROMISC;
4324
4325 changed &= FIF_ALLMULTI |
4326 FIF_FCSFAIL |
4327 FIF_PLCPFAIL |
4328 FIF_CONTROL |
4329 FIF_OTHER_BSS |
4330 FIF_BCN_PRBRESP_PROMISC;
4331
4332 wl->filter_flags = *fflags;
4333
4334 if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
4335 b43_adjust_opmode(dev);
4336
4337out_unlock:
4338 mutex_unlock(&wl->mutex);
4339}
4340
4341/* Locking: wl->mutex
4342 * Returns the current dev. This might be different from the passed in dev,
4343 * because the core might be gone away while we unlocked the mutex. */
4344static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev)
4345{
4346 struct b43_wl *wl;
4347 struct b43_wldev *orig_dev;
4348 u32 mask;
4349 int queue_num;
4350
4351 if (!dev)
4352 return NULL;
4353 wl = dev->wl;
4354redo:
4355 if (!dev || b43_status(dev) < B43_STAT_STARTED)
4356 return dev;
4357
4358 /* Cancel work. Unlock to avoid deadlocks. */
4359 mutex_unlock(&wl->mutex);
4360 cancel_delayed_work_sync(&dev->periodic_work);
4361 cancel_work_sync(&wl->tx_work);
4362 b43_leds_stop(dev);
4363 mutex_lock(&wl->mutex);
4364 dev = wl->current_dev;
4365 if (!dev || b43_status(dev) < B43_STAT_STARTED) {
4366 /* Whoops, aliens ate up the device while we were unlocked. */
4367 return dev;
4368 }
4369
4370 /* Disable interrupts on the device. */
4371 b43_set_status(dev, B43_STAT_INITIALIZED);
4372 if (b43_bus_host_is_sdio(dev->dev)) {
4373 /* wl->mutex is locked. That is enough. */
4374 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4375 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4376 } else {
4377 spin_lock_irq(&wl->hardirq_lock);
4378 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4379 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4380 spin_unlock_irq(&wl->hardirq_lock);
4381 }
4382 /* Synchronize and free the interrupt handlers. Unlock to avoid deadlocks. */
4383 orig_dev = dev;
4384 mutex_unlock(&wl->mutex);
4385 if (b43_bus_host_is_sdio(dev->dev))
4386 b43_sdio_free_irq(dev);
4387 else
4388 free_irq(dev->dev->irq, dev);
4389 mutex_lock(&wl->mutex);
4390 dev = wl->current_dev;
4391 if (!dev)
4392 return dev;
4393 if (dev != orig_dev) {
4394 if (b43_status(dev) >= B43_STAT_STARTED)
4395 goto redo;
4396 return dev;
4397 }
4398 mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
4399 B43_WARN_ON(mask != 0xFFFFFFFF && mask);
4400
4401 /* Drain all TX queues. */
4402 for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
4403 while (skb_queue_len(&wl->tx_queue[queue_num])) {
4404 struct sk_buff *skb;
4405
4406 skb = skb_dequeue(&wl->tx_queue[queue_num]);
4407 ieee80211_free_txskb(wl->hw, skb);
4408 }
4409 }
4410
4411 b43_mac_suspend(dev);
4412 b43_leds_exit(dev);
4413 b43dbg(wl, "Wireless interface stopped\n");
4414
4415 return dev;
4416}
4417
4418/* Locking: wl->mutex */
4419static int b43_wireless_core_start(struct b43_wldev *dev)
4420{
4421 int err;
4422
4423 B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
4424
4425 drain_txstatus_queue(dev);
4426 if (b43_bus_host_is_sdio(dev->dev)) {
4427 err = b43_sdio_request_irq(dev, b43_sdio_interrupt_handler);
4428 if (err) {
4429 b43err(dev->wl, "Cannot request SDIO IRQ\n");
4430 goto out;
4431 }
4432 } else {
4433 err = request_threaded_irq(dev->dev->irq, b43_interrupt_handler,
4434 b43_interrupt_thread_handler,
4435 IRQF_SHARED, KBUILD_MODNAME, dev);
4436 if (err) {
4437 b43err(dev->wl, "Cannot request IRQ-%d\n",
4438 dev->dev->irq);
4439 goto out;
4440 }
4441 }
4442
4443 /* We are ready to run. */
4444 ieee80211_wake_queues(dev->wl->hw);
4445 b43_set_status(dev, B43_STAT_STARTED);
4446
4447 /* Start data flow (TX/RX). */
4448 b43_mac_enable(dev);
4449 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
4450
4451 /* Start maintenance work */
4452 b43_periodic_tasks_setup(dev);
4453
4454 b43_leds_init(dev);
4455
4456 b43dbg(dev->wl, "Wireless interface started\n");
4457out:
4458 return err;
4459}
4460
4461static char *b43_phy_name(struct b43_wldev *dev, u8 phy_type)
4462{
4463 switch (phy_type) {
4464 case B43_PHYTYPE_A:
4465 return "A";
4466 case B43_PHYTYPE_B:
4467 return "B";
4468 case B43_PHYTYPE_G:
4469 return "G";
4470 case B43_PHYTYPE_N:
4471 return "N";
4472 case B43_PHYTYPE_LP:
4473 return "LP";
4474 case B43_PHYTYPE_SSLPN:
4475 return "SSLPN";
4476 case B43_PHYTYPE_HT:
4477 return "HT";
4478 case B43_PHYTYPE_LCN:
4479 return "LCN";
4480 case B43_PHYTYPE_LCNXN:
4481 return "LCNXN";
4482 case B43_PHYTYPE_LCN40:
4483 return "LCN40";
4484 case B43_PHYTYPE_AC:
4485 return "AC";
4486 }
4487 return "UNKNOWN";
4488}
4489
4490/* Get PHY and RADIO versioning numbers */
4491static int b43_phy_versioning(struct b43_wldev *dev)
4492{
4493 struct b43_phy *phy = &dev->phy;
4494 const u8 core_rev = dev->dev->core_rev;
4495 u32 tmp;
4496 u8 analog_type;
4497 u8 phy_type;
4498 u8 phy_rev;
4499 u16 radio_manuf;
4500 u16 radio_id;
4501 u16 radio_rev;
4502 u8 radio_ver;
4503 int unsupported = 0;
4504
4505 /* Get PHY versioning */
4506 tmp = b43_read16(dev, B43_MMIO_PHY_VER);
4507 analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
4508 phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
4509 phy_rev = (tmp & B43_PHYVER_VERSION);
4510
4511 /* LCNXN is continuation of N which run out of revisions */
4512 if (phy_type == B43_PHYTYPE_LCNXN) {
4513 phy_type = B43_PHYTYPE_N;
4514 phy_rev += 16;
4515 }
4516
4517 switch (phy_type) {
4518#ifdef CONFIG_B43_PHY_G
4519 case B43_PHYTYPE_G:
4520 if (phy_rev > 9)
4521 unsupported = 1;
4522 break;
4523#endif
4524#ifdef CONFIG_B43_PHY_N
4525 case B43_PHYTYPE_N:
4526 if (phy_rev >= 19)
4527 unsupported = 1;
4528 break;
4529#endif
4530#ifdef CONFIG_B43_PHY_LP
4531 case B43_PHYTYPE_LP:
4532 if (phy_rev > 2)
4533 unsupported = 1;
4534 break;
4535#endif
4536#ifdef CONFIG_B43_PHY_HT
4537 case B43_PHYTYPE_HT:
4538 if (phy_rev > 1)
4539 unsupported = 1;
4540 break;
4541#endif
4542#ifdef CONFIG_B43_PHY_LCN
4543 case B43_PHYTYPE_LCN:
4544 if (phy_rev > 1)
4545 unsupported = 1;
4546 break;
4547#endif
4548#ifdef CONFIG_B43_PHY_AC
4549 case B43_PHYTYPE_AC:
4550 if (phy_rev > 1)
4551 unsupported = 1;
4552 break;
4553#endif
4554 default:
4555 unsupported = 1;
4556 }
4557 if (unsupported) {
4558 b43err(dev->wl, "FOUND UNSUPPORTED PHY (Analog %u, Type %d (%s), Revision %u)\n",
4559 analog_type, phy_type, b43_phy_name(dev, phy_type),
4560 phy_rev);
4561 return -EOPNOTSUPP;
4562 }
4563 b43info(dev->wl, "Found PHY: Analog %u, Type %d (%s), Revision %u\n",
4564 analog_type, phy_type, b43_phy_name(dev, phy_type), phy_rev);
4565
4566 /* Get RADIO versioning */
4567 if (core_rev == 40 || core_rev == 42) {
4568 radio_manuf = 0x17F;
4569
4570 b43_write16f(dev, B43_MMIO_RADIO24_CONTROL, 0);
4571 radio_rev = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4572
4573 b43_write16f(dev, B43_MMIO_RADIO24_CONTROL, 1);
4574 radio_id = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4575
4576 radio_ver = 0; /* Is there version somewhere? */
4577 } else if (core_rev >= 24) {
4578 u16 radio24[3];
4579
4580 for (tmp = 0; tmp < 3; tmp++) {
4581 b43_write16f(dev, B43_MMIO_RADIO24_CONTROL, tmp);
4582 radio24[tmp] = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4583 }
4584
4585 radio_manuf = 0x17F;
4586 radio_id = (radio24[2] << 8) | radio24[1];
4587 radio_rev = (radio24[0] & 0xF);
4588 radio_ver = (radio24[0] & 0xF0) >> 4;
4589 } else {
4590 if (dev->dev->chip_id == 0x4317) {
4591 if (dev->dev->chip_rev == 0)
4592 tmp = 0x3205017F;
4593 else if (dev->dev->chip_rev == 1)
4594 tmp = 0x4205017F;
4595 else
4596 tmp = 0x5205017F;
4597 } else {
4598 b43_write16f(dev, B43_MMIO_RADIO_CONTROL,
4599 B43_RADIOCTL_ID);
4600 tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
4601 b43_write16f(dev, B43_MMIO_RADIO_CONTROL,
4602 B43_RADIOCTL_ID);
4603 tmp |= b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH) << 16;
4604 }
4605 radio_manuf = (tmp & 0x00000FFF);
4606 radio_id = (tmp & 0x0FFFF000) >> 12;
4607 radio_rev = (tmp & 0xF0000000) >> 28;
4608 radio_ver = 0; /* Probably not available on old hw */
4609 }
4610
4611 if (radio_manuf != 0x17F /* Broadcom */)
4612 unsupported = 1;
4613 switch (phy_type) {
4614 case B43_PHYTYPE_B:
4615 if ((radio_id & 0xFFF0) != 0x2050)
4616 unsupported = 1;
4617 break;
4618 case B43_PHYTYPE_G:
4619 if (radio_id != 0x2050)
4620 unsupported = 1;
4621 break;
4622 case B43_PHYTYPE_N:
4623 if (radio_id != 0x2055 && radio_id != 0x2056 &&
4624 radio_id != 0x2057)
4625 unsupported = 1;
4626 if (radio_id == 0x2057 &&
4627 !(radio_rev == 9 || radio_rev == 14))
4628 unsupported = 1;
4629 break;
4630 case B43_PHYTYPE_LP:
4631 if (radio_id != 0x2062 && radio_id != 0x2063)
4632 unsupported = 1;
4633 break;
4634 case B43_PHYTYPE_HT:
4635 if (radio_id != 0x2059)
4636 unsupported = 1;
4637 break;
4638 case B43_PHYTYPE_LCN:
4639 if (radio_id != 0x2064)
4640 unsupported = 1;
4641 break;
4642 case B43_PHYTYPE_AC:
4643 if (radio_id != 0x2069)
4644 unsupported = 1;
4645 break;
4646 default:
4647 B43_WARN_ON(1);
4648 }
4649 if (unsupported) {
4650 b43err(dev->wl,
4651 "FOUND UNSUPPORTED RADIO (Manuf 0x%X, ID 0x%X, Revision %u, Version %u)\n",
4652 radio_manuf, radio_id, radio_rev, radio_ver);
4653 return -EOPNOTSUPP;
4654 }
4655 b43info(dev->wl,
4656 "Found Radio: Manuf 0x%X, ID 0x%X, Revision %u, Version %u\n",
4657 radio_manuf, radio_id, radio_rev, radio_ver);
4658
4659 /* FIXME: b43 treats "id" as "ver" and ignores the real "ver" */
4660 phy->radio_manuf = radio_manuf;
4661 phy->radio_ver = radio_id;
4662 phy->radio_rev = radio_rev;
4663
4664 phy->analog = analog_type;
4665 phy->type = phy_type;
4666 phy->rev = phy_rev;
4667
4668 return 0;
4669}
4670
4671static void setup_struct_phy_for_init(struct b43_wldev *dev,
4672 struct b43_phy *phy)
4673{
4674 phy->hardware_power_control = !!modparam_hwpctl;
4675 phy->next_txpwr_check_time = jiffies;
4676 /* PHY TX errors counter. */
4677 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
4678
4679#if B43_DEBUG
4680 phy->phy_locked = false;
4681 phy->radio_locked = false;
4682#endif
4683}
4684
4685static void setup_struct_wldev_for_init(struct b43_wldev *dev)
4686{
4687 dev->dfq_valid = false;
4688
4689 /* Assume the radio is enabled. If it's not enabled, the state will
4690 * immediately get fixed on the first periodic work run. */
4691 dev->radio_hw_enable = true;
4692
4693 /* Stats */
4694 memset(&dev->stats, 0, sizeof(dev->stats));
4695
4696 setup_struct_phy_for_init(dev, &dev->phy);
4697
4698 /* IRQ related flags */
4699 dev->irq_reason = 0;
4700 memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
4701 dev->irq_mask = B43_IRQ_MASKTEMPLATE;
4702 if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
4703 dev->irq_mask &= ~B43_IRQ_PHY_TXERR;
4704
4705 dev->mac_suspended = 1;
4706
4707 /* Noise calculation context */
4708 memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
4709}
4710
4711static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
4712{
4713 struct ssb_sprom *sprom = dev->dev->bus_sprom;
4714 u64 hf;
4715
4716 if (!modparam_btcoex)
4717 return;
4718 if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
4719 return;
4720 if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
4721 return;
4722
4723 hf = b43_hf_read(dev);
4724 if (sprom->boardflags_lo & B43_BFL_BTCMOD)
4725 hf |= B43_HF_BTCOEXALT;
4726 else
4727 hf |= B43_HF_BTCOEX;
4728 b43_hf_write(dev, hf);
4729}
4730
4731static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
4732{
4733 if (!modparam_btcoex)
4734 return;
4735 //TODO
4736}
4737
4738static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
4739{
4740 struct ssb_bus *bus;
4741 u32 tmp;
4742
4743#ifdef CONFIG_B43_SSB
4744 if (dev->dev->bus_type != B43_BUS_SSB)
4745 return;
4746#else
4747 return;
4748#endif
4749
4750 bus = dev->dev->sdev->bus;
4751
4752 if ((bus->chip_id == 0x4311 && bus->chip_rev == 2) ||
4753 (bus->chip_id == 0x4312)) {
4754 tmp = ssb_read32(dev->dev->sdev, SSB_IMCFGLO);
4755 tmp &= ~SSB_IMCFGLO_REQTO;
4756 tmp &= ~SSB_IMCFGLO_SERTO;
4757 tmp |= 0x3;
4758 ssb_write32(dev->dev->sdev, SSB_IMCFGLO, tmp);
4759 ssb_commit_settings(bus);
4760 }
4761}
4762
4763static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
4764{
4765 u16 pu_delay;
4766
4767 /* The time value is in microseconds. */
4768 pu_delay = 1050;
4769 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
4770 pu_delay = 500;
4771 if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
4772 pu_delay = max(pu_delay, (u16)2400);
4773
4774 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
4775}
4776
4777/* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
4778static void b43_set_pretbtt(struct b43_wldev *dev)
4779{
4780 u16 pretbtt;
4781
4782 /* The time value is in microseconds. */
4783 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
4784 pretbtt = 2;
4785 else
4786 pretbtt = 250;
4787 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
4788 b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
4789}
4790
4791/* Shutdown a wireless core */
4792/* Locking: wl->mutex */
4793static void b43_wireless_core_exit(struct b43_wldev *dev)
4794{
4795 B43_WARN_ON(dev && b43_status(dev) > B43_STAT_INITIALIZED);
4796 if (!dev || b43_status(dev) != B43_STAT_INITIALIZED)
4797 return;
4798
4799 b43_set_status(dev, B43_STAT_UNINIT);
4800
4801 /* Stop the microcode PSM. */
4802 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
4803 B43_MACCTL_PSM_JMP0);
4804
4805 switch (dev->dev->bus_type) {
4806#ifdef CONFIG_B43_BCMA
4807 case B43_BUS_BCMA:
4808 bcma_host_pci_down(dev->dev->bdev->bus);
4809 break;
4810#endif
4811#ifdef CONFIG_B43_SSB
4812 case B43_BUS_SSB:
4813 /* TODO */
4814 break;
4815#endif
4816 }
4817
4818 b43_dma_free(dev);
4819 b43_pio_free(dev);
4820 b43_chip_exit(dev);
4821 dev->phy.ops->switch_analog(dev, 0);
4822 if (dev->wl->current_beacon) {
4823 dev_kfree_skb_any(dev->wl->current_beacon);
4824 dev->wl->current_beacon = NULL;
4825 }
4826
4827 b43_device_disable(dev, 0);
4828 b43_bus_may_powerdown(dev);
4829}
4830
4831/* Initialize a wireless core */
4832static int b43_wireless_core_init(struct b43_wldev *dev)
4833{
4834 struct ssb_sprom *sprom = dev->dev->bus_sprom;
4835 struct b43_phy *phy = &dev->phy;
4836 int err;
4837 u64 hf;
4838
4839 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4840
4841 err = b43_bus_powerup(dev, 0);
4842 if (err)
4843 goto out;
4844 if (!b43_device_is_enabled(dev))
4845 b43_wireless_core_reset(dev, phy->gmode);
4846
4847 /* Reset all data structures. */
4848 setup_struct_wldev_for_init(dev);
4849 phy->ops->prepare_structs(dev);
4850
4851 /* Enable IRQ routing to this device. */
4852 switch (dev->dev->bus_type) {
4853#ifdef CONFIG_B43_BCMA
4854 case B43_BUS_BCMA:
4855 bcma_host_pci_irq_ctl(dev->dev->bdev->bus,
4856 dev->dev->bdev, true);
4857 bcma_host_pci_up(dev->dev->bdev->bus);
4858 break;
4859#endif
4860#ifdef CONFIG_B43_SSB
4861 case B43_BUS_SSB:
4862 ssb_pcicore_dev_irqvecs_enable(&dev->dev->sdev->bus->pcicore,
4863 dev->dev->sdev);
4864 break;
4865#endif
4866 }
4867
4868 b43_imcfglo_timeouts_workaround(dev);
4869 b43_bluetooth_coext_disable(dev);
4870 if (phy->ops->prepare_hardware) {
4871 err = phy->ops->prepare_hardware(dev);
4872 if (err)
4873 goto err_busdown;
4874 }
4875 err = b43_chip_init(dev);
4876 if (err)
4877 goto err_busdown;
4878 b43_shm_write16(dev, B43_SHM_SHARED,
4879 B43_SHM_SH_WLCOREREV, dev->dev->core_rev);
4880 hf = b43_hf_read(dev);
4881 if (phy->type == B43_PHYTYPE_G) {
4882 hf |= B43_HF_SYMW;
4883 if (phy->rev == 1)
4884 hf |= B43_HF_GDCW;
4885 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4886 hf |= B43_HF_OFDMPABOOST;
4887 }
4888 if (phy->radio_ver == 0x2050) {
4889 if (phy->radio_rev == 6)
4890 hf |= B43_HF_4318TSSI;
4891 if (phy->radio_rev < 6)
4892 hf |= B43_HF_VCORECALC;
4893 }
4894 if (sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW)
4895 hf |= B43_HF_DSCRQ; /* Disable slowclock requests from ucode. */
4896#if defined(CONFIG_B43_SSB) && defined(CONFIG_SSB_DRIVER_PCICORE)
4897 if (dev->dev->bus_type == B43_BUS_SSB &&
4898 dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI &&
4899 dev->dev->sdev->bus->pcicore.dev->id.revision <= 10)
4900 hf |= B43_HF_PCISCW; /* PCI slow clock workaround. */
4901#endif
4902 hf &= ~B43_HF_SKCFPUP;
4903 b43_hf_write(dev, hf);
4904
4905 /* tell the ucode MAC capabilities */
4906 if (dev->dev->core_rev >= 13) {
4907 u32 mac_hw_cap = b43_read32(dev, B43_MMIO_MAC_HW_CAP);
4908
4909 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_MACHW_L,
4910 mac_hw_cap & 0xffff);
4911 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_MACHW_H,
4912 (mac_hw_cap >> 16) & 0xffff);
4913 }
4914
4915 b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4916 B43_DEFAULT_LONG_RETRY_LIMIT);
4917 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4918 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4919
4920 /* Disable sending probe responses from firmware.
4921 * Setting the MaxTime to one usec will always trigger
4922 * a timeout, so we never send any probe resp.
4923 * A timeout of zero is infinite. */
4924 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4925
4926 b43_rate_memory_init(dev);
4927 b43_set_phytxctl_defaults(dev);
4928
4929 /* Minimum Contention Window */
4930 if (phy->type == B43_PHYTYPE_B)
4931 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4932 else
4933 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4934 /* Maximum Contention Window */
4935 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4936
4937 /* write phytype and phyvers */
4938 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PHYTYPE, phy->type);
4939 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PHYVER, phy->rev);
4940
4941 if (b43_bus_host_is_pcmcia(dev->dev) ||
4942 b43_bus_host_is_sdio(dev->dev)) {
4943 dev->__using_pio_transfers = true;
4944 err = b43_pio_init(dev);
4945 } else if (dev->use_pio) {
4946 b43warn(dev->wl, "Forced PIO by use_pio module parameter. "
4947 "This should not be needed and will result in lower "
4948 "performance.\n");
4949 dev->__using_pio_transfers = true;
4950 err = b43_pio_init(dev);
4951 } else {
4952 dev->__using_pio_transfers = false;
4953 err = b43_dma_init(dev);
4954 }
4955 if (err)
4956 goto err_chip_exit;
4957 b43_qos_init(dev);
4958 b43_set_synth_pu_delay(dev, 1);
4959 b43_bluetooth_coext_enable(dev);
4960
4961 b43_bus_powerup(dev, !(sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW));
4962 b43_upload_card_macaddress(dev);
4963 b43_security_init(dev);
4964
4965 ieee80211_wake_queues(dev->wl->hw);
4966
4967 b43_set_status(dev, B43_STAT_INITIALIZED);
4968
4969out:
4970 return err;
4971
4972err_chip_exit:
4973 b43_chip_exit(dev);
4974err_busdown:
4975 b43_bus_may_powerdown(dev);
4976 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4977 return err;
4978}
4979
4980static int b43_op_add_interface(struct ieee80211_hw *hw,
4981 struct ieee80211_vif *vif)
4982{
4983 struct b43_wl *wl = hw_to_b43_wl(hw);
4984 struct b43_wldev *dev;
4985 int err = -EOPNOTSUPP;
4986
4987 /* TODO: allow WDS/AP devices to coexist */
4988
4989 if (vif->type != NL80211_IFTYPE_AP &&
4990 vif->type != NL80211_IFTYPE_MESH_POINT &&
4991 vif->type != NL80211_IFTYPE_STATION &&
4992 vif->type != NL80211_IFTYPE_WDS &&
4993 vif->type != NL80211_IFTYPE_ADHOC)
4994 return -EOPNOTSUPP;
4995
4996 mutex_lock(&wl->mutex);
4997 if (wl->operating)
4998 goto out_mutex_unlock;
4999
5000 b43dbg(wl, "Adding Interface type %d\n", vif->type);
5001
5002 dev = wl->current_dev;
5003 wl->operating = true;
5004 wl->vif = vif;
5005 wl->if_type = vif->type;
5006 memcpy(wl->mac_addr, vif->addr, ETH_ALEN);
5007
5008 b43_adjust_opmode(dev);
5009 b43_set_pretbtt(dev);
5010 b43_set_synth_pu_delay(dev, 0);
5011 b43_upload_card_macaddress(dev);
5012
5013 err = 0;
5014 out_mutex_unlock:
5015 mutex_unlock(&wl->mutex);
5016
5017 if (err == 0)
5018 b43_op_bss_info_changed(hw, vif, &vif->bss_conf, ~0);
5019
5020 return err;
5021}
5022
5023static void b43_op_remove_interface(struct ieee80211_hw *hw,
5024 struct ieee80211_vif *vif)
5025{
5026 struct b43_wl *wl = hw_to_b43_wl(hw);
5027 struct b43_wldev *dev = wl->current_dev;
5028
5029 b43dbg(wl, "Removing Interface type %d\n", vif->type);
5030
5031 mutex_lock(&wl->mutex);
5032
5033 B43_WARN_ON(!wl->operating);
5034 B43_WARN_ON(wl->vif != vif);
5035 wl->vif = NULL;
5036
5037 wl->operating = false;
5038
5039 b43_adjust_opmode(dev);
5040 eth_zero_addr(wl->mac_addr);
5041 b43_upload_card_macaddress(dev);
5042
5043 mutex_unlock(&wl->mutex);
5044}
5045
5046static int b43_op_start(struct ieee80211_hw *hw)
5047{
5048 struct b43_wl *wl = hw_to_b43_wl(hw);
5049 struct b43_wldev *dev = wl->current_dev;
5050 int did_init = 0;
5051 int err = 0;
5052
5053 /* Kill all old instance specific information to make sure
5054 * the card won't use it in the short timeframe between start
5055 * and mac80211 reconfiguring it. */
5056 eth_zero_addr(wl->bssid);
5057 eth_zero_addr(wl->mac_addr);
5058 wl->filter_flags = 0;
5059 wl->radiotap_enabled = false;
5060 b43_qos_clear(wl);
5061 wl->beacon0_uploaded = false;
5062 wl->beacon1_uploaded = false;
5063 wl->beacon_templates_virgin = true;
5064 wl->radio_enabled = true;
5065
5066 mutex_lock(&wl->mutex);
5067
5068 if (b43_status(dev) < B43_STAT_INITIALIZED) {
5069 err = b43_wireless_core_init(dev);
5070 if (err)
5071 goto out_mutex_unlock;
5072 did_init = 1;
5073 }
5074
5075 if (b43_status(dev) < B43_STAT_STARTED) {
5076 err = b43_wireless_core_start(dev);
5077 if (err) {
5078 if (did_init)
5079 b43_wireless_core_exit(dev);
5080 goto out_mutex_unlock;
5081 }
5082 }
5083
5084 /* XXX: only do if device doesn't support rfkill irq */
5085 wiphy_rfkill_start_polling(hw->wiphy);
5086
5087 out_mutex_unlock:
5088 mutex_unlock(&wl->mutex);
5089
5090 /*
5091 * Configuration may have been overwritten during initialization.
5092 * Reload the configuration, but only if initialization was
5093 * successful. Reloading the configuration after a failed init
5094 * may hang the system.
5095 */
5096 if (!err)
5097 b43_op_config(hw, ~0);
5098
5099 return err;
5100}
5101
5102static void b43_op_stop(struct ieee80211_hw *hw)
5103{
5104 struct b43_wl *wl = hw_to_b43_wl(hw);
5105 struct b43_wldev *dev = wl->current_dev;
5106
5107 cancel_work_sync(&(wl->beacon_update_trigger));
5108
5109 if (!dev)
5110 goto out;
5111
5112 mutex_lock(&wl->mutex);
5113 if (b43_status(dev) >= B43_STAT_STARTED) {
5114 dev = b43_wireless_core_stop(dev);
5115 if (!dev)
5116 goto out_unlock;
5117 }
5118 b43_wireless_core_exit(dev);
5119 wl->radio_enabled = false;
5120
5121out_unlock:
5122 mutex_unlock(&wl->mutex);
5123out:
5124 cancel_work_sync(&(wl->txpower_adjust_work));
5125}
5126
5127static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
5128 struct ieee80211_sta *sta, bool set)
5129{
5130 struct b43_wl *wl = hw_to_b43_wl(hw);
5131
5132 b43_update_templates(wl);
5133
5134 return 0;
5135}
5136
5137static void b43_op_sta_notify(struct ieee80211_hw *hw,
5138 struct ieee80211_vif *vif,
5139 enum sta_notify_cmd notify_cmd,
5140 struct ieee80211_sta *sta)
5141{
5142 struct b43_wl *wl = hw_to_b43_wl(hw);
5143
5144 B43_WARN_ON(!vif || wl->vif != vif);
5145}
5146
5147static void b43_op_sw_scan_start_notifier(struct ieee80211_hw *hw,
5148 struct ieee80211_vif *vif,
5149 const u8 *mac_addr)
5150{
5151 struct b43_wl *wl = hw_to_b43_wl(hw);
5152 struct b43_wldev *dev;
5153
5154 mutex_lock(&wl->mutex);
5155 dev = wl->current_dev;
5156 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
5157 /* Disable CFP update during scan on other channels. */
5158 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_SKCFPUP);
5159 }
5160 mutex_unlock(&wl->mutex);
5161}
5162
5163static void b43_op_sw_scan_complete_notifier(struct ieee80211_hw *hw,
5164 struct ieee80211_vif *vif)
5165{
5166 struct b43_wl *wl = hw_to_b43_wl(hw);
5167 struct b43_wldev *dev;
5168
5169 mutex_lock(&wl->mutex);
5170 dev = wl->current_dev;
5171 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
5172 /* Re-enable CFP update. */
5173 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_SKCFPUP);
5174 }
5175 mutex_unlock(&wl->mutex);
5176}
5177
5178static int b43_op_get_survey(struct ieee80211_hw *hw, int idx,
5179 struct survey_info *survey)
5180{
5181 struct b43_wl *wl = hw_to_b43_wl(hw);
5182 struct b43_wldev *dev = wl->current_dev;
5183 struct ieee80211_conf *conf = &hw->conf;
5184
5185 if (idx != 0)
5186 return -ENOENT;
5187
5188 survey->channel = conf->chandef.chan;
5189 survey->filled = SURVEY_INFO_NOISE_DBM;
5190 survey->noise = dev->stats.link_noise;
5191
5192 return 0;
5193}
5194
5195static const struct ieee80211_ops b43_hw_ops = {
5196 .tx = b43_op_tx,
5197 .conf_tx = b43_op_conf_tx,
5198 .add_interface = b43_op_add_interface,
5199 .remove_interface = b43_op_remove_interface,
5200 .config = b43_op_config,
5201 .bss_info_changed = b43_op_bss_info_changed,
5202 .configure_filter = b43_op_configure_filter,
5203 .set_key = b43_op_set_key,
5204 .update_tkip_key = b43_op_update_tkip_key,
5205 .get_stats = b43_op_get_stats,
5206 .get_tsf = b43_op_get_tsf,
5207 .set_tsf = b43_op_set_tsf,
5208 .start = b43_op_start,
5209 .stop = b43_op_stop,
5210 .set_tim = b43_op_beacon_set_tim,
5211 .sta_notify = b43_op_sta_notify,
5212 .sw_scan_start = b43_op_sw_scan_start_notifier,
5213 .sw_scan_complete = b43_op_sw_scan_complete_notifier,
5214 .get_survey = b43_op_get_survey,
5215 .rfkill_poll = b43_rfkill_poll,
5216};
5217
5218/* Hard-reset the chip. Do not call this directly.
5219 * Use b43_controller_restart()
5220 */
5221static void b43_chip_reset(struct work_struct *work)
5222{
5223 struct b43_wldev *dev =
5224 container_of(work, struct b43_wldev, restart_work);
5225 struct b43_wl *wl = dev->wl;
5226 int err = 0;
5227 int prev_status;
5228
5229 mutex_lock(&wl->mutex);
5230
5231 prev_status = b43_status(dev);
5232 /* Bring the device down... */
5233 if (prev_status >= B43_STAT_STARTED) {
5234 dev = b43_wireless_core_stop(dev);
5235 if (!dev) {
5236 err = -ENODEV;
5237 goto out;
5238 }
5239 }
5240 if (prev_status >= B43_STAT_INITIALIZED)
5241 b43_wireless_core_exit(dev);
5242
5243 /* ...and up again. */
5244 if (prev_status >= B43_STAT_INITIALIZED) {
5245 err = b43_wireless_core_init(dev);
5246 if (err)
5247 goto out;
5248 }
5249 if (prev_status >= B43_STAT_STARTED) {
5250 err = b43_wireless_core_start(dev);
5251 if (err) {
5252 b43_wireless_core_exit(dev);
5253 goto out;
5254 }
5255 }
5256out:
5257 if (err)
5258 wl->current_dev = NULL; /* Failed to init the dev. */
5259 mutex_unlock(&wl->mutex);
5260
5261 if (err) {
5262 b43err(wl, "Controller restart FAILED\n");
5263 return;
5264 }
5265
5266 /* reload configuration */
5267 b43_op_config(wl->hw, ~0);
5268 if (wl->vif)
5269 b43_op_bss_info_changed(wl->hw, wl->vif, &wl->vif->bss_conf, ~0);
5270
5271 b43info(wl, "Controller restarted\n");
5272}
5273
5274static int b43_setup_bands(struct b43_wldev *dev,
5275 bool have_2ghz_phy, bool have_5ghz_phy)
5276{
5277 struct ieee80211_hw *hw = dev->wl->hw;
5278 struct b43_phy *phy = &dev->phy;
5279 bool limited_2g;
5280 bool limited_5g;
5281
5282 /* We don't support all 2 GHz channels on some devices */
5283 limited_2g = phy->radio_ver == 0x2057 &&
5284 (phy->radio_rev == 9 || phy->radio_rev == 14);
5285 limited_5g = phy->radio_ver == 0x2057 &&
5286 phy->radio_rev == 9;
5287
5288 if (have_2ghz_phy)
5289 hw->wiphy->bands[NL80211_BAND_2GHZ] = limited_2g ?
5290 &b43_band_2ghz_limited : &b43_band_2GHz;
5291 if (dev->phy.type == B43_PHYTYPE_N) {
5292 if (have_5ghz_phy)
5293 hw->wiphy->bands[NL80211_BAND_5GHZ] = limited_5g ?
5294 &b43_band_5GHz_nphy_limited :
5295 &b43_band_5GHz_nphy;
5296 } else {
5297 if (have_5ghz_phy)
5298 hw->wiphy->bands[NL80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
5299 }
5300
5301 dev->phy.supports_2ghz = have_2ghz_phy;
5302 dev->phy.supports_5ghz = have_5ghz_phy;
5303
5304 return 0;
5305}
5306
5307static void b43_wireless_core_detach(struct b43_wldev *dev)
5308{
5309 /* We release firmware that late to not be required to re-request
5310 * is all the time when we reinit the core. */
5311 b43_release_firmware(dev);
5312 b43_phy_free(dev);
5313}
5314
5315static void b43_supported_bands(struct b43_wldev *dev, bool *have_2ghz_phy,
5316 bool *have_5ghz_phy)
5317{
5318 u16 dev_id = 0;
5319
5320#ifdef CONFIG_B43_BCMA
5321 if (dev->dev->bus_type == B43_BUS_BCMA &&
5322 dev->dev->bdev->bus->hosttype == BCMA_HOSTTYPE_PCI)
5323 dev_id = dev->dev->bdev->bus->host_pci->device;
5324#endif
5325#ifdef CONFIG_B43_SSB
5326 if (dev->dev->bus_type == B43_BUS_SSB &&
5327 dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI)
5328 dev_id = dev->dev->sdev->bus->host_pci->device;
5329#endif
5330 /* Override with SPROM value if available */
5331 if (dev->dev->bus_sprom->dev_id)
5332 dev_id = dev->dev->bus_sprom->dev_id;
5333
5334 /* Note: below IDs can be "virtual" (not maching e.g. real PCI ID) */
5335 switch (dev_id) {
5336 case 0x4324: /* BCM4306 */
5337 case 0x4312: /* BCM4311 */
5338 case 0x4319: /* BCM4318 */
5339 case 0x4328: /* BCM4321 */
5340 case 0x432b: /* BCM4322 */
5341 case 0x4350: /* BCM43222 */
5342 case 0x4353: /* BCM43224 */
5343 case 0x0576: /* BCM43224 */
5344 case 0x435f: /* BCM6362 */
5345 case 0x4331: /* BCM4331 */
5346 case 0x4359: /* BCM43228 */
5347 case 0x43a0: /* BCM4360 */
5348 case 0x43b1: /* BCM4352 */
5349 /* Dual band devices */
5350 *have_2ghz_phy = true;
5351 *have_5ghz_phy = true;
5352 return;
5353 case 0x4321: /* BCM4306 */
5354 /* There are 14e4:4321 PCI devs with 2.4 GHz BCM4321 (N-PHY) */
5355 if (dev->phy.type != B43_PHYTYPE_G)
5356 break;
5357 /* fall through */
5358 case 0x4313: /* BCM4311 */
5359 case 0x431a: /* BCM4318 */
5360 case 0x432a: /* BCM4321 */
5361 case 0x432d: /* BCM4322 */
5362 case 0x4352: /* BCM43222 */
5363 case 0x435a: /* BCM43228 */
5364 case 0x4333: /* BCM4331 */
5365 case 0x43a2: /* BCM4360 */
5366 case 0x43b3: /* BCM4352 */
5367 /* 5 GHz only devices */
5368 *have_2ghz_phy = false;
5369 *have_5ghz_phy = true;
5370 return;
5371 }
5372
5373 /* As a fallback, try to guess using PHY type */
5374 switch (dev->phy.type) {
5375 case B43_PHYTYPE_G:
5376 case B43_PHYTYPE_N:
5377 case B43_PHYTYPE_LP:
5378 case B43_PHYTYPE_HT:
5379 case B43_PHYTYPE_LCN:
5380 *have_2ghz_phy = true;
5381 *have_5ghz_phy = false;
5382 return;
5383 }
5384
5385 B43_WARN_ON(1);
5386}
5387
5388static int b43_wireless_core_attach(struct b43_wldev *dev)
5389{
5390 struct b43_wl *wl = dev->wl;
5391 struct b43_phy *phy = &dev->phy;
5392 int err;
5393 u32 tmp;
5394 bool have_2ghz_phy = false, have_5ghz_phy = false;
5395
5396 /* Do NOT do any device initialization here.
5397 * Do it in wireless_core_init() instead.
5398 * This function is for gathering basic information about the HW, only.
5399 * Also some structs may be set up here. But most likely you want to have
5400 * that in core_init(), too.
5401 */
5402
5403 err = b43_bus_powerup(dev, 0);
5404 if (err) {
5405 b43err(wl, "Bus powerup failed\n");
5406 goto out;
5407 }
5408
5409 phy->do_full_init = true;
5410
5411 /* Try to guess supported bands for the first init needs */
5412 switch (dev->dev->bus_type) {
5413#ifdef CONFIG_B43_BCMA
5414 case B43_BUS_BCMA:
5415 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOST);
5416 have_2ghz_phy = !!(tmp & B43_BCMA_IOST_2G_PHY);
5417 have_5ghz_phy = !!(tmp & B43_BCMA_IOST_5G_PHY);
5418 break;
5419#endif
5420#ifdef CONFIG_B43_SSB
5421 case B43_BUS_SSB:
5422 if (dev->dev->core_rev >= 5) {
5423 tmp = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
5424 have_2ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_2GHZ_PHY);
5425 have_5ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_5GHZ_PHY);
5426 } else
5427 B43_WARN_ON(1);
5428 break;
5429#endif
5430 }
5431
5432 dev->phy.gmode = have_2ghz_phy;
5433 b43_wireless_core_reset(dev, dev->phy.gmode);
5434
5435 /* Get the PHY type. */
5436 err = b43_phy_versioning(dev);
5437 if (err)
5438 goto err_powerdown;
5439
5440 /* Get real info about supported bands */
5441 b43_supported_bands(dev, &have_2ghz_phy, &have_5ghz_phy);
5442
5443 /* We don't support 5 GHz on some PHYs yet */
5444 if (have_5ghz_phy) {
5445 switch (dev->phy.type) {
5446 case B43_PHYTYPE_G:
5447 case B43_PHYTYPE_LP:
5448 case B43_PHYTYPE_HT:
5449 b43warn(wl, "5 GHz band is unsupported on this PHY\n");
5450 have_5ghz_phy = false;
5451 }
5452 }
5453
5454 if (!have_2ghz_phy && !have_5ghz_phy) {
5455 b43err(wl, "b43 can't support any band on this device\n");
5456 err = -EOPNOTSUPP;
5457 goto err_powerdown;
5458 }
5459
5460 err = b43_phy_allocate(dev);
5461 if (err)
5462 goto err_powerdown;
5463
5464 dev->phy.gmode = have_2ghz_phy;
5465 b43_wireless_core_reset(dev, dev->phy.gmode);
5466
5467 err = b43_validate_chipaccess(dev);
5468 if (err)
5469 goto err_phy_free;
5470 err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
5471 if (err)
5472 goto err_phy_free;
5473
5474 /* Now set some default "current_dev" */
5475 if (!wl->current_dev)
5476 wl->current_dev = dev;
5477 INIT_WORK(&dev->restart_work, b43_chip_reset);
5478
5479 dev->phy.ops->switch_analog(dev, 0);
5480 b43_device_disable(dev, 0);
5481 b43_bus_may_powerdown(dev);
5482
5483out:
5484 return err;
5485
5486err_phy_free:
5487 b43_phy_free(dev);
5488err_powerdown:
5489 b43_bus_may_powerdown(dev);
5490 return err;
5491}
5492
5493static void b43_one_core_detach(struct b43_bus_dev *dev)
5494{
5495 struct b43_wldev *wldev;
5496 struct b43_wl *wl;
5497
5498 /* Do not cancel ieee80211-workqueue based work here.
5499 * See comment in b43_remove(). */
5500
5501 wldev = b43_bus_get_wldev(dev);
5502 wl = wldev->wl;
5503 b43_debugfs_remove_device(wldev);
5504 b43_wireless_core_detach(wldev);
5505 list_del(&wldev->list);
5506 b43_bus_set_wldev(dev, NULL);
5507 kfree(wldev);
5508}
5509
5510static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl)
5511{
5512 struct b43_wldev *wldev;
5513 int err = -ENOMEM;
5514
5515 wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
5516 if (!wldev)
5517 goto out;
5518
5519 wldev->use_pio = b43_modparam_pio;
5520 wldev->dev = dev;
5521 wldev->wl = wl;
5522 b43_set_status(wldev, B43_STAT_UNINIT);
5523 wldev->bad_frames_preempt = modparam_bad_frames_preempt;
5524 INIT_LIST_HEAD(&wldev->list);
5525
5526 err = b43_wireless_core_attach(wldev);
5527 if (err)
5528 goto err_kfree_wldev;
5529
5530 b43_bus_set_wldev(dev, wldev);
5531 b43_debugfs_add_device(wldev);
5532
5533 out:
5534 return err;
5535
5536 err_kfree_wldev:
5537 kfree(wldev);
5538 return err;
5539}
5540
5541#define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice) ( \
5542 (pdev->vendor == PCI_VENDOR_ID_##_vendor) && \
5543 (pdev->device == _device) && \
5544 (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) && \
5545 (pdev->subsystem_device == _subdevice) )
5546
5547#ifdef CONFIG_B43_SSB
5548static void b43_sprom_fixup(struct ssb_bus *bus)
5549{
5550 struct pci_dev *pdev;
5551
5552 /* boardflags workarounds */
5553 if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
5554 bus->chip_id == 0x4301 && bus->sprom.board_rev == 0x74)
5555 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
5556 if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
5557 bus->boardinfo.type == 0x4E && bus->sprom.board_rev > 0x40)
5558 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
5559 if (bus->bustype == SSB_BUSTYPE_PCI) {
5560 pdev = bus->host_pci;
5561 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
5562 IS_PDEV(pdev, BROADCOM, 0x4320, DELL, 0x0003) ||
5563 IS_PDEV(pdev, BROADCOM, 0x4320, HP, 0x12f8) ||
5564 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
5565 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
5566 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
5567 IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
5568 bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
5569 }
5570}
5571
5572static void b43_wireless_exit(struct b43_bus_dev *dev, struct b43_wl *wl)
5573{
5574 struct ieee80211_hw *hw = wl->hw;
5575
5576 ssb_set_devtypedata(dev->sdev, NULL);
5577 ieee80211_free_hw(hw);
5578}
5579#endif
5580
5581static struct b43_wl *b43_wireless_init(struct b43_bus_dev *dev)
5582{
5583 struct ssb_sprom *sprom = dev->bus_sprom;
5584 struct ieee80211_hw *hw;
5585 struct b43_wl *wl;
5586 char chip_name[6];
5587 int queue_num;
5588
5589 hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
5590 if (!hw) {
5591 b43err(NULL, "Could not allocate ieee80211 device\n");
5592 return ERR_PTR(-ENOMEM);
5593 }
5594 wl = hw_to_b43_wl(hw);
5595
5596 /* fill hw info */
5597 ieee80211_hw_set(hw, RX_INCLUDES_FCS);
5598 ieee80211_hw_set(hw, SIGNAL_DBM);
5599
5600 hw->wiphy->interface_modes =
5601 BIT(NL80211_IFTYPE_AP) |
5602 BIT(NL80211_IFTYPE_MESH_POINT) |
5603 BIT(NL80211_IFTYPE_STATION) |
5604#ifdef CONFIG_WIRELESS_WDS
5605 BIT(NL80211_IFTYPE_WDS) |
5606#endif
5607 BIT(NL80211_IFTYPE_ADHOC);
5608
5609 hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
5610
5611 wiphy_ext_feature_set(hw->wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST);
5612
5613 wl->hw_registred = false;
5614 hw->max_rates = 2;
5615 SET_IEEE80211_DEV(hw, dev->dev);
5616 if (is_valid_ether_addr(sprom->et1mac))
5617 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
5618 else
5619 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
5620
5621 /* Initialize struct b43_wl */
5622 wl->hw = hw;
5623 mutex_init(&wl->mutex);
5624 spin_lock_init(&wl->hardirq_lock);
5625 spin_lock_init(&wl->beacon_lock);
5626 INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
5627 INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
5628 INIT_WORK(&wl->tx_work, b43_tx_work);
5629
5630 /* Initialize queues and flags. */
5631 for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
5632 skb_queue_head_init(&wl->tx_queue[queue_num]);
5633 wl->tx_queue_stopped[queue_num] = 0;
5634 }
5635
5636 snprintf(chip_name, ARRAY_SIZE(chip_name),
5637 (dev->chip_id > 0x9999) ? "%d" : "%04X", dev->chip_id);
5638 b43info(wl, "Broadcom %s WLAN found (core revision %u)\n", chip_name,
5639 dev->core_rev);
5640 return wl;
5641}
5642
5643#ifdef CONFIG_B43_BCMA
5644static int b43_bcma_probe(struct bcma_device *core)
5645{
5646 struct b43_bus_dev *dev;
5647 struct b43_wl *wl;
5648 int err;
5649
5650 if (!modparam_allhwsupport &&
5651 (core->id.rev == 0x17 || core->id.rev == 0x18)) {
5652 pr_err("Support for cores revisions 0x17 and 0x18 disabled by module param allhwsupport=0. Try b43.allhwsupport=1\n");
5653 return -ENOTSUPP;
5654 }
5655
5656 dev = b43_bus_dev_bcma_init(core);
5657 if (!dev)
5658 return -ENODEV;
5659
5660 wl = b43_wireless_init(dev);
5661 if (IS_ERR(wl)) {
5662 err = PTR_ERR(wl);
5663 goto bcma_out;
5664 }
5665
5666 err = b43_one_core_attach(dev, wl);
5667 if (err)
5668 goto bcma_err_wireless_exit;
5669
5670 /* setup and start work to load firmware */
5671 INIT_WORK(&wl->firmware_load, b43_request_firmware);
5672 schedule_work(&wl->firmware_load);
5673
5674 return err;
5675
5676bcma_err_wireless_exit:
5677 ieee80211_free_hw(wl->hw);
5678bcma_out:
5679 kfree(dev);
5680 return err;
5681}
5682
5683static void b43_bcma_remove(struct bcma_device *core)
5684{
5685 struct b43_wldev *wldev = bcma_get_drvdata(core);
5686 struct b43_wl *wl = wldev->wl;
5687
5688 /* We must cancel any work here before unregistering from ieee80211,
5689 * as the ieee80211 unreg will destroy the workqueue. */
5690 cancel_work_sync(&wldev->restart_work);
5691 cancel_work_sync(&wl->firmware_load);
5692
5693 B43_WARN_ON(!wl);
5694 if (!wldev->fw.ucode.data)
5695 return; /* NULL if firmware never loaded */
5696 if (wl->current_dev == wldev && wl->hw_registred) {
5697 b43_leds_stop(wldev);
5698 ieee80211_unregister_hw(wl->hw);
5699 }
5700
5701 b43_one_core_detach(wldev->dev);
5702
5703 /* Unregister HW RNG driver */
5704 b43_rng_exit(wl);
5705
5706 b43_leds_unregister(wl);
5707 ieee80211_free_hw(wl->hw);
5708 kfree(wldev->dev);
5709}
5710
5711static struct bcma_driver b43_bcma_driver = {
5712 .name = KBUILD_MODNAME,
5713 .id_table = b43_bcma_tbl,
5714 .probe = b43_bcma_probe,
5715 .remove = b43_bcma_remove,
5716};
5717#endif
5718
5719#ifdef CONFIG_B43_SSB
5720static
5721int b43_ssb_probe(struct ssb_device *sdev, const struct ssb_device_id *id)
5722{
5723 struct b43_bus_dev *dev;
5724 struct b43_wl *wl;
5725 int err;
5726
5727 dev = b43_bus_dev_ssb_init(sdev);
5728 if (!dev)
5729 return -ENOMEM;
5730
5731 wl = ssb_get_devtypedata(sdev);
5732 if (wl) {
5733 b43err(NULL, "Dual-core devices are not supported\n");
5734 err = -ENOTSUPP;
5735 goto err_ssb_kfree_dev;
5736 }
5737
5738 b43_sprom_fixup(sdev->bus);
5739
5740 wl = b43_wireless_init(dev);
5741 if (IS_ERR(wl)) {
5742 err = PTR_ERR(wl);
5743 goto err_ssb_kfree_dev;
5744 }
5745 ssb_set_devtypedata(sdev, wl);
5746 B43_WARN_ON(ssb_get_devtypedata(sdev) != wl);
5747
5748 err = b43_one_core_attach(dev, wl);
5749 if (err)
5750 goto err_ssb_wireless_exit;
5751
5752 /* setup and start work to load firmware */
5753 INIT_WORK(&wl->firmware_load, b43_request_firmware);
5754 schedule_work(&wl->firmware_load);
5755
5756 return err;
5757
5758err_ssb_wireless_exit:
5759 b43_wireless_exit(dev, wl);
5760err_ssb_kfree_dev:
5761 kfree(dev);
5762 return err;
5763}
5764
5765static void b43_ssb_remove(struct ssb_device *sdev)
5766{
5767 struct b43_wl *wl = ssb_get_devtypedata(sdev);
5768 struct b43_wldev *wldev = ssb_get_drvdata(sdev);
5769 struct b43_bus_dev *dev = wldev->dev;
5770
5771 /* We must cancel any work here before unregistering from ieee80211,
5772 * as the ieee80211 unreg will destroy the workqueue. */
5773 cancel_work_sync(&wldev->restart_work);
5774 cancel_work_sync(&wl->firmware_load);
5775
5776 B43_WARN_ON(!wl);
5777 if (!wldev->fw.ucode.data)
5778 return; /* NULL if firmware never loaded */
5779 if (wl->current_dev == wldev && wl->hw_registred) {
5780 b43_leds_stop(wldev);
5781 ieee80211_unregister_hw(wl->hw);
5782 }
5783
5784 b43_one_core_detach(dev);
5785
5786 /* Unregister HW RNG driver */
5787 b43_rng_exit(wl);
5788
5789 b43_leds_unregister(wl);
5790 b43_wireless_exit(dev, wl);
5791 kfree(dev);
5792}
5793
5794static struct ssb_driver b43_ssb_driver = {
5795 .name = KBUILD_MODNAME,
5796 .id_table = b43_ssb_tbl,
5797 .probe = b43_ssb_probe,
5798 .remove = b43_ssb_remove,
5799};
5800#endif /* CONFIG_B43_SSB */
5801
5802/* Perform a hardware reset. This can be called from any context. */
5803void b43_controller_restart(struct b43_wldev *dev, const char *reason)
5804{
5805 /* Must avoid requeueing, if we are in shutdown. */
5806 if (b43_status(dev) < B43_STAT_INITIALIZED)
5807 return;
5808 b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
5809 ieee80211_queue_work(dev->wl->hw, &dev->restart_work);
5810}
5811
5812static void b43_print_driverinfo(void)
5813{
5814 const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
5815 *feat_leds = "", *feat_sdio = "";
5816
5817#ifdef CONFIG_B43_PCI_AUTOSELECT
5818 feat_pci = "P";
5819#endif
5820#ifdef CONFIG_B43_PCMCIA
5821 feat_pcmcia = "M";
5822#endif
5823#ifdef CONFIG_B43_PHY_N
5824 feat_nphy = "N";
5825#endif
5826#ifdef CONFIG_B43_LEDS
5827 feat_leds = "L";
5828#endif
5829#ifdef CONFIG_B43_SDIO
5830 feat_sdio = "S";
5831#endif
5832 printk(KERN_INFO "Broadcom 43xx driver loaded "
5833 "[ Features: %s%s%s%s%s ]\n",
5834 feat_pci, feat_pcmcia, feat_nphy,
5835 feat_leds, feat_sdio);
5836}
5837
5838static int __init b43_init(void)
5839{
5840 int err;
5841
5842 b43_debugfs_init();
5843 err = b43_sdio_init();
5844 if (err)
5845 goto err_dfs_exit;
5846#ifdef CONFIG_B43_BCMA
5847 err = bcma_driver_register(&b43_bcma_driver);
5848 if (err)
5849 goto err_sdio_exit;
5850#endif
5851#ifdef CONFIG_B43_SSB
5852 err = ssb_driver_register(&b43_ssb_driver);
5853 if (err)
5854 goto err_bcma_driver_exit;
5855#endif
5856 b43_print_driverinfo();
5857
5858 return err;
5859
5860#ifdef CONFIG_B43_SSB
5861err_bcma_driver_exit:
5862#endif
5863#ifdef CONFIG_B43_BCMA
5864 bcma_driver_unregister(&b43_bcma_driver);
5865err_sdio_exit:
5866#endif
5867 b43_sdio_exit();
5868err_dfs_exit:
5869 b43_debugfs_exit();
5870 return err;
5871}
5872
5873static void __exit b43_exit(void)
5874{
5875#ifdef CONFIG_B43_SSB
5876 ssb_driver_unregister(&b43_ssb_driver);
5877#endif
5878#ifdef CONFIG_B43_BCMA
5879 bcma_driver_unregister(&b43_bcma_driver);
5880#endif
5881 b43_sdio_exit();
5882 b43_debugfs_exit();
5883}
5884
5885module_init(b43_init)
5886module_exit(b43_exit)
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3
4 Broadcom B43 wireless driver
5
6 Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
7 Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
8 Copyright (c) 2005-2009 Michael Buesch <m@bues.ch>
9 Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
10 Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
11 Copyright (c) 2010-2011 Rafał Miłecki <zajec5@gmail.com>
12
13 SDIO support
14 Copyright (c) 2009 Albert Herranz <albert_herranz@yahoo.es>
15
16 Some parts of the code in this file are derived from the ipw2200
17 driver Copyright(c) 2003 - 2004 Intel Corporation.
18
19
20*/
21
22#include <linux/delay.h>
23#include <linux/init.h>
24#include <linux/module.h>
25#include <linux/if_arp.h>
26#include <linux/etherdevice.h>
27#include <linux/firmware.h>
28#include <linux/workqueue.h>
29#include <linux/skbuff.h>
30#include <linux/io.h>
31#include <linux/dma-mapping.h>
32#include <linux/slab.h>
33#include <asm/unaligned.h>
34
35#include "b43.h"
36#include "main.h"
37#include "debugfs.h"
38#include "phy_common.h"
39#include "phy_g.h"
40#include "phy_n.h"
41#include "dma.h"
42#include "pio.h"
43#include "sysfs.h"
44#include "xmit.h"
45#include "lo.h"
46#include "sdio.h"
47#include <linux/mmc/sdio_func.h>
48
49MODULE_DESCRIPTION("Broadcom B43 wireless driver");
50MODULE_AUTHOR("Martin Langer");
51MODULE_AUTHOR("Stefano Brivio");
52MODULE_AUTHOR("Michael Buesch");
53MODULE_AUTHOR("Gábor Stefanik");
54MODULE_AUTHOR("Rafał Miłecki");
55MODULE_LICENSE("GPL");
56
57MODULE_FIRMWARE("b43/ucode11.fw");
58MODULE_FIRMWARE("b43/ucode13.fw");
59MODULE_FIRMWARE("b43/ucode14.fw");
60MODULE_FIRMWARE("b43/ucode15.fw");
61MODULE_FIRMWARE("b43/ucode16_lp.fw");
62MODULE_FIRMWARE("b43/ucode16_mimo.fw");
63MODULE_FIRMWARE("b43/ucode24_lcn.fw");
64MODULE_FIRMWARE("b43/ucode25_lcn.fw");
65MODULE_FIRMWARE("b43/ucode25_mimo.fw");
66MODULE_FIRMWARE("b43/ucode26_mimo.fw");
67MODULE_FIRMWARE("b43/ucode29_mimo.fw");
68MODULE_FIRMWARE("b43/ucode33_lcn40.fw");
69MODULE_FIRMWARE("b43/ucode30_mimo.fw");
70MODULE_FIRMWARE("b43/ucode5.fw");
71MODULE_FIRMWARE("b43/ucode40.fw");
72MODULE_FIRMWARE("b43/ucode42.fw");
73MODULE_FIRMWARE("b43/ucode9.fw");
74
75static int modparam_bad_frames_preempt;
76module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
77MODULE_PARM_DESC(bad_frames_preempt,
78 "enable(1) / disable(0) Bad Frames Preemption");
79
80static char modparam_fwpostfix[16];
81module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
82MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
83
84static int modparam_hwpctl;
85module_param_named(hwpctl, modparam_hwpctl, int, 0444);
86MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
87
88static int modparam_nohwcrypt;
89module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
90MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
91
92static int modparam_hwtkip;
93module_param_named(hwtkip, modparam_hwtkip, int, 0444);
94MODULE_PARM_DESC(hwtkip, "Enable hardware tkip.");
95
96static int modparam_qos = 1;
97module_param_named(qos, modparam_qos, int, 0444);
98MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
99
100static int modparam_btcoex = 1;
101module_param_named(btcoex, modparam_btcoex, int, 0444);
102MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistence (default on)");
103
104int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
105module_param_named(verbose, b43_modparam_verbose, int, 0644);
106MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
107
108static int b43_modparam_pio;
109module_param_named(pio, b43_modparam_pio, int, 0644);
110MODULE_PARM_DESC(pio, "Use PIO accesses by default: 0=DMA, 1=PIO");
111
112static int modparam_allhwsupport = !IS_ENABLED(CONFIG_BRCMSMAC);
113module_param_named(allhwsupport, modparam_allhwsupport, int, 0444);
114MODULE_PARM_DESC(allhwsupport, "Enable support for all hardware (even it if overlaps with the brcmsmac driver)");
115
116#ifdef CONFIG_B43_BCMA
117static const struct bcma_device_id b43_bcma_tbl[] = {
118 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x11, BCMA_ANY_CLASS),
119 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x15, BCMA_ANY_CLASS),
120 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x17, BCMA_ANY_CLASS),
121 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x18, BCMA_ANY_CLASS),
122 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1C, BCMA_ANY_CLASS),
123 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1D, BCMA_ANY_CLASS),
124 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1E, BCMA_ANY_CLASS),
125 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x28, BCMA_ANY_CLASS),
126 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x2A, BCMA_ANY_CLASS),
127 {},
128};
129MODULE_DEVICE_TABLE(bcma, b43_bcma_tbl);
130#endif
131
132#ifdef CONFIG_B43_SSB
133static const struct ssb_device_id b43_ssb_tbl[] = {
134 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
135 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
136 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
137 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
138 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
139 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
140 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 12),
141 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
142 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
143 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
144 {},
145};
146MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
147#endif
148
149/* Channel and ratetables are shared for all devices.
150 * They can't be const, because ieee80211 puts some precalculated
151 * data in there. This data is the same for all devices, so we don't
152 * get concurrency issues */
153#define RATETAB_ENT(_rateid, _flags) \
154 { \
155 .bitrate = B43_RATE_TO_BASE100KBPS(_rateid), \
156 .hw_value = (_rateid), \
157 .flags = (_flags), \
158 }
159
160/*
161 * NOTE: When changing this, sync with xmit.c's
162 * b43_plcp_get_bitrate_idx_* functions!
163 */
164static struct ieee80211_rate __b43_ratetable[] = {
165 RATETAB_ENT(B43_CCK_RATE_1MB, 0),
166 RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
167 RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
168 RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
169 RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
170 RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
171 RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
172 RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
173 RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
174 RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
175 RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
176 RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
177};
178
179#define b43_a_ratetable (__b43_ratetable + 4)
180#define b43_a_ratetable_size 8
181#define b43_b_ratetable (__b43_ratetable + 0)
182#define b43_b_ratetable_size 4
183#define b43_g_ratetable (__b43_ratetable + 0)
184#define b43_g_ratetable_size 12
185
186#define CHAN2G(_channel, _freq, _flags) { \
187 .band = NL80211_BAND_2GHZ, \
188 .center_freq = (_freq), \
189 .hw_value = (_channel), \
190 .flags = (_flags), \
191 .max_antenna_gain = 0, \
192 .max_power = 30, \
193}
194static struct ieee80211_channel b43_2ghz_chantable[] = {
195 CHAN2G(1, 2412, 0),
196 CHAN2G(2, 2417, 0),
197 CHAN2G(3, 2422, 0),
198 CHAN2G(4, 2427, 0),
199 CHAN2G(5, 2432, 0),
200 CHAN2G(6, 2437, 0),
201 CHAN2G(7, 2442, 0),
202 CHAN2G(8, 2447, 0),
203 CHAN2G(9, 2452, 0),
204 CHAN2G(10, 2457, 0),
205 CHAN2G(11, 2462, 0),
206 CHAN2G(12, 2467, 0),
207 CHAN2G(13, 2472, 0),
208 CHAN2G(14, 2484, 0),
209};
210
211/* No support for the last 3 channels (12, 13, 14) */
212#define b43_2ghz_chantable_limited_size 11
213#undef CHAN2G
214
215#define CHAN4G(_channel, _flags) { \
216 .band = NL80211_BAND_5GHZ, \
217 .center_freq = 4000 + (5 * (_channel)), \
218 .hw_value = (_channel), \
219 .flags = (_flags), \
220 .max_antenna_gain = 0, \
221 .max_power = 30, \
222}
223#define CHAN5G(_channel, _flags) { \
224 .band = NL80211_BAND_5GHZ, \
225 .center_freq = 5000 + (5 * (_channel)), \
226 .hw_value = (_channel), \
227 .flags = (_flags), \
228 .max_antenna_gain = 0, \
229 .max_power = 30, \
230}
231static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
232 CHAN4G(184, 0), CHAN4G(186, 0),
233 CHAN4G(188, 0), CHAN4G(190, 0),
234 CHAN4G(192, 0), CHAN4G(194, 0),
235 CHAN4G(196, 0), CHAN4G(198, 0),
236 CHAN4G(200, 0), CHAN4G(202, 0),
237 CHAN4G(204, 0), CHAN4G(206, 0),
238 CHAN4G(208, 0), CHAN4G(210, 0),
239 CHAN4G(212, 0), CHAN4G(214, 0),
240 CHAN4G(216, 0), CHAN4G(218, 0),
241 CHAN4G(220, 0), CHAN4G(222, 0),
242 CHAN4G(224, 0), CHAN4G(226, 0),
243 CHAN4G(228, 0),
244 CHAN5G(32, 0), CHAN5G(34, 0),
245 CHAN5G(36, 0), CHAN5G(38, 0),
246 CHAN5G(40, 0), CHAN5G(42, 0),
247 CHAN5G(44, 0), CHAN5G(46, 0),
248 CHAN5G(48, 0), CHAN5G(50, 0),
249 CHAN5G(52, 0), CHAN5G(54, 0),
250 CHAN5G(56, 0), CHAN5G(58, 0),
251 CHAN5G(60, 0), CHAN5G(62, 0),
252 CHAN5G(64, 0), CHAN5G(66, 0),
253 CHAN5G(68, 0), CHAN5G(70, 0),
254 CHAN5G(72, 0), CHAN5G(74, 0),
255 CHAN5G(76, 0), CHAN5G(78, 0),
256 CHAN5G(80, 0), CHAN5G(82, 0),
257 CHAN5G(84, 0), CHAN5G(86, 0),
258 CHAN5G(88, 0), CHAN5G(90, 0),
259 CHAN5G(92, 0), CHAN5G(94, 0),
260 CHAN5G(96, 0), CHAN5G(98, 0),
261 CHAN5G(100, 0), CHAN5G(102, 0),
262 CHAN5G(104, 0), CHAN5G(106, 0),
263 CHAN5G(108, 0), CHAN5G(110, 0),
264 CHAN5G(112, 0), CHAN5G(114, 0),
265 CHAN5G(116, 0), CHAN5G(118, 0),
266 CHAN5G(120, 0), CHAN5G(122, 0),
267 CHAN5G(124, 0), CHAN5G(126, 0),
268 CHAN5G(128, 0), CHAN5G(130, 0),
269 CHAN5G(132, 0), CHAN5G(134, 0),
270 CHAN5G(136, 0), CHAN5G(138, 0),
271 CHAN5G(140, 0), CHAN5G(142, 0),
272 CHAN5G(144, 0), CHAN5G(145, 0),
273 CHAN5G(146, 0), CHAN5G(147, 0),
274 CHAN5G(148, 0), CHAN5G(149, 0),
275 CHAN5G(150, 0), CHAN5G(151, 0),
276 CHAN5G(152, 0), CHAN5G(153, 0),
277 CHAN5G(154, 0), CHAN5G(155, 0),
278 CHAN5G(156, 0), CHAN5G(157, 0),
279 CHAN5G(158, 0), CHAN5G(159, 0),
280 CHAN5G(160, 0), CHAN5G(161, 0),
281 CHAN5G(162, 0), CHAN5G(163, 0),
282 CHAN5G(164, 0), CHAN5G(165, 0),
283 CHAN5G(166, 0), CHAN5G(168, 0),
284 CHAN5G(170, 0), CHAN5G(172, 0),
285 CHAN5G(174, 0), CHAN5G(176, 0),
286 CHAN5G(178, 0), CHAN5G(180, 0),
287 CHAN5G(182, 0),
288};
289
290static struct ieee80211_channel b43_5ghz_nphy_chantable_limited[] = {
291 CHAN5G(36, 0), CHAN5G(40, 0),
292 CHAN5G(44, 0), CHAN5G(48, 0),
293 CHAN5G(149, 0), CHAN5G(153, 0),
294 CHAN5G(157, 0), CHAN5G(161, 0),
295 CHAN5G(165, 0),
296};
297
298static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
299 CHAN5G(34, 0), CHAN5G(36, 0),
300 CHAN5G(38, 0), CHAN5G(40, 0),
301 CHAN5G(42, 0), CHAN5G(44, 0),
302 CHAN5G(46, 0), CHAN5G(48, 0),
303 CHAN5G(52, 0), CHAN5G(56, 0),
304 CHAN5G(60, 0), CHAN5G(64, 0),
305 CHAN5G(100, 0), CHAN5G(104, 0),
306 CHAN5G(108, 0), CHAN5G(112, 0),
307 CHAN5G(116, 0), CHAN5G(120, 0),
308 CHAN5G(124, 0), CHAN5G(128, 0),
309 CHAN5G(132, 0), CHAN5G(136, 0),
310 CHAN5G(140, 0), CHAN5G(149, 0),
311 CHAN5G(153, 0), CHAN5G(157, 0),
312 CHAN5G(161, 0), CHAN5G(165, 0),
313 CHAN5G(184, 0), CHAN5G(188, 0),
314 CHAN5G(192, 0), CHAN5G(196, 0),
315 CHAN5G(200, 0), CHAN5G(204, 0),
316 CHAN5G(208, 0), CHAN5G(212, 0),
317 CHAN5G(216, 0),
318};
319#undef CHAN4G
320#undef CHAN5G
321
322static struct ieee80211_supported_band b43_band_5GHz_nphy = {
323 .band = NL80211_BAND_5GHZ,
324 .channels = b43_5ghz_nphy_chantable,
325 .n_channels = ARRAY_SIZE(b43_5ghz_nphy_chantable),
326 .bitrates = b43_a_ratetable,
327 .n_bitrates = b43_a_ratetable_size,
328};
329
330static struct ieee80211_supported_band b43_band_5GHz_nphy_limited = {
331 .band = NL80211_BAND_5GHZ,
332 .channels = b43_5ghz_nphy_chantable_limited,
333 .n_channels = ARRAY_SIZE(b43_5ghz_nphy_chantable_limited),
334 .bitrates = b43_a_ratetable,
335 .n_bitrates = b43_a_ratetable_size,
336};
337
338static struct ieee80211_supported_band b43_band_5GHz_aphy = {
339 .band = NL80211_BAND_5GHZ,
340 .channels = b43_5ghz_aphy_chantable,
341 .n_channels = ARRAY_SIZE(b43_5ghz_aphy_chantable),
342 .bitrates = b43_a_ratetable,
343 .n_bitrates = b43_a_ratetable_size,
344};
345
346static struct ieee80211_supported_band b43_band_2GHz = {
347 .band = NL80211_BAND_2GHZ,
348 .channels = b43_2ghz_chantable,
349 .n_channels = ARRAY_SIZE(b43_2ghz_chantable),
350 .bitrates = b43_g_ratetable,
351 .n_bitrates = b43_g_ratetable_size,
352};
353
354static struct ieee80211_supported_band b43_band_2ghz_limited = {
355 .band = NL80211_BAND_2GHZ,
356 .channels = b43_2ghz_chantable,
357 .n_channels = b43_2ghz_chantable_limited_size,
358 .bitrates = b43_g_ratetable,
359 .n_bitrates = b43_g_ratetable_size,
360};
361
362static void b43_wireless_core_exit(struct b43_wldev *dev);
363static int b43_wireless_core_init(struct b43_wldev *dev);
364static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev);
365static int b43_wireless_core_start(struct b43_wldev *dev);
366static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
367 struct ieee80211_vif *vif,
368 struct ieee80211_bss_conf *conf,
369 u64 changed);
370
371static int b43_ratelimit(struct b43_wl *wl)
372{
373 if (!wl || !wl->current_dev)
374 return 1;
375 if (b43_status(wl->current_dev) < B43_STAT_STARTED)
376 return 1;
377 /* We are up and running.
378 * Ratelimit the messages to avoid DoS over the net. */
379 return net_ratelimit();
380}
381
382void b43info(struct b43_wl *wl, const char *fmt, ...)
383{
384 struct va_format vaf;
385 va_list args;
386
387 if (b43_modparam_verbose < B43_VERBOSITY_INFO)
388 return;
389 if (!b43_ratelimit(wl))
390 return;
391
392 va_start(args, fmt);
393
394 vaf.fmt = fmt;
395 vaf.va = &args;
396
397 printk(KERN_INFO "b43-%s: %pV",
398 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
399
400 va_end(args);
401}
402
403void b43err(struct b43_wl *wl, const char *fmt, ...)
404{
405 struct va_format vaf;
406 va_list args;
407
408 if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
409 return;
410 if (!b43_ratelimit(wl))
411 return;
412
413 va_start(args, fmt);
414
415 vaf.fmt = fmt;
416 vaf.va = &args;
417
418 printk(KERN_ERR "b43-%s ERROR: %pV",
419 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
420
421 va_end(args);
422}
423
424void b43warn(struct b43_wl *wl, const char *fmt, ...)
425{
426 struct va_format vaf;
427 va_list args;
428
429 if (b43_modparam_verbose < B43_VERBOSITY_WARN)
430 return;
431 if (!b43_ratelimit(wl))
432 return;
433
434 va_start(args, fmt);
435
436 vaf.fmt = fmt;
437 vaf.va = &args;
438
439 printk(KERN_WARNING "b43-%s warning: %pV",
440 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
441
442 va_end(args);
443}
444
445void b43dbg(struct b43_wl *wl, const char *fmt, ...)
446{
447 struct va_format vaf;
448 va_list args;
449
450 if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
451 return;
452
453 va_start(args, fmt);
454
455 vaf.fmt = fmt;
456 vaf.va = &args;
457
458 printk(KERN_DEBUG "b43-%s debug: %pV",
459 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
460
461 va_end(args);
462}
463
464static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
465{
466 u32 macctl;
467
468 B43_WARN_ON(offset % 4 != 0);
469
470 macctl = b43_read32(dev, B43_MMIO_MACCTL);
471 if (macctl & B43_MACCTL_BE)
472 val = swab32(val);
473
474 b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
475 b43_write32(dev, B43_MMIO_RAM_DATA, val);
476}
477
478static inline void b43_shm_control_word(struct b43_wldev *dev,
479 u16 routing, u16 offset)
480{
481 u32 control;
482
483 /* "offset" is the WORD offset. */
484 control = routing;
485 control <<= 16;
486 control |= offset;
487 b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
488}
489
490u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
491{
492 u32 ret;
493
494 if (routing == B43_SHM_SHARED) {
495 B43_WARN_ON(offset & 0x0001);
496 if (offset & 0x0003) {
497 /* Unaligned access */
498 b43_shm_control_word(dev, routing, offset >> 2);
499 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
500 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
501 ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
502
503 goto out;
504 }
505 offset >>= 2;
506 }
507 b43_shm_control_word(dev, routing, offset);
508 ret = b43_read32(dev, B43_MMIO_SHM_DATA);
509out:
510 return ret;
511}
512
513u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
514{
515 u16 ret;
516
517 if (routing == B43_SHM_SHARED) {
518 B43_WARN_ON(offset & 0x0001);
519 if (offset & 0x0003) {
520 /* Unaligned access */
521 b43_shm_control_word(dev, routing, offset >> 2);
522 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
523
524 goto out;
525 }
526 offset >>= 2;
527 }
528 b43_shm_control_word(dev, routing, offset);
529 ret = b43_read16(dev, B43_MMIO_SHM_DATA);
530out:
531 return ret;
532}
533
534void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
535{
536 if (routing == B43_SHM_SHARED) {
537 B43_WARN_ON(offset & 0x0001);
538 if (offset & 0x0003) {
539 /* Unaligned access */
540 b43_shm_control_word(dev, routing, offset >> 2);
541 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
542 value & 0xFFFF);
543 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
544 b43_write16(dev, B43_MMIO_SHM_DATA,
545 (value >> 16) & 0xFFFF);
546 return;
547 }
548 offset >>= 2;
549 }
550 b43_shm_control_word(dev, routing, offset);
551 b43_write32(dev, B43_MMIO_SHM_DATA, value);
552}
553
554void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
555{
556 if (routing == B43_SHM_SHARED) {
557 B43_WARN_ON(offset & 0x0001);
558 if (offset & 0x0003) {
559 /* Unaligned access */
560 b43_shm_control_word(dev, routing, offset >> 2);
561 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
562 return;
563 }
564 offset >>= 2;
565 }
566 b43_shm_control_word(dev, routing, offset);
567 b43_write16(dev, B43_MMIO_SHM_DATA, value);
568}
569
570/* Read HostFlags */
571u64 b43_hf_read(struct b43_wldev *dev)
572{
573 u64 ret;
574
575 ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3);
576 ret <<= 16;
577 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2);
578 ret <<= 16;
579 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1);
580
581 return ret;
582}
583
584/* Write HostFlags */
585void b43_hf_write(struct b43_wldev *dev, u64 value)
586{
587 u16 lo, mi, hi;
588
589 lo = (value & 0x00000000FFFFULL);
590 mi = (value & 0x0000FFFF0000ULL) >> 16;
591 hi = (value & 0xFFFF00000000ULL) >> 32;
592 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1, lo);
593 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2, mi);
594 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3, hi);
595}
596
597/* Read the firmware capabilities bitmask (Opensource firmware only) */
598static u16 b43_fwcapa_read(struct b43_wldev *dev)
599{
600 B43_WARN_ON(!dev->fw.opensource);
601 return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
602}
603
604void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
605{
606 u32 low, high;
607
608 B43_WARN_ON(dev->dev->core_rev < 3);
609
610 /* The hardware guarantees us an atomic read, if we
611 * read the low register first. */
612 low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
613 high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
614
615 *tsf = high;
616 *tsf <<= 32;
617 *tsf |= low;
618}
619
620static void b43_time_lock(struct b43_wldev *dev)
621{
622 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_TBTTHOLD);
623 /* Commit the write */
624 b43_read32(dev, B43_MMIO_MACCTL);
625}
626
627static void b43_time_unlock(struct b43_wldev *dev)
628{
629 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_TBTTHOLD, 0);
630 /* Commit the write */
631 b43_read32(dev, B43_MMIO_MACCTL);
632}
633
634static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
635{
636 u32 low, high;
637
638 B43_WARN_ON(dev->dev->core_rev < 3);
639
640 low = tsf;
641 high = (tsf >> 32);
642 /* The hardware guarantees us an atomic write, if we
643 * write the low register first. */
644 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
645 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
646}
647
648void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
649{
650 b43_time_lock(dev);
651 b43_tsf_write_locked(dev, tsf);
652 b43_time_unlock(dev);
653}
654
655static
656void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
657{
658 static const u8 zero_addr[ETH_ALEN] = { 0 };
659 u16 data;
660
661 if (!mac)
662 mac = zero_addr;
663
664 offset |= 0x0020;
665 b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
666
667 data = mac[0];
668 data |= mac[1] << 8;
669 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
670 data = mac[2];
671 data |= mac[3] << 8;
672 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
673 data = mac[4];
674 data |= mac[5] << 8;
675 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
676}
677
678static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
679{
680 const u8 *mac;
681 const u8 *bssid;
682 u8 mac_bssid[ETH_ALEN * 2];
683 int i;
684 u32 tmp;
685
686 bssid = dev->wl->bssid;
687 mac = dev->wl->mac_addr;
688
689 b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
690
691 memcpy(mac_bssid, mac, ETH_ALEN);
692 memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
693
694 /* Write our MAC address and BSSID to template ram */
695 for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
696 tmp = (u32) (mac_bssid[i + 0]);
697 tmp |= (u32) (mac_bssid[i + 1]) << 8;
698 tmp |= (u32) (mac_bssid[i + 2]) << 16;
699 tmp |= (u32) (mac_bssid[i + 3]) << 24;
700 b43_ram_write(dev, 0x20 + i, tmp);
701 }
702}
703
704static void b43_upload_card_macaddress(struct b43_wldev *dev)
705{
706 b43_write_mac_bssid_templates(dev);
707 b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
708}
709
710static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
711{
712 /* slot_time is in usec. */
713 /* This test used to exit for all but a G PHY. */
714 if (b43_current_band(dev->wl) == NL80211_BAND_5GHZ)
715 return;
716 b43_write16(dev, B43_MMIO_IFSSLOT, 510 + slot_time);
717 /* Shared memory location 0x0010 is the slot time and should be
718 * set to slot_time; however, this register is initially 0 and changing
719 * the value adversely affects the transmit rate for BCM4311
720 * devices. Until this behavior is unterstood, delete this step
721 *
722 * b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
723 */
724}
725
726static void b43_short_slot_timing_enable(struct b43_wldev *dev)
727{
728 b43_set_slot_time(dev, 9);
729}
730
731static void b43_short_slot_timing_disable(struct b43_wldev *dev)
732{
733 b43_set_slot_time(dev, 20);
734}
735
736/* DummyTransmission function, as documented on
737 * https://bcm-v4.sipsolutions.net/802.11/DummyTransmission
738 */
739void b43_dummy_transmission(struct b43_wldev *dev, bool ofdm, bool pa_on)
740{
741 struct b43_phy *phy = &dev->phy;
742 unsigned int i, max_loop;
743 u16 value;
744 u32 buffer[5] = {
745 0x00000000,
746 0x00D40000,
747 0x00000000,
748 0x01000000,
749 0x00000000,
750 };
751
752 if (ofdm) {
753 max_loop = 0x1E;
754 buffer[0] = 0x000201CC;
755 } else {
756 max_loop = 0xFA;
757 buffer[0] = 0x000B846E;
758 }
759
760 for (i = 0; i < 5; i++)
761 b43_ram_write(dev, i * 4, buffer[i]);
762
763 b43_write16(dev, B43_MMIO_XMTSEL, 0x0000);
764
765 if (dev->dev->core_rev < 11)
766 b43_write16(dev, B43_MMIO_WEPCTL, 0x0000);
767 else
768 b43_write16(dev, B43_MMIO_WEPCTL, 0x0100);
769
770 value = (ofdm ? 0x41 : 0x40);
771 b43_write16(dev, B43_MMIO_TXE0_PHYCTL, value);
772 if (phy->type == B43_PHYTYPE_N || phy->type == B43_PHYTYPE_LP ||
773 phy->type == B43_PHYTYPE_LCN)
774 b43_write16(dev, B43_MMIO_TXE0_PHYCTL1, 0x1A02);
775
776 b43_write16(dev, B43_MMIO_TXE0_WM_0, 0x0000);
777 b43_write16(dev, B43_MMIO_TXE0_WM_1, 0x0000);
778
779 b43_write16(dev, B43_MMIO_XMTTPLATETXPTR, 0x0000);
780 b43_write16(dev, B43_MMIO_XMTTXCNT, 0x0014);
781 b43_write16(dev, B43_MMIO_XMTSEL, 0x0826);
782 b43_write16(dev, B43_MMIO_TXE0_CTL, 0x0000);
783
784 if (!pa_on && phy->type == B43_PHYTYPE_N) {
785 ; /*b43_nphy_pa_override(dev, false) */
786 }
787
788 switch (phy->type) {
789 case B43_PHYTYPE_N:
790 case B43_PHYTYPE_LCN:
791 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x00D0);
792 break;
793 case B43_PHYTYPE_LP:
794 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0050);
795 break;
796 default:
797 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0030);
798 }
799 b43_read16(dev, B43_MMIO_TXE0_AUX);
800
801 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
802 b43_radio_write16(dev, 0x0051, 0x0017);
803 for (i = 0x00; i < max_loop; i++) {
804 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
805 if (value & 0x0080)
806 break;
807 udelay(10);
808 }
809 for (i = 0x00; i < 0x0A; i++) {
810 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
811 if (value & 0x0400)
812 break;
813 udelay(10);
814 }
815 for (i = 0x00; i < 0x19; i++) {
816 value = b43_read16(dev, B43_MMIO_IFSSTAT);
817 if (!(value & 0x0100))
818 break;
819 udelay(10);
820 }
821 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
822 b43_radio_write16(dev, 0x0051, 0x0037);
823}
824
825static void key_write(struct b43_wldev *dev,
826 u8 index, u8 algorithm, const u8 *key)
827{
828 unsigned int i;
829 u32 offset;
830 u16 value;
831 u16 kidx;
832
833 /* Key index/algo block */
834 kidx = b43_kidx_to_fw(dev, index);
835 value = ((kidx << 4) | algorithm);
836 b43_shm_write16(dev, B43_SHM_SHARED,
837 B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
838
839 /* Write the key to the Key Table Pointer offset */
840 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
841 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
842 value = key[i];
843 value |= (u16) (key[i + 1]) << 8;
844 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
845 }
846}
847
848static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
849{
850 u32 addrtmp[2] = { 0, 0, };
851 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
852
853 if (b43_new_kidx_api(dev))
854 pairwise_keys_start = B43_NR_GROUP_KEYS;
855
856 B43_WARN_ON(index < pairwise_keys_start);
857 /* We have four default TX keys and possibly four default RX keys.
858 * Physical mac 0 is mapped to physical key 4 or 8, depending
859 * on the firmware version.
860 * So we must adjust the index here.
861 */
862 index -= pairwise_keys_start;
863 B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
864
865 if (addr) {
866 addrtmp[0] = addr[0];
867 addrtmp[0] |= ((u32) (addr[1]) << 8);
868 addrtmp[0] |= ((u32) (addr[2]) << 16);
869 addrtmp[0] |= ((u32) (addr[3]) << 24);
870 addrtmp[1] = addr[4];
871 addrtmp[1] |= ((u32) (addr[5]) << 8);
872 }
873
874 /* Receive match transmitter address (RCMTA) mechanism */
875 b43_shm_write32(dev, B43_SHM_RCMTA,
876 (index * 2) + 0, addrtmp[0]);
877 b43_shm_write16(dev, B43_SHM_RCMTA,
878 (index * 2) + 1, addrtmp[1]);
879}
880
881/* The ucode will use phase1 key with TEK key to decrypt rx packets.
882 * When a packet is received, the iv32 is checked.
883 * - if it doesn't the packet is returned without modification (and software
884 * decryption can be done). That's what happen when iv16 wrap.
885 * - if it does, the rc4 key is computed, and decryption is tried.
886 * Either it will success and B43_RX_MAC_DEC is returned,
887 * either it fails and B43_RX_MAC_DEC|B43_RX_MAC_DECERR is returned
888 * and the packet is not usable (it got modified by the ucode).
889 * So in order to never have B43_RX_MAC_DECERR, we should provide
890 * a iv32 and phase1key that match. Because we drop packets in case of
891 * B43_RX_MAC_DECERR, if we have a correct iv32 but a wrong phase1key, all
892 * packets will be lost without higher layer knowing (ie no resync possible
893 * until next wrap).
894 *
895 * NOTE : this should support 50 key like RCMTA because
896 * (B43_SHM_SH_KEYIDXBLOCK - B43_SHM_SH_TKIPTSCTTAK)/14 = 50
897 */
898static void rx_tkip_phase1_write(struct b43_wldev *dev, u8 index, u32 iv32,
899 u16 *phase1key)
900{
901 unsigned int i;
902 u32 offset;
903 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
904
905 if (!modparam_hwtkip)
906 return;
907
908 if (b43_new_kidx_api(dev))
909 pairwise_keys_start = B43_NR_GROUP_KEYS;
910
911 B43_WARN_ON(index < pairwise_keys_start);
912 /* We have four default TX keys and possibly four default RX keys.
913 * Physical mac 0 is mapped to physical key 4 or 8, depending
914 * on the firmware version.
915 * So we must adjust the index here.
916 */
917 index -= pairwise_keys_start;
918 B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
919
920 if (b43_debug(dev, B43_DBG_KEYS)) {
921 b43dbg(dev->wl, "rx_tkip_phase1_write : idx 0x%x, iv32 0x%x\n",
922 index, iv32);
923 }
924 /* Write the key to the RX tkip shared mem */
925 offset = B43_SHM_SH_TKIPTSCTTAK + index * (10 + 4);
926 for (i = 0; i < 10; i += 2) {
927 b43_shm_write16(dev, B43_SHM_SHARED, offset + i,
928 phase1key ? phase1key[i / 2] : 0);
929 }
930 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, iv32);
931 b43_shm_write16(dev, B43_SHM_SHARED, offset + i + 2, iv32 >> 16);
932}
933
934static void b43_op_update_tkip_key(struct ieee80211_hw *hw,
935 struct ieee80211_vif *vif,
936 struct ieee80211_key_conf *keyconf,
937 struct ieee80211_sta *sta,
938 u32 iv32, u16 *phase1key)
939{
940 struct b43_wl *wl = hw_to_b43_wl(hw);
941 struct b43_wldev *dev;
942 int index = keyconf->hw_key_idx;
943
944 if (B43_WARN_ON(!modparam_hwtkip))
945 return;
946
947 /* This is only called from the RX path through mac80211, where
948 * our mutex is already locked. */
949 B43_WARN_ON(!mutex_is_locked(&wl->mutex));
950 dev = wl->current_dev;
951 B43_WARN_ON(!dev || b43_status(dev) < B43_STAT_INITIALIZED);
952
953 keymac_write(dev, index, NULL); /* First zero out mac to avoid race */
954
955 rx_tkip_phase1_write(dev, index, iv32, phase1key);
956 /* only pairwise TKIP keys are supported right now */
957 if (WARN_ON(!sta))
958 return;
959 keymac_write(dev, index, sta->addr);
960}
961
962static void do_key_write(struct b43_wldev *dev,
963 u8 index, u8 algorithm,
964 const u8 *key, size_t key_len, const u8 *mac_addr)
965{
966 u8 buf[B43_SEC_KEYSIZE] = { 0, };
967 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
968
969 if (b43_new_kidx_api(dev))
970 pairwise_keys_start = B43_NR_GROUP_KEYS;
971
972 B43_WARN_ON(index >= ARRAY_SIZE(dev->key));
973 B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
974
975 if (index >= pairwise_keys_start)
976 keymac_write(dev, index, NULL); /* First zero out mac. */
977 if (algorithm == B43_SEC_ALGO_TKIP) {
978 /*
979 * We should provide an initial iv32, phase1key pair.
980 * We could start with iv32=0 and compute the corresponding
981 * phase1key, but this means calling ieee80211_get_tkip_key
982 * with a fake skb (or export other tkip function).
983 * Because we are lazy we hope iv32 won't start with
984 * 0xffffffff and let's b43_op_update_tkip_key provide a
985 * correct pair.
986 */
987 rx_tkip_phase1_write(dev, index, 0xffffffff, (u16*)buf);
988 } else if (index >= pairwise_keys_start) /* clear it */
989 rx_tkip_phase1_write(dev, index, 0, NULL);
990 if (key)
991 memcpy(buf, key, key_len);
992 key_write(dev, index, algorithm, buf);
993 if (index >= pairwise_keys_start)
994 keymac_write(dev, index, mac_addr);
995
996 dev->key[index].algorithm = algorithm;
997}
998
999static int b43_key_write(struct b43_wldev *dev,
1000 int index, u8 algorithm,
1001 const u8 *key, size_t key_len,
1002 const u8 *mac_addr,
1003 struct ieee80211_key_conf *keyconf)
1004{
1005 int i;
1006 int pairwise_keys_start;
1007
1008 /* For ALG_TKIP the key is encoded as a 256-bit (32 byte) data block:
1009 * - Temporal Encryption Key (128 bits)
1010 * - Temporal Authenticator Tx MIC Key (64 bits)
1011 * - Temporal Authenticator Rx MIC Key (64 bits)
1012 *
1013 * Hardware only store TEK
1014 */
1015 if (algorithm == B43_SEC_ALGO_TKIP && key_len == 32)
1016 key_len = 16;
1017 if (key_len > B43_SEC_KEYSIZE)
1018 return -EINVAL;
1019 for (i = 0; i < ARRAY_SIZE(dev->key); i++) {
1020 /* Check that we don't already have this key. */
1021 B43_WARN_ON(dev->key[i].keyconf == keyconf);
1022 }
1023 if (index < 0) {
1024 /* Pairwise key. Get an empty slot for the key. */
1025 if (b43_new_kidx_api(dev))
1026 pairwise_keys_start = B43_NR_GROUP_KEYS;
1027 else
1028 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1029 for (i = pairwise_keys_start;
1030 i < pairwise_keys_start + B43_NR_PAIRWISE_KEYS;
1031 i++) {
1032 B43_WARN_ON(i >= ARRAY_SIZE(dev->key));
1033 if (!dev->key[i].keyconf) {
1034 /* found empty */
1035 index = i;
1036 break;
1037 }
1038 }
1039 if (index < 0) {
1040 b43warn(dev->wl, "Out of hardware key memory\n");
1041 return -ENOSPC;
1042 }
1043 } else
1044 B43_WARN_ON(index > 3);
1045
1046 do_key_write(dev, index, algorithm, key, key_len, mac_addr);
1047 if ((index <= 3) && !b43_new_kidx_api(dev)) {
1048 /* Default RX key */
1049 B43_WARN_ON(mac_addr);
1050 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
1051 }
1052 keyconf->hw_key_idx = index;
1053 dev->key[index].keyconf = keyconf;
1054
1055 return 0;
1056}
1057
1058static int b43_key_clear(struct b43_wldev *dev, int index)
1059{
1060 if (B43_WARN_ON((index < 0) || (index >= ARRAY_SIZE(dev->key))))
1061 return -EINVAL;
1062 do_key_write(dev, index, B43_SEC_ALGO_NONE,
1063 NULL, B43_SEC_KEYSIZE, NULL);
1064 if ((index <= 3) && !b43_new_kidx_api(dev)) {
1065 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
1066 NULL, B43_SEC_KEYSIZE, NULL);
1067 }
1068 dev->key[index].keyconf = NULL;
1069
1070 return 0;
1071}
1072
1073static void b43_clear_keys(struct b43_wldev *dev)
1074{
1075 int i, count;
1076
1077 if (b43_new_kidx_api(dev))
1078 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1079 else
1080 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1081 for (i = 0; i < count; i++)
1082 b43_key_clear(dev, i);
1083}
1084
1085static void b43_dump_keymemory(struct b43_wldev *dev)
1086{
1087 unsigned int i, index, count, offset, pairwise_keys_start;
1088 u8 mac[ETH_ALEN];
1089 u16 algo;
1090 u32 rcmta0;
1091 u16 rcmta1;
1092 u64 hf;
1093 struct b43_key *key;
1094
1095 if (!b43_debug(dev, B43_DBG_KEYS))
1096 return;
1097
1098 hf = b43_hf_read(dev);
1099 b43dbg(dev->wl, "Hardware key memory dump: USEDEFKEYS=%u\n",
1100 !!(hf & B43_HF_USEDEFKEYS));
1101 if (b43_new_kidx_api(dev)) {
1102 pairwise_keys_start = B43_NR_GROUP_KEYS;
1103 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1104 } else {
1105 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1106 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1107 }
1108 for (index = 0; index < count; index++) {
1109 key = &(dev->key[index]);
1110 printk(KERN_DEBUG "Key slot %02u: %s",
1111 index, (key->keyconf == NULL) ? " " : "*");
1112 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
1113 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
1114 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1115 printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1116 }
1117
1118 algo = b43_shm_read16(dev, B43_SHM_SHARED,
1119 B43_SHM_SH_KEYIDXBLOCK + (index * 2));
1120 printk(" Algo: %04X/%02X", algo, key->algorithm);
1121
1122 if (index >= pairwise_keys_start) {
1123 if (key->algorithm == B43_SEC_ALGO_TKIP) {
1124 printk(" TKIP: ");
1125 offset = B43_SHM_SH_TKIPTSCTTAK + (index - 4) * (10 + 4);
1126 for (i = 0; i < 14; i += 2) {
1127 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1128 printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1129 }
1130 }
1131 rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
1132 ((index - pairwise_keys_start) * 2) + 0);
1133 rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
1134 ((index - pairwise_keys_start) * 2) + 1);
1135 *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
1136 *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
1137 printk(" MAC: %pM", mac);
1138 } else
1139 printk(" DEFAULT KEY");
1140 printk("\n");
1141 }
1142}
1143
1144void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1145{
1146 u32 macctl;
1147 u16 ucstat;
1148 bool hwps;
1149 bool awake;
1150 int i;
1151
1152 B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1153 (ps_flags & B43_PS_DISABLED));
1154 B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1155
1156 if (ps_flags & B43_PS_ENABLED) {
1157 hwps = true;
1158 } else if (ps_flags & B43_PS_DISABLED) {
1159 hwps = false;
1160 } else {
1161 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1162 // and thus is not an AP and we are associated, set bit 25
1163 }
1164 if (ps_flags & B43_PS_AWAKE) {
1165 awake = true;
1166 } else if (ps_flags & B43_PS_ASLEEP) {
1167 awake = false;
1168 } else {
1169 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1170 // or we are associated, or FIXME, or the latest PS-Poll packet sent was
1171 // successful, set bit26
1172 }
1173
1174/* FIXME: For now we force awake-on and hwps-off */
1175 hwps = false;
1176 awake = true;
1177
1178 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1179 if (hwps)
1180 macctl |= B43_MACCTL_HWPS;
1181 else
1182 macctl &= ~B43_MACCTL_HWPS;
1183 if (awake)
1184 macctl |= B43_MACCTL_AWAKE;
1185 else
1186 macctl &= ~B43_MACCTL_AWAKE;
1187 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1188 /* Commit write */
1189 b43_read32(dev, B43_MMIO_MACCTL);
1190 if (awake && dev->dev->core_rev >= 5) {
1191 /* Wait for the microcode to wake up. */
1192 for (i = 0; i < 100; i++) {
1193 ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1194 B43_SHM_SH_UCODESTAT);
1195 if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1196 break;
1197 udelay(10);
1198 }
1199 }
1200}
1201
1202/* https://bcm-v4.sipsolutions.net/802.11/PHY/BmacCorePllReset */
1203void b43_wireless_core_phy_pll_reset(struct b43_wldev *dev)
1204{
1205 struct bcma_drv_cc *bcma_cc __maybe_unused;
1206 struct ssb_chipcommon *ssb_cc __maybe_unused;
1207
1208 switch (dev->dev->bus_type) {
1209#ifdef CONFIG_B43_BCMA
1210 case B43_BUS_BCMA:
1211 bcma_cc = &dev->dev->bdev->bus->drv_cc;
1212
1213 bcma_cc_write32(bcma_cc, BCMA_CC_PMU_CHIPCTL_ADDR, 0);
1214 bcma_cc_mask32(bcma_cc, BCMA_CC_PMU_CHIPCTL_DATA, ~0x4);
1215 bcma_cc_set32(bcma_cc, BCMA_CC_PMU_CHIPCTL_DATA, 0x4);
1216 bcma_cc_mask32(bcma_cc, BCMA_CC_PMU_CHIPCTL_DATA, ~0x4);
1217 break;
1218#endif
1219#ifdef CONFIG_B43_SSB
1220 case B43_BUS_SSB:
1221 ssb_cc = &dev->dev->sdev->bus->chipco;
1222
1223 chipco_write32(ssb_cc, SSB_CHIPCO_CHIPCTL_ADDR, 0);
1224 chipco_mask32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, ~0x4);
1225 chipco_set32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, 0x4);
1226 chipco_mask32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, ~0x4);
1227 break;
1228#endif
1229 }
1230}
1231
1232#ifdef CONFIG_B43_BCMA
1233static void b43_bcma_phy_reset(struct b43_wldev *dev)
1234{
1235 u32 flags;
1236
1237 /* Put PHY into reset */
1238 flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1239 flags |= B43_BCMA_IOCTL_PHY_RESET;
1240 flags |= B43_BCMA_IOCTL_PHY_BW_20MHZ; /* Make 20 MHz def */
1241 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1242 udelay(2);
1243
1244 b43_phy_take_out_of_reset(dev);
1245}
1246
1247static void b43_bcma_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1248{
1249 u32 req = B43_BCMA_CLKCTLST_80211_PLL_REQ |
1250 B43_BCMA_CLKCTLST_PHY_PLL_REQ;
1251 u32 status = B43_BCMA_CLKCTLST_80211_PLL_ST |
1252 B43_BCMA_CLKCTLST_PHY_PLL_ST;
1253 u32 flags;
1254
1255 flags = B43_BCMA_IOCTL_PHY_CLKEN;
1256 if (gmode)
1257 flags |= B43_BCMA_IOCTL_GMODE;
1258 b43_device_enable(dev, flags);
1259
1260 if (dev->phy.type == B43_PHYTYPE_AC) {
1261 u16 tmp;
1262
1263 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1264 tmp &= ~B43_BCMA_IOCTL_DAC;
1265 tmp |= 0x100;
1266 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1267
1268 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1269 tmp &= ~B43_BCMA_IOCTL_PHY_CLKEN;
1270 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1271
1272 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1273 tmp |= B43_BCMA_IOCTL_PHY_CLKEN;
1274 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1275 }
1276
1277 bcma_core_set_clockmode(dev->dev->bdev, BCMA_CLKMODE_FAST);
1278 b43_bcma_phy_reset(dev);
1279 bcma_core_pll_ctl(dev->dev->bdev, req, status, true);
1280}
1281#endif
1282
1283#ifdef CONFIG_B43_SSB
1284static void b43_ssb_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1285{
1286 u32 flags = 0;
1287
1288 if (gmode)
1289 flags |= B43_TMSLOW_GMODE;
1290 flags |= B43_TMSLOW_PHYCLKEN;
1291 flags |= B43_TMSLOW_PHYRESET;
1292 if (dev->phy.type == B43_PHYTYPE_N)
1293 flags |= B43_TMSLOW_PHY_BANDWIDTH_20MHZ; /* Make 20 MHz def */
1294 b43_device_enable(dev, flags);
1295 msleep(2); /* Wait for the PLL to turn on. */
1296
1297 b43_phy_take_out_of_reset(dev);
1298}
1299#endif
1300
1301void b43_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1302{
1303 u32 macctl;
1304
1305 switch (dev->dev->bus_type) {
1306#ifdef CONFIG_B43_BCMA
1307 case B43_BUS_BCMA:
1308 b43_bcma_wireless_core_reset(dev, gmode);
1309 break;
1310#endif
1311#ifdef CONFIG_B43_SSB
1312 case B43_BUS_SSB:
1313 b43_ssb_wireless_core_reset(dev, gmode);
1314 break;
1315#endif
1316 }
1317
1318 /* Turn Analog ON, but only if we already know the PHY-type.
1319 * This protects against very early setup where we don't know the
1320 * PHY-type, yet. wireless_core_reset will be called once again later,
1321 * when we know the PHY-type. */
1322 if (dev->phy.ops)
1323 dev->phy.ops->switch_analog(dev, 1);
1324
1325 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1326 macctl &= ~B43_MACCTL_GMODE;
1327 if (gmode)
1328 macctl |= B43_MACCTL_GMODE;
1329 macctl |= B43_MACCTL_IHR_ENABLED;
1330 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1331}
1332
1333static void handle_irq_transmit_status(struct b43_wldev *dev)
1334{
1335 u32 v0, v1;
1336 u16 tmp;
1337 struct b43_txstatus stat;
1338
1339 while (1) {
1340 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1341 if (!(v0 & 0x00000001))
1342 break;
1343 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1344
1345 stat.cookie = (v0 >> 16);
1346 stat.seq = (v1 & 0x0000FFFF);
1347 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1348 tmp = (v0 & 0x0000FFFF);
1349 stat.frame_count = ((tmp & 0xF000) >> 12);
1350 stat.rts_count = ((tmp & 0x0F00) >> 8);
1351 stat.supp_reason = ((tmp & 0x001C) >> 2);
1352 stat.pm_indicated = !!(tmp & 0x0080);
1353 stat.intermediate = !!(tmp & 0x0040);
1354 stat.for_ampdu = !!(tmp & 0x0020);
1355 stat.acked = !!(tmp & 0x0002);
1356
1357 b43_handle_txstatus(dev, &stat);
1358 }
1359}
1360
1361static void drain_txstatus_queue(struct b43_wldev *dev)
1362{
1363 u32 dummy;
1364
1365 if (dev->dev->core_rev < 5)
1366 return;
1367 /* Read all entries from the microcode TXstatus FIFO
1368 * and throw them away.
1369 */
1370 while (1) {
1371 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1372 if (!(dummy & 0x00000001))
1373 break;
1374 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1375 }
1376}
1377
1378static u32 b43_jssi_read(struct b43_wldev *dev)
1379{
1380 u32 val = 0;
1381
1382 val = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1);
1383 val <<= 16;
1384 val |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0);
1385
1386 return val;
1387}
1388
1389static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1390{
1391 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0,
1392 (jssi & 0x0000FFFF));
1393 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1,
1394 (jssi & 0xFFFF0000) >> 16);
1395}
1396
1397static void b43_generate_noise_sample(struct b43_wldev *dev)
1398{
1399 b43_jssi_write(dev, 0x7F7F7F7F);
1400 b43_write32(dev, B43_MMIO_MACCMD,
1401 b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1402}
1403
1404static void b43_calculate_link_quality(struct b43_wldev *dev)
1405{
1406 /* Top half of Link Quality calculation. */
1407
1408 if (dev->phy.type != B43_PHYTYPE_G)
1409 return;
1410 if (dev->noisecalc.calculation_running)
1411 return;
1412 dev->noisecalc.calculation_running = true;
1413 dev->noisecalc.nr_samples = 0;
1414
1415 b43_generate_noise_sample(dev);
1416}
1417
1418static void handle_irq_noise(struct b43_wldev *dev)
1419{
1420 struct b43_phy_g *phy = dev->phy.g;
1421 u16 tmp;
1422 u8 noise[4];
1423 u8 i, j;
1424 s32 average;
1425
1426 /* Bottom half of Link Quality calculation. */
1427
1428 if (dev->phy.type != B43_PHYTYPE_G)
1429 return;
1430
1431 /* Possible race condition: It might be possible that the user
1432 * changed to a different channel in the meantime since we
1433 * started the calculation. We ignore that fact, since it's
1434 * not really that much of a problem. The background noise is
1435 * an estimation only anyway. Slightly wrong results will get damped
1436 * by the averaging of the 8 sample rounds. Additionally the
1437 * value is shortlived. So it will be replaced by the next noise
1438 * calculation round soon. */
1439
1440 B43_WARN_ON(!dev->noisecalc.calculation_running);
1441 *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1442 if (noise[0] == 0x7F || noise[1] == 0x7F ||
1443 noise[2] == 0x7F || noise[3] == 0x7F)
1444 goto generate_new;
1445
1446 /* Get the noise samples. */
1447 B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1448 i = dev->noisecalc.nr_samples;
1449 noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1450 noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1451 noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1452 noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1453 dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1454 dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1455 dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1456 dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1457 dev->noisecalc.nr_samples++;
1458 if (dev->noisecalc.nr_samples == 8) {
1459 /* Calculate the Link Quality by the noise samples. */
1460 average = 0;
1461 for (i = 0; i < 8; i++) {
1462 for (j = 0; j < 4; j++)
1463 average += dev->noisecalc.samples[i][j];
1464 }
1465 average /= (8 * 4);
1466 average *= 125;
1467 average += 64;
1468 average /= 128;
1469 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1470 tmp = (tmp / 128) & 0x1F;
1471 if (tmp >= 8)
1472 average += 2;
1473 else
1474 average -= 25;
1475 if (tmp == 8)
1476 average -= 72;
1477 else
1478 average -= 48;
1479
1480 dev->stats.link_noise = average;
1481 dev->noisecalc.calculation_running = false;
1482 return;
1483 }
1484generate_new:
1485 b43_generate_noise_sample(dev);
1486}
1487
1488static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1489{
1490 if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1491 ///TODO: PS TBTT
1492 } else {
1493 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1494 b43_power_saving_ctl_bits(dev, 0);
1495 }
1496 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1497 dev->dfq_valid = true;
1498}
1499
1500static void handle_irq_atim_end(struct b43_wldev *dev)
1501{
1502 if (dev->dfq_valid) {
1503 b43_write32(dev, B43_MMIO_MACCMD,
1504 b43_read32(dev, B43_MMIO_MACCMD)
1505 | B43_MACCMD_DFQ_VALID);
1506 dev->dfq_valid = false;
1507 }
1508}
1509
1510static void handle_irq_pmq(struct b43_wldev *dev)
1511{
1512 u32 tmp;
1513
1514 //TODO: AP mode.
1515
1516 while (1) {
1517 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1518 if (!(tmp & 0x00000008))
1519 break;
1520 }
1521 /* 16bit write is odd, but correct. */
1522 b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1523}
1524
1525static void b43_write_template_common(struct b43_wldev *dev,
1526 const u8 *data, u16 size,
1527 u16 ram_offset,
1528 u16 shm_size_offset, u8 rate)
1529{
1530 u32 i, tmp;
1531 struct b43_plcp_hdr4 plcp;
1532
1533 plcp.data = 0;
1534 b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1535 b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1536 ram_offset += sizeof(u32);
1537 /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1538 * So leave the first two bytes of the next write blank.
1539 */
1540 tmp = (u32) (data[0]) << 16;
1541 tmp |= (u32) (data[1]) << 24;
1542 b43_ram_write(dev, ram_offset, tmp);
1543 ram_offset += sizeof(u32);
1544 for (i = 2; i < size; i += sizeof(u32)) {
1545 tmp = (u32) (data[i + 0]);
1546 if (i + 1 < size)
1547 tmp |= (u32) (data[i + 1]) << 8;
1548 if (i + 2 < size)
1549 tmp |= (u32) (data[i + 2]) << 16;
1550 if (i + 3 < size)
1551 tmp |= (u32) (data[i + 3]) << 24;
1552 b43_ram_write(dev, ram_offset + i - 2, tmp);
1553 }
1554 b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1555 size + sizeof(struct b43_plcp_hdr6));
1556}
1557
1558/* Check if the use of the antenna that ieee80211 told us to
1559 * use is possible. This will fall back to DEFAULT.
1560 * "antenna_nr" is the antenna identifier we got from ieee80211. */
1561u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1562 u8 antenna_nr)
1563{
1564 u8 antenna_mask;
1565
1566 if (antenna_nr == 0) {
1567 /* Zero means "use default antenna". That's always OK. */
1568 return 0;
1569 }
1570
1571 /* Get the mask of available antennas. */
1572 if (dev->phy.gmode)
1573 antenna_mask = dev->dev->bus_sprom->ant_available_bg;
1574 else
1575 antenna_mask = dev->dev->bus_sprom->ant_available_a;
1576
1577 if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1578 /* This antenna is not available. Fall back to default. */
1579 return 0;
1580 }
1581
1582 return antenna_nr;
1583}
1584
1585/* Convert a b43 antenna number value to the PHY TX control value. */
1586static u16 b43_antenna_to_phyctl(int antenna)
1587{
1588 switch (antenna) {
1589 case B43_ANTENNA0:
1590 return B43_TXH_PHY_ANT0;
1591 case B43_ANTENNA1:
1592 return B43_TXH_PHY_ANT1;
1593 case B43_ANTENNA2:
1594 return B43_TXH_PHY_ANT2;
1595 case B43_ANTENNA3:
1596 return B43_TXH_PHY_ANT3;
1597 case B43_ANTENNA_AUTO0:
1598 case B43_ANTENNA_AUTO1:
1599 return B43_TXH_PHY_ANT01AUTO;
1600 }
1601 B43_WARN_ON(1);
1602 return 0;
1603}
1604
1605static void b43_write_beacon_template(struct b43_wldev *dev,
1606 u16 ram_offset,
1607 u16 shm_size_offset)
1608{
1609 unsigned int i, len, variable_len;
1610 const struct ieee80211_mgmt *bcn;
1611 const u8 *ie;
1612 bool tim_found = false;
1613 unsigned int rate;
1614 u16 ctl;
1615 int antenna;
1616 struct ieee80211_tx_info *info;
1617 unsigned long flags;
1618 struct sk_buff *beacon_skb;
1619
1620 spin_lock_irqsave(&dev->wl->beacon_lock, flags);
1621 info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1622 rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1623 /* Clone the beacon, so it cannot go away, while we write it to hw. */
1624 beacon_skb = skb_clone(dev->wl->current_beacon, GFP_ATOMIC);
1625 spin_unlock_irqrestore(&dev->wl->beacon_lock, flags);
1626
1627 if (!beacon_skb) {
1628 b43dbg(dev->wl, "Could not upload beacon. "
1629 "Failed to clone beacon skb.");
1630 return;
1631 }
1632
1633 bcn = (const struct ieee80211_mgmt *)(beacon_skb->data);
1634 len = min_t(size_t, beacon_skb->len,
1635 0x200 - sizeof(struct b43_plcp_hdr6));
1636
1637 b43_write_template_common(dev, (const u8 *)bcn,
1638 len, ram_offset, shm_size_offset, rate);
1639
1640 /* Write the PHY TX control parameters. */
1641 antenna = B43_ANTENNA_DEFAULT;
1642 antenna = b43_antenna_to_phyctl(antenna);
1643 ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1644 /* We can't send beacons with short preamble. Would get PHY errors. */
1645 ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1646 ctl &= ~B43_TXH_PHY_ANT;
1647 ctl &= ~B43_TXH_PHY_ENC;
1648 ctl |= antenna;
1649 if (b43_is_cck_rate(rate))
1650 ctl |= B43_TXH_PHY_ENC_CCK;
1651 else
1652 ctl |= B43_TXH_PHY_ENC_OFDM;
1653 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1654
1655 /* Find the position of the TIM and the DTIM_period value
1656 * and write them to SHM. */
1657 ie = bcn->u.beacon.variable;
1658 variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1659 for (i = 0; i < variable_len - 2; ) {
1660 uint8_t ie_id, ie_len;
1661
1662 ie_id = ie[i];
1663 ie_len = ie[i + 1];
1664 if (ie_id == 5) {
1665 u16 tim_position;
1666 u16 dtim_period;
1667 /* This is the TIM Information Element */
1668
1669 /* Check whether the ie_len is in the beacon data range. */
1670 if (variable_len < ie_len + 2 + i)
1671 break;
1672 /* A valid TIM is at least 4 bytes long. */
1673 if (ie_len < 4)
1674 break;
1675 tim_found = true;
1676
1677 tim_position = sizeof(struct b43_plcp_hdr6);
1678 tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1679 tim_position += i;
1680
1681 dtim_period = ie[i + 3];
1682
1683 b43_shm_write16(dev, B43_SHM_SHARED,
1684 B43_SHM_SH_TIMBPOS, tim_position);
1685 b43_shm_write16(dev, B43_SHM_SHARED,
1686 B43_SHM_SH_DTIMPER, dtim_period);
1687 break;
1688 }
1689 i += ie_len + 2;
1690 }
1691 if (!tim_found) {
1692 /*
1693 * If ucode wants to modify TIM do it behind the beacon, this
1694 * will happen, for example, when doing mesh networking.
1695 */
1696 b43_shm_write16(dev, B43_SHM_SHARED,
1697 B43_SHM_SH_TIMBPOS,
1698 len + sizeof(struct b43_plcp_hdr6));
1699 b43_shm_write16(dev, B43_SHM_SHARED,
1700 B43_SHM_SH_DTIMPER, 0);
1701 }
1702 b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1703
1704 dev_kfree_skb_any(beacon_skb);
1705}
1706
1707static void b43_upload_beacon0(struct b43_wldev *dev)
1708{
1709 struct b43_wl *wl = dev->wl;
1710
1711 if (wl->beacon0_uploaded)
1712 return;
1713 b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE0, B43_SHM_SH_BTL0);
1714 wl->beacon0_uploaded = true;
1715}
1716
1717static void b43_upload_beacon1(struct b43_wldev *dev)
1718{
1719 struct b43_wl *wl = dev->wl;
1720
1721 if (wl->beacon1_uploaded)
1722 return;
1723 b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE1, B43_SHM_SH_BTL1);
1724 wl->beacon1_uploaded = true;
1725}
1726
1727static void handle_irq_beacon(struct b43_wldev *dev)
1728{
1729 struct b43_wl *wl = dev->wl;
1730 u32 cmd, beacon0_valid, beacon1_valid;
1731
1732 if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1733 !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) &&
1734 !b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
1735 return;
1736
1737 /* This is the bottom half of the asynchronous beacon update. */
1738
1739 /* Ignore interrupt in the future. */
1740 dev->irq_mask &= ~B43_IRQ_BEACON;
1741
1742 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1743 beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1744 beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1745
1746 /* Schedule interrupt manually, if busy. */
1747 if (beacon0_valid && beacon1_valid) {
1748 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1749 dev->irq_mask |= B43_IRQ_BEACON;
1750 return;
1751 }
1752
1753 if (unlikely(wl->beacon_templates_virgin)) {
1754 /* We never uploaded a beacon before.
1755 * Upload both templates now, but only mark one valid. */
1756 wl->beacon_templates_virgin = false;
1757 b43_upload_beacon0(dev);
1758 b43_upload_beacon1(dev);
1759 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1760 cmd |= B43_MACCMD_BEACON0_VALID;
1761 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1762 } else {
1763 if (!beacon0_valid) {
1764 b43_upload_beacon0(dev);
1765 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1766 cmd |= B43_MACCMD_BEACON0_VALID;
1767 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1768 } else if (!beacon1_valid) {
1769 b43_upload_beacon1(dev);
1770 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1771 cmd |= B43_MACCMD_BEACON1_VALID;
1772 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1773 }
1774 }
1775}
1776
1777static void b43_do_beacon_update_trigger_work(struct b43_wldev *dev)
1778{
1779 u32 old_irq_mask = dev->irq_mask;
1780
1781 /* update beacon right away or defer to irq */
1782 handle_irq_beacon(dev);
1783 if (old_irq_mask != dev->irq_mask) {
1784 /* The handler updated the IRQ mask. */
1785 B43_WARN_ON(!dev->irq_mask);
1786 if (b43_read32(dev, B43_MMIO_GEN_IRQ_MASK)) {
1787 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1788 } else {
1789 /* Device interrupts are currently disabled. That means
1790 * we just ran the hardirq handler and scheduled the
1791 * IRQ thread. The thread will write the IRQ mask when
1792 * it finished, so there's nothing to do here. Writing
1793 * the mask _here_ would incorrectly re-enable IRQs. */
1794 }
1795 }
1796}
1797
1798static void b43_beacon_update_trigger_work(struct work_struct *work)
1799{
1800 struct b43_wl *wl = container_of(work, struct b43_wl,
1801 beacon_update_trigger);
1802 struct b43_wldev *dev;
1803
1804 mutex_lock(&wl->mutex);
1805 dev = wl->current_dev;
1806 if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1807 if (b43_bus_host_is_sdio(dev->dev)) {
1808 /* wl->mutex is enough. */
1809 b43_do_beacon_update_trigger_work(dev);
1810 } else {
1811 spin_lock_irq(&wl->hardirq_lock);
1812 b43_do_beacon_update_trigger_work(dev);
1813 spin_unlock_irq(&wl->hardirq_lock);
1814 }
1815 }
1816 mutex_unlock(&wl->mutex);
1817}
1818
1819/* Asynchronously update the packet templates in template RAM. */
1820static void b43_update_templates(struct b43_wl *wl)
1821{
1822 struct sk_buff *beacon, *old_beacon;
1823 unsigned long flags;
1824
1825 /* This is the top half of the asynchronous beacon update.
1826 * The bottom half is the beacon IRQ.
1827 * Beacon update must be asynchronous to avoid sending an
1828 * invalid beacon. This can happen for example, if the firmware
1829 * transmits a beacon while we are updating it. */
1830
1831 /* We could modify the existing beacon and set the aid bit in
1832 * the TIM field, but that would probably require resizing and
1833 * moving of data within the beacon template.
1834 * Simply request a new beacon and let mac80211 do the hard work. */
1835 beacon = ieee80211_beacon_get(wl->hw, wl->vif, 0);
1836 if (unlikely(!beacon))
1837 return;
1838
1839 spin_lock_irqsave(&wl->beacon_lock, flags);
1840 old_beacon = wl->current_beacon;
1841 wl->current_beacon = beacon;
1842 wl->beacon0_uploaded = false;
1843 wl->beacon1_uploaded = false;
1844 spin_unlock_irqrestore(&wl->beacon_lock, flags);
1845
1846 ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1847
1848 if (old_beacon)
1849 dev_kfree_skb_any(old_beacon);
1850}
1851
1852static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1853{
1854 b43_time_lock(dev);
1855 if (dev->dev->core_rev >= 3) {
1856 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1857 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1858 } else {
1859 b43_write16(dev, 0x606, (beacon_int >> 6));
1860 b43_write16(dev, 0x610, beacon_int);
1861 }
1862 b43_time_unlock(dev);
1863 b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1864}
1865
1866static void b43_handle_firmware_panic(struct b43_wldev *dev)
1867{
1868 u16 reason;
1869
1870 /* Read the register that contains the reason code for the panic. */
1871 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1872 b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1873
1874 switch (reason) {
1875 default:
1876 b43dbg(dev->wl, "The panic reason is unknown.\n");
1877 fallthrough;
1878 case B43_FWPANIC_DIE:
1879 /* Do not restart the controller or firmware.
1880 * The device is nonfunctional from now on.
1881 * Restarting would result in this panic to trigger again,
1882 * so we avoid that recursion. */
1883 break;
1884 case B43_FWPANIC_RESTART:
1885 b43_controller_restart(dev, "Microcode panic");
1886 break;
1887 }
1888}
1889
1890static void handle_irq_ucode_debug(struct b43_wldev *dev)
1891{
1892 unsigned int i, cnt;
1893 u16 reason, marker_id, marker_line;
1894 __le16 *buf;
1895
1896 /* The proprietary firmware doesn't have this IRQ. */
1897 if (!dev->fw.opensource)
1898 return;
1899
1900 /* Read the register that contains the reason code for this IRQ. */
1901 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1902
1903 switch (reason) {
1904 case B43_DEBUGIRQ_PANIC:
1905 b43_handle_firmware_panic(dev);
1906 break;
1907 case B43_DEBUGIRQ_DUMP_SHM:
1908 if (!B43_DEBUG)
1909 break; /* Only with driver debugging enabled. */
1910 buf = kmalloc(4096, GFP_ATOMIC);
1911 if (!buf) {
1912 b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1913 goto out;
1914 }
1915 for (i = 0; i < 4096; i += 2) {
1916 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1917 buf[i / 2] = cpu_to_le16(tmp);
1918 }
1919 b43info(dev->wl, "Shared memory dump:\n");
1920 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1921 16, 2, buf, 4096, 1);
1922 kfree(buf);
1923 break;
1924 case B43_DEBUGIRQ_DUMP_REGS:
1925 if (!B43_DEBUG)
1926 break; /* Only with driver debugging enabled. */
1927 b43info(dev->wl, "Microcode register dump:\n");
1928 for (i = 0, cnt = 0; i < 64; i++) {
1929 u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1930 if (cnt == 0)
1931 printk(KERN_INFO);
1932 printk("r%02u: 0x%04X ", i, tmp);
1933 cnt++;
1934 if (cnt == 6) {
1935 printk("\n");
1936 cnt = 0;
1937 }
1938 }
1939 printk("\n");
1940 break;
1941 case B43_DEBUGIRQ_MARKER:
1942 if (!B43_DEBUG)
1943 break; /* Only with driver debugging enabled. */
1944 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1945 B43_MARKER_ID_REG);
1946 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1947 B43_MARKER_LINE_REG);
1948 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1949 "at line number %u\n",
1950 marker_id, marker_line);
1951 break;
1952 default:
1953 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1954 reason);
1955 }
1956out:
1957 /* Acknowledge the debug-IRQ, so the firmware can continue. */
1958 b43_shm_write16(dev, B43_SHM_SCRATCH,
1959 B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1960}
1961
1962static void b43_do_interrupt_thread(struct b43_wldev *dev)
1963{
1964 u32 reason;
1965 u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1966 u32 merged_dma_reason = 0;
1967 int i;
1968
1969 if (unlikely(b43_status(dev) != B43_STAT_STARTED))
1970 return;
1971
1972 reason = dev->irq_reason;
1973 for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1974 dma_reason[i] = dev->dma_reason[i];
1975 merged_dma_reason |= dma_reason[i];
1976 }
1977
1978 if (unlikely(reason & B43_IRQ_MAC_TXERR))
1979 b43err(dev->wl, "MAC transmission error\n");
1980
1981 if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1982 b43err(dev->wl, "PHY transmission error\n");
1983 rmb();
1984 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1985 atomic_set(&dev->phy.txerr_cnt,
1986 B43_PHY_TX_BADNESS_LIMIT);
1987 b43err(dev->wl, "Too many PHY TX errors, "
1988 "restarting the controller\n");
1989 b43_controller_restart(dev, "PHY TX errors");
1990 }
1991 }
1992
1993 if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK))) {
1994 b43err(dev->wl,
1995 "Fatal DMA error: 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X\n",
1996 dma_reason[0], dma_reason[1],
1997 dma_reason[2], dma_reason[3],
1998 dma_reason[4], dma_reason[5]);
1999 b43err(dev->wl, "This device does not support DMA "
2000 "on your system. It will now be switched to PIO.\n");
2001 /* Fall back to PIO transfers if we get fatal DMA errors! */
2002 dev->use_pio = true;
2003 b43_controller_restart(dev, "DMA error");
2004 return;
2005 }
2006
2007 if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
2008 handle_irq_ucode_debug(dev);
2009 if (reason & B43_IRQ_TBTT_INDI)
2010 handle_irq_tbtt_indication(dev);
2011 if (reason & B43_IRQ_ATIM_END)
2012 handle_irq_atim_end(dev);
2013 if (reason & B43_IRQ_BEACON)
2014 handle_irq_beacon(dev);
2015 if (reason & B43_IRQ_PMQ)
2016 handle_irq_pmq(dev);
2017 if (reason & B43_IRQ_TXFIFO_FLUSH_OK) {
2018 ;/* TODO */
2019 }
2020 if (reason & B43_IRQ_NOISESAMPLE_OK)
2021 handle_irq_noise(dev);
2022
2023 /* Check the DMA reason registers for received data. */
2024 if (dma_reason[0] & B43_DMAIRQ_RDESC_UFLOW) {
2025 if (B43_DEBUG)
2026 b43warn(dev->wl, "RX descriptor underrun\n");
2027 b43_dma_handle_rx_overflow(dev->dma.rx_ring);
2028 }
2029 if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
2030 if (b43_using_pio_transfers(dev))
2031 b43_pio_rx(dev->pio.rx_queue);
2032 else
2033 b43_dma_rx(dev->dma.rx_ring);
2034 }
2035 B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
2036 B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
2037 B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
2038 B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
2039 B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
2040
2041 if (reason & B43_IRQ_TX_OK)
2042 handle_irq_transmit_status(dev);
2043
2044 /* Re-enable interrupts on the device by restoring the current interrupt mask. */
2045 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
2046
2047#if B43_DEBUG
2048 if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
2049 dev->irq_count++;
2050 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
2051 if (reason & (1 << i))
2052 dev->irq_bit_count[i]++;
2053 }
2054 }
2055#endif
2056}
2057
2058/* Interrupt thread handler. Handles device interrupts in thread context. */
2059static irqreturn_t b43_interrupt_thread_handler(int irq, void *dev_id)
2060{
2061 struct b43_wldev *dev = dev_id;
2062
2063 mutex_lock(&dev->wl->mutex);
2064 b43_do_interrupt_thread(dev);
2065 mutex_unlock(&dev->wl->mutex);
2066
2067 return IRQ_HANDLED;
2068}
2069
2070static irqreturn_t b43_do_interrupt(struct b43_wldev *dev)
2071{
2072 u32 reason;
2073
2074 /* This code runs under wl->hardirq_lock, but _only_ on non-SDIO busses.
2075 * On SDIO, this runs under wl->mutex. */
2076
2077 reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2078 if (reason == 0xffffffff) /* shared IRQ */
2079 return IRQ_NONE;
2080 reason &= dev->irq_mask;
2081 if (!reason)
2082 return IRQ_NONE;
2083
2084 dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
2085 & 0x0001FC00;
2086 dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
2087 & 0x0000DC00;
2088 dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
2089 & 0x0000DC00;
2090 dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
2091 & 0x0001DC00;
2092 dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
2093 & 0x0000DC00;
2094/* Unused ring
2095 dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
2096 & 0x0000DC00;
2097*/
2098
2099 /* ACK the interrupt. */
2100 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
2101 b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
2102 b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
2103 b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
2104 b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
2105 b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
2106/* Unused ring
2107 b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
2108*/
2109
2110 /* Disable IRQs on the device. The IRQ thread handler will re-enable them. */
2111 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
2112 /* Save the reason bitmasks for the IRQ thread handler. */
2113 dev->irq_reason = reason;
2114
2115 return IRQ_WAKE_THREAD;
2116}
2117
2118/* Interrupt handler top-half. This runs with interrupts disabled. */
2119static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
2120{
2121 struct b43_wldev *dev = dev_id;
2122 irqreturn_t ret;
2123
2124 if (unlikely(b43_status(dev) < B43_STAT_STARTED))
2125 return IRQ_NONE;
2126
2127 spin_lock(&dev->wl->hardirq_lock);
2128 ret = b43_do_interrupt(dev);
2129 spin_unlock(&dev->wl->hardirq_lock);
2130
2131 return ret;
2132}
2133
2134/* SDIO interrupt handler. This runs in process context. */
2135static void b43_sdio_interrupt_handler(struct b43_wldev *dev)
2136{
2137 struct b43_wl *wl = dev->wl;
2138 irqreturn_t ret;
2139
2140 mutex_lock(&wl->mutex);
2141
2142 ret = b43_do_interrupt(dev);
2143 if (ret == IRQ_WAKE_THREAD)
2144 b43_do_interrupt_thread(dev);
2145
2146 mutex_unlock(&wl->mutex);
2147}
2148
2149void b43_do_release_fw(struct b43_firmware_file *fw)
2150{
2151 release_firmware(fw->data);
2152 fw->data = NULL;
2153 fw->filename = NULL;
2154}
2155
2156static void b43_release_firmware(struct b43_wldev *dev)
2157{
2158 complete(&dev->fw_load_complete);
2159 b43_do_release_fw(&dev->fw.ucode);
2160 b43_do_release_fw(&dev->fw.pcm);
2161 b43_do_release_fw(&dev->fw.initvals);
2162 b43_do_release_fw(&dev->fw.initvals_band);
2163}
2164
2165static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
2166{
2167 const char text[] =
2168 "You must go to " \
2169 "https://wireless.wiki.kernel.org/en/users/Drivers/b43#devicefirmware " \
2170 "and download the correct firmware for this driver version. " \
2171 "Please carefully read all instructions on this website.\n";
2172
2173 if (error)
2174 b43err(wl, text);
2175 else
2176 b43warn(wl, text);
2177}
2178
2179static void b43_fw_cb(const struct firmware *firmware, void *context)
2180{
2181 struct b43_request_fw_context *ctx = context;
2182
2183 ctx->blob = firmware;
2184 complete(&ctx->dev->fw_load_complete);
2185}
2186
2187int b43_do_request_fw(struct b43_request_fw_context *ctx,
2188 const char *name,
2189 struct b43_firmware_file *fw, bool async)
2190{
2191 struct b43_fw_header *hdr;
2192 u32 size;
2193 int err;
2194
2195 if (!name) {
2196 /* Don't fetch anything. Free possibly cached firmware. */
2197 /* FIXME: We should probably keep it anyway, to save some headache
2198 * on suspend/resume with multiband devices. */
2199 b43_do_release_fw(fw);
2200 return 0;
2201 }
2202 if (fw->filename) {
2203 if ((fw->type == ctx->req_type) &&
2204 (strcmp(fw->filename, name) == 0))
2205 return 0; /* Already have this fw. */
2206 /* Free the cached firmware first. */
2207 /* FIXME: We should probably do this later after we successfully
2208 * got the new fw. This could reduce headache with multiband devices.
2209 * We could also redesign this to cache the firmware for all possible
2210 * bands all the time. */
2211 b43_do_release_fw(fw);
2212 }
2213
2214 switch (ctx->req_type) {
2215 case B43_FWTYPE_PROPRIETARY:
2216 snprintf(ctx->fwname, sizeof(ctx->fwname),
2217 "b43%s/%s.fw",
2218 modparam_fwpostfix, name);
2219 break;
2220 case B43_FWTYPE_OPENSOURCE:
2221 snprintf(ctx->fwname, sizeof(ctx->fwname),
2222 "b43-open%s/%s.fw",
2223 modparam_fwpostfix, name);
2224 break;
2225 default:
2226 B43_WARN_ON(1);
2227 return -ENOSYS;
2228 }
2229 if (async) {
2230 /* do this part asynchronously */
2231 init_completion(&ctx->dev->fw_load_complete);
2232 err = request_firmware_nowait(THIS_MODULE, 1, ctx->fwname,
2233 ctx->dev->dev->dev, GFP_KERNEL,
2234 ctx, b43_fw_cb);
2235 if (err < 0) {
2236 pr_err("Unable to load firmware\n");
2237 return err;
2238 }
2239 wait_for_completion(&ctx->dev->fw_load_complete);
2240 if (ctx->blob)
2241 goto fw_ready;
2242 /* On some ARM systems, the async request will fail, but the next sync
2243 * request works. For this reason, we fall through here
2244 */
2245 }
2246 err = request_firmware(&ctx->blob, ctx->fwname,
2247 ctx->dev->dev->dev);
2248 if (err == -ENOENT) {
2249 snprintf(ctx->errors[ctx->req_type],
2250 sizeof(ctx->errors[ctx->req_type]),
2251 "Firmware file \"%s\" not found\n",
2252 ctx->fwname);
2253 return err;
2254 } else if (err) {
2255 snprintf(ctx->errors[ctx->req_type],
2256 sizeof(ctx->errors[ctx->req_type]),
2257 "Firmware file \"%s\" request failed (err=%d)\n",
2258 ctx->fwname, err);
2259 return err;
2260 }
2261fw_ready:
2262 if (ctx->blob->size < sizeof(struct b43_fw_header))
2263 goto err_format;
2264 hdr = (struct b43_fw_header *)(ctx->blob->data);
2265 switch (hdr->type) {
2266 case B43_FW_TYPE_UCODE:
2267 case B43_FW_TYPE_PCM:
2268 size = be32_to_cpu(hdr->size);
2269 if (size != ctx->blob->size - sizeof(struct b43_fw_header))
2270 goto err_format;
2271 fallthrough;
2272 case B43_FW_TYPE_IV:
2273 if (hdr->ver != 1)
2274 goto err_format;
2275 break;
2276 default:
2277 goto err_format;
2278 }
2279
2280 fw->data = ctx->blob;
2281 fw->filename = name;
2282 fw->type = ctx->req_type;
2283
2284 return 0;
2285
2286err_format:
2287 snprintf(ctx->errors[ctx->req_type],
2288 sizeof(ctx->errors[ctx->req_type]),
2289 "Firmware file \"%s\" format error.\n", ctx->fwname);
2290 release_firmware(ctx->blob);
2291
2292 return -EPROTO;
2293}
2294
2295/* https://bcm-v4.sipsolutions.net/802.11/Init/Firmware */
2296static int b43_try_request_fw(struct b43_request_fw_context *ctx)
2297{
2298 struct b43_wldev *dev = ctx->dev;
2299 struct b43_firmware *fw = &ctx->dev->fw;
2300 struct b43_phy *phy = &dev->phy;
2301 const u8 rev = ctx->dev->dev->core_rev;
2302 const char *filename;
2303 int err;
2304
2305 /* Get microcode */
2306 filename = NULL;
2307 switch (rev) {
2308 case 42:
2309 if (phy->type == B43_PHYTYPE_AC)
2310 filename = "ucode42";
2311 break;
2312 case 40:
2313 if (phy->type == B43_PHYTYPE_AC)
2314 filename = "ucode40";
2315 break;
2316 case 33:
2317 if (phy->type == B43_PHYTYPE_LCN40)
2318 filename = "ucode33_lcn40";
2319 break;
2320 case 30:
2321 if (phy->type == B43_PHYTYPE_N)
2322 filename = "ucode30_mimo";
2323 break;
2324 case 29:
2325 if (phy->type == B43_PHYTYPE_HT)
2326 filename = "ucode29_mimo";
2327 break;
2328 case 26:
2329 if (phy->type == B43_PHYTYPE_HT)
2330 filename = "ucode26_mimo";
2331 break;
2332 case 28:
2333 case 25:
2334 if (phy->type == B43_PHYTYPE_N)
2335 filename = "ucode25_mimo";
2336 else if (phy->type == B43_PHYTYPE_LCN)
2337 filename = "ucode25_lcn";
2338 break;
2339 case 24:
2340 if (phy->type == B43_PHYTYPE_LCN)
2341 filename = "ucode24_lcn";
2342 break;
2343 case 23:
2344 if (phy->type == B43_PHYTYPE_N)
2345 filename = "ucode16_mimo";
2346 break;
2347 case 16 ... 19:
2348 if (phy->type == B43_PHYTYPE_N)
2349 filename = "ucode16_mimo";
2350 else if (phy->type == B43_PHYTYPE_LP)
2351 filename = "ucode16_lp";
2352 break;
2353 case 15:
2354 filename = "ucode15";
2355 break;
2356 case 14:
2357 filename = "ucode14";
2358 break;
2359 case 13:
2360 filename = "ucode13";
2361 break;
2362 case 11 ... 12:
2363 filename = "ucode11";
2364 break;
2365 case 5 ... 10:
2366 filename = "ucode5";
2367 break;
2368 }
2369 if (!filename)
2370 goto err_no_ucode;
2371 err = b43_do_request_fw(ctx, filename, &fw->ucode, true);
2372 if (err)
2373 goto err_load;
2374
2375 /* Get PCM code */
2376 if ((rev >= 5) && (rev <= 10))
2377 filename = "pcm5";
2378 else if (rev >= 11)
2379 filename = NULL;
2380 else
2381 goto err_no_pcm;
2382 fw->pcm_request_failed = false;
2383 err = b43_do_request_fw(ctx, filename, &fw->pcm, false);
2384 if (err == -ENOENT) {
2385 /* We did not find a PCM file? Not fatal, but
2386 * core rev <= 10 must do without hwcrypto then. */
2387 fw->pcm_request_failed = true;
2388 } else if (err)
2389 goto err_load;
2390
2391 /* Get initvals */
2392 filename = NULL;
2393 switch (dev->phy.type) {
2394 case B43_PHYTYPE_G:
2395 if (rev == 13)
2396 filename = "b0g0initvals13";
2397 else if (rev >= 5 && rev <= 10)
2398 filename = "b0g0initvals5";
2399 break;
2400 case B43_PHYTYPE_N:
2401 if (rev == 30)
2402 filename = "n16initvals30";
2403 else if (rev == 28 || rev == 25)
2404 filename = "n0initvals25";
2405 else if (rev == 24)
2406 filename = "n0initvals24";
2407 else if (rev == 23)
2408 filename = "n0initvals16"; /* What about n0initvals22? */
2409 else if (rev >= 16 && rev <= 18)
2410 filename = "n0initvals16";
2411 else if (rev >= 11 && rev <= 12)
2412 filename = "n0initvals11";
2413 break;
2414 case B43_PHYTYPE_LP:
2415 if (rev >= 16 && rev <= 18)
2416 filename = "lp0initvals16";
2417 else if (rev == 15)
2418 filename = "lp0initvals15";
2419 else if (rev == 14)
2420 filename = "lp0initvals14";
2421 else if (rev == 13)
2422 filename = "lp0initvals13";
2423 break;
2424 case B43_PHYTYPE_HT:
2425 if (rev == 29)
2426 filename = "ht0initvals29";
2427 else if (rev == 26)
2428 filename = "ht0initvals26";
2429 break;
2430 case B43_PHYTYPE_LCN:
2431 if (rev == 24)
2432 filename = "lcn0initvals24";
2433 break;
2434 case B43_PHYTYPE_LCN40:
2435 if (rev == 33)
2436 filename = "lcn400initvals33";
2437 break;
2438 case B43_PHYTYPE_AC:
2439 if (rev == 42)
2440 filename = "ac1initvals42";
2441 else if (rev == 40)
2442 filename = "ac0initvals40";
2443 break;
2444 }
2445 if (!filename)
2446 goto err_no_initvals;
2447 err = b43_do_request_fw(ctx, filename, &fw->initvals, false);
2448 if (err)
2449 goto err_load;
2450
2451 /* Get bandswitch initvals */
2452 filename = NULL;
2453 switch (dev->phy.type) {
2454 case B43_PHYTYPE_G:
2455 if (rev == 13)
2456 filename = "b0g0bsinitvals13";
2457 else if (rev >= 5 && rev <= 10)
2458 filename = "b0g0bsinitvals5";
2459 break;
2460 case B43_PHYTYPE_N:
2461 if (rev == 30)
2462 filename = "n16bsinitvals30";
2463 else if (rev == 28 || rev == 25)
2464 filename = "n0bsinitvals25";
2465 else if (rev == 24)
2466 filename = "n0bsinitvals24";
2467 else if (rev == 23)
2468 filename = "n0bsinitvals16"; /* What about n0bsinitvals22? */
2469 else if (rev >= 16 && rev <= 18)
2470 filename = "n0bsinitvals16";
2471 else if (rev >= 11 && rev <= 12)
2472 filename = "n0bsinitvals11";
2473 break;
2474 case B43_PHYTYPE_LP:
2475 if (rev >= 16 && rev <= 18)
2476 filename = "lp0bsinitvals16";
2477 else if (rev == 15)
2478 filename = "lp0bsinitvals15";
2479 else if (rev == 14)
2480 filename = "lp0bsinitvals14";
2481 else if (rev == 13)
2482 filename = "lp0bsinitvals13";
2483 break;
2484 case B43_PHYTYPE_HT:
2485 if (rev == 29)
2486 filename = "ht0bsinitvals29";
2487 else if (rev == 26)
2488 filename = "ht0bsinitvals26";
2489 break;
2490 case B43_PHYTYPE_LCN:
2491 if (rev == 24)
2492 filename = "lcn0bsinitvals24";
2493 break;
2494 case B43_PHYTYPE_LCN40:
2495 if (rev == 33)
2496 filename = "lcn400bsinitvals33";
2497 break;
2498 case B43_PHYTYPE_AC:
2499 if (rev == 42)
2500 filename = "ac1bsinitvals42";
2501 else if (rev == 40)
2502 filename = "ac0bsinitvals40";
2503 break;
2504 }
2505 if (!filename)
2506 goto err_no_initvals;
2507 err = b43_do_request_fw(ctx, filename, &fw->initvals_band, false);
2508 if (err)
2509 goto err_load;
2510
2511 fw->opensource = (ctx->req_type == B43_FWTYPE_OPENSOURCE);
2512
2513 return 0;
2514
2515err_no_ucode:
2516 err = ctx->fatal_failure = -EOPNOTSUPP;
2517 b43err(dev->wl, "The driver does not know which firmware (ucode) "
2518 "is required for your device (wl-core rev %u)\n", rev);
2519 goto error;
2520
2521err_no_pcm:
2522 err = ctx->fatal_failure = -EOPNOTSUPP;
2523 b43err(dev->wl, "The driver does not know which firmware (PCM) "
2524 "is required for your device (wl-core rev %u)\n", rev);
2525 goto error;
2526
2527err_no_initvals:
2528 err = ctx->fatal_failure = -EOPNOTSUPP;
2529 b43err(dev->wl, "The driver does not know which firmware (initvals) "
2530 "is required for your device (wl-core rev %u)\n", rev);
2531 goto error;
2532
2533err_load:
2534 /* We failed to load this firmware image. The error message
2535 * already is in ctx->errors. Return and let our caller decide
2536 * what to do. */
2537 goto error;
2538
2539error:
2540 b43_release_firmware(dev);
2541 return err;
2542}
2543
2544static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl);
2545static void b43_one_core_detach(struct b43_bus_dev *dev);
2546static int b43_rng_init(struct b43_wl *wl);
2547
2548static void b43_request_firmware(struct work_struct *work)
2549{
2550 struct b43_wl *wl = container_of(work,
2551 struct b43_wl, firmware_load);
2552 struct b43_wldev *dev = wl->current_dev;
2553 struct b43_request_fw_context *ctx;
2554 unsigned int i;
2555 int err;
2556 const char *errmsg;
2557
2558 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2559 if (!ctx)
2560 return;
2561 ctx->dev = dev;
2562
2563 ctx->req_type = B43_FWTYPE_PROPRIETARY;
2564 err = b43_try_request_fw(ctx);
2565 if (!err)
2566 goto start_ieee80211; /* Successfully loaded it. */
2567 /* Was fw version known? */
2568 if (ctx->fatal_failure)
2569 goto out;
2570
2571 /* proprietary fw not found, try open source */
2572 ctx->req_type = B43_FWTYPE_OPENSOURCE;
2573 err = b43_try_request_fw(ctx);
2574 if (!err)
2575 goto start_ieee80211; /* Successfully loaded it. */
2576 if(ctx->fatal_failure)
2577 goto out;
2578
2579 /* Could not find a usable firmware. Print the errors. */
2580 for (i = 0; i < B43_NR_FWTYPES; i++) {
2581 errmsg = ctx->errors[i];
2582 if (strlen(errmsg))
2583 b43err(dev->wl, "%s", errmsg);
2584 }
2585 b43_print_fw_helptext(dev->wl, 1);
2586 goto out;
2587
2588start_ieee80211:
2589 wl->hw->queues = B43_QOS_QUEUE_NUM;
2590 if (!modparam_qos || dev->fw.opensource)
2591 wl->hw->queues = 1;
2592
2593 err = ieee80211_register_hw(wl->hw);
2594 if (err)
2595 goto out;
2596 wl->hw_registered = true;
2597 b43_leds_register(wl->current_dev);
2598
2599 /* Register HW RNG driver */
2600 b43_rng_init(wl);
2601
2602out:
2603 kfree(ctx);
2604}
2605
2606static int b43_upload_microcode(struct b43_wldev *dev)
2607{
2608 struct wiphy *wiphy = dev->wl->hw->wiphy;
2609 const size_t hdr_len = sizeof(struct b43_fw_header);
2610 const __be32 *data;
2611 unsigned int i, len;
2612 u16 fwrev, fwpatch, fwdate, fwtime;
2613 u32 tmp, macctl;
2614 int err = 0;
2615
2616 /* Jump the microcode PSM to offset 0 */
2617 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2618 B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2619 macctl |= B43_MACCTL_PSM_JMP0;
2620 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2621 /* Zero out all microcode PSM registers and shared memory. */
2622 for (i = 0; i < 64; i++)
2623 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2624 for (i = 0; i < 4096; i += 2)
2625 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2626
2627 /* Upload Microcode. */
2628 data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2629 len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2630 b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2631 for (i = 0; i < len; i++) {
2632 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2633 udelay(10);
2634 }
2635
2636 if (dev->fw.pcm.data) {
2637 /* Upload PCM data. */
2638 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2639 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2640 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2641 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2642 /* No need for autoinc bit in SHM_HW */
2643 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2644 for (i = 0; i < len; i++) {
2645 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2646 udelay(10);
2647 }
2648 }
2649
2650 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2651
2652 /* Start the microcode PSM */
2653 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_JMP0,
2654 B43_MACCTL_PSM_RUN);
2655
2656 /* Wait for the microcode to load and respond */
2657 i = 0;
2658 while (1) {
2659 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2660 if (tmp == B43_IRQ_MAC_SUSPENDED)
2661 break;
2662 i++;
2663 if (i >= 20) {
2664 b43err(dev->wl, "Microcode not responding\n");
2665 b43_print_fw_helptext(dev->wl, 1);
2666 err = -ENODEV;
2667 goto error;
2668 }
2669 msleep(50);
2670 }
2671 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON); /* dummy read */
2672
2673 /* Get and check the revisions. */
2674 fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2675 fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2676 fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2677 fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2678
2679 if (fwrev <= 0x128) {
2680 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2681 "binary drivers older than version 4.x is unsupported. "
2682 "You must upgrade your firmware files.\n");
2683 b43_print_fw_helptext(dev->wl, 1);
2684 err = -EOPNOTSUPP;
2685 goto error;
2686 }
2687 dev->fw.rev = fwrev;
2688 dev->fw.patch = fwpatch;
2689 if (dev->fw.rev >= 598)
2690 dev->fw.hdr_format = B43_FW_HDR_598;
2691 else if (dev->fw.rev >= 410)
2692 dev->fw.hdr_format = B43_FW_HDR_410;
2693 else
2694 dev->fw.hdr_format = B43_FW_HDR_351;
2695 WARN_ON(dev->fw.opensource != (fwdate == 0xFFFF));
2696
2697 dev->qos_enabled = dev->wl->hw->queues > 1;
2698 /* Default to firmware/hardware crypto acceleration. */
2699 dev->hwcrypto_enabled = true;
2700
2701 if (dev->fw.opensource) {
2702 u16 fwcapa;
2703
2704 /* Patchlevel info is encoded in the "time" field. */
2705 dev->fw.patch = fwtime;
2706 b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2707 dev->fw.rev, dev->fw.patch);
2708
2709 fwcapa = b43_fwcapa_read(dev);
2710 if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2711 b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2712 /* Disable hardware crypto and fall back to software crypto. */
2713 dev->hwcrypto_enabled = false;
2714 }
2715 /* adding QoS support should use an offline discovery mechanism */
2716 WARN(fwcapa & B43_FWCAPA_QOS, "QoS in OpenFW not supported\n");
2717 } else {
2718 b43info(dev->wl, "Loading firmware version %u.%u "
2719 "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2720 fwrev, fwpatch,
2721 (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2722 (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2723 if (dev->fw.pcm_request_failed) {
2724 b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2725 "Hardware accelerated cryptography is disabled.\n");
2726 b43_print_fw_helptext(dev->wl, 0);
2727 }
2728 }
2729
2730 snprintf(wiphy->fw_version, sizeof(wiphy->fw_version), "%u.%u",
2731 dev->fw.rev, dev->fw.patch);
2732 wiphy->hw_version = dev->dev->core_id;
2733
2734 if (dev->fw.hdr_format == B43_FW_HDR_351) {
2735 /* We're over the deadline, but we keep support for old fw
2736 * until it turns out to be in major conflict with something new. */
2737 b43warn(dev->wl, "You are using an old firmware image. "
2738 "Support for old firmware will be removed soon "
2739 "(official deadline was July 2008).\n");
2740 b43_print_fw_helptext(dev->wl, 0);
2741 }
2742
2743 return 0;
2744
2745error:
2746 /* Stop the microcode PSM. */
2747 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
2748 B43_MACCTL_PSM_JMP0);
2749
2750 return err;
2751}
2752
2753static int b43_write_initvals(struct b43_wldev *dev,
2754 const struct b43_iv *ivals,
2755 size_t count,
2756 size_t array_size)
2757{
2758 const struct b43_iv *iv;
2759 u16 offset;
2760 size_t i;
2761 bool bit32;
2762
2763 BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2764 iv = ivals;
2765 for (i = 0; i < count; i++) {
2766 if (array_size < sizeof(iv->offset_size))
2767 goto err_format;
2768 array_size -= sizeof(iv->offset_size);
2769 offset = be16_to_cpu(iv->offset_size);
2770 bit32 = !!(offset & B43_IV_32BIT);
2771 offset &= B43_IV_OFFSET_MASK;
2772 if (offset >= 0x1000)
2773 goto err_format;
2774 if (bit32) {
2775 u32 value;
2776
2777 if (array_size < sizeof(iv->data.d32))
2778 goto err_format;
2779 array_size -= sizeof(iv->data.d32);
2780
2781 value = get_unaligned_be32(&iv->data.d32);
2782 b43_write32(dev, offset, value);
2783
2784 iv = (const struct b43_iv *)((const uint8_t *)iv +
2785 sizeof(__be16) +
2786 sizeof(__be32));
2787 } else {
2788 u16 value;
2789
2790 if (array_size < sizeof(iv->data.d16))
2791 goto err_format;
2792 array_size -= sizeof(iv->data.d16);
2793
2794 value = be16_to_cpu(iv->data.d16);
2795 b43_write16(dev, offset, value);
2796
2797 iv = (const struct b43_iv *)((const uint8_t *)iv +
2798 sizeof(__be16) +
2799 sizeof(__be16));
2800 }
2801 }
2802 if (array_size)
2803 goto err_format;
2804
2805 return 0;
2806
2807err_format:
2808 b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2809 b43_print_fw_helptext(dev->wl, 1);
2810
2811 return -EPROTO;
2812}
2813
2814static int b43_upload_initvals(struct b43_wldev *dev)
2815{
2816 const size_t hdr_len = sizeof(struct b43_fw_header);
2817 const struct b43_fw_header *hdr;
2818 struct b43_firmware *fw = &dev->fw;
2819 const struct b43_iv *ivals;
2820 size_t count;
2821
2822 hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2823 ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2824 count = be32_to_cpu(hdr->size);
2825 return b43_write_initvals(dev, ivals, count,
2826 fw->initvals.data->size - hdr_len);
2827}
2828
2829static int b43_upload_initvals_band(struct b43_wldev *dev)
2830{
2831 const size_t hdr_len = sizeof(struct b43_fw_header);
2832 const struct b43_fw_header *hdr;
2833 struct b43_firmware *fw = &dev->fw;
2834 const struct b43_iv *ivals;
2835 size_t count;
2836
2837 if (!fw->initvals_band.data)
2838 return 0;
2839
2840 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2841 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2842 count = be32_to_cpu(hdr->size);
2843 return b43_write_initvals(dev, ivals, count,
2844 fw->initvals_band.data->size - hdr_len);
2845}
2846
2847/* Initialize the GPIOs
2848 * https://bcm-specs.sipsolutions.net/GPIO
2849 */
2850
2851#ifdef CONFIG_B43_SSB
2852static struct ssb_device *b43_ssb_gpio_dev(struct b43_wldev *dev)
2853{
2854 struct ssb_bus *bus = dev->dev->sdev->bus;
2855
2856#ifdef CONFIG_SSB_DRIVER_PCICORE
2857 return (bus->chipco.dev ? bus->chipco.dev : bus->pcicore.dev);
2858#else
2859 return bus->chipco.dev;
2860#endif
2861}
2862#endif
2863
2864static int b43_gpio_init(struct b43_wldev *dev)
2865{
2866#ifdef CONFIG_B43_SSB
2867 struct ssb_device *gpiodev;
2868#endif
2869 u32 mask, set;
2870
2871 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_GPOUTSMSK, 0);
2872 b43_maskset16(dev, B43_MMIO_GPIO_MASK, ~0, 0xF);
2873
2874 mask = 0x0000001F;
2875 set = 0x0000000F;
2876 if (dev->dev->chip_id == 0x4301) {
2877 mask |= 0x0060;
2878 set |= 0x0060;
2879 } else if (dev->dev->chip_id == 0x5354) {
2880 /* Don't allow overtaking buttons GPIOs */
2881 set &= 0x2; /* 0x2 is LED GPIO on BCM5354 */
2882 }
2883
2884 if (0 /* FIXME: conditional unknown */ ) {
2885 b43_write16(dev, B43_MMIO_GPIO_MASK,
2886 b43_read16(dev, B43_MMIO_GPIO_MASK)
2887 | 0x0100);
2888 /* BT Coexistance Input */
2889 mask |= 0x0080;
2890 set |= 0x0080;
2891 /* BT Coexistance Out */
2892 mask |= 0x0100;
2893 set |= 0x0100;
2894 }
2895 if (dev->dev->bus_sprom->boardflags_lo & B43_BFL_PACTRL) {
2896 /* PA is controlled by gpio 9, let ucode handle it */
2897 b43_write16(dev, B43_MMIO_GPIO_MASK,
2898 b43_read16(dev, B43_MMIO_GPIO_MASK)
2899 | 0x0200);
2900 mask |= 0x0200;
2901 set |= 0x0200;
2902 }
2903
2904 switch (dev->dev->bus_type) {
2905#ifdef CONFIG_B43_BCMA
2906 case B43_BUS_BCMA:
2907 bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, mask, set);
2908 break;
2909#endif
2910#ifdef CONFIG_B43_SSB
2911 case B43_BUS_SSB:
2912 gpiodev = b43_ssb_gpio_dev(dev);
2913 if (gpiodev)
2914 ssb_write32(gpiodev, B43_GPIO_CONTROL,
2915 (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2916 & ~mask) | set);
2917 break;
2918#endif
2919 }
2920
2921 return 0;
2922}
2923
2924/* Turn off all GPIO stuff. Call this on module unload, for example. */
2925static void b43_gpio_cleanup(struct b43_wldev *dev)
2926{
2927#ifdef CONFIG_B43_SSB
2928 struct ssb_device *gpiodev;
2929#endif
2930
2931 switch (dev->dev->bus_type) {
2932#ifdef CONFIG_B43_BCMA
2933 case B43_BUS_BCMA:
2934 bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, ~0, 0);
2935 break;
2936#endif
2937#ifdef CONFIG_B43_SSB
2938 case B43_BUS_SSB:
2939 gpiodev = b43_ssb_gpio_dev(dev);
2940 if (gpiodev)
2941 ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2942 break;
2943#endif
2944 }
2945}
2946
2947/* http://bcm-specs.sipsolutions.net/EnableMac */
2948void b43_mac_enable(struct b43_wldev *dev)
2949{
2950 if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2951 u16 fwstate;
2952
2953 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2954 B43_SHM_SH_UCODESTAT);
2955 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2956 (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2957 b43err(dev->wl, "b43_mac_enable(): The firmware "
2958 "should be suspended, but current state is %u\n",
2959 fwstate);
2960 }
2961 }
2962
2963 dev->mac_suspended--;
2964 B43_WARN_ON(dev->mac_suspended < 0);
2965 if (dev->mac_suspended == 0) {
2966 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_ENABLED);
2967 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2968 B43_IRQ_MAC_SUSPENDED);
2969 /* Commit writes */
2970 b43_read32(dev, B43_MMIO_MACCTL);
2971 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2972 b43_power_saving_ctl_bits(dev, 0);
2973 }
2974}
2975
2976/* https://bcm-specs.sipsolutions.net/SuspendMAC */
2977void b43_mac_suspend(struct b43_wldev *dev)
2978{
2979 int i;
2980 u32 tmp;
2981
2982 might_sleep();
2983 B43_WARN_ON(dev->mac_suspended < 0);
2984
2985 if (dev->mac_suspended == 0) {
2986 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2987 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_ENABLED, 0);
2988 /* force pci to flush the write */
2989 b43_read32(dev, B43_MMIO_MACCTL);
2990 for (i = 35; i; i--) {
2991 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2992 if (tmp & B43_IRQ_MAC_SUSPENDED)
2993 goto out;
2994 udelay(10);
2995 }
2996 /* Hm, it seems this will take some time. Use msleep(). */
2997 for (i = 40; i; i--) {
2998 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2999 if (tmp & B43_IRQ_MAC_SUSPENDED)
3000 goto out;
3001 msleep(1);
3002 }
3003 b43err(dev->wl, "MAC suspend failed\n");
3004 }
3005out:
3006 dev->mac_suspended++;
3007}
3008
3009/* https://bcm-v4.sipsolutions.net/802.11/PHY/N/MacPhyClkSet */
3010void b43_mac_phy_clock_set(struct b43_wldev *dev, bool on)
3011{
3012 u32 tmp;
3013
3014 switch (dev->dev->bus_type) {
3015#ifdef CONFIG_B43_BCMA
3016 case B43_BUS_BCMA:
3017 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
3018 if (on)
3019 tmp |= B43_BCMA_IOCTL_MACPHYCLKEN;
3020 else
3021 tmp &= ~B43_BCMA_IOCTL_MACPHYCLKEN;
3022 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
3023 break;
3024#endif
3025#ifdef CONFIG_B43_SSB
3026 case B43_BUS_SSB:
3027 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3028 if (on)
3029 tmp |= B43_TMSLOW_MACPHYCLKEN;
3030 else
3031 tmp &= ~B43_TMSLOW_MACPHYCLKEN;
3032 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3033 break;
3034#endif
3035 }
3036}
3037
3038/* brcms_b_switch_macfreq */
3039void b43_mac_switch_freq(struct b43_wldev *dev, u8 spurmode)
3040{
3041 u16 chip_id = dev->dev->chip_id;
3042
3043 if (chip_id == BCMA_CHIP_ID_BCM4331) {
3044 switch (spurmode) {
3045 case 2: /* 168 Mhz: 2^26/168 = 0x61862 */
3046 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x1862);
3047 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3048 break;
3049 case 1: /* 164 Mhz: 2^26/164 = 0x63e70 */
3050 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x3e70);
3051 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3052 break;
3053 default: /* 160 Mhz: 2^26/160 = 0x66666 */
3054 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x6666);
3055 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3056 break;
3057 }
3058 } else if (chip_id == BCMA_CHIP_ID_BCM43131 ||
3059 chip_id == BCMA_CHIP_ID_BCM43217 ||
3060 chip_id == BCMA_CHIP_ID_BCM43222 ||
3061 chip_id == BCMA_CHIP_ID_BCM43224 ||
3062 chip_id == BCMA_CHIP_ID_BCM43225 ||
3063 chip_id == BCMA_CHIP_ID_BCM43227 ||
3064 chip_id == BCMA_CHIP_ID_BCM43228) {
3065 switch (spurmode) {
3066 case 2: /* 126 Mhz */
3067 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x2082);
3068 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3069 break;
3070 case 1: /* 123 Mhz */
3071 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x5341);
3072 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3073 break;
3074 default: /* 120 Mhz */
3075 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x8889);
3076 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3077 break;
3078 }
3079 } else if (dev->phy.type == B43_PHYTYPE_LCN) {
3080 switch (spurmode) {
3081 case 1: /* 82 Mhz */
3082 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x7CE0);
3083 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0xC);
3084 break;
3085 default: /* 80 Mhz */
3086 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0xCCCD);
3087 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0xC);
3088 break;
3089 }
3090 }
3091}
3092
3093static void b43_adjust_opmode(struct b43_wldev *dev)
3094{
3095 struct b43_wl *wl = dev->wl;
3096 u32 ctl;
3097 u16 cfp_pretbtt;
3098
3099 ctl = b43_read32(dev, B43_MMIO_MACCTL);
3100 /* Reset status to STA infrastructure mode. */
3101 ctl &= ~B43_MACCTL_AP;
3102 ctl &= ~B43_MACCTL_KEEP_CTL;
3103 ctl &= ~B43_MACCTL_KEEP_BADPLCP;
3104 ctl &= ~B43_MACCTL_KEEP_BAD;
3105 ctl &= ~B43_MACCTL_PROMISC;
3106 ctl &= ~B43_MACCTL_BEACPROMISC;
3107 ctl |= B43_MACCTL_INFRA;
3108
3109 if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3110 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
3111 ctl |= B43_MACCTL_AP;
3112 else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
3113 ctl &= ~B43_MACCTL_INFRA;
3114
3115 if (wl->filter_flags & FIF_CONTROL)
3116 ctl |= B43_MACCTL_KEEP_CTL;
3117 if (wl->filter_flags & FIF_FCSFAIL)
3118 ctl |= B43_MACCTL_KEEP_BAD;
3119 if (wl->filter_flags & FIF_PLCPFAIL)
3120 ctl |= B43_MACCTL_KEEP_BADPLCP;
3121 if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
3122 ctl |= B43_MACCTL_BEACPROMISC;
3123
3124 /* Workaround: On old hardware the HW-MAC-address-filter
3125 * doesn't work properly, so always run promisc in filter
3126 * it in software. */
3127 if (dev->dev->core_rev <= 4)
3128 ctl |= B43_MACCTL_PROMISC;
3129
3130 b43_write32(dev, B43_MMIO_MACCTL, ctl);
3131
3132 cfp_pretbtt = 2;
3133 if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
3134 if (dev->dev->chip_id == 0x4306 &&
3135 dev->dev->chip_rev == 3)
3136 cfp_pretbtt = 100;
3137 else
3138 cfp_pretbtt = 50;
3139 }
3140 b43_write16(dev, 0x612, cfp_pretbtt);
3141
3142 /* FIXME: We don't currently implement the PMQ mechanism,
3143 * so always disable it. If we want to implement PMQ,
3144 * we need to enable it here (clear DISCPMQ) in AP mode.
3145 */
3146 if (0 /* ctl & B43_MACCTL_AP */)
3147 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_DISCPMQ, 0);
3148 else
3149 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_DISCPMQ);
3150}
3151
3152static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
3153{
3154 u16 offset;
3155
3156 if (is_ofdm) {
3157 offset = 0x480;
3158 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
3159 } else {
3160 offset = 0x4C0;
3161 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
3162 }
3163 b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
3164 b43_shm_read16(dev, B43_SHM_SHARED, offset));
3165}
3166
3167static void b43_rate_memory_init(struct b43_wldev *dev)
3168{
3169 switch (dev->phy.type) {
3170 case B43_PHYTYPE_G:
3171 case B43_PHYTYPE_N:
3172 case B43_PHYTYPE_LP:
3173 case B43_PHYTYPE_HT:
3174 case B43_PHYTYPE_LCN:
3175 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
3176 b43_rate_memory_write(dev, B43_OFDM_RATE_9MB, 1);
3177 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
3178 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
3179 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
3180 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
3181 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
3182 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
3183 fallthrough;
3184 case B43_PHYTYPE_B:
3185 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
3186 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
3187 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
3188 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
3189 break;
3190 default:
3191 B43_WARN_ON(1);
3192 }
3193}
3194
3195/* Set the default values for the PHY TX Control Words. */
3196static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
3197{
3198 u16 ctl = 0;
3199
3200 ctl |= B43_TXH_PHY_ENC_CCK;
3201 ctl |= B43_TXH_PHY_ANT01AUTO;
3202 ctl |= B43_TXH_PHY_TXPWR;
3203
3204 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
3205 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
3206 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
3207}
3208
3209/* Set the TX-Antenna for management frames sent by firmware. */
3210static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
3211{
3212 u16 ant;
3213 u16 tmp;
3214
3215 ant = b43_antenna_to_phyctl(antenna);
3216
3217 /* For ACK/CTS */
3218 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
3219 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3220 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
3221 /* For Probe Resposes */
3222 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
3223 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3224 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
3225}
3226
3227/* This is the opposite of b43_chip_init() */
3228static void b43_chip_exit(struct b43_wldev *dev)
3229{
3230 b43_phy_exit(dev);
3231 b43_gpio_cleanup(dev);
3232 /* firmware is released later */
3233}
3234
3235/* Initialize the chip
3236 * https://bcm-specs.sipsolutions.net/ChipInit
3237 */
3238static int b43_chip_init(struct b43_wldev *dev)
3239{
3240 struct b43_phy *phy = &dev->phy;
3241 int err;
3242 u32 macctl;
3243 u16 value16;
3244
3245 /* Initialize the MAC control */
3246 macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
3247 if (dev->phy.gmode)
3248 macctl |= B43_MACCTL_GMODE;
3249 macctl |= B43_MACCTL_INFRA;
3250 b43_write32(dev, B43_MMIO_MACCTL, macctl);
3251
3252 err = b43_upload_microcode(dev);
3253 if (err)
3254 goto out; /* firmware is released later */
3255
3256 err = b43_gpio_init(dev);
3257 if (err)
3258 goto out; /* firmware is released later */
3259
3260 err = b43_upload_initvals(dev);
3261 if (err)
3262 goto err_gpio_clean;
3263
3264 err = b43_upload_initvals_band(dev);
3265 if (err)
3266 goto err_gpio_clean;
3267
3268 /* Turn the Analog on and initialize the PHY. */
3269 phy->ops->switch_analog(dev, 1);
3270 err = b43_phy_init(dev);
3271 if (err)
3272 goto err_gpio_clean;
3273
3274 /* Disable Interference Mitigation. */
3275 if (phy->ops->interf_mitigation)
3276 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
3277
3278 /* Select the antennae */
3279 if (phy->ops->set_rx_antenna)
3280 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
3281 b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
3282
3283 if (phy->type == B43_PHYTYPE_B) {
3284 value16 = b43_read16(dev, 0x005E);
3285 value16 |= 0x0004;
3286 b43_write16(dev, 0x005E, value16);
3287 }
3288 b43_write32(dev, 0x0100, 0x01000000);
3289 if (dev->dev->core_rev < 5)
3290 b43_write32(dev, 0x010C, 0x01000000);
3291
3292 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_INFRA, 0);
3293 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_INFRA);
3294
3295 /* Probe Response Timeout value */
3296 /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
3297 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 0);
3298
3299 /* Initially set the wireless operation mode. */
3300 b43_adjust_opmode(dev);
3301
3302 if (dev->dev->core_rev < 3) {
3303 b43_write16(dev, 0x060E, 0x0000);
3304 b43_write16(dev, 0x0610, 0x8000);
3305 b43_write16(dev, 0x0604, 0x0000);
3306 b43_write16(dev, 0x0606, 0x0200);
3307 } else {
3308 b43_write32(dev, 0x0188, 0x80000000);
3309 b43_write32(dev, 0x018C, 0x02000000);
3310 }
3311 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
3312 b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001FC00);
3313 b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
3314 b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
3315 b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
3316 b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
3317 b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
3318
3319 b43_mac_phy_clock_set(dev, true);
3320
3321 switch (dev->dev->bus_type) {
3322#ifdef CONFIG_B43_BCMA
3323 case B43_BUS_BCMA:
3324 /* FIXME: 0xE74 is quite common, but should be read from CC */
3325 b43_write16(dev, B43_MMIO_POWERUP_DELAY, 0xE74);
3326 break;
3327#endif
3328#ifdef CONFIG_B43_SSB
3329 case B43_BUS_SSB:
3330 b43_write16(dev, B43_MMIO_POWERUP_DELAY,
3331 dev->dev->sdev->bus->chipco.fast_pwrup_delay);
3332 break;
3333#endif
3334 }
3335
3336 err = 0;
3337 b43dbg(dev->wl, "Chip initialized\n");
3338out:
3339 return err;
3340
3341err_gpio_clean:
3342 b43_gpio_cleanup(dev);
3343 return err;
3344}
3345
3346static void b43_periodic_every60sec(struct b43_wldev *dev)
3347{
3348 const struct b43_phy_operations *ops = dev->phy.ops;
3349
3350 if (ops->pwork_60sec)
3351 ops->pwork_60sec(dev);
3352
3353 /* Force check the TX power emission now. */
3354 b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
3355}
3356
3357static void b43_periodic_every30sec(struct b43_wldev *dev)
3358{
3359 /* Update device statistics. */
3360 b43_calculate_link_quality(dev);
3361}
3362
3363static void b43_periodic_every15sec(struct b43_wldev *dev)
3364{
3365 struct b43_phy *phy = &dev->phy;
3366 u16 wdr;
3367
3368 if (dev->fw.opensource) {
3369 /* Check if the firmware is still alive.
3370 * It will reset the watchdog counter to 0 in its idle loop. */
3371 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
3372 if (unlikely(wdr)) {
3373 b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
3374 b43_controller_restart(dev, "Firmware watchdog");
3375 return;
3376 } else {
3377 b43_shm_write16(dev, B43_SHM_SCRATCH,
3378 B43_WATCHDOG_REG, 1);
3379 }
3380 }
3381
3382 if (phy->ops->pwork_15sec)
3383 phy->ops->pwork_15sec(dev);
3384
3385 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3386 wmb();
3387
3388#if B43_DEBUG
3389 if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
3390 unsigned int i;
3391
3392 b43dbg(dev->wl, "Stats: %7u IRQs/sec, %7u TX/sec, %7u RX/sec\n",
3393 dev->irq_count / 15,
3394 dev->tx_count / 15,
3395 dev->rx_count / 15);
3396 dev->irq_count = 0;
3397 dev->tx_count = 0;
3398 dev->rx_count = 0;
3399 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
3400 if (dev->irq_bit_count[i]) {
3401 b43dbg(dev->wl, "Stats: %7u IRQ-%02u/sec (0x%08X)\n",
3402 dev->irq_bit_count[i] / 15, i, (1 << i));
3403 dev->irq_bit_count[i] = 0;
3404 }
3405 }
3406 }
3407#endif
3408}
3409
3410static void do_periodic_work(struct b43_wldev *dev)
3411{
3412 unsigned int state;
3413
3414 state = dev->periodic_state;
3415 if (state % 4 == 0)
3416 b43_periodic_every60sec(dev);
3417 if (state % 2 == 0)
3418 b43_periodic_every30sec(dev);
3419 b43_periodic_every15sec(dev);
3420}
3421
3422/* Periodic work locking policy:
3423 * The whole periodic work handler is protected by
3424 * wl->mutex. If another lock is needed somewhere in the
3425 * pwork callchain, it's acquired in-place, where it's needed.
3426 */
3427static void b43_periodic_work_handler(struct work_struct *work)
3428{
3429 struct b43_wldev *dev = container_of(work, struct b43_wldev,
3430 periodic_work.work);
3431 struct b43_wl *wl = dev->wl;
3432 unsigned long delay;
3433
3434 mutex_lock(&wl->mutex);
3435
3436 if (unlikely(b43_status(dev) != B43_STAT_STARTED))
3437 goto out;
3438 if (b43_debug(dev, B43_DBG_PWORK_STOP))
3439 goto out_requeue;
3440
3441 do_periodic_work(dev);
3442
3443 dev->periodic_state++;
3444out_requeue:
3445 if (b43_debug(dev, B43_DBG_PWORK_FAST))
3446 delay = msecs_to_jiffies(50);
3447 else
3448 delay = round_jiffies_relative(HZ * 15);
3449 ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
3450out:
3451 mutex_unlock(&wl->mutex);
3452}
3453
3454static void b43_periodic_tasks_setup(struct b43_wldev *dev)
3455{
3456 struct delayed_work *work = &dev->periodic_work;
3457
3458 dev->periodic_state = 0;
3459 INIT_DELAYED_WORK(work, b43_periodic_work_handler);
3460 ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
3461}
3462
3463/* Check if communication with the device works correctly. */
3464static int b43_validate_chipaccess(struct b43_wldev *dev)
3465{
3466 u32 v, backup0, backup4;
3467
3468 backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
3469 backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
3470
3471 /* Check for read/write and endianness problems. */
3472 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
3473 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
3474 goto error;
3475 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
3476 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
3477 goto error;
3478
3479 /* Check if unaligned 32bit SHM_SHARED access works properly.
3480 * However, don't bail out on failure, because it's noncritical. */
3481 b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
3482 b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
3483 b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
3484 b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
3485 if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
3486 b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
3487 b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
3488 if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
3489 b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
3490 b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
3491 b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
3492 b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
3493
3494 b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
3495 b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
3496
3497 if ((dev->dev->core_rev >= 3) && (dev->dev->core_rev <= 10)) {
3498 /* The 32bit register shadows the two 16bit registers
3499 * with update sideeffects. Validate this. */
3500 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
3501 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
3502 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
3503 goto error;
3504 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
3505 goto error;
3506 }
3507 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
3508
3509 v = b43_read32(dev, B43_MMIO_MACCTL);
3510 v |= B43_MACCTL_GMODE;
3511 if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
3512 goto error;
3513
3514 return 0;
3515error:
3516 b43err(dev->wl, "Failed to validate the chipaccess\n");
3517 return -ENODEV;
3518}
3519
3520static void b43_security_init(struct b43_wldev *dev)
3521{
3522 dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
3523 /* KTP is a word address, but we address SHM bytewise.
3524 * So multiply by two.
3525 */
3526 dev->ktp *= 2;
3527 /* Number of RCMTA address slots */
3528 b43_write16(dev, B43_MMIO_RCMTA_COUNT, B43_NR_PAIRWISE_KEYS);
3529 /* Clear the key memory. */
3530 b43_clear_keys(dev);
3531}
3532
3533#ifdef CONFIG_B43_HWRNG
3534static int b43_rng_read(struct hwrng *rng, u32 *data)
3535{
3536 struct b43_wl *wl = (struct b43_wl *)rng->priv;
3537 struct b43_wldev *dev;
3538 int count = -ENODEV;
3539
3540 mutex_lock(&wl->mutex);
3541 dev = wl->current_dev;
3542 if (likely(dev && b43_status(dev) >= B43_STAT_INITIALIZED)) {
3543 *data = b43_read16(dev, B43_MMIO_RNG);
3544 count = sizeof(u16);
3545 }
3546 mutex_unlock(&wl->mutex);
3547
3548 return count;
3549}
3550#endif /* CONFIG_B43_HWRNG */
3551
3552static void b43_rng_exit(struct b43_wl *wl)
3553{
3554#ifdef CONFIG_B43_HWRNG
3555 if (wl->rng_initialized)
3556 hwrng_unregister(&wl->rng);
3557#endif /* CONFIG_B43_HWRNG */
3558}
3559
3560static int b43_rng_init(struct b43_wl *wl)
3561{
3562 int err = 0;
3563
3564#ifdef CONFIG_B43_HWRNG
3565 snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3566 "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3567 wl->rng.name = wl->rng_name;
3568 wl->rng.data_read = b43_rng_read;
3569 wl->rng.priv = (unsigned long)wl;
3570 wl->rng_initialized = true;
3571 err = hwrng_register(&wl->rng);
3572 if (err) {
3573 wl->rng_initialized = false;
3574 b43err(wl, "Failed to register the random "
3575 "number generator (%d)\n", err);
3576 }
3577#endif /* CONFIG_B43_HWRNG */
3578
3579 return err;
3580}
3581
3582static void b43_tx_work(struct work_struct *work)
3583{
3584 struct b43_wl *wl = container_of(work, struct b43_wl, tx_work);
3585 struct b43_wldev *dev;
3586 struct sk_buff *skb;
3587 int queue_num;
3588 int err = 0;
3589
3590 mutex_lock(&wl->mutex);
3591 dev = wl->current_dev;
3592 if (unlikely(!dev || b43_status(dev) < B43_STAT_STARTED)) {
3593 mutex_unlock(&wl->mutex);
3594 return;
3595 }
3596
3597 for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
3598 while (skb_queue_len(&wl->tx_queue[queue_num])) {
3599 skb = skb_dequeue(&wl->tx_queue[queue_num]);
3600 if (b43_using_pio_transfers(dev))
3601 err = b43_pio_tx(dev, skb);
3602 else
3603 err = b43_dma_tx(dev, skb);
3604 if (err == -ENOSPC) {
3605 wl->tx_queue_stopped[queue_num] = true;
3606 ieee80211_stop_queue(wl->hw, queue_num);
3607 skb_queue_head(&wl->tx_queue[queue_num], skb);
3608 break;
3609 }
3610 if (unlikely(err))
3611 ieee80211_free_txskb(wl->hw, skb);
3612 err = 0;
3613 }
3614
3615 if (!err)
3616 wl->tx_queue_stopped[queue_num] = false;
3617 }
3618
3619#if B43_DEBUG
3620 dev->tx_count++;
3621#endif
3622 mutex_unlock(&wl->mutex);
3623}
3624
3625static void b43_op_tx(struct ieee80211_hw *hw,
3626 struct ieee80211_tx_control *control,
3627 struct sk_buff *skb)
3628{
3629 struct b43_wl *wl = hw_to_b43_wl(hw);
3630
3631 if (unlikely(skb->len < 2 + 2 + 6)) {
3632 /* Too short, this can't be a valid frame. */
3633 ieee80211_free_txskb(hw, skb);
3634 return;
3635 }
3636 B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3637
3638 skb_queue_tail(&wl->tx_queue[skb->queue_mapping], skb);
3639 if (!wl->tx_queue_stopped[skb->queue_mapping]) {
3640 ieee80211_queue_work(wl->hw, &wl->tx_work);
3641 } else {
3642 ieee80211_stop_queue(wl->hw, skb->queue_mapping);
3643 }
3644}
3645
3646static void b43_qos_params_upload(struct b43_wldev *dev,
3647 const struct ieee80211_tx_queue_params *p,
3648 u16 shm_offset)
3649{
3650 u16 params[B43_NR_QOSPARAMS];
3651 int bslots, tmp;
3652 unsigned int i;
3653
3654 if (!dev->qos_enabled)
3655 return;
3656
3657 bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3658
3659 memset(¶ms, 0, sizeof(params));
3660
3661 params[B43_QOSPARAM_TXOP] = p->txop * 32;
3662 params[B43_QOSPARAM_CWMIN] = p->cw_min;
3663 params[B43_QOSPARAM_CWMAX] = p->cw_max;
3664 params[B43_QOSPARAM_CWCUR] = p->cw_min;
3665 params[B43_QOSPARAM_AIFS] = p->aifs;
3666 params[B43_QOSPARAM_BSLOTS] = bslots;
3667 params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3668
3669 for (i = 0; i < ARRAY_SIZE(params); i++) {
3670 if (i == B43_QOSPARAM_STATUS) {
3671 tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3672 shm_offset + (i * 2));
3673 /* Mark the parameters as updated. */
3674 tmp |= 0x100;
3675 b43_shm_write16(dev, B43_SHM_SHARED,
3676 shm_offset + (i * 2),
3677 tmp);
3678 } else {
3679 b43_shm_write16(dev, B43_SHM_SHARED,
3680 shm_offset + (i * 2),
3681 params[i]);
3682 }
3683 }
3684}
3685
3686/* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3687static const u16 b43_qos_shm_offsets[] = {
3688 /* [mac80211-queue-nr] = SHM_OFFSET, */
3689 [0] = B43_QOS_VOICE,
3690 [1] = B43_QOS_VIDEO,
3691 [2] = B43_QOS_BESTEFFORT,
3692 [3] = B43_QOS_BACKGROUND,
3693};
3694
3695/* Update all QOS parameters in hardware. */
3696static void b43_qos_upload_all(struct b43_wldev *dev)
3697{
3698 struct b43_wl *wl = dev->wl;
3699 struct b43_qos_params *params;
3700 unsigned int i;
3701
3702 if (!dev->qos_enabled)
3703 return;
3704
3705 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3706 ARRAY_SIZE(wl->qos_params));
3707
3708 b43_mac_suspend(dev);
3709 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3710 params = &(wl->qos_params[i]);
3711 b43_qos_params_upload(dev, &(params->p),
3712 b43_qos_shm_offsets[i]);
3713 }
3714 b43_mac_enable(dev);
3715}
3716
3717static void b43_qos_clear(struct b43_wl *wl)
3718{
3719 struct b43_qos_params *params;
3720 unsigned int i;
3721
3722 /* Initialize QoS parameters to sane defaults. */
3723
3724 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3725 ARRAY_SIZE(wl->qos_params));
3726
3727 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3728 params = &(wl->qos_params[i]);
3729
3730 switch (b43_qos_shm_offsets[i]) {
3731 case B43_QOS_VOICE:
3732 params->p.txop = 0;
3733 params->p.aifs = 2;
3734 params->p.cw_min = 0x0001;
3735 params->p.cw_max = 0x0001;
3736 break;
3737 case B43_QOS_VIDEO:
3738 params->p.txop = 0;
3739 params->p.aifs = 2;
3740 params->p.cw_min = 0x0001;
3741 params->p.cw_max = 0x0001;
3742 break;
3743 case B43_QOS_BESTEFFORT:
3744 params->p.txop = 0;
3745 params->p.aifs = 3;
3746 params->p.cw_min = 0x0001;
3747 params->p.cw_max = 0x03FF;
3748 break;
3749 case B43_QOS_BACKGROUND:
3750 params->p.txop = 0;
3751 params->p.aifs = 7;
3752 params->p.cw_min = 0x0001;
3753 params->p.cw_max = 0x03FF;
3754 break;
3755 default:
3756 B43_WARN_ON(1);
3757 }
3758 }
3759}
3760
3761/* Initialize the core's QOS capabilities */
3762static void b43_qos_init(struct b43_wldev *dev)
3763{
3764 if (!dev->qos_enabled) {
3765 /* Disable QOS support. */
3766 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_EDCF);
3767 b43_write16(dev, B43_MMIO_IFSCTL,
3768 b43_read16(dev, B43_MMIO_IFSCTL)
3769 & ~B43_MMIO_IFSCTL_USE_EDCF);
3770 b43dbg(dev->wl, "QoS disabled\n");
3771 return;
3772 }
3773
3774 /* Upload the current QOS parameters. */
3775 b43_qos_upload_all(dev);
3776
3777 /* Enable QOS support. */
3778 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3779 b43_write16(dev, B43_MMIO_IFSCTL,
3780 b43_read16(dev, B43_MMIO_IFSCTL)
3781 | B43_MMIO_IFSCTL_USE_EDCF);
3782 b43dbg(dev->wl, "QoS enabled\n");
3783}
3784
3785static int b43_op_conf_tx(struct ieee80211_hw *hw,
3786 struct ieee80211_vif *vif,
3787 unsigned int link_id, u16 _queue,
3788 const struct ieee80211_tx_queue_params *params)
3789{
3790 struct b43_wl *wl = hw_to_b43_wl(hw);
3791 struct b43_wldev *dev;
3792 unsigned int queue = (unsigned int)_queue;
3793 int err = -ENODEV;
3794
3795 if (queue >= ARRAY_SIZE(wl->qos_params)) {
3796 /* Queue not available or don't support setting
3797 * params on this queue. Return success to not
3798 * confuse mac80211. */
3799 return 0;
3800 }
3801 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3802 ARRAY_SIZE(wl->qos_params));
3803
3804 mutex_lock(&wl->mutex);
3805 dev = wl->current_dev;
3806 if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3807 goto out_unlock;
3808
3809 memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3810 b43_mac_suspend(dev);
3811 b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3812 b43_qos_shm_offsets[queue]);
3813 b43_mac_enable(dev);
3814 err = 0;
3815
3816out_unlock:
3817 mutex_unlock(&wl->mutex);
3818
3819 return err;
3820}
3821
3822static int b43_op_get_stats(struct ieee80211_hw *hw,
3823 struct ieee80211_low_level_stats *stats)
3824{
3825 struct b43_wl *wl = hw_to_b43_wl(hw);
3826
3827 mutex_lock(&wl->mutex);
3828 memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3829 mutex_unlock(&wl->mutex);
3830
3831 return 0;
3832}
3833
3834static u64 b43_op_get_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
3835{
3836 struct b43_wl *wl = hw_to_b43_wl(hw);
3837 struct b43_wldev *dev;
3838 u64 tsf;
3839
3840 mutex_lock(&wl->mutex);
3841 dev = wl->current_dev;
3842
3843 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3844 b43_tsf_read(dev, &tsf);
3845 else
3846 tsf = 0;
3847
3848 mutex_unlock(&wl->mutex);
3849
3850 return tsf;
3851}
3852
3853static void b43_op_set_tsf(struct ieee80211_hw *hw,
3854 struct ieee80211_vif *vif, u64 tsf)
3855{
3856 struct b43_wl *wl = hw_to_b43_wl(hw);
3857 struct b43_wldev *dev;
3858
3859 mutex_lock(&wl->mutex);
3860 dev = wl->current_dev;
3861
3862 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3863 b43_tsf_write(dev, tsf);
3864
3865 mutex_unlock(&wl->mutex);
3866}
3867
3868static const char *band_to_string(enum nl80211_band band)
3869{
3870 switch (band) {
3871 case NL80211_BAND_5GHZ:
3872 return "5";
3873 case NL80211_BAND_2GHZ:
3874 return "2.4";
3875 default:
3876 break;
3877 }
3878 B43_WARN_ON(1);
3879 return "";
3880}
3881
3882/* Expects wl->mutex locked */
3883static int b43_switch_band(struct b43_wldev *dev,
3884 struct ieee80211_channel *chan)
3885{
3886 struct b43_phy *phy = &dev->phy;
3887 bool gmode;
3888 u32 tmp;
3889
3890 switch (chan->band) {
3891 case NL80211_BAND_5GHZ:
3892 gmode = false;
3893 break;
3894 case NL80211_BAND_2GHZ:
3895 gmode = true;
3896 break;
3897 default:
3898 B43_WARN_ON(1);
3899 return -EINVAL;
3900 }
3901
3902 if (!((gmode && phy->supports_2ghz) ||
3903 (!gmode && phy->supports_5ghz))) {
3904 b43err(dev->wl, "This device doesn't support %s-GHz band\n",
3905 band_to_string(chan->band));
3906 return -ENODEV;
3907 }
3908
3909 if (!!phy->gmode == !!gmode) {
3910 /* This device is already running. */
3911 return 0;
3912 }
3913
3914 b43dbg(dev->wl, "Switching to %s GHz band\n",
3915 band_to_string(chan->band));
3916
3917 /* Some new devices don't need disabling radio for band switching */
3918 if (!(phy->type == B43_PHYTYPE_N && phy->rev >= 3))
3919 b43_software_rfkill(dev, true);
3920
3921 phy->gmode = gmode;
3922 b43_phy_put_into_reset(dev);
3923 switch (dev->dev->bus_type) {
3924#ifdef CONFIG_B43_BCMA
3925 case B43_BUS_BCMA:
3926 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
3927 if (gmode)
3928 tmp |= B43_BCMA_IOCTL_GMODE;
3929 else
3930 tmp &= ~B43_BCMA_IOCTL_GMODE;
3931 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
3932 break;
3933#endif
3934#ifdef CONFIG_B43_SSB
3935 case B43_BUS_SSB:
3936 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3937 if (gmode)
3938 tmp |= B43_TMSLOW_GMODE;
3939 else
3940 tmp &= ~B43_TMSLOW_GMODE;
3941 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3942 break;
3943#endif
3944 }
3945 b43_phy_take_out_of_reset(dev);
3946
3947 b43_upload_initvals_band(dev);
3948
3949 b43_phy_init(dev);
3950
3951 return 0;
3952}
3953
3954static void b43_set_beacon_listen_interval(struct b43_wldev *dev, u16 interval)
3955{
3956 interval = min_t(u16, interval, (u16)0xFF);
3957 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BCN_LI, interval);
3958}
3959
3960/* Write the short and long frame retry limit values. */
3961static void b43_set_retry_limits(struct b43_wldev *dev,
3962 unsigned int short_retry,
3963 unsigned int long_retry)
3964{
3965 /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3966 * the chip-internal counter. */
3967 short_retry = min(short_retry, (unsigned int)0xF);
3968 long_retry = min(long_retry, (unsigned int)0xF);
3969
3970 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3971 short_retry);
3972 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3973 long_retry);
3974}
3975
3976static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3977{
3978 struct b43_wl *wl = hw_to_b43_wl(hw);
3979 struct b43_wldev *dev = wl->current_dev;
3980 struct b43_phy *phy = &dev->phy;
3981 struct ieee80211_conf *conf = &hw->conf;
3982 int antenna;
3983 int err = 0;
3984
3985 mutex_lock(&wl->mutex);
3986 b43_mac_suspend(dev);
3987
3988 if (changed & IEEE80211_CONF_CHANGE_LISTEN_INTERVAL)
3989 b43_set_beacon_listen_interval(dev, conf->listen_interval);
3990
3991 if (changed & IEEE80211_CONF_CHANGE_CHANNEL) {
3992 phy->chandef = &conf->chandef;
3993 phy->channel = conf->chandef.chan->hw_value;
3994
3995 /* Switch the band (if necessary). */
3996 err = b43_switch_band(dev, conf->chandef.chan);
3997 if (err)
3998 goto out_mac_enable;
3999
4000 /* Switch to the requested channel.
4001 * The firmware takes care of races with the TX handler.
4002 */
4003 b43_switch_channel(dev, phy->channel);
4004 }
4005
4006 if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
4007 b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
4008 conf->long_frame_max_tx_count);
4009 changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
4010 if (!changed)
4011 goto out_mac_enable;
4012
4013 dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_MONITOR);
4014
4015 /* Adjust the desired TX power level. */
4016 if (conf->power_level != 0) {
4017 if (conf->power_level != phy->desired_txpower) {
4018 phy->desired_txpower = conf->power_level;
4019 b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
4020 B43_TXPWR_IGNORE_TSSI);
4021 }
4022 }
4023
4024 /* Antennas for RX and management frame TX. */
4025 antenna = B43_ANTENNA_DEFAULT;
4026 b43_mgmtframe_txantenna(dev, antenna);
4027 antenna = B43_ANTENNA_DEFAULT;
4028 if (phy->ops->set_rx_antenna)
4029 phy->ops->set_rx_antenna(dev, antenna);
4030
4031 if (wl->radio_enabled != phy->radio_on) {
4032 if (wl->radio_enabled) {
4033 b43_software_rfkill(dev, false);
4034 b43info(dev->wl, "Radio turned on by software\n");
4035 if (!dev->radio_hw_enable) {
4036 b43info(dev->wl, "The hardware RF-kill button "
4037 "still turns the radio physically off. "
4038 "Press the button to turn it on.\n");
4039 }
4040 } else {
4041 b43_software_rfkill(dev, true);
4042 b43info(dev->wl, "Radio turned off by software\n");
4043 }
4044 }
4045
4046out_mac_enable:
4047 b43_mac_enable(dev);
4048 mutex_unlock(&wl->mutex);
4049
4050 return err;
4051}
4052
4053static void b43_update_basic_rates(struct b43_wldev *dev, u32 brates)
4054{
4055 struct ieee80211_supported_band *sband =
4056 dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
4057 const struct ieee80211_rate *rate;
4058 int i;
4059 u16 basic, direct, offset, basic_offset, rateptr;
4060
4061 for (i = 0; i < sband->n_bitrates; i++) {
4062 rate = &sband->bitrates[i];
4063
4064 if (b43_is_cck_rate(rate->hw_value)) {
4065 direct = B43_SHM_SH_CCKDIRECT;
4066 basic = B43_SHM_SH_CCKBASIC;
4067 offset = b43_plcp_get_ratecode_cck(rate->hw_value);
4068 offset &= 0xF;
4069 } else {
4070 direct = B43_SHM_SH_OFDMDIRECT;
4071 basic = B43_SHM_SH_OFDMBASIC;
4072 offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
4073 offset &= 0xF;
4074 }
4075
4076 rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
4077
4078 if (b43_is_cck_rate(rate->hw_value)) {
4079 basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
4080 basic_offset &= 0xF;
4081 } else {
4082 basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
4083 basic_offset &= 0xF;
4084 }
4085
4086 /*
4087 * Get the pointer that we need to point to
4088 * from the direct map
4089 */
4090 rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
4091 direct + 2 * basic_offset);
4092 /* and write it to the basic map */
4093 b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
4094 rateptr);
4095 }
4096}
4097
4098static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
4099 struct ieee80211_vif *vif,
4100 struct ieee80211_bss_conf *conf,
4101 u64 changed)
4102{
4103 struct b43_wl *wl = hw_to_b43_wl(hw);
4104 struct b43_wldev *dev;
4105
4106 mutex_lock(&wl->mutex);
4107
4108 dev = wl->current_dev;
4109 if (!dev || b43_status(dev) < B43_STAT_STARTED)
4110 goto out_unlock_mutex;
4111
4112 B43_WARN_ON(wl->vif != vif);
4113
4114 if (changed & BSS_CHANGED_BSSID) {
4115 if (conf->bssid)
4116 memcpy(wl->bssid, conf->bssid, ETH_ALEN);
4117 else
4118 eth_zero_addr(wl->bssid);
4119 }
4120
4121 if (b43_status(dev) >= B43_STAT_INITIALIZED) {
4122 if (changed & BSS_CHANGED_BEACON &&
4123 (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
4124 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
4125 b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
4126 b43_update_templates(wl);
4127
4128 if (changed & BSS_CHANGED_BSSID)
4129 b43_write_mac_bssid_templates(dev);
4130 }
4131
4132 b43_mac_suspend(dev);
4133
4134 /* Update templates for AP/mesh mode. */
4135 if (changed & BSS_CHANGED_BEACON_INT &&
4136 (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
4137 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
4138 b43_is_mode(wl, NL80211_IFTYPE_ADHOC)) &&
4139 conf->beacon_int)
4140 b43_set_beacon_int(dev, conf->beacon_int);
4141
4142 if (changed & BSS_CHANGED_BASIC_RATES)
4143 b43_update_basic_rates(dev, conf->basic_rates);
4144
4145 if (changed & BSS_CHANGED_ERP_SLOT) {
4146 if (conf->use_short_slot)
4147 b43_short_slot_timing_enable(dev);
4148 else
4149 b43_short_slot_timing_disable(dev);
4150 }
4151
4152 b43_mac_enable(dev);
4153out_unlock_mutex:
4154 mutex_unlock(&wl->mutex);
4155}
4156
4157static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
4158 struct ieee80211_vif *vif, struct ieee80211_sta *sta,
4159 struct ieee80211_key_conf *key)
4160{
4161 struct b43_wl *wl = hw_to_b43_wl(hw);
4162 struct b43_wldev *dev;
4163 u8 algorithm;
4164 u8 index;
4165 int err;
4166 static const u8 bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
4167
4168 if (modparam_nohwcrypt)
4169 return -ENOSPC; /* User disabled HW-crypto */
4170
4171 if ((vif->type == NL80211_IFTYPE_ADHOC ||
4172 vif->type == NL80211_IFTYPE_MESH_POINT) &&
4173 (key->cipher == WLAN_CIPHER_SUITE_TKIP ||
4174 key->cipher == WLAN_CIPHER_SUITE_CCMP) &&
4175 !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
4176 /*
4177 * For now, disable hw crypto for the RSN IBSS group keys. This
4178 * could be optimized in the future, but until that gets
4179 * implemented, use of software crypto for group addressed
4180 * frames is a acceptable to allow RSN IBSS to be used.
4181 */
4182 return -EOPNOTSUPP;
4183 }
4184
4185 mutex_lock(&wl->mutex);
4186
4187 dev = wl->current_dev;
4188 err = -ENODEV;
4189 if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
4190 goto out_unlock;
4191
4192 if (dev->fw.pcm_request_failed || !dev->hwcrypto_enabled) {
4193 /* We don't have firmware for the crypto engine.
4194 * Must use software-crypto. */
4195 err = -EOPNOTSUPP;
4196 goto out_unlock;
4197 }
4198
4199 err = -EINVAL;
4200 switch (key->cipher) {
4201 case WLAN_CIPHER_SUITE_WEP40:
4202 algorithm = B43_SEC_ALGO_WEP40;
4203 break;
4204 case WLAN_CIPHER_SUITE_WEP104:
4205 algorithm = B43_SEC_ALGO_WEP104;
4206 break;
4207 case WLAN_CIPHER_SUITE_TKIP:
4208 algorithm = B43_SEC_ALGO_TKIP;
4209 break;
4210 case WLAN_CIPHER_SUITE_CCMP:
4211 algorithm = B43_SEC_ALGO_AES;
4212 break;
4213 default:
4214 B43_WARN_ON(1);
4215 goto out_unlock;
4216 }
4217 index = (u8) (key->keyidx);
4218 if (index > 3)
4219 goto out_unlock;
4220
4221 switch (cmd) {
4222 case SET_KEY:
4223 if (algorithm == B43_SEC_ALGO_TKIP &&
4224 (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE) ||
4225 !modparam_hwtkip)) {
4226 /* We support only pairwise key */
4227 err = -EOPNOTSUPP;
4228 goto out_unlock;
4229 }
4230
4231 if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
4232 if (WARN_ON(!sta)) {
4233 err = -EOPNOTSUPP;
4234 goto out_unlock;
4235 }
4236 /* Pairwise key with an assigned MAC address. */
4237 err = b43_key_write(dev, -1, algorithm,
4238 key->key, key->keylen,
4239 sta->addr, key);
4240 } else {
4241 /* Group key */
4242 err = b43_key_write(dev, index, algorithm,
4243 key->key, key->keylen, NULL, key);
4244 }
4245 if (err)
4246 goto out_unlock;
4247
4248 if (algorithm == B43_SEC_ALGO_WEP40 ||
4249 algorithm == B43_SEC_ALGO_WEP104) {
4250 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
4251 } else {
4252 b43_hf_write(dev,
4253 b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
4254 }
4255 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
4256 if (algorithm == B43_SEC_ALGO_TKIP)
4257 key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
4258 break;
4259 case DISABLE_KEY: {
4260 err = b43_key_clear(dev, key->hw_key_idx);
4261 if (err)
4262 goto out_unlock;
4263 break;
4264 }
4265 default:
4266 B43_WARN_ON(1);
4267 }
4268
4269out_unlock:
4270 if (!err) {
4271 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
4272 "mac: %pM\n",
4273 cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
4274 sta ? sta->addr : bcast_addr);
4275 b43_dump_keymemory(dev);
4276 }
4277 mutex_unlock(&wl->mutex);
4278
4279 return err;
4280}
4281
4282static void b43_op_configure_filter(struct ieee80211_hw *hw,
4283 unsigned int changed, unsigned int *fflags,
4284 u64 multicast)
4285{
4286 struct b43_wl *wl = hw_to_b43_wl(hw);
4287 struct b43_wldev *dev;
4288
4289 mutex_lock(&wl->mutex);
4290 dev = wl->current_dev;
4291 if (!dev) {
4292 *fflags = 0;
4293 goto out_unlock;
4294 }
4295
4296 *fflags &= FIF_ALLMULTI |
4297 FIF_FCSFAIL |
4298 FIF_PLCPFAIL |
4299 FIF_CONTROL |
4300 FIF_OTHER_BSS |
4301 FIF_BCN_PRBRESP_PROMISC;
4302
4303 changed &= FIF_ALLMULTI |
4304 FIF_FCSFAIL |
4305 FIF_PLCPFAIL |
4306 FIF_CONTROL |
4307 FIF_OTHER_BSS |
4308 FIF_BCN_PRBRESP_PROMISC;
4309
4310 wl->filter_flags = *fflags;
4311
4312 if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
4313 b43_adjust_opmode(dev);
4314
4315out_unlock:
4316 mutex_unlock(&wl->mutex);
4317}
4318
4319/* Locking: wl->mutex
4320 * Returns the current dev. This might be different from the passed in dev,
4321 * because the core might be gone away while we unlocked the mutex. */
4322static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev)
4323{
4324 struct b43_wl *wl;
4325 struct b43_wldev *orig_dev;
4326 u32 mask;
4327 int queue_num;
4328
4329 if (!dev)
4330 return NULL;
4331 wl = dev->wl;
4332redo:
4333 if (!dev || b43_status(dev) < B43_STAT_STARTED)
4334 return dev;
4335
4336 /* Cancel work. Unlock to avoid deadlocks. */
4337 mutex_unlock(&wl->mutex);
4338 cancel_delayed_work_sync(&dev->periodic_work);
4339 cancel_work_sync(&wl->tx_work);
4340 b43_leds_stop(dev);
4341 mutex_lock(&wl->mutex);
4342 dev = wl->current_dev;
4343 if (!dev || b43_status(dev) < B43_STAT_STARTED) {
4344 /* Whoops, aliens ate up the device while we were unlocked. */
4345 return dev;
4346 }
4347
4348 /* Disable interrupts on the device. */
4349 b43_set_status(dev, B43_STAT_INITIALIZED);
4350 if (b43_bus_host_is_sdio(dev->dev)) {
4351 /* wl->mutex is locked. That is enough. */
4352 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4353 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4354 } else {
4355 spin_lock_irq(&wl->hardirq_lock);
4356 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4357 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4358 spin_unlock_irq(&wl->hardirq_lock);
4359 }
4360 /* Synchronize and free the interrupt handlers. Unlock to avoid deadlocks. */
4361 orig_dev = dev;
4362 mutex_unlock(&wl->mutex);
4363 if (b43_bus_host_is_sdio(dev->dev))
4364 b43_sdio_free_irq(dev);
4365 else
4366 free_irq(dev->dev->irq, dev);
4367 mutex_lock(&wl->mutex);
4368 dev = wl->current_dev;
4369 if (!dev)
4370 return dev;
4371 if (dev != orig_dev) {
4372 if (b43_status(dev) >= B43_STAT_STARTED)
4373 goto redo;
4374 return dev;
4375 }
4376 mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
4377 B43_WARN_ON(mask != 0xFFFFFFFF && mask);
4378
4379 /* Drain all TX queues. */
4380 for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
4381 while (skb_queue_len(&wl->tx_queue[queue_num])) {
4382 struct sk_buff *skb;
4383
4384 skb = skb_dequeue(&wl->tx_queue[queue_num]);
4385 ieee80211_free_txskb(wl->hw, skb);
4386 }
4387 }
4388
4389 b43_mac_suspend(dev);
4390 b43_leds_exit(dev);
4391 b43dbg(wl, "Wireless interface stopped\n");
4392
4393 return dev;
4394}
4395
4396/* Locking: wl->mutex */
4397static int b43_wireless_core_start(struct b43_wldev *dev)
4398{
4399 int err;
4400
4401 B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
4402
4403 drain_txstatus_queue(dev);
4404 if (b43_bus_host_is_sdio(dev->dev)) {
4405 err = b43_sdio_request_irq(dev, b43_sdio_interrupt_handler);
4406 if (err) {
4407 b43err(dev->wl, "Cannot request SDIO IRQ\n");
4408 goto out;
4409 }
4410 } else {
4411 err = request_threaded_irq(dev->dev->irq, b43_interrupt_handler,
4412 b43_interrupt_thread_handler,
4413 IRQF_SHARED, KBUILD_MODNAME, dev);
4414 if (err) {
4415 b43err(dev->wl, "Cannot request IRQ-%d\n",
4416 dev->dev->irq);
4417 goto out;
4418 }
4419 }
4420
4421 /* We are ready to run. */
4422 ieee80211_wake_queues(dev->wl->hw);
4423 b43_set_status(dev, B43_STAT_STARTED);
4424
4425 /* Start data flow (TX/RX). */
4426 b43_mac_enable(dev);
4427 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
4428
4429 /* Start maintenance work */
4430 b43_periodic_tasks_setup(dev);
4431
4432 b43_leds_init(dev);
4433
4434 b43dbg(dev->wl, "Wireless interface started\n");
4435out:
4436 return err;
4437}
4438
4439static char *b43_phy_name(struct b43_wldev *dev, u8 phy_type)
4440{
4441 switch (phy_type) {
4442 case B43_PHYTYPE_A:
4443 return "A";
4444 case B43_PHYTYPE_B:
4445 return "B";
4446 case B43_PHYTYPE_G:
4447 return "G";
4448 case B43_PHYTYPE_N:
4449 return "N";
4450 case B43_PHYTYPE_LP:
4451 return "LP";
4452 case B43_PHYTYPE_SSLPN:
4453 return "SSLPN";
4454 case B43_PHYTYPE_HT:
4455 return "HT";
4456 case B43_PHYTYPE_LCN:
4457 return "LCN";
4458 case B43_PHYTYPE_LCNXN:
4459 return "LCNXN";
4460 case B43_PHYTYPE_LCN40:
4461 return "LCN40";
4462 case B43_PHYTYPE_AC:
4463 return "AC";
4464 }
4465 return "UNKNOWN";
4466}
4467
4468/* Get PHY and RADIO versioning numbers */
4469static int b43_phy_versioning(struct b43_wldev *dev)
4470{
4471 struct b43_phy *phy = &dev->phy;
4472 const u8 core_rev = dev->dev->core_rev;
4473 u32 tmp;
4474 u8 analog_type;
4475 u8 phy_type;
4476 u8 phy_rev;
4477 u16 radio_manuf;
4478 u16 radio_id;
4479 u16 radio_rev;
4480 u8 radio_ver;
4481 int unsupported = 0;
4482
4483 /* Get PHY versioning */
4484 tmp = b43_read16(dev, B43_MMIO_PHY_VER);
4485 analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
4486 phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
4487 phy_rev = (tmp & B43_PHYVER_VERSION);
4488
4489 /* LCNXN is continuation of N which run out of revisions */
4490 if (phy_type == B43_PHYTYPE_LCNXN) {
4491 phy_type = B43_PHYTYPE_N;
4492 phy_rev += 16;
4493 }
4494
4495 switch (phy_type) {
4496#ifdef CONFIG_B43_PHY_G
4497 case B43_PHYTYPE_G:
4498 if (phy_rev > 9)
4499 unsupported = 1;
4500 break;
4501#endif
4502#ifdef CONFIG_B43_PHY_N
4503 case B43_PHYTYPE_N:
4504 if (phy_rev >= 19)
4505 unsupported = 1;
4506 break;
4507#endif
4508#ifdef CONFIG_B43_PHY_LP
4509 case B43_PHYTYPE_LP:
4510 if (phy_rev > 2)
4511 unsupported = 1;
4512 break;
4513#endif
4514#ifdef CONFIG_B43_PHY_HT
4515 case B43_PHYTYPE_HT:
4516 if (phy_rev > 1)
4517 unsupported = 1;
4518 break;
4519#endif
4520#ifdef CONFIG_B43_PHY_LCN
4521 case B43_PHYTYPE_LCN:
4522 if (phy_rev > 1)
4523 unsupported = 1;
4524 break;
4525#endif
4526#ifdef CONFIG_B43_PHY_AC
4527 case B43_PHYTYPE_AC:
4528 if (phy_rev > 1)
4529 unsupported = 1;
4530 break;
4531#endif
4532 default:
4533 unsupported = 1;
4534 }
4535 if (unsupported) {
4536 b43err(dev->wl, "FOUND UNSUPPORTED PHY (Analog %u, Type %d (%s), Revision %u)\n",
4537 analog_type, phy_type, b43_phy_name(dev, phy_type),
4538 phy_rev);
4539 return -EOPNOTSUPP;
4540 }
4541 b43info(dev->wl, "Found PHY: Analog %u, Type %d (%s), Revision %u\n",
4542 analog_type, phy_type, b43_phy_name(dev, phy_type), phy_rev);
4543
4544 /* Get RADIO versioning */
4545 if (core_rev == 40 || core_rev == 42) {
4546 radio_manuf = 0x17F;
4547
4548 b43_write16f(dev, B43_MMIO_RADIO24_CONTROL, 0);
4549 radio_rev = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4550
4551 b43_write16f(dev, B43_MMIO_RADIO24_CONTROL, 1);
4552 radio_id = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4553
4554 radio_ver = 0; /* Is there version somewhere? */
4555 } else if (core_rev >= 24) {
4556 u16 radio24[3];
4557
4558 for (tmp = 0; tmp < 3; tmp++) {
4559 b43_write16f(dev, B43_MMIO_RADIO24_CONTROL, tmp);
4560 radio24[tmp] = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4561 }
4562
4563 radio_manuf = 0x17F;
4564 radio_id = (radio24[2] << 8) | radio24[1];
4565 radio_rev = (radio24[0] & 0xF);
4566 radio_ver = (radio24[0] & 0xF0) >> 4;
4567 } else {
4568 if (dev->dev->chip_id == 0x4317) {
4569 if (dev->dev->chip_rev == 0)
4570 tmp = 0x3205017F;
4571 else if (dev->dev->chip_rev == 1)
4572 tmp = 0x4205017F;
4573 else
4574 tmp = 0x5205017F;
4575 } else {
4576 b43_write16f(dev, B43_MMIO_RADIO_CONTROL,
4577 B43_RADIOCTL_ID);
4578 tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
4579 b43_write16f(dev, B43_MMIO_RADIO_CONTROL,
4580 B43_RADIOCTL_ID);
4581 tmp |= b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH) << 16;
4582 }
4583 radio_manuf = (tmp & 0x00000FFF);
4584 radio_id = (tmp & 0x0FFFF000) >> 12;
4585 radio_rev = (tmp & 0xF0000000) >> 28;
4586 radio_ver = 0; /* Probably not available on old hw */
4587 }
4588
4589 if (radio_manuf != 0x17F /* Broadcom */)
4590 unsupported = 1;
4591 switch (phy_type) {
4592 case B43_PHYTYPE_B:
4593 if ((radio_id & 0xFFF0) != 0x2050)
4594 unsupported = 1;
4595 break;
4596 case B43_PHYTYPE_G:
4597 if (radio_id != 0x2050)
4598 unsupported = 1;
4599 break;
4600 case B43_PHYTYPE_N:
4601 if (radio_id != 0x2055 && radio_id != 0x2056 &&
4602 radio_id != 0x2057)
4603 unsupported = 1;
4604 if (radio_id == 0x2057 &&
4605 !(radio_rev == 9 || radio_rev == 14))
4606 unsupported = 1;
4607 break;
4608 case B43_PHYTYPE_LP:
4609 if (radio_id != 0x2062 && radio_id != 0x2063)
4610 unsupported = 1;
4611 break;
4612 case B43_PHYTYPE_HT:
4613 if (radio_id != 0x2059)
4614 unsupported = 1;
4615 break;
4616 case B43_PHYTYPE_LCN:
4617 if (radio_id != 0x2064)
4618 unsupported = 1;
4619 break;
4620 case B43_PHYTYPE_AC:
4621 if (radio_id != 0x2069)
4622 unsupported = 1;
4623 break;
4624 default:
4625 B43_WARN_ON(1);
4626 }
4627 if (unsupported) {
4628 b43err(dev->wl,
4629 "FOUND UNSUPPORTED RADIO (Manuf 0x%X, ID 0x%X, Revision %u, Version %u)\n",
4630 radio_manuf, radio_id, radio_rev, radio_ver);
4631 return -EOPNOTSUPP;
4632 }
4633 b43info(dev->wl,
4634 "Found Radio: Manuf 0x%X, ID 0x%X, Revision %u, Version %u\n",
4635 radio_manuf, radio_id, radio_rev, radio_ver);
4636
4637 /* FIXME: b43 treats "id" as "ver" and ignores the real "ver" */
4638 phy->radio_manuf = radio_manuf;
4639 phy->radio_ver = radio_id;
4640 phy->radio_rev = radio_rev;
4641
4642 phy->analog = analog_type;
4643 phy->type = phy_type;
4644 phy->rev = phy_rev;
4645
4646 return 0;
4647}
4648
4649static void setup_struct_phy_for_init(struct b43_wldev *dev,
4650 struct b43_phy *phy)
4651{
4652 phy->hardware_power_control = !!modparam_hwpctl;
4653 phy->next_txpwr_check_time = jiffies;
4654 /* PHY TX errors counter. */
4655 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
4656
4657#if B43_DEBUG
4658 phy->phy_locked = false;
4659 phy->radio_locked = false;
4660#endif
4661}
4662
4663static void setup_struct_wldev_for_init(struct b43_wldev *dev)
4664{
4665 dev->dfq_valid = false;
4666
4667 /* Assume the radio is enabled. If it's not enabled, the state will
4668 * immediately get fixed on the first periodic work run. */
4669 dev->radio_hw_enable = true;
4670
4671 /* Stats */
4672 memset(&dev->stats, 0, sizeof(dev->stats));
4673
4674 setup_struct_phy_for_init(dev, &dev->phy);
4675
4676 /* IRQ related flags */
4677 dev->irq_reason = 0;
4678 memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
4679 dev->irq_mask = B43_IRQ_MASKTEMPLATE;
4680 if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
4681 dev->irq_mask &= ~B43_IRQ_PHY_TXERR;
4682
4683 dev->mac_suspended = 1;
4684
4685 /* Noise calculation context */
4686 memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
4687}
4688
4689static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
4690{
4691 struct ssb_sprom *sprom = dev->dev->bus_sprom;
4692 u64 hf;
4693
4694 if (!modparam_btcoex)
4695 return;
4696 if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
4697 return;
4698 if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
4699 return;
4700
4701 hf = b43_hf_read(dev);
4702 if (sprom->boardflags_lo & B43_BFL_BTCMOD)
4703 hf |= B43_HF_BTCOEXALT;
4704 else
4705 hf |= B43_HF_BTCOEX;
4706 b43_hf_write(dev, hf);
4707}
4708
4709static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
4710{
4711 if (!modparam_btcoex)
4712 return;
4713 //TODO
4714}
4715
4716static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
4717{
4718 struct ssb_bus *bus;
4719 u32 tmp;
4720
4721#ifdef CONFIG_B43_SSB
4722 if (dev->dev->bus_type != B43_BUS_SSB)
4723 return;
4724#else
4725 return;
4726#endif
4727
4728 bus = dev->dev->sdev->bus;
4729
4730 if ((bus->chip_id == 0x4311 && bus->chip_rev == 2) ||
4731 (bus->chip_id == 0x4312)) {
4732 tmp = ssb_read32(dev->dev->sdev, SSB_IMCFGLO);
4733 tmp &= ~SSB_IMCFGLO_REQTO;
4734 tmp &= ~SSB_IMCFGLO_SERTO;
4735 tmp |= 0x3;
4736 ssb_write32(dev->dev->sdev, SSB_IMCFGLO, tmp);
4737 ssb_commit_settings(bus);
4738 }
4739}
4740
4741static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
4742{
4743 u16 pu_delay;
4744
4745 /* The time value is in microseconds. */
4746 pu_delay = 1050;
4747 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
4748 pu_delay = 500;
4749 if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
4750 pu_delay = max(pu_delay, (u16)2400);
4751
4752 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
4753}
4754
4755/* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
4756static void b43_set_pretbtt(struct b43_wldev *dev)
4757{
4758 u16 pretbtt;
4759
4760 /* The time value is in microseconds. */
4761 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
4762 pretbtt = 2;
4763 else
4764 pretbtt = 250;
4765 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
4766 b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
4767}
4768
4769/* Shutdown a wireless core */
4770/* Locking: wl->mutex */
4771static void b43_wireless_core_exit(struct b43_wldev *dev)
4772{
4773 B43_WARN_ON(dev && b43_status(dev) > B43_STAT_INITIALIZED);
4774 if (!dev || b43_status(dev) != B43_STAT_INITIALIZED)
4775 return;
4776
4777 b43_set_status(dev, B43_STAT_UNINIT);
4778
4779 /* Stop the microcode PSM. */
4780 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
4781 B43_MACCTL_PSM_JMP0);
4782
4783 switch (dev->dev->bus_type) {
4784#ifdef CONFIG_B43_BCMA
4785 case B43_BUS_BCMA:
4786 bcma_host_pci_down(dev->dev->bdev->bus);
4787 break;
4788#endif
4789#ifdef CONFIG_B43_SSB
4790 case B43_BUS_SSB:
4791 /* TODO */
4792 break;
4793#endif
4794 }
4795
4796 b43_dma_free(dev);
4797 b43_pio_free(dev);
4798 b43_chip_exit(dev);
4799 dev->phy.ops->switch_analog(dev, 0);
4800 if (dev->wl->current_beacon) {
4801 dev_kfree_skb_any(dev->wl->current_beacon);
4802 dev->wl->current_beacon = NULL;
4803 }
4804
4805 b43_device_disable(dev, 0);
4806 b43_bus_may_powerdown(dev);
4807}
4808
4809/* Initialize a wireless core */
4810static int b43_wireless_core_init(struct b43_wldev *dev)
4811{
4812 struct ssb_sprom *sprom = dev->dev->bus_sprom;
4813 struct b43_phy *phy = &dev->phy;
4814 int err;
4815 u64 hf;
4816
4817 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4818
4819 err = b43_bus_powerup(dev, 0);
4820 if (err)
4821 goto out;
4822 if (!b43_device_is_enabled(dev))
4823 b43_wireless_core_reset(dev, phy->gmode);
4824
4825 /* Reset all data structures. */
4826 setup_struct_wldev_for_init(dev);
4827 phy->ops->prepare_structs(dev);
4828
4829 /* Enable IRQ routing to this device. */
4830 switch (dev->dev->bus_type) {
4831#ifdef CONFIG_B43_BCMA
4832 case B43_BUS_BCMA:
4833 bcma_host_pci_irq_ctl(dev->dev->bdev->bus,
4834 dev->dev->bdev, true);
4835 bcma_host_pci_up(dev->dev->bdev->bus);
4836 break;
4837#endif
4838#ifdef CONFIG_B43_SSB
4839 case B43_BUS_SSB:
4840 ssb_pcicore_dev_irqvecs_enable(&dev->dev->sdev->bus->pcicore,
4841 dev->dev->sdev);
4842 break;
4843#endif
4844 }
4845
4846 b43_imcfglo_timeouts_workaround(dev);
4847 b43_bluetooth_coext_disable(dev);
4848 if (phy->ops->prepare_hardware) {
4849 err = phy->ops->prepare_hardware(dev);
4850 if (err)
4851 goto err_busdown;
4852 }
4853 err = b43_chip_init(dev);
4854 if (err)
4855 goto err_busdown;
4856 b43_shm_write16(dev, B43_SHM_SHARED,
4857 B43_SHM_SH_WLCOREREV, dev->dev->core_rev);
4858 hf = b43_hf_read(dev);
4859 if (phy->type == B43_PHYTYPE_G) {
4860 hf |= B43_HF_SYMW;
4861 if (phy->rev == 1)
4862 hf |= B43_HF_GDCW;
4863 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4864 hf |= B43_HF_OFDMPABOOST;
4865 }
4866 if (phy->radio_ver == 0x2050) {
4867 if (phy->radio_rev == 6)
4868 hf |= B43_HF_4318TSSI;
4869 if (phy->radio_rev < 6)
4870 hf |= B43_HF_VCORECALC;
4871 }
4872 if (sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW)
4873 hf |= B43_HF_DSCRQ; /* Disable slowclock requests from ucode. */
4874#if defined(CONFIG_B43_SSB) && defined(CONFIG_SSB_DRIVER_PCICORE)
4875 if (dev->dev->bus_type == B43_BUS_SSB &&
4876 dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI &&
4877 dev->dev->sdev->bus->pcicore.dev->id.revision <= 10)
4878 hf |= B43_HF_PCISCW; /* PCI slow clock workaround. */
4879#endif
4880 hf &= ~B43_HF_SKCFPUP;
4881 b43_hf_write(dev, hf);
4882
4883 /* tell the ucode MAC capabilities */
4884 if (dev->dev->core_rev >= 13) {
4885 u32 mac_hw_cap = b43_read32(dev, B43_MMIO_MAC_HW_CAP);
4886
4887 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_MACHW_L,
4888 mac_hw_cap & 0xffff);
4889 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_MACHW_H,
4890 (mac_hw_cap >> 16) & 0xffff);
4891 }
4892
4893 b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4894 B43_DEFAULT_LONG_RETRY_LIMIT);
4895 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4896 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4897
4898 /* Disable sending probe responses from firmware.
4899 * Setting the MaxTime to one usec will always trigger
4900 * a timeout, so we never send any probe resp.
4901 * A timeout of zero is infinite. */
4902 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4903
4904 b43_rate_memory_init(dev);
4905 b43_set_phytxctl_defaults(dev);
4906
4907 /* Minimum Contention Window */
4908 if (phy->type == B43_PHYTYPE_B)
4909 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4910 else
4911 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4912 /* Maximum Contention Window */
4913 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4914
4915 /* write phytype and phyvers */
4916 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PHYTYPE, phy->type);
4917 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PHYVER, phy->rev);
4918
4919 if (b43_bus_host_is_pcmcia(dev->dev) ||
4920 b43_bus_host_is_sdio(dev->dev)) {
4921 dev->__using_pio_transfers = true;
4922 err = b43_pio_init(dev);
4923 } else if (dev->use_pio) {
4924 b43warn(dev->wl, "Forced PIO by use_pio module parameter. "
4925 "This should not be needed and will result in lower "
4926 "performance.\n");
4927 dev->__using_pio_transfers = true;
4928 err = b43_pio_init(dev);
4929 } else {
4930 dev->__using_pio_transfers = false;
4931 err = b43_dma_init(dev);
4932 }
4933 if (err)
4934 goto err_chip_exit;
4935 b43_qos_init(dev);
4936 b43_set_synth_pu_delay(dev, 1);
4937 b43_bluetooth_coext_enable(dev);
4938
4939 b43_bus_powerup(dev, !(sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW));
4940 b43_upload_card_macaddress(dev);
4941 b43_security_init(dev);
4942
4943 ieee80211_wake_queues(dev->wl->hw);
4944
4945 b43_set_status(dev, B43_STAT_INITIALIZED);
4946
4947out:
4948 return err;
4949
4950err_chip_exit:
4951 b43_chip_exit(dev);
4952err_busdown:
4953 b43_bus_may_powerdown(dev);
4954 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4955 return err;
4956}
4957
4958static int b43_op_add_interface(struct ieee80211_hw *hw,
4959 struct ieee80211_vif *vif)
4960{
4961 struct b43_wl *wl = hw_to_b43_wl(hw);
4962 struct b43_wldev *dev;
4963 int err = -EOPNOTSUPP;
4964
4965 /* TODO: allow AP devices to coexist */
4966
4967 if (vif->type != NL80211_IFTYPE_AP &&
4968 vif->type != NL80211_IFTYPE_MESH_POINT &&
4969 vif->type != NL80211_IFTYPE_STATION &&
4970 vif->type != NL80211_IFTYPE_ADHOC)
4971 return -EOPNOTSUPP;
4972
4973 mutex_lock(&wl->mutex);
4974 if (wl->operating)
4975 goto out_mutex_unlock;
4976
4977 b43dbg(wl, "Adding Interface type %d\n", vif->type);
4978
4979 dev = wl->current_dev;
4980 wl->operating = true;
4981 wl->vif = vif;
4982 wl->if_type = vif->type;
4983 memcpy(wl->mac_addr, vif->addr, ETH_ALEN);
4984
4985 b43_adjust_opmode(dev);
4986 b43_set_pretbtt(dev);
4987 b43_set_synth_pu_delay(dev, 0);
4988 b43_upload_card_macaddress(dev);
4989
4990 err = 0;
4991 out_mutex_unlock:
4992 mutex_unlock(&wl->mutex);
4993
4994 if (err == 0)
4995 b43_op_bss_info_changed(hw, vif, &vif->bss_conf, ~0);
4996
4997 return err;
4998}
4999
5000static void b43_op_remove_interface(struct ieee80211_hw *hw,
5001 struct ieee80211_vif *vif)
5002{
5003 struct b43_wl *wl = hw_to_b43_wl(hw);
5004 struct b43_wldev *dev = wl->current_dev;
5005
5006 b43dbg(wl, "Removing Interface type %d\n", vif->type);
5007
5008 mutex_lock(&wl->mutex);
5009
5010 B43_WARN_ON(!wl->operating);
5011 B43_WARN_ON(wl->vif != vif);
5012 wl->vif = NULL;
5013
5014 wl->operating = false;
5015
5016 b43_adjust_opmode(dev);
5017 eth_zero_addr(wl->mac_addr);
5018 b43_upload_card_macaddress(dev);
5019
5020 mutex_unlock(&wl->mutex);
5021}
5022
5023static int b43_op_start(struct ieee80211_hw *hw)
5024{
5025 struct b43_wl *wl = hw_to_b43_wl(hw);
5026 struct b43_wldev *dev = wl->current_dev;
5027 int did_init = 0;
5028 int err = 0;
5029
5030 /* Kill all old instance specific information to make sure
5031 * the card won't use it in the short timeframe between start
5032 * and mac80211 reconfiguring it. */
5033 eth_zero_addr(wl->bssid);
5034 eth_zero_addr(wl->mac_addr);
5035 wl->filter_flags = 0;
5036 wl->radiotap_enabled = false;
5037 b43_qos_clear(wl);
5038 wl->beacon0_uploaded = false;
5039 wl->beacon1_uploaded = false;
5040 wl->beacon_templates_virgin = true;
5041 wl->radio_enabled = true;
5042
5043 mutex_lock(&wl->mutex);
5044
5045 if (b43_status(dev) < B43_STAT_INITIALIZED) {
5046 err = b43_wireless_core_init(dev);
5047 if (err)
5048 goto out_mutex_unlock;
5049 did_init = 1;
5050 }
5051
5052 if (b43_status(dev) < B43_STAT_STARTED) {
5053 err = b43_wireless_core_start(dev);
5054 if (err) {
5055 if (did_init)
5056 b43_wireless_core_exit(dev);
5057 goto out_mutex_unlock;
5058 }
5059 }
5060
5061 /* XXX: only do if device doesn't support rfkill irq */
5062 wiphy_rfkill_start_polling(hw->wiphy);
5063
5064 out_mutex_unlock:
5065 mutex_unlock(&wl->mutex);
5066
5067 /*
5068 * Configuration may have been overwritten during initialization.
5069 * Reload the configuration, but only if initialization was
5070 * successful. Reloading the configuration after a failed init
5071 * may hang the system.
5072 */
5073 if (!err)
5074 b43_op_config(hw, ~0);
5075
5076 return err;
5077}
5078
5079static void b43_op_stop(struct ieee80211_hw *hw)
5080{
5081 struct b43_wl *wl = hw_to_b43_wl(hw);
5082 struct b43_wldev *dev = wl->current_dev;
5083
5084 cancel_work_sync(&(wl->beacon_update_trigger));
5085
5086 if (!dev)
5087 goto out;
5088
5089 mutex_lock(&wl->mutex);
5090 if (b43_status(dev) >= B43_STAT_STARTED) {
5091 dev = b43_wireless_core_stop(dev);
5092 if (!dev)
5093 goto out_unlock;
5094 }
5095 b43_wireless_core_exit(dev);
5096 wl->radio_enabled = false;
5097
5098out_unlock:
5099 mutex_unlock(&wl->mutex);
5100out:
5101 cancel_work_sync(&(wl->txpower_adjust_work));
5102}
5103
5104static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
5105 struct ieee80211_sta *sta, bool set)
5106{
5107 struct b43_wl *wl = hw_to_b43_wl(hw);
5108
5109 b43_update_templates(wl);
5110
5111 return 0;
5112}
5113
5114static void b43_op_sta_notify(struct ieee80211_hw *hw,
5115 struct ieee80211_vif *vif,
5116 enum sta_notify_cmd notify_cmd,
5117 struct ieee80211_sta *sta)
5118{
5119 struct b43_wl *wl = hw_to_b43_wl(hw);
5120
5121 B43_WARN_ON(!vif || wl->vif != vif);
5122}
5123
5124static void b43_op_sw_scan_start_notifier(struct ieee80211_hw *hw,
5125 struct ieee80211_vif *vif,
5126 const u8 *mac_addr)
5127{
5128 struct b43_wl *wl = hw_to_b43_wl(hw);
5129 struct b43_wldev *dev;
5130
5131 mutex_lock(&wl->mutex);
5132 dev = wl->current_dev;
5133 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
5134 /* Disable CFP update during scan on other channels. */
5135 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_SKCFPUP);
5136 }
5137 mutex_unlock(&wl->mutex);
5138}
5139
5140static void b43_op_sw_scan_complete_notifier(struct ieee80211_hw *hw,
5141 struct ieee80211_vif *vif)
5142{
5143 struct b43_wl *wl = hw_to_b43_wl(hw);
5144 struct b43_wldev *dev;
5145
5146 mutex_lock(&wl->mutex);
5147 dev = wl->current_dev;
5148 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
5149 /* Re-enable CFP update. */
5150 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_SKCFPUP);
5151 }
5152 mutex_unlock(&wl->mutex);
5153}
5154
5155static int b43_op_get_survey(struct ieee80211_hw *hw, int idx,
5156 struct survey_info *survey)
5157{
5158 struct b43_wl *wl = hw_to_b43_wl(hw);
5159 struct b43_wldev *dev = wl->current_dev;
5160 struct ieee80211_conf *conf = &hw->conf;
5161
5162 if (idx != 0)
5163 return -ENOENT;
5164
5165 survey->channel = conf->chandef.chan;
5166 survey->filled = SURVEY_INFO_NOISE_DBM;
5167 survey->noise = dev->stats.link_noise;
5168
5169 return 0;
5170}
5171
5172static const struct ieee80211_ops b43_hw_ops = {
5173 .tx = b43_op_tx,
5174 .wake_tx_queue = ieee80211_handle_wake_tx_queue,
5175 .conf_tx = b43_op_conf_tx,
5176 .add_interface = b43_op_add_interface,
5177 .remove_interface = b43_op_remove_interface,
5178 .config = b43_op_config,
5179 .bss_info_changed = b43_op_bss_info_changed,
5180 .configure_filter = b43_op_configure_filter,
5181 .set_key = b43_op_set_key,
5182 .update_tkip_key = b43_op_update_tkip_key,
5183 .get_stats = b43_op_get_stats,
5184 .get_tsf = b43_op_get_tsf,
5185 .set_tsf = b43_op_set_tsf,
5186 .start = b43_op_start,
5187 .stop = b43_op_stop,
5188 .set_tim = b43_op_beacon_set_tim,
5189 .sta_notify = b43_op_sta_notify,
5190 .sw_scan_start = b43_op_sw_scan_start_notifier,
5191 .sw_scan_complete = b43_op_sw_scan_complete_notifier,
5192 .get_survey = b43_op_get_survey,
5193 .rfkill_poll = b43_rfkill_poll,
5194};
5195
5196/* Hard-reset the chip. Do not call this directly.
5197 * Use b43_controller_restart()
5198 */
5199static void b43_chip_reset(struct work_struct *work)
5200{
5201 struct b43_wldev *dev =
5202 container_of(work, struct b43_wldev, restart_work);
5203 struct b43_wl *wl = dev->wl;
5204 int err = 0;
5205 int prev_status;
5206
5207 mutex_lock(&wl->mutex);
5208
5209 prev_status = b43_status(dev);
5210 /* Bring the device down... */
5211 if (prev_status >= B43_STAT_STARTED) {
5212 dev = b43_wireless_core_stop(dev);
5213 if (!dev) {
5214 err = -ENODEV;
5215 goto out;
5216 }
5217 }
5218 if (prev_status >= B43_STAT_INITIALIZED)
5219 b43_wireless_core_exit(dev);
5220
5221 /* ...and up again. */
5222 if (prev_status >= B43_STAT_INITIALIZED) {
5223 err = b43_wireless_core_init(dev);
5224 if (err)
5225 goto out;
5226 }
5227 if (prev_status >= B43_STAT_STARTED) {
5228 err = b43_wireless_core_start(dev);
5229 if (err) {
5230 b43_wireless_core_exit(dev);
5231 goto out;
5232 }
5233 }
5234out:
5235 if (err)
5236 wl->current_dev = NULL; /* Failed to init the dev. */
5237 mutex_unlock(&wl->mutex);
5238
5239 if (err) {
5240 b43err(wl, "Controller restart FAILED\n");
5241 return;
5242 }
5243
5244 /* reload configuration */
5245 b43_op_config(wl->hw, ~0);
5246 if (wl->vif)
5247 b43_op_bss_info_changed(wl->hw, wl->vif, &wl->vif->bss_conf, ~0);
5248
5249 b43info(wl, "Controller restarted\n");
5250}
5251
5252static int b43_setup_bands(struct b43_wldev *dev,
5253 bool have_2ghz_phy, bool have_5ghz_phy)
5254{
5255 struct ieee80211_hw *hw = dev->wl->hw;
5256 struct b43_phy *phy = &dev->phy;
5257 bool limited_2g;
5258 bool limited_5g;
5259
5260 /* We don't support all 2 GHz channels on some devices */
5261 limited_2g = phy->radio_ver == 0x2057 &&
5262 (phy->radio_rev == 9 || phy->radio_rev == 14);
5263 limited_5g = phy->radio_ver == 0x2057 &&
5264 phy->radio_rev == 9;
5265
5266 if (have_2ghz_phy)
5267 hw->wiphy->bands[NL80211_BAND_2GHZ] = limited_2g ?
5268 &b43_band_2ghz_limited : &b43_band_2GHz;
5269 if (dev->phy.type == B43_PHYTYPE_N) {
5270 if (have_5ghz_phy)
5271 hw->wiphy->bands[NL80211_BAND_5GHZ] = limited_5g ?
5272 &b43_band_5GHz_nphy_limited :
5273 &b43_band_5GHz_nphy;
5274 } else {
5275 if (have_5ghz_phy)
5276 hw->wiphy->bands[NL80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
5277 }
5278
5279 dev->phy.supports_2ghz = have_2ghz_phy;
5280 dev->phy.supports_5ghz = have_5ghz_phy;
5281
5282 return 0;
5283}
5284
5285static void b43_wireless_core_detach(struct b43_wldev *dev)
5286{
5287 /* We release firmware that late to not be required to re-request
5288 * is all the time when we reinit the core. */
5289 b43_release_firmware(dev);
5290 b43_phy_free(dev);
5291}
5292
5293static void b43_supported_bands(struct b43_wldev *dev, bool *have_2ghz_phy,
5294 bool *have_5ghz_phy)
5295{
5296 u16 dev_id = 0;
5297
5298#ifdef CONFIG_B43_BCMA
5299 if (dev->dev->bus_type == B43_BUS_BCMA &&
5300 dev->dev->bdev->bus->hosttype == BCMA_HOSTTYPE_PCI)
5301 dev_id = dev->dev->bdev->bus->host_pci->device;
5302#endif
5303#ifdef CONFIG_B43_SSB
5304 if (dev->dev->bus_type == B43_BUS_SSB &&
5305 dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI)
5306 dev_id = dev->dev->sdev->bus->host_pci->device;
5307#endif
5308 /* Override with SPROM value if available */
5309 if (dev->dev->bus_sprom->dev_id)
5310 dev_id = dev->dev->bus_sprom->dev_id;
5311
5312 /* Note: below IDs can be "virtual" (not maching e.g. real PCI ID) */
5313 switch (dev_id) {
5314 case 0x4324: /* BCM4306 */
5315 case 0x4312: /* BCM4311 */
5316 case 0x4319: /* BCM4318 */
5317 case 0x4328: /* BCM4321 */
5318 case 0x432b: /* BCM4322 */
5319 case 0x4350: /* BCM43222 */
5320 case 0x4353: /* BCM43224 */
5321 case 0x0576: /* BCM43224 */
5322 case 0x435f: /* BCM6362 */
5323 case 0x4331: /* BCM4331 */
5324 case 0x4359: /* BCM43228 */
5325 case 0x43a0: /* BCM4360 */
5326 case 0x43b1: /* BCM4352 */
5327 /* Dual band devices */
5328 *have_2ghz_phy = true;
5329 *have_5ghz_phy = true;
5330 return;
5331 case 0x4321: /* BCM4306 */
5332 /* There are 14e4:4321 PCI devs with 2.4 GHz BCM4321 (N-PHY) */
5333 if (dev->phy.type != B43_PHYTYPE_G)
5334 break;
5335 fallthrough;
5336 case 0x4313: /* BCM4311 */
5337 case 0x431a: /* BCM4318 */
5338 case 0x432a: /* BCM4321 */
5339 case 0x432d: /* BCM4322 */
5340 case 0x4352: /* BCM43222 */
5341 case 0x435a: /* BCM43228 */
5342 case 0x4333: /* BCM4331 */
5343 case 0x43a2: /* BCM4360 */
5344 case 0x43b3: /* BCM4352 */
5345 /* 5 GHz only devices */
5346 *have_2ghz_phy = false;
5347 *have_5ghz_phy = true;
5348 return;
5349 }
5350
5351 /* As a fallback, try to guess using PHY type */
5352 switch (dev->phy.type) {
5353 case B43_PHYTYPE_G:
5354 case B43_PHYTYPE_N:
5355 case B43_PHYTYPE_LP:
5356 case B43_PHYTYPE_HT:
5357 case B43_PHYTYPE_LCN:
5358 *have_2ghz_phy = true;
5359 *have_5ghz_phy = false;
5360 return;
5361 }
5362
5363 B43_WARN_ON(1);
5364}
5365
5366static int b43_wireless_core_attach(struct b43_wldev *dev)
5367{
5368 struct b43_wl *wl = dev->wl;
5369 struct b43_phy *phy = &dev->phy;
5370 int err;
5371 u32 tmp;
5372 bool have_2ghz_phy = false, have_5ghz_phy = false;
5373
5374 /* Do NOT do any device initialization here.
5375 * Do it in wireless_core_init() instead.
5376 * This function is for gathering basic information about the HW, only.
5377 * Also some structs may be set up here. But most likely you want to have
5378 * that in core_init(), too.
5379 */
5380
5381 err = b43_bus_powerup(dev, 0);
5382 if (err) {
5383 b43err(wl, "Bus powerup failed\n");
5384 goto out;
5385 }
5386
5387 phy->do_full_init = true;
5388
5389 /* Try to guess supported bands for the first init needs */
5390 switch (dev->dev->bus_type) {
5391#ifdef CONFIG_B43_BCMA
5392 case B43_BUS_BCMA:
5393 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOST);
5394 have_2ghz_phy = !!(tmp & B43_BCMA_IOST_2G_PHY);
5395 have_5ghz_phy = !!(tmp & B43_BCMA_IOST_5G_PHY);
5396 break;
5397#endif
5398#ifdef CONFIG_B43_SSB
5399 case B43_BUS_SSB:
5400 if (dev->dev->core_rev >= 5) {
5401 tmp = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
5402 have_2ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_2GHZ_PHY);
5403 have_5ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_5GHZ_PHY);
5404 } else
5405 B43_WARN_ON(1);
5406 break;
5407#endif
5408 }
5409
5410 dev->phy.gmode = have_2ghz_phy;
5411 b43_wireless_core_reset(dev, dev->phy.gmode);
5412
5413 /* Get the PHY type. */
5414 err = b43_phy_versioning(dev);
5415 if (err)
5416 goto err_powerdown;
5417
5418 /* Get real info about supported bands */
5419 b43_supported_bands(dev, &have_2ghz_phy, &have_5ghz_phy);
5420
5421 /* We don't support 5 GHz on some PHYs yet */
5422 if (have_5ghz_phy) {
5423 switch (dev->phy.type) {
5424 case B43_PHYTYPE_G:
5425 case B43_PHYTYPE_LP:
5426 case B43_PHYTYPE_HT:
5427 b43warn(wl, "5 GHz band is unsupported on this PHY\n");
5428 have_5ghz_phy = false;
5429 }
5430 }
5431
5432 if (!have_2ghz_phy && !have_5ghz_phy) {
5433 b43err(wl, "b43 can't support any band on this device\n");
5434 err = -EOPNOTSUPP;
5435 goto err_powerdown;
5436 }
5437
5438 err = b43_phy_allocate(dev);
5439 if (err)
5440 goto err_powerdown;
5441
5442 dev->phy.gmode = have_2ghz_phy;
5443 b43_wireless_core_reset(dev, dev->phy.gmode);
5444
5445 err = b43_validate_chipaccess(dev);
5446 if (err)
5447 goto err_phy_free;
5448 err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
5449 if (err)
5450 goto err_phy_free;
5451
5452 /* Now set some default "current_dev" */
5453 if (!wl->current_dev)
5454 wl->current_dev = dev;
5455 INIT_WORK(&dev->restart_work, b43_chip_reset);
5456
5457 dev->phy.ops->switch_analog(dev, 0);
5458 b43_device_disable(dev, 0);
5459 b43_bus_may_powerdown(dev);
5460
5461out:
5462 return err;
5463
5464err_phy_free:
5465 b43_phy_free(dev);
5466err_powerdown:
5467 b43_bus_may_powerdown(dev);
5468 return err;
5469}
5470
5471static void b43_one_core_detach(struct b43_bus_dev *dev)
5472{
5473 struct b43_wldev *wldev;
5474
5475 /* Do not cancel ieee80211-workqueue based work here.
5476 * See comment in b43_remove(). */
5477
5478 wldev = b43_bus_get_wldev(dev);
5479 b43_debugfs_remove_device(wldev);
5480 b43_wireless_core_detach(wldev);
5481 list_del(&wldev->list);
5482 b43_bus_set_wldev(dev, NULL);
5483 kfree(wldev);
5484}
5485
5486static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl)
5487{
5488 struct b43_wldev *wldev;
5489 int err = -ENOMEM;
5490
5491 wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
5492 if (!wldev)
5493 goto out;
5494
5495 wldev->use_pio = b43_modparam_pio;
5496 wldev->dev = dev;
5497 wldev->wl = wl;
5498 b43_set_status(wldev, B43_STAT_UNINIT);
5499 wldev->bad_frames_preempt = modparam_bad_frames_preempt;
5500 INIT_LIST_HEAD(&wldev->list);
5501
5502 err = b43_wireless_core_attach(wldev);
5503 if (err)
5504 goto err_kfree_wldev;
5505
5506 b43_bus_set_wldev(dev, wldev);
5507 b43_debugfs_add_device(wldev);
5508
5509 out:
5510 return err;
5511
5512 err_kfree_wldev:
5513 kfree(wldev);
5514 return err;
5515}
5516
5517#define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice) ( \
5518 (pdev->vendor == PCI_VENDOR_ID_##_vendor) && \
5519 (pdev->device == _device) && \
5520 (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) && \
5521 (pdev->subsystem_device == _subdevice) )
5522
5523#ifdef CONFIG_B43_SSB
5524static void b43_sprom_fixup(struct ssb_bus *bus)
5525{
5526 struct pci_dev *pdev;
5527
5528 /* boardflags workarounds */
5529 if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
5530 bus->chip_id == 0x4301 && bus->sprom.board_rev == 0x74)
5531 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
5532 if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
5533 bus->boardinfo.type == 0x4E && bus->sprom.board_rev > 0x40)
5534 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
5535 if (bus->bustype == SSB_BUSTYPE_PCI) {
5536 pdev = bus->host_pci;
5537 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
5538 IS_PDEV(pdev, BROADCOM, 0x4320, DELL, 0x0003) ||
5539 IS_PDEV(pdev, BROADCOM, 0x4320, HP, 0x12f8) ||
5540 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
5541 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
5542 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
5543 IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
5544 bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
5545 }
5546}
5547
5548static void b43_wireless_exit(struct b43_bus_dev *dev, struct b43_wl *wl)
5549{
5550 struct ieee80211_hw *hw = wl->hw;
5551
5552 ssb_set_devtypedata(dev->sdev, NULL);
5553 ieee80211_free_hw(hw);
5554}
5555#endif
5556
5557static struct b43_wl *b43_wireless_init(struct b43_bus_dev *dev)
5558{
5559 struct ssb_sprom *sprom = dev->bus_sprom;
5560 struct ieee80211_hw *hw;
5561 struct b43_wl *wl;
5562 char chip_name[6];
5563 int queue_num;
5564
5565 hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
5566 if (!hw) {
5567 b43err(NULL, "Could not allocate ieee80211 device\n");
5568 return ERR_PTR(-ENOMEM);
5569 }
5570 wl = hw_to_b43_wl(hw);
5571
5572 /* fill hw info */
5573 ieee80211_hw_set(hw, RX_INCLUDES_FCS);
5574 ieee80211_hw_set(hw, SIGNAL_DBM);
5575 ieee80211_hw_set(hw, MFP_CAPABLE);
5576 hw->wiphy->interface_modes =
5577 BIT(NL80211_IFTYPE_AP) |
5578 BIT(NL80211_IFTYPE_MESH_POINT) |
5579 BIT(NL80211_IFTYPE_STATION) |
5580 BIT(NL80211_IFTYPE_ADHOC);
5581
5582 hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
5583
5584 wiphy_ext_feature_set(hw->wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST);
5585
5586 wl->hw_registered = false;
5587 hw->max_rates = 2;
5588 SET_IEEE80211_DEV(hw, dev->dev);
5589 if (is_valid_ether_addr(sprom->et1mac))
5590 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
5591 else
5592 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
5593
5594 /* Initialize struct b43_wl */
5595 wl->hw = hw;
5596 mutex_init(&wl->mutex);
5597 spin_lock_init(&wl->hardirq_lock);
5598 spin_lock_init(&wl->beacon_lock);
5599 INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
5600 INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
5601 INIT_WORK(&wl->tx_work, b43_tx_work);
5602
5603 /* Initialize queues and flags. */
5604 for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
5605 skb_queue_head_init(&wl->tx_queue[queue_num]);
5606 wl->tx_queue_stopped[queue_num] = false;
5607 }
5608
5609 snprintf(chip_name, ARRAY_SIZE(chip_name),
5610 (dev->chip_id > 0x9999) ? "%d" : "%04X", dev->chip_id);
5611 b43info(wl, "Broadcom %s WLAN found (core revision %u)\n", chip_name,
5612 dev->core_rev);
5613 return wl;
5614}
5615
5616#ifdef CONFIG_B43_BCMA
5617static int b43_bcma_probe(struct bcma_device *core)
5618{
5619 struct b43_bus_dev *dev;
5620 struct b43_wl *wl;
5621 int err;
5622
5623 if (!modparam_allhwsupport &&
5624 (core->id.rev == 0x17 || core->id.rev == 0x18)) {
5625 pr_err("Support for cores revisions 0x17 and 0x18 disabled by module param allhwsupport=0. Try b43.allhwsupport=1\n");
5626 return -ENOTSUPP;
5627 }
5628
5629 dev = b43_bus_dev_bcma_init(core);
5630 if (!dev)
5631 return -ENODEV;
5632
5633 wl = b43_wireless_init(dev);
5634 if (IS_ERR(wl)) {
5635 err = PTR_ERR(wl);
5636 goto bcma_out;
5637 }
5638
5639 err = b43_one_core_attach(dev, wl);
5640 if (err)
5641 goto bcma_err_wireless_exit;
5642
5643 /* setup and start work to load firmware */
5644 INIT_WORK(&wl->firmware_load, b43_request_firmware);
5645 schedule_work(&wl->firmware_load);
5646
5647 return err;
5648
5649bcma_err_wireless_exit:
5650 ieee80211_free_hw(wl->hw);
5651bcma_out:
5652 kfree(dev);
5653 return err;
5654}
5655
5656static void b43_bcma_remove(struct bcma_device *core)
5657{
5658 struct b43_wldev *wldev = bcma_get_drvdata(core);
5659 struct b43_wl *wl = wldev->wl;
5660
5661 /* We must cancel any work here before unregistering from ieee80211,
5662 * as the ieee80211 unreg will destroy the workqueue. */
5663 cancel_work_sync(&wldev->restart_work);
5664 cancel_work_sync(&wl->firmware_load);
5665
5666 B43_WARN_ON(!wl);
5667 if (!wldev->fw.ucode.data)
5668 return; /* NULL if firmware never loaded */
5669 if (wl->current_dev == wldev && wl->hw_registered) {
5670 b43_leds_stop(wldev);
5671 ieee80211_unregister_hw(wl->hw);
5672 }
5673
5674 b43_one_core_detach(wldev->dev);
5675
5676 /* Unregister HW RNG driver */
5677 b43_rng_exit(wl);
5678
5679 b43_leds_unregister(wl);
5680 ieee80211_free_hw(wl->hw);
5681 kfree(wldev->dev);
5682}
5683
5684static struct bcma_driver b43_bcma_driver = {
5685 .name = KBUILD_MODNAME,
5686 .id_table = b43_bcma_tbl,
5687 .probe = b43_bcma_probe,
5688 .remove = b43_bcma_remove,
5689};
5690#endif
5691
5692#ifdef CONFIG_B43_SSB
5693static
5694int b43_ssb_probe(struct ssb_device *sdev, const struct ssb_device_id *id)
5695{
5696 struct b43_bus_dev *dev;
5697 struct b43_wl *wl;
5698 int err;
5699
5700 dev = b43_bus_dev_ssb_init(sdev);
5701 if (!dev)
5702 return -ENOMEM;
5703
5704 wl = ssb_get_devtypedata(sdev);
5705 if (wl) {
5706 b43err(NULL, "Dual-core devices are not supported\n");
5707 err = -ENOTSUPP;
5708 goto err_ssb_kfree_dev;
5709 }
5710
5711 b43_sprom_fixup(sdev->bus);
5712
5713 wl = b43_wireless_init(dev);
5714 if (IS_ERR(wl)) {
5715 err = PTR_ERR(wl);
5716 goto err_ssb_kfree_dev;
5717 }
5718 ssb_set_devtypedata(sdev, wl);
5719 B43_WARN_ON(ssb_get_devtypedata(sdev) != wl);
5720
5721 err = b43_one_core_attach(dev, wl);
5722 if (err)
5723 goto err_ssb_wireless_exit;
5724
5725 /* setup and start work to load firmware */
5726 INIT_WORK(&wl->firmware_load, b43_request_firmware);
5727 schedule_work(&wl->firmware_load);
5728
5729 return err;
5730
5731err_ssb_wireless_exit:
5732 b43_wireless_exit(dev, wl);
5733err_ssb_kfree_dev:
5734 kfree(dev);
5735 return err;
5736}
5737
5738static void b43_ssb_remove(struct ssb_device *sdev)
5739{
5740 struct b43_wl *wl = ssb_get_devtypedata(sdev);
5741 struct b43_wldev *wldev = ssb_get_drvdata(sdev);
5742 struct b43_bus_dev *dev = wldev->dev;
5743
5744 /* We must cancel any work here before unregistering from ieee80211,
5745 * as the ieee80211 unreg will destroy the workqueue. */
5746 cancel_work_sync(&wldev->restart_work);
5747 cancel_work_sync(&wl->firmware_load);
5748
5749 B43_WARN_ON(!wl);
5750 if (!wldev->fw.ucode.data)
5751 return; /* NULL if firmware never loaded */
5752 if (wl->current_dev == wldev && wl->hw_registered) {
5753 b43_leds_stop(wldev);
5754 ieee80211_unregister_hw(wl->hw);
5755 }
5756
5757 b43_one_core_detach(dev);
5758
5759 /* Unregister HW RNG driver */
5760 b43_rng_exit(wl);
5761
5762 b43_leds_unregister(wl);
5763 b43_wireless_exit(dev, wl);
5764 kfree(dev);
5765}
5766
5767static struct ssb_driver b43_ssb_driver = {
5768 .name = KBUILD_MODNAME,
5769 .id_table = b43_ssb_tbl,
5770 .probe = b43_ssb_probe,
5771 .remove = b43_ssb_remove,
5772};
5773#endif /* CONFIG_B43_SSB */
5774
5775/* Perform a hardware reset. This can be called from any context. */
5776void b43_controller_restart(struct b43_wldev *dev, const char *reason)
5777{
5778 /* Must avoid requeueing, if we are in shutdown. */
5779 if (b43_status(dev) < B43_STAT_INITIALIZED)
5780 return;
5781 b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
5782 ieee80211_queue_work(dev->wl->hw, &dev->restart_work);
5783}
5784
5785static void b43_print_driverinfo(void)
5786{
5787 const char *feat_pci = "", *feat_nphy = "",
5788 *feat_leds = "", *feat_sdio = "";
5789
5790#ifdef CONFIG_B43_PCI_AUTOSELECT
5791 feat_pci = "P";
5792#endif
5793#ifdef CONFIG_B43_PHY_N
5794 feat_nphy = "N";
5795#endif
5796#ifdef CONFIG_B43_LEDS
5797 feat_leds = "L";
5798#endif
5799#ifdef CONFIG_B43_SDIO
5800 feat_sdio = "S";
5801#endif
5802 printk(KERN_INFO "Broadcom 43xx driver loaded "
5803 "[ Features: %s%s%s%s ]\n",
5804 feat_pci, feat_nphy, feat_leds, feat_sdio);
5805}
5806
5807static int __init b43_init(void)
5808{
5809 int err;
5810
5811 b43_debugfs_init();
5812 err = b43_sdio_init();
5813 if (err)
5814 goto err_dfs_exit;
5815#ifdef CONFIG_B43_BCMA
5816 err = bcma_driver_register(&b43_bcma_driver);
5817 if (err)
5818 goto err_sdio_exit;
5819#endif
5820#ifdef CONFIG_B43_SSB
5821 err = ssb_driver_register(&b43_ssb_driver);
5822 if (err)
5823 goto err_bcma_driver_exit;
5824#endif
5825 b43_print_driverinfo();
5826
5827 return err;
5828
5829#ifdef CONFIG_B43_SSB
5830err_bcma_driver_exit:
5831#endif
5832#ifdef CONFIG_B43_BCMA
5833 bcma_driver_unregister(&b43_bcma_driver);
5834err_sdio_exit:
5835#endif
5836 b43_sdio_exit();
5837err_dfs_exit:
5838 b43_debugfs_exit();
5839 return err;
5840}
5841
5842static void __exit b43_exit(void)
5843{
5844#ifdef CONFIG_B43_SSB
5845 ssb_driver_unregister(&b43_ssb_driver);
5846#endif
5847#ifdef CONFIG_B43_BCMA
5848 bcma_driver_unregister(&b43_bcma_driver);
5849#endif
5850 b43_sdio_exit();
5851 b43_debugfs_exit();
5852}
5853
5854module_init(b43_init)
5855module_exit(b43_exit)