Loading...
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3
4 Broadcom B43 wireless driver
5
6 Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
7 Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
8 Copyright (c) 2005-2009 Michael Buesch <m@bues.ch>
9 Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
10 Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
11 Copyright (c) 2010-2011 Rafał Miłecki <zajec5@gmail.com>
12
13 SDIO support
14 Copyright (c) 2009 Albert Herranz <albert_herranz@yahoo.es>
15
16 Some parts of the code in this file are derived from the ipw2200
17 driver Copyright(c) 2003 - 2004 Intel Corporation.
18
19
20*/
21
22#include <linux/delay.h>
23#include <linux/init.h>
24#include <linux/module.h>
25#include <linux/if_arp.h>
26#include <linux/etherdevice.h>
27#include <linux/firmware.h>
28#include <linux/workqueue.h>
29#include <linux/skbuff.h>
30#include <linux/io.h>
31#include <linux/dma-mapping.h>
32#include <linux/slab.h>
33#include <linux/unaligned.h>
34
35#include "b43.h"
36#include "main.h"
37#include "debugfs.h"
38#include "phy_common.h"
39#include "phy_g.h"
40#include "phy_n.h"
41#include "dma.h"
42#include "pio.h"
43#include "sysfs.h"
44#include "xmit.h"
45#include "lo.h"
46#include "sdio.h"
47#include <linux/mmc/sdio_func.h>
48
49MODULE_DESCRIPTION("Broadcom B43 wireless driver");
50MODULE_AUTHOR("Martin Langer");
51MODULE_AUTHOR("Stefano Brivio");
52MODULE_AUTHOR("Michael Buesch");
53MODULE_AUTHOR("Gábor Stefanik");
54MODULE_AUTHOR("Rafał Miłecki");
55MODULE_LICENSE("GPL");
56
57MODULE_FIRMWARE("b43/ucode11.fw");
58MODULE_FIRMWARE("b43/ucode13.fw");
59MODULE_FIRMWARE("b43/ucode14.fw");
60MODULE_FIRMWARE("b43/ucode15.fw");
61MODULE_FIRMWARE("b43/ucode16_lp.fw");
62MODULE_FIRMWARE("b43/ucode16_mimo.fw");
63MODULE_FIRMWARE("b43/ucode24_lcn.fw");
64MODULE_FIRMWARE("b43/ucode25_lcn.fw");
65MODULE_FIRMWARE("b43/ucode25_mimo.fw");
66MODULE_FIRMWARE("b43/ucode26_mimo.fw");
67MODULE_FIRMWARE("b43/ucode29_mimo.fw");
68MODULE_FIRMWARE("b43/ucode33_lcn40.fw");
69MODULE_FIRMWARE("b43/ucode30_mimo.fw");
70MODULE_FIRMWARE("b43/ucode5.fw");
71MODULE_FIRMWARE("b43/ucode40.fw");
72MODULE_FIRMWARE("b43/ucode42.fw");
73MODULE_FIRMWARE("b43/ucode9.fw");
74
75static int modparam_bad_frames_preempt;
76module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
77MODULE_PARM_DESC(bad_frames_preempt,
78 "enable(1) / disable(0) Bad Frames Preemption");
79
80static char modparam_fwpostfix[16];
81module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
82MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
83
84static int modparam_hwpctl;
85module_param_named(hwpctl, modparam_hwpctl, int, 0444);
86MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
87
88static int modparam_nohwcrypt;
89module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
90MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
91
92static int modparam_hwtkip;
93module_param_named(hwtkip, modparam_hwtkip, int, 0444);
94MODULE_PARM_DESC(hwtkip, "Enable hardware tkip.");
95
96static int modparam_qos = 1;
97module_param_named(qos, modparam_qos, int, 0444);
98MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
99
100static int modparam_btcoex = 1;
101module_param_named(btcoex, modparam_btcoex, int, 0444);
102MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistence (default on)");
103
104int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
105module_param_named(verbose, b43_modparam_verbose, int, 0644);
106MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
107
108static int b43_modparam_pio;
109module_param_named(pio, b43_modparam_pio, int, 0644);
110MODULE_PARM_DESC(pio, "Use PIO accesses by default: 0=DMA, 1=PIO");
111
112static int modparam_allhwsupport = !IS_ENABLED(CONFIG_BRCMSMAC);
113module_param_named(allhwsupport, modparam_allhwsupport, int, 0444);
114MODULE_PARM_DESC(allhwsupport, "Enable support for all hardware (even it if overlaps with the brcmsmac driver)");
115
116#ifdef CONFIG_B43_BCMA
117static const struct bcma_device_id b43_bcma_tbl[] = {
118 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x11, BCMA_ANY_CLASS),
119 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x15, BCMA_ANY_CLASS),
120 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x17, BCMA_ANY_CLASS),
121 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x18, BCMA_ANY_CLASS),
122 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1C, BCMA_ANY_CLASS),
123 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1D, BCMA_ANY_CLASS),
124 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1E, BCMA_ANY_CLASS),
125 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x28, BCMA_ANY_CLASS),
126 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x2A, BCMA_ANY_CLASS),
127 {},
128};
129MODULE_DEVICE_TABLE(bcma, b43_bcma_tbl);
130#endif
131
132#ifdef CONFIG_B43_SSB
133static const struct ssb_device_id b43_ssb_tbl[] = {
134 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
135 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
136 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
137 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
138 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
139 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
140 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 12),
141 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
142 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
143 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
144 {},
145};
146MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
147#endif
148
149/* Channel and ratetables are shared for all devices.
150 * They can't be const, because ieee80211 puts some precalculated
151 * data in there. This data is the same for all devices, so we don't
152 * get concurrency issues */
153#define RATETAB_ENT(_rateid, _flags) \
154 { \
155 .bitrate = B43_RATE_TO_BASE100KBPS(_rateid), \
156 .hw_value = (_rateid), \
157 .flags = (_flags), \
158 }
159
160/*
161 * NOTE: When changing this, sync with xmit.c's
162 * b43_plcp_get_bitrate_idx_* functions!
163 */
164static struct ieee80211_rate __b43_ratetable[] = {
165 RATETAB_ENT(B43_CCK_RATE_1MB, 0),
166 RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
167 RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
168 RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
169 RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
170 RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
171 RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
172 RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
173 RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
174 RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
175 RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
176 RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
177};
178
179#define b43_a_ratetable (__b43_ratetable + 4)
180#define b43_a_ratetable_size 8
181#define b43_b_ratetable (__b43_ratetable + 0)
182#define b43_b_ratetable_size 4
183#define b43_g_ratetable (__b43_ratetable + 0)
184#define b43_g_ratetable_size 12
185
186#define CHAN2G(_channel, _freq, _flags) { \
187 .band = NL80211_BAND_2GHZ, \
188 .center_freq = (_freq), \
189 .hw_value = (_channel), \
190 .flags = (_flags), \
191 .max_antenna_gain = 0, \
192 .max_power = 30, \
193}
194static struct ieee80211_channel b43_2ghz_chantable[] = {
195 CHAN2G(1, 2412, 0),
196 CHAN2G(2, 2417, 0),
197 CHAN2G(3, 2422, 0),
198 CHAN2G(4, 2427, 0),
199 CHAN2G(5, 2432, 0),
200 CHAN2G(6, 2437, 0),
201 CHAN2G(7, 2442, 0),
202 CHAN2G(8, 2447, 0),
203 CHAN2G(9, 2452, 0),
204 CHAN2G(10, 2457, 0),
205 CHAN2G(11, 2462, 0),
206 CHAN2G(12, 2467, 0),
207 CHAN2G(13, 2472, 0),
208 CHAN2G(14, 2484, 0),
209};
210
211/* No support for the last 3 channels (12, 13, 14) */
212#define b43_2ghz_chantable_limited_size 11
213#undef CHAN2G
214
215#define CHAN4G(_channel, _flags) { \
216 .band = NL80211_BAND_5GHZ, \
217 .center_freq = 4000 + (5 * (_channel)), \
218 .hw_value = (_channel), \
219 .flags = (_flags), \
220 .max_antenna_gain = 0, \
221 .max_power = 30, \
222}
223#define CHAN5G(_channel, _flags) { \
224 .band = NL80211_BAND_5GHZ, \
225 .center_freq = 5000 + (5 * (_channel)), \
226 .hw_value = (_channel), \
227 .flags = (_flags), \
228 .max_antenna_gain = 0, \
229 .max_power = 30, \
230}
231static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
232 CHAN4G(184, 0), CHAN4G(186, 0),
233 CHAN4G(188, 0), CHAN4G(190, 0),
234 CHAN4G(192, 0), CHAN4G(194, 0),
235 CHAN4G(196, 0), CHAN4G(198, 0),
236 CHAN4G(200, 0), CHAN4G(202, 0),
237 CHAN4G(204, 0), CHAN4G(206, 0),
238 CHAN4G(208, 0), CHAN4G(210, 0),
239 CHAN4G(212, 0), CHAN4G(214, 0),
240 CHAN4G(216, 0), CHAN4G(218, 0),
241 CHAN4G(220, 0), CHAN4G(222, 0),
242 CHAN4G(224, 0), CHAN4G(226, 0),
243 CHAN4G(228, 0),
244 CHAN5G(32, 0), CHAN5G(34, 0),
245 CHAN5G(36, 0), CHAN5G(38, 0),
246 CHAN5G(40, 0), CHAN5G(42, 0),
247 CHAN5G(44, 0), CHAN5G(46, 0),
248 CHAN5G(48, 0), CHAN5G(50, 0),
249 CHAN5G(52, 0), CHAN5G(54, 0),
250 CHAN5G(56, 0), CHAN5G(58, 0),
251 CHAN5G(60, 0), CHAN5G(62, 0),
252 CHAN5G(64, 0), CHAN5G(66, 0),
253 CHAN5G(68, 0), CHAN5G(70, 0),
254 CHAN5G(72, 0), CHAN5G(74, 0),
255 CHAN5G(76, 0), CHAN5G(78, 0),
256 CHAN5G(80, 0), CHAN5G(82, 0),
257 CHAN5G(84, 0), CHAN5G(86, 0),
258 CHAN5G(88, 0), CHAN5G(90, 0),
259 CHAN5G(92, 0), CHAN5G(94, 0),
260 CHAN5G(96, 0), CHAN5G(98, 0),
261 CHAN5G(100, 0), CHAN5G(102, 0),
262 CHAN5G(104, 0), CHAN5G(106, 0),
263 CHAN5G(108, 0), CHAN5G(110, 0),
264 CHAN5G(112, 0), CHAN5G(114, 0),
265 CHAN5G(116, 0), CHAN5G(118, 0),
266 CHAN5G(120, 0), CHAN5G(122, 0),
267 CHAN5G(124, 0), CHAN5G(126, 0),
268 CHAN5G(128, 0), CHAN5G(130, 0),
269 CHAN5G(132, 0), CHAN5G(134, 0),
270 CHAN5G(136, 0), CHAN5G(138, 0),
271 CHAN5G(140, 0), CHAN5G(142, 0),
272 CHAN5G(144, 0), CHAN5G(145, 0),
273 CHAN5G(146, 0), CHAN5G(147, 0),
274 CHAN5G(148, 0), CHAN5G(149, 0),
275 CHAN5G(150, 0), CHAN5G(151, 0),
276 CHAN5G(152, 0), CHAN5G(153, 0),
277 CHAN5G(154, 0), CHAN5G(155, 0),
278 CHAN5G(156, 0), CHAN5G(157, 0),
279 CHAN5G(158, 0), CHAN5G(159, 0),
280 CHAN5G(160, 0), CHAN5G(161, 0),
281 CHAN5G(162, 0), CHAN5G(163, 0),
282 CHAN5G(164, 0), CHAN5G(165, 0),
283 CHAN5G(166, 0), CHAN5G(168, 0),
284 CHAN5G(170, 0), CHAN5G(172, 0),
285 CHAN5G(174, 0), CHAN5G(176, 0),
286 CHAN5G(178, 0), CHAN5G(180, 0),
287 CHAN5G(182, 0),
288};
289
290static struct ieee80211_channel b43_5ghz_nphy_chantable_limited[] = {
291 CHAN5G(36, 0), CHAN5G(40, 0),
292 CHAN5G(44, 0), CHAN5G(48, 0),
293 CHAN5G(149, 0), CHAN5G(153, 0),
294 CHAN5G(157, 0), CHAN5G(161, 0),
295 CHAN5G(165, 0),
296};
297
298static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
299 CHAN5G(34, 0), CHAN5G(36, 0),
300 CHAN5G(38, 0), CHAN5G(40, 0),
301 CHAN5G(42, 0), CHAN5G(44, 0),
302 CHAN5G(46, 0), CHAN5G(48, 0),
303 CHAN5G(52, 0), CHAN5G(56, 0),
304 CHAN5G(60, 0), CHAN5G(64, 0),
305 CHAN5G(100, 0), CHAN5G(104, 0),
306 CHAN5G(108, 0), CHAN5G(112, 0),
307 CHAN5G(116, 0), CHAN5G(120, 0),
308 CHAN5G(124, 0), CHAN5G(128, 0),
309 CHAN5G(132, 0), CHAN5G(136, 0),
310 CHAN5G(140, 0), CHAN5G(149, 0),
311 CHAN5G(153, 0), CHAN5G(157, 0),
312 CHAN5G(161, 0), CHAN5G(165, 0),
313 CHAN5G(184, 0), CHAN5G(188, 0),
314 CHAN5G(192, 0), CHAN5G(196, 0),
315 CHAN5G(200, 0), CHAN5G(204, 0),
316 CHAN5G(208, 0), CHAN5G(212, 0),
317 CHAN5G(216, 0),
318};
319#undef CHAN4G
320#undef CHAN5G
321
322static struct ieee80211_supported_band b43_band_5GHz_nphy = {
323 .band = NL80211_BAND_5GHZ,
324 .channels = b43_5ghz_nphy_chantable,
325 .n_channels = ARRAY_SIZE(b43_5ghz_nphy_chantable),
326 .bitrates = b43_a_ratetable,
327 .n_bitrates = b43_a_ratetable_size,
328};
329
330static struct ieee80211_supported_band b43_band_5GHz_nphy_limited = {
331 .band = NL80211_BAND_5GHZ,
332 .channels = b43_5ghz_nphy_chantable_limited,
333 .n_channels = ARRAY_SIZE(b43_5ghz_nphy_chantable_limited),
334 .bitrates = b43_a_ratetable,
335 .n_bitrates = b43_a_ratetable_size,
336};
337
338static struct ieee80211_supported_band b43_band_5GHz_aphy = {
339 .band = NL80211_BAND_5GHZ,
340 .channels = b43_5ghz_aphy_chantable,
341 .n_channels = ARRAY_SIZE(b43_5ghz_aphy_chantable),
342 .bitrates = b43_a_ratetable,
343 .n_bitrates = b43_a_ratetable_size,
344};
345
346static struct ieee80211_supported_band b43_band_2GHz = {
347 .band = NL80211_BAND_2GHZ,
348 .channels = b43_2ghz_chantable,
349 .n_channels = ARRAY_SIZE(b43_2ghz_chantable),
350 .bitrates = b43_g_ratetable,
351 .n_bitrates = b43_g_ratetable_size,
352};
353
354static struct ieee80211_supported_band b43_band_2ghz_limited = {
355 .band = NL80211_BAND_2GHZ,
356 .channels = b43_2ghz_chantable,
357 .n_channels = b43_2ghz_chantable_limited_size,
358 .bitrates = b43_g_ratetable,
359 .n_bitrates = b43_g_ratetable_size,
360};
361
362static void b43_wireless_core_exit(struct b43_wldev *dev);
363static int b43_wireless_core_init(struct b43_wldev *dev);
364static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev);
365static int b43_wireless_core_start(struct b43_wldev *dev);
366static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
367 struct ieee80211_vif *vif,
368 struct ieee80211_bss_conf *conf,
369 u64 changed);
370
371static int b43_ratelimit(struct b43_wl *wl)
372{
373 if (!wl || !wl->current_dev)
374 return 1;
375 if (b43_status(wl->current_dev) < B43_STAT_STARTED)
376 return 1;
377 /* We are up and running.
378 * Ratelimit the messages to avoid DoS over the net. */
379 return net_ratelimit();
380}
381
382void b43info(struct b43_wl *wl, const char *fmt, ...)
383{
384 struct va_format vaf;
385 va_list args;
386
387 if (b43_modparam_verbose < B43_VERBOSITY_INFO)
388 return;
389 if (!b43_ratelimit(wl))
390 return;
391
392 va_start(args, fmt);
393
394 vaf.fmt = fmt;
395 vaf.va = &args;
396
397 printk(KERN_INFO "b43-%s: %pV",
398 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
399
400 va_end(args);
401}
402
403void b43err(struct b43_wl *wl, const char *fmt, ...)
404{
405 struct va_format vaf;
406 va_list args;
407
408 if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
409 return;
410 if (!b43_ratelimit(wl))
411 return;
412
413 va_start(args, fmt);
414
415 vaf.fmt = fmt;
416 vaf.va = &args;
417
418 printk(KERN_ERR "b43-%s ERROR: %pV",
419 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
420
421 va_end(args);
422}
423
424void b43warn(struct b43_wl *wl, const char *fmt, ...)
425{
426 struct va_format vaf;
427 va_list args;
428
429 if (b43_modparam_verbose < B43_VERBOSITY_WARN)
430 return;
431 if (!b43_ratelimit(wl))
432 return;
433
434 va_start(args, fmt);
435
436 vaf.fmt = fmt;
437 vaf.va = &args;
438
439 printk(KERN_WARNING "b43-%s warning: %pV",
440 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
441
442 va_end(args);
443}
444
445void b43dbg(struct b43_wl *wl, const char *fmt, ...)
446{
447 struct va_format vaf;
448 va_list args;
449
450 if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
451 return;
452
453 va_start(args, fmt);
454
455 vaf.fmt = fmt;
456 vaf.va = &args;
457
458 printk(KERN_DEBUG "b43-%s debug: %pV",
459 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
460
461 va_end(args);
462}
463
464static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
465{
466 u32 macctl;
467
468 B43_WARN_ON(offset % 4 != 0);
469
470 macctl = b43_read32(dev, B43_MMIO_MACCTL);
471 if (macctl & B43_MACCTL_BE)
472 val = swab32(val);
473
474 b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
475 b43_write32(dev, B43_MMIO_RAM_DATA, val);
476}
477
478static inline void b43_shm_control_word(struct b43_wldev *dev,
479 u16 routing, u16 offset)
480{
481 u32 control;
482
483 /* "offset" is the WORD offset. */
484 control = routing;
485 control <<= 16;
486 control |= offset;
487 b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
488}
489
490u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
491{
492 u32 ret;
493
494 if (routing == B43_SHM_SHARED) {
495 B43_WARN_ON(offset & 0x0001);
496 if (offset & 0x0003) {
497 /* Unaligned access */
498 b43_shm_control_word(dev, routing, offset >> 2);
499 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
500 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
501 ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
502
503 goto out;
504 }
505 offset >>= 2;
506 }
507 b43_shm_control_word(dev, routing, offset);
508 ret = b43_read32(dev, B43_MMIO_SHM_DATA);
509out:
510 return ret;
511}
512
513u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
514{
515 u16 ret;
516
517 if (routing == B43_SHM_SHARED) {
518 B43_WARN_ON(offset & 0x0001);
519 if (offset & 0x0003) {
520 /* Unaligned access */
521 b43_shm_control_word(dev, routing, offset >> 2);
522 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
523
524 goto out;
525 }
526 offset >>= 2;
527 }
528 b43_shm_control_word(dev, routing, offset);
529 ret = b43_read16(dev, B43_MMIO_SHM_DATA);
530out:
531 return ret;
532}
533
534void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
535{
536 if (routing == B43_SHM_SHARED) {
537 B43_WARN_ON(offset & 0x0001);
538 if (offset & 0x0003) {
539 /* Unaligned access */
540 b43_shm_control_word(dev, routing, offset >> 2);
541 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
542 value & 0xFFFF);
543 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
544 b43_write16(dev, B43_MMIO_SHM_DATA,
545 (value >> 16) & 0xFFFF);
546 return;
547 }
548 offset >>= 2;
549 }
550 b43_shm_control_word(dev, routing, offset);
551 b43_write32(dev, B43_MMIO_SHM_DATA, value);
552}
553
554void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
555{
556 if (routing == B43_SHM_SHARED) {
557 B43_WARN_ON(offset & 0x0001);
558 if (offset & 0x0003) {
559 /* Unaligned access */
560 b43_shm_control_word(dev, routing, offset >> 2);
561 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
562 return;
563 }
564 offset >>= 2;
565 }
566 b43_shm_control_word(dev, routing, offset);
567 b43_write16(dev, B43_MMIO_SHM_DATA, value);
568}
569
570/* Read HostFlags */
571u64 b43_hf_read(struct b43_wldev *dev)
572{
573 u64 ret;
574
575 ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3);
576 ret <<= 16;
577 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2);
578 ret <<= 16;
579 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1);
580
581 return ret;
582}
583
584/* Write HostFlags */
585void b43_hf_write(struct b43_wldev *dev, u64 value)
586{
587 u16 lo, mi, hi;
588
589 lo = (value & 0x00000000FFFFULL);
590 mi = (value & 0x0000FFFF0000ULL) >> 16;
591 hi = (value & 0xFFFF00000000ULL) >> 32;
592 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1, lo);
593 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2, mi);
594 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3, hi);
595}
596
597/* Read the firmware capabilities bitmask (Opensource firmware only) */
598static u16 b43_fwcapa_read(struct b43_wldev *dev)
599{
600 B43_WARN_ON(!dev->fw.opensource);
601 return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
602}
603
604void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
605{
606 u32 low, high;
607
608 B43_WARN_ON(dev->dev->core_rev < 3);
609
610 /* The hardware guarantees us an atomic read, if we
611 * read the low register first. */
612 low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
613 high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
614
615 *tsf = high;
616 *tsf <<= 32;
617 *tsf |= low;
618}
619
620static void b43_time_lock(struct b43_wldev *dev)
621{
622 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_TBTTHOLD);
623 /* Commit the write */
624 b43_read32(dev, B43_MMIO_MACCTL);
625}
626
627static void b43_time_unlock(struct b43_wldev *dev)
628{
629 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_TBTTHOLD, 0);
630 /* Commit the write */
631 b43_read32(dev, B43_MMIO_MACCTL);
632}
633
634static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
635{
636 u32 low, high;
637
638 B43_WARN_ON(dev->dev->core_rev < 3);
639
640 low = tsf;
641 high = (tsf >> 32);
642 /* The hardware guarantees us an atomic write, if we
643 * write the low register first. */
644 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
645 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
646}
647
648void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
649{
650 b43_time_lock(dev);
651 b43_tsf_write_locked(dev, tsf);
652 b43_time_unlock(dev);
653}
654
655static
656void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
657{
658 static const u8 zero_addr[ETH_ALEN] = { 0 };
659 u16 data;
660
661 if (!mac)
662 mac = zero_addr;
663
664 offset |= 0x0020;
665 b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
666
667 data = mac[0];
668 data |= mac[1] << 8;
669 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
670 data = mac[2];
671 data |= mac[3] << 8;
672 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
673 data = mac[4];
674 data |= mac[5] << 8;
675 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
676}
677
678static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
679{
680 const u8 *mac;
681 const u8 *bssid;
682 u8 mac_bssid[ETH_ALEN * 2];
683 int i;
684 u32 tmp;
685
686 bssid = dev->wl->bssid;
687 mac = dev->wl->mac_addr;
688
689 b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
690
691 memcpy(mac_bssid, mac, ETH_ALEN);
692 memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
693
694 /* Write our MAC address and BSSID to template ram */
695 for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
696 tmp = (u32) (mac_bssid[i + 0]);
697 tmp |= (u32) (mac_bssid[i + 1]) << 8;
698 tmp |= (u32) (mac_bssid[i + 2]) << 16;
699 tmp |= (u32) (mac_bssid[i + 3]) << 24;
700 b43_ram_write(dev, 0x20 + i, tmp);
701 }
702}
703
704static void b43_upload_card_macaddress(struct b43_wldev *dev)
705{
706 b43_write_mac_bssid_templates(dev);
707 b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
708}
709
710static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
711{
712 /* slot_time is in usec. */
713 /* This test used to exit for all but a G PHY. */
714 if (b43_current_band(dev->wl) == NL80211_BAND_5GHZ)
715 return;
716 b43_write16(dev, B43_MMIO_IFSSLOT, 510 + slot_time);
717 /* Shared memory location 0x0010 is the slot time and should be
718 * set to slot_time; however, this register is initially 0 and changing
719 * the value adversely affects the transmit rate for BCM4311
720 * devices. Until this behavior is unterstood, delete this step
721 *
722 * b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
723 */
724}
725
726static void b43_short_slot_timing_enable(struct b43_wldev *dev)
727{
728 b43_set_slot_time(dev, 9);
729}
730
731static void b43_short_slot_timing_disable(struct b43_wldev *dev)
732{
733 b43_set_slot_time(dev, 20);
734}
735
736/* DummyTransmission function, as documented on
737 * https://bcm-v4.sipsolutions.net/802.11/DummyTransmission
738 */
739void b43_dummy_transmission(struct b43_wldev *dev, bool ofdm, bool pa_on)
740{
741 struct b43_phy *phy = &dev->phy;
742 unsigned int i, max_loop;
743 u16 value;
744 u32 buffer[5] = {
745 0x00000000,
746 0x00D40000,
747 0x00000000,
748 0x01000000,
749 0x00000000,
750 };
751
752 if (ofdm) {
753 max_loop = 0x1E;
754 buffer[0] = 0x000201CC;
755 } else {
756 max_loop = 0xFA;
757 buffer[0] = 0x000B846E;
758 }
759
760 for (i = 0; i < 5; i++)
761 b43_ram_write(dev, i * 4, buffer[i]);
762
763 b43_write16(dev, B43_MMIO_XMTSEL, 0x0000);
764
765 if (dev->dev->core_rev < 11)
766 b43_write16(dev, B43_MMIO_WEPCTL, 0x0000);
767 else
768 b43_write16(dev, B43_MMIO_WEPCTL, 0x0100);
769
770 value = (ofdm ? 0x41 : 0x40);
771 b43_write16(dev, B43_MMIO_TXE0_PHYCTL, value);
772 if (phy->type == B43_PHYTYPE_N || phy->type == B43_PHYTYPE_LP ||
773 phy->type == B43_PHYTYPE_LCN)
774 b43_write16(dev, B43_MMIO_TXE0_PHYCTL1, 0x1A02);
775
776 b43_write16(dev, B43_MMIO_TXE0_WM_0, 0x0000);
777 b43_write16(dev, B43_MMIO_TXE0_WM_1, 0x0000);
778
779 b43_write16(dev, B43_MMIO_XMTTPLATETXPTR, 0x0000);
780 b43_write16(dev, B43_MMIO_XMTTXCNT, 0x0014);
781 b43_write16(dev, B43_MMIO_XMTSEL, 0x0826);
782 b43_write16(dev, B43_MMIO_TXE0_CTL, 0x0000);
783
784 if (!pa_on && phy->type == B43_PHYTYPE_N) {
785 ; /*b43_nphy_pa_override(dev, false) */
786 }
787
788 switch (phy->type) {
789 case B43_PHYTYPE_N:
790 case B43_PHYTYPE_LCN:
791 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x00D0);
792 break;
793 case B43_PHYTYPE_LP:
794 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0050);
795 break;
796 default:
797 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0030);
798 }
799 b43_read16(dev, B43_MMIO_TXE0_AUX);
800
801 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
802 b43_radio_write16(dev, 0x0051, 0x0017);
803 for (i = 0x00; i < max_loop; i++) {
804 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
805 if (value & 0x0080)
806 break;
807 udelay(10);
808 }
809 for (i = 0x00; i < 0x0A; i++) {
810 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
811 if (value & 0x0400)
812 break;
813 udelay(10);
814 }
815 for (i = 0x00; i < 0x19; i++) {
816 value = b43_read16(dev, B43_MMIO_IFSSTAT);
817 if (!(value & 0x0100))
818 break;
819 udelay(10);
820 }
821 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
822 b43_radio_write16(dev, 0x0051, 0x0037);
823}
824
825static void key_write(struct b43_wldev *dev,
826 u8 index, u8 algorithm, const u8 *key)
827{
828 unsigned int i;
829 u32 offset;
830 u16 value;
831 u16 kidx;
832
833 /* Key index/algo block */
834 kidx = b43_kidx_to_fw(dev, index);
835 value = ((kidx << 4) | algorithm);
836 b43_shm_write16(dev, B43_SHM_SHARED,
837 B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
838
839 /* Write the key to the Key Table Pointer offset */
840 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
841 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
842 value = key[i];
843 value |= (u16) (key[i + 1]) << 8;
844 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
845 }
846}
847
848static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
849{
850 u32 addrtmp[2] = { 0, 0, };
851 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
852
853 if (b43_new_kidx_api(dev))
854 pairwise_keys_start = B43_NR_GROUP_KEYS;
855
856 B43_WARN_ON(index < pairwise_keys_start);
857 /* We have four default TX keys and possibly four default RX keys.
858 * Physical mac 0 is mapped to physical key 4 or 8, depending
859 * on the firmware version.
860 * So we must adjust the index here.
861 */
862 index -= pairwise_keys_start;
863 B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
864
865 if (addr) {
866 addrtmp[0] = addr[0];
867 addrtmp[0] |= ((u32) (addr[1]) << 8);
868 addrtmp[0] |= ((u32) (addr[2]) << 16);
869 addrtmp[0] |= ((u32) (addr[3]) << 24);
870 addrtmp[1] = addr[4];
871 addrtmp[1] |= ((u32) (addr[5]) << 8);
872 }
873
874 /* Receive match transmitter address (RCMTA) mechanism */
875 b43_shm_write32(dev, B43_SHM_RCMTA,
876 (index * 2) + 0, addrtmp[0]);
877 b43_shm_write16(dev, B43_SHM_RCMTA,
878 (index * 2) + 1, addrtmp[1]);
879}
880
881/* The ucode will use phase1 key with TEK key to decrypt rx packets.
882 * When a packet is received, the iv32 is checked.
883 * - if it doesn't the packet is returned without modification (and software
884 * decryption can be done). That's what happen when iv16 wrap.
885 * - if it does, the rc4 key is computed, and decryption is tried.
886 * Either it will success and B43_RX_MAC_DEC is returned,
887 * either it fails and B43_RX_MAC_DEC|B43_RX_MAC_DECERR is returned
888 * and the packet is not usable (it got modified by the ucode).
889 * So in order to never have B43_RX_MAC_DECERR, we should provide
890 * a iv32 and phase1key that match. Because we drop packets in case of
891 * B43_RX_MAC_DECERR, if we have a correct iv32 but a wrong phase1key, all
892 * packets will be lost without higher layer knowing (ie no resync possible
893 * until next wrap).
894 *
895 * NOTE : this should support 50 key like RCMTA because
896 * (B43_SHM_SH_KEYIDXBLOCK - B43_SHM_SH_TKIPTSCTTAK)/14 = 50
897 */
898static void rx_tkip_phase1_write(struct b43_wldev *dev, u8 index, u32 iv32,
899 u16 *phase1key)
900{
901 unsigned int i;
902 u32 offset;
903 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
904
905 if (!modparam_hwtkip)
906 return;
907
908 if (b43_new_kidx_api(dev))
909 pairwise_keys_start = B43_NR_GROUP_KEYS;
910
911 B43_WARN_ON(index < pairwise_keys_start);
912 /* We have four default TX keys and possibly four default RX keys.
913 * Physical mac 0 is mapped to physical key 4 or 8, depending
914 * on the firmware version.
915 * So we must adjust the index here.
916 */
917 index -= pairwise_keys_start;
918 B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
919
920 if (b43_debug(dev, B43_DBG_KEYS)) {
921 b43dbg(dev->wl, "rx_tkip_phase1_write : idx 0x%x, iv32 0x%x\n",
922 index, iv32);
923 }
924 /* Write the key to the RX tkip shared mem */
925 offset = B43_SHM_SH_TKIPTSCTTAK + index * (10 + 4);
926 for (i = 0; i < 10; i += 2) {
927 b43_shm_write16(dev, B43_SHM_SHARED, offset + i,
928 phase1key ? phase1key[i / 2] : 0);
929 }
930 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, iv32);
931 b43_shm_write16(dev, B43_SHM_SHARED, offset + i + 2, iv32 >> 16);
932}
933
934static void b43_op_update_tkip_key(struct ieee80211_hw *hw,
935 struct ieee80211_vif *vif,
936 struct ieee80211_key_conf *keyconf,
937 struct ieee80211_sta *sta,
938 u32 iv32, u16 *phase1key)
939{
940 struct b43_wl *wl = hw_to_b43_wl(hw);
941 struct b43_wldev *dev;
942 int index = keyconf->hw_key_idx;
943
944 if (B43_WARN_ON(!modparam_hwtkip))
945 return;
946
947 /* This is only called from the RX path through mac80211, where
948 * our mutex is already locked. */
949 B43_WARN_ON(!mutex_is_locked(&wl->mutex));
950 dev = wl->current_dev;
951 B43_WARN_ON(!dev || b43_status(dev) < B43_STAT_INITIALIZED);
952
953 keymac_write(dev, index, NULL); /* First zero out mac to avoid race */
954
955 rx_tkip_phase1_write(dev, index, iv32, phase1key);
956 /* only pairwise TKIP keys are supported right now */
957 if (WARN_ON(!sta))
958 return;
959 keymac_write(dev, index, sta->addr);
960}
961
962static void do_key_write(struct b43_wldev *dev,
963 u8 index, u8 algorithm,
964 const u8 *key, size_t key_len, const u8 *mac_addr)
965{
966 u8 buf[B43_SEC_KEYSIZE] = { 0, };
967 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
968
969 if (b43_new_kidx_api(dev))
970 pairwise_keys_start = B43_NR_GROUP_KEYS;
971
972 B43_WARN_ON(index >= ARRAY_SIZE(dev->key));
973 B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
974
975 if (index >= pairwise_keys_start)
976 keymac_write(dev, index, NULL); /* First zero out mac. */
977 if (algorithm == B43_SEC_ALGO_TKIP) {
978 /*
979 * We should provide an initial iv32, phase1key pair.
980 * We could start with iv32=0 and compute the corresponding
981 * phase1key, but this means calling ieee80211_get_tkip_key
982 * with a fake skb (or export other tkip function).
983 * Because we are lazy we hope iv32 won't start with
984 * 0xffffffff and let's b43_op_update_tkip_key provide a
985 * correct pair.
986 */
987 rx_tkip_phase1_write(dev, index, 0xffffffff, (u16*)buf);
988 } else if (index >= pairwise_keys_start) /* clear it */
989 rx_tkip_phase1_write(dev, index, 0, NULL);
990 if (key)
991 memcpy(buf, key, key_len);
992 key_write(dev, index, algorithm, buf);
993 if (index >= pairwise_keys_start)
994 keymac_write(dev, index, mac_addr);
995
996 dev->key[index].algorithm = algorithm;
997}
998
999static int b43_key_write(struct b43_wldev *dev,
1000 int index, u8 algorithm,
1001 const u8 *key, size_t key_len,
1002 const u8 *mac_addr,
1003 struct ieee80211_key_conf *keyconf)
1004{
1005 int i;
1006 int pairwise_keys_start;
1007
1008 /* For ALG_TKIP the key is encoded as a 256-bit (32 byte) data block:
1009 * - Temporal Encryption Key (128 bits)
1010 * - Temporal Authenticator Tx MIC Key (64 bits)
1011 * - Temporal Authenticator Rx MIC Key (64 bits)
1012 *
1013 * Hardware only store TEK
1014 */
1015 if (algorithm == B43_SEC_ALGO_TKIP && key_len == 32)
1016 key_len = 16;
1017 if (key_len > B43_SEC_KEYSIZE)
1018 return -EINVAL;
1019 for (i = 0; i < ARRAY_SIZE(dev->key); i++) {
1020 /* Check that we don't already have this key. */
1021 B43_WARN_ON(dev->key[i].keyconf == keyconf);
1022 }
1023 if (index < 0) {
1024 /* Pairwise key. Get an empty slot for the key. */
1025 if (b43_new_kidx_api(dev))
1026 pairwise_keys_start = B43_NR_GROUP_KEYS;
1027 else
1028 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1029 for (i = pairwise_keys_start;
1030 i < pairwise_keys_start + B43_NR_PAIRWISE_KEYS;
1031 i++) {
1032 B43_WARN_ON(i >= ARRAY_SIZE(dev->key));
1033 if (!dev->key[i].keyconf) {
1034 /* found empty */
1035 index = i;
1036 break;
1037 }
1038 }
1039 if (index < 0) {
1040 b43warn(dev->wl, "Out of hardware key memory\n");
1041 return -ENOSPC;
1042 }
1043 } else
1044 B43_WARN_ON(index > 3);
1045
1046 do_key_write(dev, index, algorithm, key, key_len, mac_addr);
1047 if ((index <= 3) && !b43_new_kidx_api(dev)) {
1048 /* Default RX key */
1049 B43_WARN_ON(mac_addr);
1050 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
1051 }
1052 keyconf->hw_key_idx = index;
1053 dev->key[index].keyconf = keyconf;
1054
1055 return 0;
1056}
1057
1058static int b43_key_clear(struct b43_wldev *dev, int index)
1059{
1060 if (B43_WARN_ON((index < 0) || (index >= ARRAY_SIZE(dev->key))))
1061 return -EINVAL;
1062 do_key_write(dev, index, B43_SEC_ALGO_NONE,
1063 NULL, B43_SEC_KEYSIZE, NULL);
1064 if ((index <= 3) && !b43_new_kidx_api(dev)) {
1065 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
1066 NULL, B43_SEC_KEYSIZE, NULL);
1067 }
1068 dev->key[index].keyconf = NULL;
1069
1070 return 0;
1071}
1072
1073static void b43_clear_keys(struct b43_wldev *dev)
1074{
1075 int i, count;
1076
1077 if (b43_new_kidx_api(dev))
1078 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1079 else
1080 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1081 for (i = 0; i < count; i++)
1082 b43_key_clear(dev, i);
1083}
1084
1085static void b43_dump_keymemory(struct b43_wldev *dev)
1086{
1087 unsigned int i, index, count, offset, pairwise_keys_start;
1088 u8 mac[ETH_ALEN];
1089 u16 algo;
1090 u32 rcmta0;
1091 u16 rcmta1;
1092 u64 hf;
1093 struct b43_key *key;
1094
1095 if (!b43_debug(dev, B43_DBG_KEYS))
1096 return;
1097
1098 hf = b43_hf_read(dev);
1099 b43dbg(dev->wl, "Hardware key memory dump: USEDEFKEYS=%u\n",
1100 !!(hf & B43_HF_USEDEFKEYS));
1101 if (b43_new_kidx_api(dev)) {
1102 pairwise_keys_start = B43_NR_GROUP_KEYS;
1103 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1104 } else {
1105 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1106 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1107 }
1108 for (index = 0; index < count; index++) {
1109 key = &(dev->key[index]);
1110 printk(KERN_DEBUG "Key slot %02u: %s",
1111 index, (key->keyconf == NULL) ? " " : "*");
1112 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
1113 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
1114 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1115 printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1116 }
1117
1118 algo = b43_shm_read16(dev, B43_SHM_SHARED,
1119 B43_SHM_SH_KEYIDXBLOCK + (index * 2));
1120 printk(" Algo: %04X/%02X", algo, key->algorithm);
1121
1122 if (index >= pairwise_keys_start) {
1123 if (key->algorithm == B43_SEC_ALGO_TKIP) {
1124 printk(" TKIP: ");
1125 offset = B43_SHM_SH_TKIPTSCTTAK + (index - 4) * (10 + 4);
1126 for (i = 0; i < 14; i += 2) {
1127 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1128 printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1129 }
1130 }
1131 rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
1132 ((index - pairwise_keys_start) * 2) + 0);
1133 rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
1134 ((index - pairwise_keys_start) * 2) + 1);
1135 *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
1136 *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
1137 printk(" MAC: %pM", mac);
1138 } else
1139 printk(" DEFAULT KEY");
1140 printk("\n");
1141 }
1142}
1143
1144void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1145{
1146 u32 macctl;
1147 u16 ucstat;
1148 bool hwps;
1149 bool awake;
1150 int i;
1151
1152 B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1153 (ps_flags & B43_PS_DISABLED));
1154 B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1155
1156 if (ps_flags & B43_PS_ENABLED) {
1157 hwps = true;
1158 } else if (ps_flags & B43_PS_DISABLED) {
1159 hwps = false;
1160 } else {
1161 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1162 // and thus is not an AP and we are associated, set bit 25
1163 }
1164 if (ps_flags & B43_PS_AWAKE) {
1165 awake = true;
1166 } else if (ps_flags & B43_PS_ASLEEP) {
1167 awake = false;
1168 } else {
1169 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1170 // or we are associated, or FIXME, or the latest PS-Poll packet sent was
1171 // successful, set bit26
1172 }
1173
1174/* FIXME: For now we force awake-on and hwps-off */
1175 hwps = false;
1176 awake = true;
1177
1178 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1179 if (hwps)
1180 macctl |= B43_MACCTL_HWPS;
1181 else
1182 macctl &= ~B43_MACCTL_HWPS;
1183 if (awake)
1184 macctl |= B43_MACCTL_AWAKE;
1185 else
1186 macctl &= ~B43_MACCTL_AWAKE;
1187 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1188 /* Commit write */
1189 b43_read32(dev, B43_MMIO_MACCTL);
1190 if (awake && dev->dev->core_rev >= 5) {
1191 /* Wait for the microcode to wake up. */
1192 for (i = 0; i < 100; i++) {
1193 ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1194 B43_SHM_SH_UCODESTAT);
1195 if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1196 break;
1197 udelay(10);
1198 }
1199 }
1200}
1201
1202/* https://bcm-v4.sipsolutions.net/802.11/PHY/BmacCorePllReset */
1203void b43_wireless_core_phy_pll_reset(struct b43_wldev *dev)
1204{
1205 struct bcma_drv_cc *bcma_cc __maybe_unused;
1206 struct ssb_chipcommon *ssb_cc __maybe_unused;
1207
1208 switch (dev->dev->bus_type) {
1209#ifdef CONFIG_B43_BCMA
1210 case B43_BUS_BCMA:
1211 bcma_cc = &dev->dev->bdev->bus->drv_cc;
1212
1213 bcma_cc_write32(bcma_cc, BCMA_CC_PMU_CHIPCTL_ADDR, 0);
1214 bcma_cc_mask32(bcma_cc, BCMA_CC_PMU_CHIPCTL_DATA, ~0x4);
1215 bcma_cc_set32(bcma_cc, BCMA_CC_PMU_CHIPCTL_DATA, 0x4);
1216 bcma_cc_mask32(bcma_cc, BCMA_CC_PMU_CHIPCTL_DATA, ~0x4);
1217 break;
1218#endif
1219#ifdef CONFIG_B43_SSB
1220 case B43_BUS_SSB:
1221 ssb_cc = &dev->dev->sdev->bus->chipco;
1222
1223 chipco_write32(ssb_cc, SSB_CHIPCO_CHIPCTL_ADDR, 0);
1224 chipco_mask32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, ~0x4);
1225 chipco_set32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, 0x4);
1226 chipco_mask32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, ~0x4);
1227 break;
1228#endif
1229 }
1230}
1231
1232#ifdef CONFIG_B43_BCMA
1233static void b43_bcma_phy_reset(struct b43_wldev *dev)
1234{
1235 u32 flags;
1236
1237 /* Put PHY into reset */
1238 flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1239 flags |= B43_BCMA_IOCTL_PHY_RESET;
1240 flags |= B43_BCMA_IOCTL_PHY_BW_20MHZ; /* Make 20 MHz def */
1241 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1242 udelay(2);
1243
1244 b43_phy_take_out_of_reset(dev);
1245}
1246
1247static void b43_bcma_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1248{
1249 u32 req = B43_BCMA_CLKCTLST_80211_PLL_REQ |
1250 B43_BCMA_CLKCTLST_PHY_PLL_REQ;
1251 u32 status = B43_BCMA_CLKCTLST_80211_PLL_ST |
1252 B43_BCMA_CLKCTLST_PHY_PLL_ST;
1253 u32 flags;
1254
1255 flags = B43_BCMA_IOCTL_PHY_CLKEN;
1256 if (gmode)
1257 flags |= B43_BCMA_IOCTL_GMODE;
1258 b43_device_enable(dev, flags);
1259
1260 if (dev->phy.type == B43_PHYTYPE_AC) {
1261 u16 tmp;
1262
1263 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1264 tmp &= ~B43_BCMA_IOCTL_DAC;
1265 tmp |= 0x100;
1266 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1267
1268 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1269 tmp &= ~B43_BCMA_IOCTL_PHY_CLKEN;
1270 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1271
1272 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1273 tmp |= B43_BCMA_IOCTL_PHY_CLKEN;
1274 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1275 }
1276
1277 bcma_core_set_clockmode(dev->dev->bdev, BCMA_CLKMODE_FAST);
1278 b43_bcma_phy_reset(dev);
1279 bcma_core_pll_ctl(dev->dev->bdev, req, status, true);
1280}
1281#endif
1282
1283#ifdef CONFIG_B43_SSB
1284static void b43_ssb_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1285{
1286 u32 flags = 0;
1287
1288 if (gmode)
1289 flags |= B43_TMSLOW_GMODE;
1290 flags |= B43_TMSLOW_PHYCLKEN;
1291 flags |= B43_TMSLOW_PHYRESET;
1292 if (dev->phy.type == B43_PHYTYPE_N)
1293 flags |= B43_TMSLOW_PHY_BANDWIDTH_20MHZ; /* Make 20 MHz def */
1294 b43_device_enable(dev, flags);
1295 msleep(2); /* Wait for the PLL to turn on. */
1296
1297 b43_phy_take_out_of_reset(dev);
1298}
1299#endif
1300
1301void b43_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1302{
1303 u32 macctl;
1304
1305 switch (dev->dev->bus_type) {
1306#ifdef CONFIG_B43_BCMA
1307 case B43_BUS_BCMA:
1308 b43_bcma_wireless_core_reset(dev, gmode);
1309 break;
1310#endif
1311#ifdef CONFIG_B43_SSB
1312 case B43_BUS_SSB:
1313 b43_ssb_wireless_core_reset(dev, gmode);
1314 break;
1315#endif
1316 }
1317
1318 /* Turn Analog ON, but only if we already know the PHY-type.
1319 * This protects against very early setup where we don't know the
1320 * PHY-type, yet. wireless_core_reset will be called once again later,
1321 * when we know the PHY-type. */
1322 if (dev->phy.ops)
1323 dev->phy.ops->switch_analog(dev, 1);
1324
1325 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1326 macctl &= ~B43_MACCTL_GMODE;
1327 if (gmode)
1328 macctl |= B43_MACCTL_GMODE;
1329 macctl |= B43_MACCTL_IHR_ENABLED;
1330 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1331}
1332
1333static void handle_irq_transmit_status(struct b43_wldev *dev)
1334{
1335 u32 v0, v1;
1336 u16 tmp;
1337 struct b43_txstatus stat;
1338
1339 while (1) {
1340 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1341 if (!(v0 & 0x00000001))
1342 break;
1343 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1344
1345 stat.cookie = (v0 >> 16);
1346 stat.seq = (v1 & 0x0000FFFF);
1347 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1348 tmp = (v0 & 0x0000FFFF);
1349 stat.frame_count = ((tmp & 0xF000) >> 12);
1350 stat.rts_count = ((tmp & 0x0F00) >> 8);
1351 stat.supp_reason = ((tmp & 0x001C) >> 2);
1352 stat.pm_indicated = !!(tmp & 0x0080);
1353 stat.intermediate = !!(tmp & 0x0040);
1354 stat.for_ampdu = !!(tmp & 0x0020);
1355 stat.acked = !!(tmp & 0x0002);
1356
1357 b43_handle_txstatus(dev, &stat);
1358 }
1359}
1360
1361static void drain_txstatus_queue(struct b43_wldev *dev)
1362{
1363 u32 dummy;
1364
1365 if (dev->dev->core_rev < 5)
1366 return;
1367 /* Read all entries from the microcode TXstatus FIFO
1368 * and throw them away.
1369 */
1370 while (1) {
1371 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1372 if (!(dummy & 0x00000001))
1373 break;
1374 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1375 }
1376}
1377
1378static u32 b43_jssi_read(struct b43_wldev *dev)
1379{
1380 u32 val = 0;
1381
1382 val = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1);
1383 val <<= 16;
1384 val |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0);
1385
1386 return val;
1387}
1388
1389static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1390{
1391 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0,
1392 (jssi & 0x0000FFFF));
1393 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1,
1394 (jssi & 0xFFFF0000) >> 16);
1395}
1396
1397static void b43_generate_noise_sample(struct b43_wldev *dev)
1398{
1399 b43_jssi_write(dev, 0x7F7F7F7F);
1400 b43_write32(dev, B43_MMIO_MACCMD,
1401 b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1402}
1403
1404static void b43_calculate_link_quality(struct b43_wldev *dev)
1405{
1406 /* Top half of Link Quality calculation. */
1407
1408 if (dev->phy.type != B43_PHYTYPE_G)
1409 return;
1410 if (dev->noisecalc.calculation_running)
1411 return;
1412 dev->noisecalc.calculation_running = true;
1413 dev->noisecalc.nr_samples = 0;
1414
1415 b43_generate_noise_sample(dev);
1416}
1417
1418static void handle_irq_noise(struct b43_wldev *dev)
1419{
1420 struct b43_phy_g *phy = dev->phy.g;
1421 u16 tmp;
1422 u8 noise[4];
1423 u8 i, j;
1424 s32 average;
1425
1426 /* Bottom half of Link Quality calculation. */
1427
1428 if (dev->phy.type != B43_PHYTYPE_G)
1429 return;
1430
1431 /* Possible race condition: It might be possible that the user
1432 * changed to a different channel in the meantime since we
1433 * started the calculation. We ignore that fact, since it's
1434 * not really that much of a problem. The background noise is
1435 * an estimation only anyway. Slightly wrong results will get damped
1436 * by the averaging of the 8 sample rounds. Additionally the
1437 * value is shortlived. So it will be replaced by the next noise
1438 * calculation round soon. */
1439
1440 B43_WARN_ON(!dev->noisecalc.calculation_running);
1441 *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1442 if (noise[0] == 0x7F || noise[1] == 0x7F ||
1443 noise[2] == 0x7F || noise[3] == 0x7F)
1444 goto generate_new;
1445
1446 /* Get the noise samples. */
1447 B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1448 i = dev->noisecalc.nr_samples;
1449 noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1450 noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1451 noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1452 noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1453 dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1454 dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1455 dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1456 dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1457 dev->noisecalc.nr_samples++;
1458 if (dev->noisecalc.nr_samples == 8) {
1459 /* Calculate the Link Quality by the noise samples. */
1460 average = 0;
1461 for (i = 0; i < 8; i++) {
1462 for (j = 0; j < 4; j++)
1463 average += dev->noisecalc.samples[i][j];
1464 }
1465 average /= (8 * 4);
1466 average *= 125;
1467 average += 64;
1468 average /= 128;
1469 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1470 tmp = (tmp / 128) & 0x1F;
1471 if (tmp >= 8)
1472 average += 2;
1473 else
1474 average -= 25;
1475 if (tmp == 8)
1476 average -= 72;
1477 else
1478 average -= 48;
1479
1480 dev->stats.link_noise = average;
1481 dev->noisecalc.calculation_running = false;
1482 return;
1483 }
1484generate_new:
1485 b43_generate_noise_sample(dev);
1486}
1487
1488static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1489{
1490 if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1491 ///TODO: PS TBTT
1492 } else {
1493 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1494 b43_power_saving_ctl_bits(dev, 0);
1495 }
1496 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1497 dev->dfq_valid = true;
1498}
1499
1500static void handle_irq_atim_end(struct b43_wldev *dev)
1501{
1502 if (dev->dfq_valid) {
1503 b43_write32(dev, B43_MMIO_MACCMD,
1504 b43_read32(dev, B43_MMIO_MACCMD)
1505 | B43_MACCMD_DFQ_VALID);
1506 dev->dfq_valid = false;
1507 }
1508}
1509
1510static void handle_irq_pmq(struct b43_wldev *dev)
1511{
1512 u32 tmp;
1513
1514 //TODO: AP mode.
1515
1516 while (1) {
1517 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1518 if (!(tmp & 0x00000008))
1519 break;
1520 }
1521 /* 16bit write is odd, but correct. */
1522 b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1523}
1524
1525static void b43_write_template_common(struct b43_wldev *dev,
1526 const u8 *data, u16 size,
1527 u16 ram_offset,
1528 u16 shm_size_offset, u8 rate)
1529{
1530 u32 i, tmp;
1531 struct b43_plcp_hdr4 plcp;
1532
1533 plcp.data = 0;
1534 b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1535 b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1536 ram_offset += sizeof(u32);
1537 /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1538 * So leave the first two bytes of the next write blank.
1539 */
1540 tmp = (u32) (data[0]) << 16;
1541 tmp |= (u32) (data[1]) << 24;
1542 b43_ram_write(dev, ram_offset, tmp);
1543 ram_offset += sizeof(u32);
1544 for (i = 2; i < size; i += sizeof(u32)) {
1545 tmp = (u32) (data[i + 0]);
1546 if (i + 1 < size)
1547 tmp |= (u32) (data[i + 1]) << 8;
1548 if (i + 2 < size)
1549 tmp |= (u32) (data[i + 2]) << 16;
1550 if (i + 3 < size)
1551 tmp |= (u32) (data[i + 3]) << 24;
1552 b43_ram_write(dev, ram_offset + i - 2, tmp);
1553 }
1554 b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1555 size + sizeof(struct b43_plcp_hdr6));
1556}
1557
1558/* Check if the use of the antenna that ieee80211 told us to
1559 * use is possible. This will fall back to DEFAULT.
1560 * "antenna_nr" is the antenna identifier we got from ieee80211. */
1561u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1562 u8 antenna_nr)
1563{
1564 u8 antenna_mask;
1565
1566 if (antenna_nr == 0) {
1567 /* Zero means "use default antenna". That's always OK. */
1568 return 0;
1569 }
1570
1571 /* Get the mask of available antennas. */
1572 if (dev->phy.gmode)
1573 antenna_mask = dev->dev->bus_sprom->ant_available_bg;
1574 else
1575 antenna_mask = dev->dev->bus_sprom->ant_available_a;
1576
1577 if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1578 /* This antenna is not available. Fall back to default. */
1579 return 0;
1580 }
1581
1582 return antenna_nr;
1583}
1584
1585/* Convert a b43 antenna number value to the PHY TX control value. */
1586static u16 b43_antenna_to_phyctl(int antenna)
1587{
1588 switch (antenna) {
1589 case B43_ANTENNA0:
1590 return B43_TXH_PHY_ANT0;
1591 case B43_ANTENNA1:
1592 return B43_TXH_PHY_ANT1;
1593 case B43_ANTENNA2:
1594 return B43_TXH_PHY_ANT2;
1595 case B43_ANTENNA3:
1596 return B43_TXH_PHY_ANT3;
1597 case B43_ANTENNA_AUTO0:
1598 case B43_ANTENNA_AUTO1:
1599 return B43_TXH_PHY_ANT01AUTO;
1600 }
1601 B43_WARN_ON(1);
1602 return 0;
1603}
1604
1605static void b43_write_beacon_template(struct b43_wldev *dev,
1606 u16 ram_offset,
1607 u16 shm_size_offset)
1608{
1609 unsigned int i, len, variable_len;
1610 const struct ieee80211_mgmt *bcn;
1611 const u8 *ie;
1612 bool tim_found = false;
1613 unsigned int rate;
1614 u16 ctl;
1615 int antenna;
1616 struct ieee80211_tx_info *info;
1617 unsigned long flags;
1618 struct sk_buff *beacon_skb;
1619
1620 spin_lock_irqsave(&dev->wl->beacon_lock, flags);
1621 info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1622 rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1623 /* Clone the beacon, so it cannot go away, while we write it to hw. */
1624 beacon_skb = skb_clone(dev->wl->current_beacon, GFP_ATOMIC);
1625 spin_unlock_irqrestore(&dev->wl->beacon_lock, flags);
1626
1627 if (!beacon_skb) {
1628 b43dbg(dev->wl, "Could not upload beacon. "
1629 "Failed to clone beacon skb.");
1630 return;
1631 }
1632
1633 bcn = (const struct ieee80211_mgmt *)(beacon_skb->data);
1634 len = min_t(size_t, beacon_skb->len,
1635 0x200 - sizeof(struct b43_plcp_hdr6));
1636
1637 b43_write_template_common(dev, (const u8 *)bcn,
1638 len, ram_offset, shm_size_offset, rate);
1639
1640 /* Write the PHY TX control parameters. */
1641 antenna = B43_ANTENNA_DEFAULT;
1642 antenna = b43_antenna_to_phyctl(antenna);
1643 ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1644 /* We can't send beacons with short preamble. Would get PHY errors. */
1645 ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1646 ctl &= ~B43_TXH_PHY_ANT;
1647 ctl &= ~B43_TXH_PHY_ENC;
1648 ctl |= antenna;
1649 if (b43_is_cck_rate(rate))
1650 ctl |= B43_TXH_PHY_ENC_CCK;
1651 else
1652 ctl |= B43_TXH_PHY_ENC_OFDM;
1653 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1654
1655 /* Find the position of the TIM and the DTIM_period value
1656 * and write them to SHM. */
1657 ie = bcn->u.beacon.variable;
1658 variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1659 for (i = 0; i < variable_len - 2; ) {
1660 uint8_t ie_id, ie_len;
1661
1662 ie_id = ie[i];
1663 ie_len = ie[i + 1];
1664 if (ie_id == 5) {
1665 u16 tim_position;
1666 u16 dtim_period;
1667 /* This is the TIM Information Element */
1668
1669 /* Check whether the ie_len is in the beacon data range. */
1670 if (variable_len < ie_len + 2 + i)
1671 break;
1672 /* A valid TIM is at least 4 bytes long. */
1673 if (ie_len < 4)
1674 break;
1675 tim_found = true;
1676
1677 tim_position = sizeof(struct b43_plcp_hdr6);
1678 tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1679 tim_position += i;
1680
1681 dtim_period = ie[i + 3];
1682
1683 b43_shm_write16(dev, B43_SHM_SHARED,
1684 B43_SHM_SH_TIMBPOS, tim_position);
1685 b43_shm_write16(dev, B43_SHM_SHARED,
1686 B43_SHM_SH_DTIMPER, dtim_period);
1687 break;
1688 }
1689 i += ie_len + 2;
1690 }
1691 if (!tim_found) {
1692 /*
1693 * If ucode wants to modify TIM do it behind the beacon, this
1694 * will happen, for example, when doing mesh networking.
1695 */
1696 b43_shm_write16(dev, B43_SHM_SHARED,
1697 B43_SHM_SH_TIMBPOS,
1698 len + sizeof(struct b43_plcp_hdr6));
1699 b43_shm_write16(dev, B43_SHM_SHARED,
1700 B43_SHM_SH_DTIMPER, 0);
1701 }
1702 b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1703
1704 dev_kfree_skb_any(beacon_skb);
1705}
1706
1707static void b43_upload_beacon0(struct b43_wldev *dev)
1708{
1709 struct b43_wl *wl = dev->wl;
1710
1711 if (wl->beacon0_uploaded)
1712 return;
1713 b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE0, B43_SHM_SH_BTL0);
1714 wl->beacon0_uploaded = true;
1715}
1716
1717static void b43_upload_beacon1(struct b43_wldev *dev)
1718{
1719 struct b43_wl *wl = dev->wl;
1720
1721 if (wl->beacon1_uploaded)
1722 return;
1723 b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE1, B43_SHM_SH_BTL1);
1724 wl->beacon1_uploaded = true;
1725}
1726
1727static void handle_irq_beacon(struct b43_wldev *dev)
1728{
1729 struct b43_wl *wl = dev->wl;
1730 u32 cmd, beacon0_valid, beacon1_valid;
1731
1732 if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1733 !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) &&
1734 !b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
1735 return;
1736
1737 /* This is the bottom half of the asynchronous beacon update. */
1738
1739 /* Ignore interrupt in the future. */
1740 dev->irq_mask &= ~B43_IRQ_BEACON;
1741
1742 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1743 beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1744 beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1745
1746 /* Schedule interrupt manually, if busy. */
1747 if (beacon0_valid && beacon1_valid) {
1748 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1749 dev->irq_mask |= B43_IRQ_BEACON;
1750 return;
1751 }
1752
1753 if (unlikely(wl->beacon_templates_virgin)) {
1754 /* We never uploaded a beacon before.
1755 * Upload both templates now, but only mark one valid. */
1756 wl->beacon_templates_virgin = false;
1757 b43_upload_beacon0(dev);
1758 b43_upload_beacon1(dev);
1759 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1760 cmd |= B43_MACCMD_BEACON0_VALID;
1761 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1762 } else {
1763 if (!beacon0_valid) {
1764 b43_upload_beacon0(dev);
1765 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1766 cmd |= B43_MACCMD_BEACON0_VALID;
1767 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1768 } else if (!beacon1_valid) {
1769 b43_upload_beacon1(dev);
1770 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1771 cmd |= B43_MACCMD_BEACON1_VALID;
1772 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1773 }
1774 }
1775}
1776
1777static void b43_do_beacon_update_trigger_work(struct b43_wldev *dev)
1778{
1779 u32 old_irq_mask = dev->irq_mask;
1780
1781 /* update beacon right away or defer to irq */
1782 handle_irq_beacon(dev);
1783 if (old_irq_mask != dev->irq_mask) {
1784 /* The handler updated the IRQ mask. */
1785 B43_WARN_ON(!dev->irq_mask);
1786 if (b43_read32(dev, B43_MMIO_GEN_IRQ_MASK)) {
1787 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1788 } else {
1789 /* Device interrupts are currently disabled. That means
1790 * we just ran the hardirq handler and scheduled the
1791 * IRQ thread. The thread will write the IRQ mask when
1792 * it finished, so there's nothing to do here. Writing
1793 * the mask _here_ would incorrectly re-enable IRQs. */
1794 }
1795 }
1796}
1797
1798static void b43_beacon_update_trigger_work(struct work_struct *work)
1799{
1800 struct b43_wl *wl = container_of(work, struct b43_wl,
1801 beacon_update_trigger);
1802 struct b43_wldev *dev;
1803
1804 mutex_lock(&wl->mutex);
1805 dev = wl->current_dev;
1806 if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1807 if (b43_bus_host_is_sdio(dev->dev)) {
1808 /* wl->mutex is enough. */
1809 b43_do_beacon_update_trigger_work(dev);
1810 } else {
1811 spin_lock_irq(&wl->hardirq_lock);
1812 b43_do_beacon_update_trigger_work(dev);
1813 spin_unlock_irq(&wl->hardirq_lock);
1814 }
1815 }
1816 mutex_unlock(&wl->mutex);
1817}
1818
1819/* Asynchronously update the packet templates in template RAM. */
1820static void b43_update_templates(struct b43_wl *wl)
1821{
1822 struct sk_buff *beacon, *old_beacon;
1823 unsigned long flags;
1824
1825 /* This is the top half of the asynchronous beacon update.
1826 * The bottom half is the beacon IRQ.
1827 * Beacon update must be asynchronous to avoid sending an
1828 * invalid beacon. This can happen for example, if the firmware
1829 * transmits a beacon while we are updating it. */
1830
1831 /* We could modify the existing beacon and set the aid bit in
1832 * the TIM field, but that would probably require resizing and
1833 * moving of data within the beacon template.
1834 * Simply request a new beacon and let mac80211 do the hard work. */
1835 beacon = ieee80211_beacon_get(wl->hw, wl->vif, 0);
1836 if (unlikely(!beacon))
1837 return;
1838
1839 spin_lock_irqsave(&wl->beacon_lock, flags);
1840 old_beacon = wl->current_beacon;
1841 wl->current_beacon = beacon;
1842 wl->beacon0_uploaded = false;
1843 wl->beacon1_uploaded = false;
1844 spin_unlock_irqrestore(&wl->beacon_lock, flags);
1845
1846 ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1847
1848 if (old_beacon)
1849 dev_kfree_skb_any(old_beacon);
1850}
1851
1852static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1853{
1854 b43_time_lock(dev);
1855 if (dev->dev->core_rev >= 3) {
1856 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1857 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1858 } else {
1859 b43_write16(dev, 0x606, (beacon_int >> 6));
1860 b43_write16(dev, 0x610, beacon_int);
1861 }
1862 b43_time_unlock(dev);
1863 b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1864}
1865
1866static void b43_handle_firmware_panic(struct b43_wldev *dev)
1867{
1868 u16 reason;
1869
1870 /* Read the register that contains the reason code for the panic. */
1871 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1872 b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1873
1874 switch (reason) {
1875 default:
1876 b43dbg(dev->wl, "The panic reason is unknown.\n");
1877 fallthrough;
1878 case B43_FWPANIC_DIE:
1879 /* Do not restart the controller or firmware.
1880 * The device is nonfunctional from now on.
1881 * Restarting would result in this panic to trigger again,
1882 * so we avoid that recursion. */
1883 break;
1884 case B43_FWPANIC_RESTART:
1885 b43_controller_restart(dev, "Microcode panic");
1886 break;
1887 }
1888}
1889
1890static void handle_irq_ucode_debug(struct b43_wldev *dev)
1891{
1892 unsigned int i, cnt;
1893 u16 reason, marker_id, marker_line;
1894 __le16 *buf;
1895
1896 /* The proprietary firmware doesn't have this IRQ. */
1897 if (!dev->fw.opensource)
1898 return;
1899
1900 /* Read the register that contains the reason code for this IRQ. */
1901 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1902
1903 switch (reason) {
1904 case B43_DEBUGIRQ_PANIC:
1905 b43_handle_firmware_panic(dev);
1906 break;
1907 case B43_DEBUGIRQ_DUMP_SHM:
1908 if (!B43_DEBUG)
1909 break; /* Only with driver debugging enabled. */
1910 buf = kmalloc(4096, GFP_ATOMIC);
1911 if (!buf) {
1912 b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1913 goto out;
1914 }
1915 for (i = 0; i < 4096; i += 2) {
1916 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1917 buf[i / 2] = cpu_to_le16(tmp);
1918 }
1919 b43info(dev->wl, "Shared memory dump:\n");
1920 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1921 16, 2, buf, 4096, 1);
1922 kfree(buf);
1923 break;
1924 case B43_DEBUGIRQ_DUMP_REGS:
1925 if (!B43_DEBUG)
1926 break; /* Only with driver debugging enabled. */
1927 b43info(dev->wl, "Microcode register dump:\n");
1928 for (i = 0, cnt = 0; i < 64; i++) {
1929 u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1930 if (cnt == 0)
1931 printk(KERN_INFO);
1932 printk("r%02u: 0x%04X ", i, tmp);
1933 cnt++;
1934 if (cnt == 6) {
1935 printk("\n");
1936 cnt = 0;
1937 }
1938 }
1939 printk("\n");
1940 break;
1941 case B43_DEBUGIRQ_MARKER:
1942 if (!B43_DEBUG)
1943 break; /* Only with driver debugging enabled. */
1944 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1945 B43_MARKER_ID_REG);
1946 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1947 B43_MARKER_LINE_REG);
1948 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1949 "at line number %u\n",
1950 marker_id, marker_line);
1951 break;
1952 default:
1953 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1954 reason);
1955 }
1956out:
1957 /* Acknowledge the debug-IRQ, so the firmware can continue. */
1958 b43_shm_write16(dev, B43_SHM_SCRATCH,
1959 B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1960}
1961
1962static void b43_do_interrupt_thread(struct b43_wldev *dev)
1963{
1964 u32 reason;
1965 u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1966 u32 merged_dma_reason = 0;
1967 int i;
1968
1969 if (unlikely(b43_status(dev) != B43_STAT_STARTED))
1970 return;
1971
1972 reason = dev->irq_reason;
1973 for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1974 dma_reason[i] = dev->dma_reason[i];
1975 merged_dma_reason |= dma_reason[i];
1976 }
1977
1978 if (unlikely(reason & B43_IRQ_MAC_TXERR))
1979 b43err(dev->wl, "MAC transmission error\n");
1980
1981 if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1982 b43err(dev->wl, "PHY transmission error\n");
1983 rmb();
1984 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1985 atomic_set(&dev->phy.txerr_cnt,
1986 B43_PHY_TX_BADNESS_LIMIT);
1987 b43err(dev->wl, "Too many PHY TX errors, "
1988 "restarting the controller\n");
1989 b43_controller_restart(dev, "PHY TX errors");
1990 }
1991 }
1992
1993 if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK))) {
1994 b43err(dev->wl,
1995 "Fatal DMA error: 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X\n",
1996 dma_reason[0], dma_reason[1],
1997 dma_reason[2], dma_reason[3],
1998 dma_reason[4], dma_reason[5]);
1999 b43err(dev->wl, "This device does not support DMA "
2000 "on your system. It will now be switched to PIO.\n");
2001 /* Fall back to PIO transfers if we get fatal DMA errors! */
2002 dev->use_pio = true;
2003 b43_controller_restart(dev, "DMA error");
2004 return;
2005 }
2006
2007 if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
2008 handle_irq_ucode_debug(dev);
2009 if (reason & B43_IRQ_TBTT_INDI)
2010 handle_irq_tbtt_indication(dev);
2011 if (reason & B43_IRQ_ATIM_END)
2012 handle_irq_atim_end(dev);
2013 if (reason & B43_IRQ_BEACON)
2014 handle_irq_beacon(dev);
2015 if (reason & B43_IRQ_PMQ)
2016 handle_irq_pmq(dev);
2017 if (reason & B43_IRQ_TXFIFO_FLUSH_OK) {
2018 ;/* TODO */
2019 }
2020 if (reason & B43_IRQ_NOISESAMPLE_OK)
2021 handle_irq_noise(dev);
2022
2023 /* Check the DMA reason registers for received data. */
2024 if (dma_reason[0] & B43_DMAIRQ_RDESC_UFLOW) {
2025 if (B43_DEBUG)
2026 b43warn(dev->wl, "RX descriptor underrun\n");
2027 b43_dma_handle_rx_overflow(dev->dma.rx_ring);
2028 }
2029 if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
2030 if (b43_using_pio_transfers(dev))
2031 b43_pio_rx(dev->pio.rx_queue);
2032 else
2033 b43_dma_rx(dev->dma.rx_ring);
2034 }
2035 B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
2036 B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
2037 B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
2038 B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
2039 B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
2040
2041 if (reason & B43_IRQ_TX_OK)
2042 handle_irq_transmit_status(dev);
2043
2044 /* Re-enable interrupts on the device by restoring the current interrupt mask. */
2045 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
2046
2047#if B43_DEBUG
2048 if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
2049 dev->irq_count++;
2050 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
2051 if (reason & (1 << i))
2052 dev->irq_bit_count[i]++;
2053 }
2054 }
2055#endif
2056}
2057
2058/* Interrupt thread handler. Handles device interrupts in thread context. */
2059static irqreturn_t b43_interrupt_thread_handler(int irq, void *dev_id)
2060{
2061 struct b43_wldev *dev = dev_id;
2062
2063 mutex_lock(&dev->wl->mutex);
2064 b43_do_interrupt_thread(dev);
2065 mutex_unlock(&dev->wl->mutex);
2066
2067 return IRQ_HANDLED;
2068}
2069
2070static irqreturn_t b43_do_interrupt(struct b43_wldev *dev)
2071{
2072 u32 reason;
2073
2074 /* This code runs under wl->hardirq_lock, but _only_ on non-SDIO busses.
2075 * On SDIO, this runs under wl->mutex. */
2076
2077 reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2078 if (reason == 0xffffffff) /* shared IRQ */
2079 return IRQ_NONE;
2080 reason &= dev->irq_mask;
2081 if (!reason)
2082 return IRQ_NONE;
2083
2084 dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
2085 & 0x0001FC00;
2086 dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
2087 & 0x0000DC00;
2088 dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
2089 & 0x0000DC00;
2090 dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
2091 & 0x0001DC00;
2092 dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
2093 & 0x0000DC00;
2094/* Unused ring
2095 dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
2096 & 0x0000DC00;
2097*/
2098
2099 /* ACK the interrupt. */
2100 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
2101 b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
2102 b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
2103 b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
2104 b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
2105 b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
2106/* Unused ring
2107 b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
2108*/
2109
2110 /* Disable IRQs on the device. The IRQ thread handler will re-enable them. */
2111 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
2112 /* Save the reason bitmasks for the IRQ thread handler. */
2113 dev->irq_reason = reason;
2114
2115 return IRQ_WAKE_THREAD;
2116}
2117
2118/* Interrupt handler top-half. This runs with interrupts disabled. */
2119static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
2120{
2121 struct b43_wldev *dev = dev_id;
2122 irqreturn_t ret;
2123
2124 if (unlikely(b43_status(dev) < B43_STAT_STARTED))
2125 return IRQ_NONE;
2126
2127 spin_lock(&dev->wl->hardirq_lock);
2128 ret = b43_do_interrupt(dev);
2129 spin_unlock(&dev->wl->hardirq_lock);
2130
2131 return ret;
2132}
2133
2134/* SDIO interrupt handler. This runs in process context. */
2135static void b43_sdio_interrupt_handler(struct b43_wldev *dev)
2136{
2137 struct b43_wl *wl = dev->wl;
2138 irqreturn_t ret;
2139
2140 mutex_lock(&wl->mutex);
2141
2142 ret = b43_do_interrupt(dev);
2143 if (ret == IRQ_WAKE_THREAD)
2144 b43_do_interrupt_thread(dev);
2145
2146 mutex_unlock(&wl->mutex);
2147}
2148
2149void b43_do_release_fw(struct b43_firmware_file *fw)
2150{
2151 release_firmware(fw->data);
2152 fw->data = NULL;
2153 fw->filename = NULL;
2154}
2155
2156static void b43_release_firmware(struct b43_wldev *dev)
2157{
2158 complete(&dev->fw_load_complete);
2159 b43_do_release_fw(&dev->fw.ucode);
2160 b43_do_release_fw(&dev->fw.pcm);
2161 b43_do_release_fw(&dev->fw.initvals);
2162 b43_do_release_fw(&dev->fw.initvals_band);
2163}
2164
2165static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
2166{
2167 const char text[] =
2168 "You must go to " \
2169 "https://wireless.wiki.kernel.org/en/users/Drivers/b43#devicefirmware " \
2170 "and download the correct firmware for this driver version. " \
2171 "Please carefully read all instructions on this website.\n";
2172
2173 if (error)
2174 b43err(wl, text);
2175 else
2176 b43warn(wl, text);
2177}
2178
2179static void b43_fw_cb(const struct firmware *firmware, void *context)
2180{
2181 struct b43_request_fw_context *ctx = context;
2182
2183 ctx->blob = firmware;
2184 complete(&ctx->dev->fw_load_complete);
2185}
2186
2187int b43_do_request_fw(struct b43_request_fw_context *ctx,
2188 const char *name,
2189 struct b43_firmware_file *fw, bool async)
2190{
2191 struct b43_fw_header *hdr;
2192 u32 size;
2193 int err;
2194
2195 if (!name) {
2196 /* Don't fetch anything. Free possibly cached firmware. */
2197 /* FIXME: We should probably keep it anyway, to save some headache
2198 * on suspend/resume with multiband devices. */
2199 b43_do_release_fw(fw);
2200 return 0;
2201 }
2202 if (fw->filename) {
2203 if ((fw->type == ctx->req_type) &&
2204 (strcmp(fw->filename, name) == 0))
2205 return 0; /* Already have this fw. */
2206 /* Free the cached firmware first. */
2207 /* FIXME: We should probably do this later after we successfully
2208 * got the new fw. This could reduce headache with multiband devices.
2209 * We could also redesign this to cache the firmware for all possible
2210 * bands all the time. */
2211 b43_do_release_fw(fw);
2212 }
2213
2214 switch (ctx->req_type) {
2215 case B43_FWTYPE_PROPRIETARY:
2216 snprintf(ctx->fwname, sizeof(ctx->fwname),
2217 "b43%s/%s.fw",
2218 modparam_fwpostfix, name);
2219 break;
2220 case B43_FWTYPE_OPENSOURCE:
2221 snprintf(ctx->fwname, sizeof(ctx->fwname),
2222 "b43-open%s/%s.fw",
2223 modparam_fwpostfix, name);
2224 break;
2225 default:
2226 B43_WARN_ON(1);
2227 return -ENOSYS;
2228 }
2229 if (async) {
2230 /* do this part asynchronously */
2231 init_completion(&ctx->dev->fw_load_complete);
2232 err = request_firmware_nowait(THIS_MODULE, 1, ctx->fwname,
2233 ctx->dev->dev->dev, GFP_KERNEL,
2234 ctx, b43_fw_cb);
2235 if (err < 0) {
2236 pr_err("Unable to load firmware\n");
2237 return err;
2238 }
2239 wait_for_completion(&ctx->dev->fw_load_complete);
2240 if (ctx->blob)
2241 goto fw_ready;
2242 /* On some ARM systems, the async request will fail, but the next sync
2243 * request works. For this reason, we fall through here
2244 */
2245 }
2246 err = request_firmware(&ctx->blob, ctx->fwname,
2247 ctx->dev->dev->dev);
2248 if (err == -ENOENT) {
2249 snprintf(ctx->errors[ctx->req_type],
2250 sizeof(ctx->errors[ctx->req_type]),
2251 "Firmware file \"%s\" not found\n",
2252 ctx->fwname);
2253 return err;
2254 } else if (err) {
2255 snprintf(ctx->errors[ctx->req_type],
2256 sizeof(ctx->errors[ctx->req_type]),
2257 "Firmware file \"%s\" request failed (err=%d)\n",
2258 ctx->fwname, err);
2259 return err;
2260 }
2261fw_ready:
2262 if (ctx->blob->size < sizeof(struct b43_fw_header))
2263 goto err_format;
2264 hdr = (struct b43_fw_header *)(ctx->blob->data);
2265 switch (hdr->type) {
2266 case B43_FW_TYPE_UCODE:
2267 case B43_FW_TYPE_PCM:
2268 size = be32_to_cpu(hdr->size);
2269 if (size != ctx->blob->size - sizeof(struct b43_fw_header))
2270 goto err_format;
2271 fallthrough;
2272 case B43_FW_TYPE_IV:
2273 if (hdr->ver != 1)
2274 goto err_format;
2275 break;
2276 default:
2277 goto err_format;
2278 }
2279
2280 fw->data = ctx->blob;
2281 fw->filename = name;
2282 fw->type = ctx->req_type;
2283
2284 return 0;
2285
2286err_format:
2287 snprintf(ctx->errors[ctx->req_type],
2288 sizeof(ctx->errors[ctx->req_type]),
2289 "Firmware file \"%s\" format error.\n", ctx->fwname);
2290 release_firmware(ctx->blob);
2291
2292 return -EPROTO;
2293}
2294
2295/* https://bcm-v4.sipsolutions.net/802.11/Init/Firmware */
2296static int b43_try_request_fw(struct b43_request_fw_context *ctx)
2297{
2298 struct b43_wldev *dev = ctx->dev;
2299 struct b43_firmware *fw = &ctx->dev->fw;
2300 struct b43_phy *phy = &dev->phy;
2301 const u8 rev = ctx->dev->dev->core_rev;
2302 const char *filename;
2303 int err;
2304
2305 /* Get microcode */
2306 filename = NULL;
2307 switch (rev) {
2308 case 42:
2309 if (phy->type == B43_PHYTYPE_AC)
2310 filename = "ucode42";
2311 break;
2312 case 40:
2313 if (phy->type == B43_PHYTYPE_AC)
2314 filename = "ucode40";
2315 break;
2316 case 33:
2317 if (phy->type == B43_PHYTYPE_LCN40)
2318 filename = "ucode33_lcn40";
2319 break;
2320 case 30:
2321 if (phy->type == B43_PHYTYPE_N)
2322 filename = "ucode30_mimo";
2323 break;
2324 case 29:
2325 if (phy->type == B43_PHYTYPE_HT)
2326 filename = "ucode29_mimo";
2327 break;
2328 case 26:
2329 if (phy->type == B43_PHYTYPE_HT)
2330 filename = "ucode26_mimo";
2331 break;
2332 case 28:
2333 case 25:
2334 if (phy->type == B43_PHYTYPE_N)
2335 filename = "ucode25_mimo";
2336 else if (phy->type == B43_PHYTYPE_LCN)
2337 filename = "ucode25_lcn";
2338 break;
2339 case 24:
2340 if (phy->type == B43_PHYTYPE_LCN)
2341 filename = "ucode24_lcn";
2342 break;
2343 case 23:
2344 if (phy->type == B43_PHYTYPE_N)
2345 filename = "ucode16_mimo";
2346 break;
2347 case 16 ... 19:
2348 if (phy->type == B43_PHYTYPE_N)
2349 filename = "ucode16_mimo";
2350 else if (phy->type == B43_PHYTYPE_LP)
2351 filename = "ucode16_lp";
2352 break;
2353 case 15:
2354 filename = "ucode15";
2355 break;
2356 case 14:
2357 filename = "ucode14";
2358 break;
2359 case 13:
2360 filename = "ucode13";
2361 break;
2362 case 11 ... 12:
2363 filename = "ucode11";
2364 break;
2365 case 5 ... 10:
2366 filename = "ucode5";
2367 break;
2368 }
2369 if (!filename)
2370 goto err_no_ucode;
2371 err = b43_do_request_fw(ctx, filename, &fw->ucode, true);
2372 if (err)
2373 goto err_load;
2374
2375 /* Get PCM code */
2376 if ((rev >= 5) && (rev <= 10))
2377 filename = "pcm5";
2378 else if (rev >= 11)
2379 filename = NULL;
2380 else
2381 goto err_no_pcm;
2382 fw->pcm_request_failed = false;
2383 err = b43_do_request_fw(ctx, filename, &fw->pcm, false);
2384 if (err == -ENOENT) {
2385 /* We did not find a PCM file? Not fatal, but
2386 * core rev <= 10 must do without hwcrypto then. */
2387 fw->pcm_request_failed = true;
2388 } else if (err)
2389 goto err_load;
2390
2391 /* Get initvals */
2392 filename = NULL;
2393 switch (dev->phy.type) {
2394 case B43_PHYTYPE_G:
2395 if (rev == 13)
2396 filename = "b0g0initvals13";
2397 else if (rev >= 5 && rev <= 10)
2398 filename = "b0g0initvals5";
2399 break;
2400 case B43_PHYTYPE_N:
2401 if (rev == 30)
2402 filename = "n16initvals30";
2403 else if (rev == 28 || rev == 25)
2404 filename = "n0initvals25";
2405 else if (rev == 24)
2406 filename = "n0initvals24";
2407 else if (rev == 23)
2408 filename = "n0initvals16"; /* What about n0initvals22? */
2409 else if (rev >= 16 && rev <= 18)
2410 filename = "n0initvals16";
2411 else if (rev >= 11 && rev <= 12)
2412 filename = "n0initvals11";
2413 break;
2414 case B43_PHYTYPE_LP:
2415 if (rev >= 16 && rev <= 18)
2416 filename = "lp0initvals16";
2417 else if (rev == 15)
2418 filename = "lp0initvals15";
2419 else if (rev == 14)
2420 filename = "lp0initvals14";
2421 else if (rev == 13)
2422 filename = "lp0initvals13";
2423 break;
2424 case B43_PHYTYPE_HT:
2425 if (rev == 29)
2426 filename = "ht0initvals29";
2427 else if (rev == 26)
2428 filename = "ht0initvals26";
2429 break;
2430 case B43_PHYTYPE_LCN:
2431 if (rev == 24)
2432 filename = "lcn0initvals24";
2433 break;
2434 case B43_PHYTYPE_LCN40:
2435 if (rev == 33)
2436 filename = "lcn400initvals33";
2437 break;
2438 case B43_PHYTYPE_AC:
2439 if (rev == 42)
2440 filename = "ac1initvals42";
2441 else if (rev == 40)
2442 filename = "ac0initvals40";
2443 break;
2444 }
2445 if (!filename)
2446 goto err_no_initvals;
2447 err = b43_do_request_fw(ctx, filename, &fw->initvals, false);
2448 if (err)
2449 goto err_load;
2450
2451 /* Get bandswitch initvals */
2452 filename = NULL;
2453 switch (dev->phy.type) {
2454 case B43_PHYTYPE_G:
2455 if (rev == 13)
2456 filename = "b0g0bsinitvals13";
2457 else if (rev >= 5 && rev <= 10)
2458 filename = "b0g0bsinitvals5";
2459 break;
2460 case B43_PHYTYPE_N:
2461 if (rev == 30)
2462 filename = "n16bsinitvals30";
2463 else if (rev == 28 || rev == 25)
2464 filename = "n0bsinitvals25";
2465 else if (rev == 24)
2466 filename = "n0bsinitvals24";
2467 else if (rev == 23)
2468 filename = "n0bsinitvals16"; /* What about n0bsinitvals22? */
2469 else if (rev >= 16 && rev <= 18)
2470 filename = "n0bsinitvals16";
2471 else if (rev >= 11 && rev <= 12)
2472 filename = "n0bsinitvals11";
2473 break;
2474 case B43_PHYTYPE_LP:
2475 if (rev >= 16 && rev <= 18)
2476 filename = "lp0bsinitvals16";
2477 else if (rev == 15)
2478 filename = "lp0bsinitvals15";
2479 else if (rev == 14)
2480 filename = "lp0bsinitvals14";
2481 else if (rev == 13)
2482 filename = "lp0bsinitvals13";
2483 break;
2484 case B43_PHYTYPE_HT:
2485 if (rev == 29)
2486 filename = "ht0bsinitvals29";
2487 else if (rev == 26)
2488 filename = "ht0bsinitvals26";
2489 break;
2490 case B43_PHYTYPE_LCN:
2491 if (rev == 24)
2492 filename = "lcn0bsinitvals24";
2493 break;
2494 case B43_PHYTYPE_LCN40:
2495 if (rev == 33)
2496 filename = "lcn400bsinitvals33";
2497 break;
2498 case B43_PHYTYPE_AC:
2499 if (rev == 42)
2500 filename = "ac1bsinitvals42";
2501 else if (rev == 40)
2502 filename = "ac0bsinitvals40";
2503 break;
2504 }
2505 if (!filename)
2506 goto err_no_initvals;
2507 err = b43_do_request_fw(ctx, filename, &fw->initvals_band, false);
2508 if (err)
2509 goto err_load;
2510
2511 fw->opensource = (ctx->req_type == B43_FWTYPE_OPENSOURCE);
2512
2513 return 0;
2514
2515err_no_ucode:
2516 err = ctx->fatal_failure = -EOPNOTSUPP;
2517 b43err(dev->wl, "The driver does not know which firmware (ucode) "
2518 "is required for your device (wl-core rev %u)\n", rev);
2519 goto error;
2520
2521err_no_pcm:
2522 err = ctx->fatal_failure = -EOPNOTSUPP;
2523 b43err(dev->wl, "The driver does not know which firmware (PCM) "
2524 "is required for your device (wl-core rev %u)\n", rev);
2525 goto error;
2526
2527err_no_initvals:
2528 err = ctx->fatal_failure = -EOPNOTSUPP;
2529 b43err(dev->wl, "The driver does not know which firmware (initvals) "
2530 "is required for your device (wl-core rev %u)\n", rev);
2531 goto error;
2532
2533err_load:
2534 /* We failed to load this firmware image. The error message
2535 * already is in ctx->errors. Return and let our caller decide
2536 * what to do. */
2537 goto error;
2538
2539error:
2540 b43_release_firmware(dev);
2541 return err;
2542}
2543
2544static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl);
2545static void b43_one_core_detach(struct b43_bus_dev *dev);
2546static int b43_rng_init(struct b43_wl *wl);
2547
2548static void b43_request_firmware(struct work_struct *work)
2549{
2550 struct b43_wl *wl = container_of(work,
2551 struct b43_wl, firmware_load);
2552 struct b43_wldev *dev = wl->current_dev;
2553 struct b43_request_fw_context *ctx;
2554 unsigned int i;
2555 int err;
2556 const char *errmsg;
2557
2558 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2559 if (!ctx)
2560 return;
2561 ctx->dev = dev;
2562
2563 ctx->req_type = B43_FWTYPE_PROPRIETARY;
2564 err = b43_try_request_fw(ctx);
2565 if (!err)
2566 goto start_ieee80211; /* Successfully loaded it. */
2567 /* Was fw version known? */
2568 if (ctx->fatal_failure)
2569 goto out;
2570
2571 /* proprietary fw not found, try open source */
2572 ctx->req_type = B43_FWTYPE_OPENSOURCE;
2573 err = b43_try_request_fw(ctx);
2574 if (!err)
2575 goto start_ieee80211; /* Successfully loaded it. */
2576 if(ctx->fatal_failure)
2577 goto out;
2578
2579 /* Could not find a usable firmware. Print the errors. */
2580 for (i = 0; i < B43_NR_FWTYPES; i++) {
2581 errmsg = ctx->errors[i];
2582 if (strlen(errmsg))
2583 b43err(dev->wl, "%s", errmsg);
2584 }
2585 b43_print_fw_helptext(dev->wl, 1);
2586 goto out;
2587
2588start_ieee80211:
2589 wl->hw->queues = B43_QOS_QUEUE_NUM;
2590 if (!modparam_qos || dev->fw.opensource ||
2591 dev->dev->chip_id == BCMA_CHIP_ID_BCM4331)
2592 wl->hw->queues = 1;
2593
2594 err = ieee80211_register_hw(wl->hw);
2595 if (err)
2596 goto out;
2597 wl->hw_registered = true;
2598 b43_leds_register(wl->current_dev);
2599
2600 /* Register HW RNG driver */
2601 b43_rng_init(wl);
2602
2603out:
2604 kfree(ctx);
2605}
2606
2607static int b43_upload_microcode(struct b43_wldev *dev)
2608{
2609 struct wiphy *wiphy = dev->wl->hw->wiphy;
2610 const size_t hdr_len = sizeof(struct b43_fw_header);
2611 const __be32 *data;
2612 unsigned int i, len;
2613 u16 fwrev, fwpatch, fwdate, fwtime;
2614 u32 tmp, macctl;
2615 int err = 0;
2616
2617 /* Jump the microcode PSM to offset 0 */
2618 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2619 B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2620 macctl |= B43_MACCTL_PSM_JMP0;
2621 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2622 /* Zero out all microcode PSM registers and shared memory. */
2623 for (i = 0; i < 64; i++)
2624 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2625 for (i = 0; i < 4096; i += 2)
2626 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2627
2628 /* Upload Microcode. */
2629 data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2630 len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2631 b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2632 for (i = 0; i < len; i++) {
2633 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2634 udelay(10);
2635 }
2636
2637 if (dev->fw.pcm.data) {
2638 /* Upload PCM data. */
2639 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2640 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2641 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2642 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2643 /* No need for autoinc bit in SHM_HW */
2644 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2645 for (i = 0; i < len; i++) {
2646 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2647 udelay(10);
2648 }
2649 }
2650
2651 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2652
2653 /* Start the microcode PSM */
2654 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_JMP0,
2655 B43_MACCTL_PSM_RUN);
2656
2657 /* Wait for the microcode to load and respond */
2658 i = 0;
2659 while (1) {
2660 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2661 if (tmp == B43_IRQ_MAC_SUSPENDED)
2662 break;
2663 i++;
2664 if (i >= 20) {
2665 b43err(dev->wl, "Microcode not responding\n");
2666 b43_print_fw_helptext(dev->wl, 1);
2667 err = -ENODEV;
2668 goto error;
2669 }
2670 msleep(50);
2671 }
2672 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON); /* dummy read */
2673
2674 /* Get and check the revisions. */
2675 fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2676 fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2677 fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2678 fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2679
2680 if (fwrev <= 0x128) {
2681 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2682 "binary drivers older than version 4.x is unsupported. "
2683 "You must upgrade your firmware files.\n");
2684 b43_print_fw_helptext(dev->wl, 1);
2685 err = -EOPNOTSUPP;
2686 goto error;
2687 }
2688 dev->fw.rev = fwrev;
2689 dev->fw.patch = fwpatch;
2690 if (dev->fw.rev >= 598)
2691 dev->fw.hdr_format = B43_FW_HDR_598;
2692 else if (dev->fw.rev >= 410)
2693 dev->fw.hdr_format = B43_FW_HDR_410;
2694 else
2695 dev->fw.hdr_format = B43_FW_HDR_351;
2696 WARN_ON(dev->fw.opensource != (fwdate == 0xFFFF));
2697
2698 dev->qos_enabled = dev->wl->hw->queues > 1;
2699 /* Default to firmware/hardware crypto acceleration. */
2700 dev->hwcrypto_enabled = true;
2701
2702 if (dev->fw.opensource) {
2703 u16 fwcapa;
2704
2705 /* Patchlevel info is encoded in the "time" field. */
2706 dev->fw.patch = fwtime;
2707 b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2708 dev->fw.rev, dev->fw.patch);
2709
2710 fwcapa = b43_fwcapa_read(dev);
2711 if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2712 b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2713 /* Disable hardware crypto and fall back to software crypto. */
2714 dev->hwcrypto_enabled = false;
2715 }
2716 /* adding QoS support should use an offline discovery mechanism */
2717 WARN(fwcapa & B43_FWCAPA_QOS, "QoS in OpenFW not supported\n");
2718 } else {
2719 b43info(dev->wl, "Loading firmware version %u.%u "
2720 "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2721 fwrev, fwpatch,
2722 (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2723 (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2724 if (dev->fw.pcm_request_failed) {
2725 b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2726 "Hardware accelerated cryptography is disabled.\n");
2727 b43_print_fw_helptext(dev->wl, 0);
2728 }
2729 }
2730
2731 snprintf(wiphy->fw_version, sizeof(wiphy->fw_version), "%u.%u",
2732 dev->fw.rev, dev->fw.patch);
2733 wiphy->hw_version = dev->dev->core_id;
2734
2735 if (dev->fw.hdr_format == B43_FW_HDR_351) {
2736 /* We're over the deadline, but we keep support for old fw
2737 * until it turns out to be in major conflict with something new. */
2738 b43warn(dev->wl, "You are using an old firmware image. "
2739 "Support for old firmware will be removed soon "
2740 "(official deadline was July 2008).\n");
2741 b43_print_fw_helptext(dev->wl, 0);
2742 }
2743
2744 return 0;
2745
2746error:
2747 /* Stop the microcode PSM. */
2748 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
2749 B43_MACCTL_PSM_JMP0);
2750
2751 return err;
2752}
2753
2754static int b43_write_initvals(struct b43_wldev *dev,
2755 const struct b43_iv *ivals,
2756 size_t count,
2757 size_t array_size)
2758{
2759 const struct b43_iv *iv;
2760 u16 offset;
2761 size_t i;
2762 bool bit32;
2763
2764 BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2765 iv = ivals;
2766 for (i = 0; i < count; i++) {
2767 if (array_size < sizeof(iv->offset_size))
2768 goto err_format;
2769 array_size -= sizeof(iv->offset_size);
2770 offset = be16_to_cpu(iv->offset_size);
2771 bit32 = !!(offset & B43_IV_32BIT);
2772 offset &= B43_IV_OFFSET_MASK;
2773 if (offset >= 0x1000)
2774 goto err_format;
2775 if (bit32) {
2776 u32 value;
2777
2778 if (array_size < sizeof(iv->data.d32))
2779 goto err_format;
2780 array_size -= sizeof(iv->data.d32);
2781
2782 value = get_unaligned_be32(&iv->data.d32);
2783 b43_write32(dev, offset, value);
2784
2785 iv = (const struct b43_iv *)((const uint8_t *)iv +
2786 sizeof(__be16) +
2787 sizeof(__be32));
2788 } else {
2789 u16 value;
2790
2791 if (array_size < sizeof(iv->data.d16))
2792 goto err_format;
2793 array_size -= sizeof(iv->data.d16);
2794
2795 value = be16_to_cpu(iv->data.d16);
2796 b43_write16(dev, offset, value);
2797
2798 iv = (const struct b43_iv *)((const uint8_t *)iv +
2799 sizeof(__be16) +
2800 sizeof(__be16));
2801 }
2802 }
2803 if (array_size)
2804 goto err_format;
2805
2806 return 0;
2807
2808err_format:
2809 b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2810 b43_print_fw_helptext(dev->wl, 1);
2811
2812 return -EPROTO;
2813}
2814
2815static int b43_upload_initvals(struct b43_wldev *dev)
2816{
2817 const size_t hdr_len = sizeof(struct b43_fw_header);
2818 const struct b43_fw_header *hdr;
2819 struct b43_firmware *fw = &dev->fw;
2820 const struct b43_iv *ivals;
2821 size_t count;
2822
2823 hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2824 ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2825 count = be32_to_cpu(hdr->size);
2826 return b43_write_initvals(dev, ivals, count,
2827 fw->initvals.data->size - hdr_len);
2828}
2829
2830static int b43_upload_initvals_band(struct b43_wldev *dev)
2831{
2832 const size_t hdr_len = sizeof(struct b43_fw_header);
2833 const struct b43_fw_header *hdr;
2834 struct b43_firmware *fw = &dev->fw;
2835 const struct b43_iv *ivals;
2836 size_t count;
2837
2838 if (!fw->initvals_band.data)
2839 return 0;
2840
2841 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2842 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2843 count = be32_to_cpu(hdr->size);
2844 return b43_write_initvals(dev, ivals, count,
2845 fw->initvals_band.data->size - hdr_len);
2846}
2847
2848/* Initialize the GPIOs
2849 * https://bcm-specs.sipsolutions.net/GPIO
2850 */
2851
2852#ifdef CONFIG_B43_SSB
2853static struct ssb_device *b43_ssb_gpio_dev(struct b43_wldev *dev)
2854{
2855 struct ssb_bus *bus = dev->dev->sdev->bus;
2856
2857#ifdef CONFIG_SSB_DRIVER_PCICORE
2858 return (bus->chipco.dev ? bus->chipco.dev : bus->pcicore.dev);
2859#else
2860 return bus->chipco.dev;
2861#endif
2862}
2863#endif
2864
2865static int b43_gpio_init(struct b43_wldev *dev)
2866{
2867#ifdef CONFIG_B43_SSB
2868 struct ssb_device *gpiodev;
2869#endif
2870 u32 mask, set;
2871
2872 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_GPOUTSMSK, 0);
2873 b43_maskset16(dev, B43_MMIO_GPIO_MASK, ~0, 0xF);
2874
2875 mask = 0x0000001F;
2876 set = 0x0000000F;
2877 if (dev->dev->chip_id == 0x4301) {
2878 mask |= 0x0060;
2879 set |= 0x0060;
2880 } else if (dev->dev->chip_id == 0x5354) {
2881 /* Don't allow overtaking buttons GPIOs */
2882 set &= 0x2; /* 0x2 is LED GPIO on BCM5354 */
2883 }
2884
2885 if (0 /* FIXME: conditional unknown */ ) {
2886 b43_write16(dev, B43_MMIO_GPIO_MASK,
2887 b43_read16(dev, B43_MMIO_GPIO_MASK)
2888 | 0x0100);
2889 /* BT Coexistance Input */
2890 mask |= 0x0080;
2891 set |= 0x0080;
2892 /* BT Coexistance Out */
2893 mask |= 0x0100;
2894 set |= 0x0100;
2895 }
2896 if (dev->dev->bus_sprom->boardflags_lo & B43_BFL_PACTRL) {
2897 /* PA is controlled by gpio 9, let ucode handle it */
2898 b43_write16(dev, B43_MMIO_GPIO_MASK,
2899 b43_read16(dev, B43_MMIO_GPIO_MASK)
2900 | 0x0200);
2901 mask |= 0x0200;
2902 set |= 0x0200;
2903 }
2904
2905 switch (dev->dev->bus_type) {
2906#ifdef CONFIG_B43_BCMA
2907 case B43_BUS_BCMA:
2908 bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, mask, set);
2909 break;
2910#endif
2911#ifdef CONFIG_B43_SSB
2912 case B43_BUS_SSB:
2913 gpiodev = b43_ssb_gpio_dev(dev);
2914 if (gpiodev)
2915 ssb_write32(gpiodev, B43_GPIO_CONTROL,
2916 (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2917 & ~mask) | set);
2918 break;
2919#endif
2920 }
2921
2922 return 0;
2923}
2924
2925/* Turn off all GPIO stuff. Call this on module unload, for example. */
2926static void b43_gpio_cleanup(struct b43_wldev *dev)
2927{
2928#ifdef CONFIG_B43_SSB
2929 struct ssb_device *gpiodev;
2930#endif
2931
2932 switch (dev->dev->bus_type) {
2933#ifdef CONFIG_B43_BCMA
2934 case B43_BUS_BCMA:
2935 bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, ~0, 0);
2936 break;
2937#endif
2938#ifdef CONFIG_B43_SSB
2939 case B43_BUS_SSB:
2940 gpiodev = b43_ssb_gpio_dev(dev);
2941 if (gpiodev)
2942 ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2943 break;
2944#endif
2945 }
2946}
2947
2948/* http://bcm-specs.sipsolutions.net/EnableMac */
2949void b43_mac_enable(struct b43_wldev *dev)
2950{
2951 if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2952 u16 fwstate;
2953
2954 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2955 B43_SHM_SH_UCODESTAT);
2956 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2957 (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2958 b43err(dev->wl, "b43_mac_enable(): The firmware "
2959 "should be suspended, but current state is %u\n",
2960 fwstate);
2961 }
2962 }
2963
2964 dev->mac_suspended--;
2965 B43_WARN_ON(dev->mac_suspended < 0);
2966 if (dev->mac_suspended == 0) {
2967 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_ENABLED);
2968 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2969 B43_IRQ_MAC_SUSPENDED);
2970 /* Commit writes */
2971 b43_read32(dev, B43_MMIO_MACCTL);
2972 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2973 b43_power_saving_ctl_bits(dev, 0);
2974 }
2975}
2976
2977/* https://bcm-specs.sipsolutions.net/SuspendMAC */
2978void b43_mac_suspend(struct b43_wldev *dev)
2979{
2980 int i;
2981 u32 tmp;
2982
2983 might_sleep();
2984 B43_WARN_ON(dev->mac_suspended < 0);
2985
2986 if (dev->mac_suspended == 0) {
2987 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2988 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_ENABLED, 0);
2989 /* force pci to flush the write */
2990 b43_read32(dev, B43_MMIO_MACCTL);
2991 for (i = 35; i; i--) {
2992 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2993 if (tmp & B43_IRQ_MAC_SUSPENDED)
2994 goto out;
2995 udelay(10);
2996 }
2997 /* Hm, it seems this will take some time. Use msleep(). */
2998 for (i = 40; i; i--) {
2999 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
3000 if (tmp & B43_IRQ_MAC_SUSPENDED)
3001 goto out;
3002 msleep(1);
3003 }
3004 b43err(dev->wl, "MAC suspend failed\n");
3005 }
3006out:
3007 dev->mac_suspended++;
3008}
3009
3010/* https://bcm-v4.sipsolutions.net/802.11/PHY/N/MacPhyClkSet */
3011void b43_mac_phy_clock_set(struct b43_wldev *dev, bool on)
3012{
3013 u32 tmp;
3014
3015 switch (dev->dev->bus_type) {
3016#ifdef CONFIG_B43_BCMA
3017 case B43_BUS_BCMA:
3018 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
3019 if (on)
3020 tmp |= B43_BCMA_IOCTL_MACPHYCLKEN;
3021 else
3022 tmp &= ~B43_BCMA_IOCTL_MACPHYCLKEN;
3023 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
3024 break;
3025#endif
3026#ifdef CONFIG_B43_SSB
3027 case B43_BUS_SSB:
3028 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3029 if (on)
3030 tmp |= B43_TMSLOW_MACPHYCLKEN;
3031 else
3032 tmp &= ~B43_TMSLOW_MACPHYCLKEN;
3033 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3034 break;
3035#endif
3036 }
3037}
3038
3039/* brcms_b_switch_macfreq */
3040void b43_mac_switch_freq(struct b43_wldev *dev, u8 spurmode)
3041{
3042 u16 chip_id = dev->dev->chip_id;
3043
3044 if (chip_id == BCMA_CHIP_ID_BCM4331) {
3045 switch (spurmode) {
3046 case 2: /* 168 Mhz: 2^26/168 = 0x61862 */
3047 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x1862);
3048 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3049 break;
3050 case 1: /* 164 Mhz: 2^26/164 = 0x63e70 */
3051 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x3e70);
3052 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3053 break;
3054 default: /* 160 Mhz: 2^26/160 = 0x66666 */
3055 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x6666);
3056 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3057 break;
3058 }
3059 } else if (chip_id == BCMA_CHIP_ID_BCM43131 ||
3060 chip_id == BCMA_CHIP_ID_BCM43217 ||
3061 chip_id == BCMA_CHIP_ID_BCM43222 ||
3062 chip_id == BCMA_CHIP_ID_BCM43224 ||
3063 chip_id == BCMA_CHIP_ID_BCM43225 ||
3064 chip_id == BCMA_CHIP_ID_BCM43227 ||
3065 chip_id == BCMA_CHIP_ID_BCM43228) {
3066 switch (spurmode) {
3067 case 2: /* 126 Mhz */
3068 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x2082);
3069 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3070 break;
3071 case 1: /* 123 Mhz */
3072 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x5341);
3073 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3074 break;
3075 default: /* 120 Mhz */
3076 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x8889);
3077 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3078 break;
3079 }
3080 } else if (dev->phy.type == B43_PHYTYPE_LCN) {
3081 switch (spurmode) {
3082 case 1: /* 82 Mhz */
3083 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x7CE0);
3084 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0xC);
3085 break;
3086 default: /* 80 Mhz */
3087 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0xCCCD);
3088 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0xC);
3089 break;
3090 }
3091 }
3092}
3093
3094static void b43_adjust_opmode(struct b43_wldev *dev)
3095{
3096 struct b43_wl *wl = dev->wl;
3097 u32 ctl;
3098 u16 cfp_pretbtt;
3099
3100 ctl = b43_read32(dev, B43_MMIO_MACCTL);
3101 /* Reset status to STA infrastructure mode. */
3102 ctl &= ~B43_MACCTL_AP;
3103 ctl &= ~B43_MACCTL_KEEP_CTL;
3104 ctl &= ~B43_MACCTL_KEEP_BADPLCP;
3105 ctl &= ~B43_MACCTL_KEEP_BAD;
3106 ctl &= ~B43_MACCTL_PROMISC;
3107 ctl &= ~B43_MACCTL_BEACPROMISC;
3108 ctl |= B43_MACCTL_INFRA;
3109
3110 if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3111 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
3112 ctl |= B43_MACCTL_AP;
3113 else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
3114 ctl &= ~B43_MACCTL_INFRA;
3115
3116 if (wl->filter_flags & FIF_CONTROL)
3117 ctl |= B43_MACCTL_KEEP_CTL;
3118 if (wl->filter_flags & FIF_FCSFAIL)
3119 ctl |= B43_MACCTL_KEEP_BAD;
3120 if (wl->filter_flags & FIF_PLCPFAIL)
3121 ctl |= B43_MACCTL_KEEP_BADPLCP;
3122 if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
3123 ctl |= B43_MACCTL_BEACPROMISC;
3124
3125 /* Workaround: On old hardware the HW-MAC-address-filter
3126 * doesn't work properly, so always run promisc in filter
3127 * it in software. */
3128 if (dev->dev->core_rev <= 4)
3129 ctl |= B43_MACCTL_PROMISC;
3130
3131 b43_write32(dev, B43_MMIO_MACCTL, ctl);
3132
3133 cfp_pretbtt = 2;
3134 if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
3135 if (dev->dev->chip_id == 0x4306 &&
3136 dev->dev->chip_rev == 3)
3137 cfp_pretbtt = 100;
3138 else
3139 cfp_pretbtt = 50;
3140 }
3141 b43_write16(dev, 0x612, cfp_pretbtt);
3142
3143 /* FIXME: We don't currently implement the PMQ mechanism,
3144 * so always disable it. If we want to implement PMQ,
3145 * we need to enable it here (clear DISCPMQ) in AP mode.
3146 */
3147 if (0 /* ctl & B43_MACCTL_AP */)
3148 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_DISCPMQ, 0);
3149 else
3150 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_DISCPMQ);
3151}
3152
3153static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
3154{
3155 u16 offset;
3156
3157 if (is_ofdm) {
3158 offset = 0x480;
3159 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
3160 } else {
3161 offset = 0x4C0;
3162 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
3163 }
3164 b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
3165 b43_shm_read16(dev, B43_SHM_SHARED, offset));
3166}
3167
3168static void b43_rate_memory_init(struct b43_wldev *dev)
3169{
3170 switch (dev->phy.type) {
3171 case B43_PHYTYPE_G:
3172 case B43_PHYTYPE_N:
3173 case B43_PHYTYPE_LP:
3174 case B43_PHYTYPE_HT:
3175 case B43_PHYTYPE_LCN:
3176 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
3177 b43_rate_memory_write(dev, B43_OFDM_RATE_9MB, 1);
3178 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
3179 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
3180 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
3181 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
3182 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
3183 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
3184 fallthrough;
3185 case B43_PHYTYPE_B:
3186 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
3187 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
3188 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
3189 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
3190 break;
3191 default:
3192 B43_WARN_ON(1);
3193 }
3194}
3195
3196/* Set the default values for the PHY TX Control Words. */
3197static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
3198{
3199 u16 ctl = 0;
3200
3201 ctl |= B43_TXH_PHY_ENC_CCK;
3202 ctl |= B43_TXH_PHY_ANT01AUTO;
3203 ctl |= B43_TXH_PHY_TXPWR;
3204
3205 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
3206 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
3207 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
3208}
3209
3210/* Set the TX-Antenna for management frames sent by firmware. */
3211static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
3212{
3213 u16 ant;
3214 u16 tmp;
3215
3216 ant = b43_antenna_to_phyctl(antenna);
3217
3218 /* For ACK/CTS */
3219 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
3220 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3221 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
3222 /* For Probe Resposes */
3223 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
3224 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3225 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
3226}
3227
3228/* This is the opposite of b43_chip_init() */
3229static void b43_chip_exit(struct b43_wldev *dev)
3230{
3231 b43_phy_exit(dev);
3232 b43_gpio_cleanup(dev);
3233 /* firmware is released later */
3234}
3235
3236/* Initialize the chip
3237 * https://bcm-specs.sipsolutions.net/ChipInit
3238 */
3239static int b43_chip_init(struct b43_wldev *dev)
3240{
3241 struct b43_phy *phy = &dev->phy;
3242 int err;
3243 u32 macctl;
3244 u16 value16;
3245
3246 /* Initialize the MAC control */
3247 macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
3248 if (dev->phy.gmode)
3249 macctl |= B43_MACCTL_GMODE;
3250 macctl |= B43_MACCTL_INFRA;
3251 b43_write32(dev, B43_MMIO_MACCTL, macctl);
3252
3253 err = b43_upload_microcode(dev);
3254 if (err)
3255 goto out; /* firmware is released later */
3256
3257 err = b43_gpio_init(dev);
3258 if (err)
3259 goto out; /* firmware is released later */
3260
3261 err = b43_upload_initvals(dev);
3262 if (err)
3263 goto err_gpio_clean;
3264
3265 err = b43_upload_initvals_band(dev);
3266 if (err)
3267 goto err_gpio_clean;
3268
3269 /* Turn the Analog on and initialize the PHY. */
3270 phy->ops->switch_analog(dev, 1);
3271 err = b43_phy_init(dev);
3272 if (err)
3273 goto err_gpio_clean;
3274
3275 /* Disable Interference Mitigation. */
3276 if (phy->ops->interf_mitigation)
3277 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
3278
3279 /* Select the antennae */
3280 if (phy->ops->set_rx_antenna)
3281 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
3282 b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
3283
3284 if (phy->type == B43_PHYTYPE_B) {
3285 value16 = b43_read16(dev, 0x005E);
3286 value16 |= 0x0004;
3287 b43_write16(dev, 0x005E, value16);
3288 }
3289 b43_write32(dev, 0x0100, 0x01000000);
3290 if (dev->dev->core_rev < 5)
3291 b43_write32(dev, 0x010C, 0x01000000);
3292
3293 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_INFRA, 0);
3294 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_INFRA);
3295
3296 /* Probe Response Timeout value */
3297 /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
3298 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 0);
3299
3300 /* Initially set the wireless operation mode. */
3301 b43_adjust_opmode(dev);
3302
3303 if (dev->dev->core_rev < 3) {
3304 b43_write16(dev, 0x060E, 0x0000);
3305 b43_write16(dev, 0x0610, 0x8000);
3306 b43_write16(dev, 0x0604, 0x0000);
3307 b43_write16(dev, 0x0606, 0x0200);
3308 } else {
3309 b43_write32(dev, 0x0188, 0x80000000);
3310 b43_write32(dev, 0x018C, 0x02000000);
3311 }
3312 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
3313 b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001FC00);
3314 b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
3315 b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
3316 b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
3317 b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
3318 b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
3319
3320 b43_mac_phy_clock_set(dev, true);
3321
3322 switch (dev->dev->bus_type) {
3323#ifdef CONFIG_B43_BCMA
3324 case B43_BUS_BCMA:
3325 /* FIXME: 0xE74 is quite common, but should be read from CC */
3326 b43_write16(dev, B43_MMIO_POWERUP_DELAY, 0xE74);
3327 break;
3328#endif
3329#ifdef CONFIG_B43_SSB
3330 case B43_BUS_SSB:
3331 b43_write16(dev, B43_MMIO_POWERUP_DELAY,
3332 dev->dev->sdev->bus->chipco.fast_pwrup_delay);
3333 break;
3334#endif
3335 }
3336
3337 err = 0;
3338 b43dbg(dev->wl, "Chip initialized\n");
3339out:
3340 return err;
3341
3342err_gpio_clean:
3343 b43_gpio_cleanup(dev);
3344 return err;
3345}
3346
3347static void b43_periodic_every60sec(struct b43_wldev *dev)
3348{
3349 const struct b43_phy_operations *ops = dev->phy.ops;
3350
3351 if (ops->pwork_60sec)
3352 ops->pwork_60sec(dev);
3353
3354 /* Force check the TX power emission now. */
3355 b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
3356}
3357
3358static void b43_periodic_every30sec(struct b43_wldev *dev)
3359{
3360 /* Update device statistics. */
3361 b43_calculate_link_quality(dev);
3362}
3363
3364static void b43_periodic_every15sec(struct b43_wldev *dev)
3365{
3366 struct b43_phy *phy = &dev->phy;
3367 u16 wdr;
3368
3369 if (dev->fw.opensource) {
3370 /* Check if the firmware is still alive.
3371 * It will reset the watchdog counter to 0 in its idle loop. */
3372 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
3373 if (unlikely(wdr)) {
3374 b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
3375 b43_controller_restart(dev, "Firmware watchdog");
3376 return;
3377 } else {
3378 b43_shm_write16(dev, B43_SHM_SCRATCH,
3379 B43_WATCHDOG_REG, 1);
3380 }
3381 }
3382
3383 if (phy->ops->pwork_15sec)
3384 phy->ops->pwork_15sec(dev);
3385
3386 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3387 wmb();
3388
3389#if B43_DEBUG
3390 if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
3391 unsigned int i;
3392
3393 b43dbg(dev->wl, "Stats: %7u IRQs/sec, %7u TX/sec, %7u RX/sec\n",
3394 dev->irq_count / 15,
3395 dev->tx_count / 15,
3396 dev->rx_count / 15);
3397 dev->irq_count = 0;
3398 dev->tx_count = 0;
3399 dev->rx_count = 0;
3400 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
3401 if (dev->irq_bit_count[i]) {
3402 b43dbg(dev->wl, "Stats: %7u IRQ-%02u/sec (0x%08X)\n",
3403 dev->irq_bit_count[i] / 15, i, (1 << i));
3404 dev->irq_bit_count[i] = 0;
3405 }
3406 }
3407 }
3408#endif
3409}
3410
3411static void do_periodic_work(struct b43_wldev *dev)
3412{
3413 unsigned int state;
3414
3415 state = dev->periodic_state;
3416 if (state % 4 == 0)
3417 b43_periodic_every60sec(dev);
3418 if (state % 2 == 0)
3419 b43_periodic_every30sec(dev);
3420 b43_periodic_every15sec(dev);
3421}
3422
3423/* Periodic work locking policy:
3424 * The whole periodic work handler is protected by
3425 * wl->mutex. If another lock is needed somewhere in the
3426 * pwork callchain, it's acquired in-place, where it's needed.
3427 */
3428static void b43_periodic_work_handler(struct work_struct *work)
3429{
3430 struct b43_wldev *dev = container_of(work, struct b43_wldev,
3431 periodic_work.work);
3432 struct b43_wl *wl = dev->wl;
3433 unsigned long delay;
3434
3435 mutex_lock(&wl->mutex);
3436
3437 if (unlikely(b43_status(dev) != B43_STAT_STARTED))
3438 goto out;
3439 if (b43_debug(dev, B43_DBG_PWORK_STOP))
3440 goto out_requeue;
3441
3442 do_periodic_work(dev);
3443
3444 dev->periodic_state++;
3445out_requeue:
3446 if (b43_debug(dev, B43_DBG_PWORK_FAST))
3447 delay = msecs_to_jiffies(50);
3448 else
3449 delay = round_jiffies_relative(HZ * 15);
3450 ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
3451out:
3452 mutex_unlock(&wl->mutex);
3453}
3454
3455static void b43_periodic_tasks_setup(struct b43_wldev *dev)
3456{
3457 struct delayed_work *work = &dev->periodic_work;
3458
3459 dev->periodic_state = 0;
3460 INIT_DELAYED_WORK(work, b43_periodic_work_handler);
3461 ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
3462}
3463
3464/* Check if communication with the device works correctly. */
3465static int b43_validate_chipaccess(struct b43_wldev *dev)
3466{
3467 u32 v, backup0, backup4;
3468
3469 backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
3470 backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
3471
3472 /* Check for read/write and endianness problems. */
3473 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
3474 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
3475 goto error;
3476 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
3477 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
3478 goto error;
3479
3480 /* Check if unaligned 32bit SHM_SHARED access works properly.
3481 * However, don't bail out on failure, because it's noncritical. */
3482 b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
3483 b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
3484 b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
3485 b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
3486 if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
3487 b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
3488 b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
3489 if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
3490 b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
3491 b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
3492 b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
3493 b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
3494
3495 b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
3496 b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
3497
3498 if ((dev->dev->core_rev >= 3) && (dev->dev->core_rev <= 10)) {
3499 /* The 32bit register shadows the two 16bit registers
3500 * with update sideeffects. Validate this. */
3501 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
3502 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
3503 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
3504 goto error;
3505 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
3506 goto error;
3507 }
3508 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
3509
3510 v = b43_read32(dev, B43_MMIO_MACCTL);
3511 v |= B43_MACCTL_GMODE;
3512 if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
3513 goto error;
3514
3515 return 0;
3516error:
3517 b43err(dev->wl, "Failed to validate the chipaccess\n");
3518 return -ENODEV;
3519}
3520
3521static void b43_security_init(struct b43_wldev *dev)
3522{
3523 dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
3524 /* KTP is a word address, but we address SHM bytewise.
3525 * So multiply by two.
3526 */
3527 dev->ktp *= 2;
3528 /* Number of RCMTA address slots */
3529 b43_write16(dev, B43_MMIO_RCMTA_COUNT, B43_NR_PAIRWISE_KEYS);
3530 /* Clear the key memory. */
3531 b43_clear_keys(dev);
3532}
3533
3534#ifdef CONFIG_B43_HWRNG
3535static int b43_rng_read(struct hwrng *rng, u32 *data)
3536{
3537 struct b43_wl *wl = (struct b43_wl *)rng->priv;
3538 struct b43_wldev *dev;
3539 int count = -ENODEV;
3540
3541 mutex_lock(&wl->mutex);
3542 dev = wl->current_dev;
3543 if (likely(dev && b43_status(dev) >= B43_STAT_INITIALIZED)) {
3544 *data = b43_read16(dev, B43_MMIO_RNG);
3545 count = sizeof(u16);
3546 }
3547 mutex_unlock(&wl->mutex);
3548
3549 return count;
3550}
3551#endif /* CONFIG_B43_HWRNG */
3552
3553static void b43_rng_exit(struct b43_wl *wl)
3554{
3555#ifdef CONFIG_B43_HWRNG
3556 if (wl->rng_initialized)
3557 hwrng_unregister(&wl->rng);
3558#endif /* CONFIG_B43_HWRNG */
3559}
3560
3561static int b43_rng_init(struct b43_wl *wl)
3562{
3563 int err = 0;
3564
3565#ifdef CONFIG_B43_HWRNG
3566 snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3567 "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3568 wl->rng.name = wl->rng_name;
3569 wl->rng.data_read = b43_rng_read;
3570 wl->rng.priv = (unsigned long)wl;
3571 wl->rng_initialized = true;
3572 err = hwrng_register(&wl->rng);
3573 if (err) {
3574 wl->rng_initialized = false;
3575 b43err(wl, "Failed to register the random "
3576 "number generator (%d)\n", err);
3577 }
3578#endif /* CONFIG_B43_HWRNG */
3579
3580 return err;
3581}
3582
3583static void b43_tx_work(struct work_struct *work)
3584{
3585 struct b43_wl *wl = container_of(work, struct b43_wl, tx_work);
3586 struct b43_wldev *dev;
3587 struct sk_buff *skb;
3588 int queue_num;
3589 int err = 0;
3590
3591 mutex_lock(&wl->mutex);
3592 dev = wl->current_dev;
3593 if (unlikely(!dev || b43_status(dev) < B43_STAT_STARTED)) {
3594 mutex_unlock(&wl->mutex);
3595 return;
3596 }
3597
3598 for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
3599 while (skb_queue_len(&wl->tx_queue[queue_num])) {
3600 skb = skb_dequeue(&wl->tx_queue[queue_num]);
3601 if (b43_using_pio_transfers(dev))
3602 err = b43_pio_tx(dev, skb);
3603 else
3604 err = b43_dma_tx(dev, skb);
3605 if (err == -ENOSPC) {
3606 wl->tx_queue_stopped[queue_num] = true;
3607 b43_stop_queue(dev, queue_num);
3608 skb_queue_head(&wl->tx_queue[queue_num], skb);
3609 break;
3610 }
3611 if (unlikely(err))
3612 ieee80211_free_txskb(wl->hw, skb);
3613 err = 0;
3614 }
3615
3616 if (!err)
3617 wl->tx_queue_stopped[queue_num] = false;
3618 }
3619
3620#if B43_DEBUG
3621 dev->tx_count++;
3622#endif
3623 mutex_unlock(&wl->mutex);
3624}
3625
3626static void b43_op_tx(struct ieee80211_hw *hw,
3627 struct ieee80211_tx_control *control,
3628 struct sk_buff *skb)
3629{
3630 struct b43_wl *wl = hw_to_b43_wl(hw);
3631 u16 skb_queue_mapping;
3632
3633 if (unlikely(skb->len < 2 + 2 + 6)) {
3634 /* Too short, this can't be a valid frame. */
3635 ieee80211_free_txskb(hw, skb);
3636 return;
3637 }
3638 B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3639
3640 skb_queue_mapping = skb_get_queue_mapping(skb);
3641 skb_queue_tail(&wl->tx_queue[skb_queue_mapping], skb);
3642 if (!wl->tx_queue_stopped[skb_queue_mapping])
3643 ieee80211_queue_work(wl->hw, &wl->tx_work);
3644 else
3645 b43_stop_queue(wl->current_dev, skb_queue_mapping);
3646}
3647
3648static void b43_qos_params_upload(struct b43_wldev *dev,
3649 const struct ieee80211_tx_queue_params *p,
3650 u16 shm_offset)
3651{
3652 u16 params[B43_NR_QOSPARAMS];
3653 int bslots, tmp;
3654 unsigned int i;
3655
3656 if (!dev->qos_enabled)
3657 return;
3658
3659 bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3660
3661 memset(¶ms, 0, sizeof(params));
3662
3663 params[B43_QOSPARAM_TXOP] = p->txop * 32;
3664 params[B43_QOSPARAM_CWMIN] = p->cw_min;
3665 params[B43_QOSPARAM_CWMAX] = p->cw_max;
3666 params[B43_QOSPARAM_CWCUR] = p->cw_min;
3667 params[B43_QOSPARAM_AIFS] = p->aifs;
3668 params[B43_QOSPARAM_BSLOTS] = bslots;
3669 params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3670
3671 for (i = 0; i < ARRAY_SIZE(params); i++) {
3672 if (i == B43_QOSPARAM_STATUS) {
3673 tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3674 shm_offset + (i * 2));
3675 /* Mark the parameters as updated. */
3676 tmp |= 0x100;
3677 b43_shm_write16(dev, B43_SHM_SHARED,
3678 shm_offset + (i * 2),
3679 tmp);
3680 } else {
3681 b43_shm_write16(dev, B43_SHM_SHARED,
3682 shm_offset + (i * 2),
3683 params[i]);
3684 }
3685 }
3686}
3687
3688/* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3689static const u16 b43_qos_shm_offsets[] = {
3690 /* [mac80211-queue-nr] = SHM_OFFSET, */
3691 [0] = B43_QOS_VOICE,
3692 [1] = B43_QOS_VIDEO,
3693 [2] = B43_QOS_BESTEFFORT,
3694 [3] = B43_QOS_BACKGROUND,
3695};
3696
3697/* Update all QOS parameters in hardware. */
3698static void b43_qos_upload_all(struct b43_wldev *dev)
3699{
3700 struct b43_wl *wl = dev->wl;
3701 struct b43_qos_params *params;
3702 unsigned int i;
3703
3704 if (!dev->qos_enabled)
3705 return;
3706
3707 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3708 ARRAY_SIZE(wl->qos_params));
3709
3710 b43_mac_suspend(dev);
3711 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3712 params = &(wl->qos_params[i]);
3713 b43_qos_params_upload(dev, &(params->p),
3714 b43_qos_shm_offsets[i]);
3715 }
3716 b43_mac_enable(dev);
3717}
3718
3719static void b43_qos_clear(struct b43_wl *wl)
3720{
3721 struct b43_qos_params *params;
3722 unsigned int i;
3723
3724 /* Initialize QoS parameters to sane defaults. */
3725
3726 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3727 ARRAY_SIZE(wl->qos_params));
3728
3729 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3730 params = &(wl->qos_params[i]);
3731
3732 switch (b43_qos_shm_offsets[i]) {
3733 case B43_QOS_VOICE:
3734 params->p.txop = 0;
3735 params->p.aifs = 2;
3736 params->p.cw_min = 0x0001;
3737 params->p.cw_max = 0x0001;
3738 break;
3739 case B43_QOS_VIDEO:
3740 params->p.txop = 0;
3741 params->p.aifs = 2;
3742 params->p.cw_min = 0x0001;
3743 params->p.cw_max = 0x0001;
3744 break;
3745 case B43_QOS_BESTEFFORT:
3746 params->p.txop = 0;
3747 params->p.aifs = 3;
3748 params->p.cw_min = 0x0001;
3749 params->p.cw_max = 0x03FF;
3750 break;
3751 case B43_QOS_BACKGROUND:
3752 params->p.txop = 0;
3753 params->p.aifs = 7;
3754 params->p.cw_min = 0x0001;
3755 params->p.cw_max = 0x03FF;
3756 break;
3757 default:
3758 B43_WARN_ON(1);
3759 }
3760 }
3761}
3762
3763/* Initialize the core's QOS capabilities */
3764static void b43_qos_init(struct b43_wldev *dev)
3765{
3766 if (!dev->qos_enabled) {
3767 /* Disable QOS support. */
3768 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_EDCF);
3769 b43_write16(dev, B43_MMIO_IFSCTL,
3770 b43_read16(dev, B43_MMIO_IFSCTL)
3771 & ~B43_MMIO_IFSCTL_USE_EDCF);
3772 b43dbg(dev->wl, "QoS disabled\n");
3773 return;
3774 }
3775
3776 /* Upload the current QOS parameters. */
3777 b43_qos_upload_all(dev);
3778
3779 /* Enable QOS support. */
3780 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3781 b43_write16(dev, B43_MMIO_IFSCTL,
3782 b43_read16(dev, B43_MMIO_IFSCTL)
3783 | B43_MMIO_IFSCTL_USE_EDCF);
3784 b43dbg(dev->wl, "QoS enabled\n");
3785}
3786
3787static int b43_op_conf_tx(struct ieee80211_hw *hw,
3788 struct ieee80211_vif *vif,
3789 unsigned int link_id, u16 _queue,
3790 const struct ieee80211_tx_queue_params *params)
3791{
3792 struct b43_wl *wl = hw_to_b43_wl(hw);
3793 struct b43_wldev *dev;
3794 unsigned int queue = (unsigned int)_queue;
3795 int err = -ENODEV;
3796
3797 if (queue >= ARRAY_SIZE(wl->qos_params)) {
3798 /* Queue not available or don't support setting
3799 * params on this queue. Return success to not
3800 * confuse mac80211. */
3801 return 0;
3802 }
3803 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3804 ARRAY_SIZE(wl->qos_params));
3805
3806 mutex_lock(&wl->mutex);
3807 dev = wl->current_dev;
3808 if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3809 goto out_unlock;
3810
3811 memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3812 b43_mac_suspend(dev);
3813 b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3814 b43_qos_shm_offsets[queue]);
3815 b43_mac_enable(dev);
3816 err = 0;
3817
3818out_unlock:
3819 mutex_unlock(&wl->mutex);
3820
3821 return err;
3822}
3823
3824static int b43_op_get_stats(struct ieee80211_hw *hw,
3825 struct ieee80211_low_level_stats *stats)
3826{
3827 struct b43_wl *wl = hw_to_b43_wl(hw);
3828
3829 mutex_lock(&wl->mutex);
3830 memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3831 mutex_unlock(&wl->mutex);
3832
3833 return 0;
3834}
3835
3836static u64 b43_op_get_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
3837{
3838 struct b43_wl *wl = hw_to_b43_wl(hw);
3839 struct b43_wldev *dev;
3840 u64 tsf;
3841
3842 mutex_lock(&wl->mutex);
3843 dev = wl->current_dev;
3844
3845 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3846 b43_tsf_read(dev, &tsf);
3847 else
3848 tsf = 0;
3849
3850 mutex_unlock(&wl->mutex);
3851
3852 return tsf;
3853}
3854
3855static void b43_op_set_tsf(struct ieee80211_hw *hw,
3856 struct ieee80211_vif *vif, u64 tsf)
3857{
3858 struct b43_wl *wl = hw_to_b43_wl(hw);
3859 struct b43_wldev *dev;
3860
3861 mutex_lock(&wl->mutex);
3862 dev = wl->current_dev;
3863
3864 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3865 b43_tsf_write(dev, tsf);
3866
3867 mutex_unlock(&wl->mutex);
3868}
3869
3870static const char *band_to_string(enum nl80211_band band)
3871{
3872 switch (band) {
3873 case NL80211_BAND_5GHZ:
3874 return "5";
3875 case NL80211_BAND_2GHZ:
3876 return "2.4";
3877 default:
3878 break;
3879 }
3880 B43_WARN_ON(1);
3881 return "";
3882}
3883
3884/* Expects wl->mutex locked */
3885static int b43_switch_band(struct b43_wldev *dev,
3886 struct ieee80211_channel *chan)
3887{
3888 struct b43_phy *phy = &dev->phy;
3889 bool gmode;
3890 u32 tmp;
3891
3892 switch (chan->band) {
3893 case NL80211_BAND_5GHZ:
3894 gmode = false;
3895 break;
3896 case NL80211_BAND_2GHZ:
3897 gmode = true;
3898 break;
3899 default:
3900 B43_WARN_ON(1);
3901 return -EINVAL;
3902 }
3903
3904 if (!((gmode && phy->supports_2ghz) ||
3905 (!gmode && phy->supports_5ghz))) {
3906 b43err(dev->wl, "This device doesn't support %s-GHz band\n",
3907 band_to_string(chan->band));
3908 return -ENODEV;
3909 }
3910
3911 if (!!phy->gmode == !!gmode) {
3912 /* This device is already running. */
3913 return 0;
3914 }
3915
3916 b43dbg(dev->wl, "Switching to %s GHz band\n",
3917 band_to_string(chan->band));
3918
3919 /* Some new devices don't need disabling radio for band switching */
3920 if (!(phy->type == B43_PHYTYPE_N && phy->rev >= 3))
3921 b43_software_rfkill(dev, true);
3922
3923 phy->gmode = gmode;
3924 b43_phy_put_into_reset(dev);
3925 switch (dev->dev->bus_type) {
3926#ifdef CONFIG_B43_BCMA
3927 case B43_BUS_BCMA:
3928 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
3929 if (gmode)
3930 tmp |= B43_BCMA_IOCTL_GMODE;
3931 else
3932 tmp &= ~B43_BCMA_IOCTL_GMODE;
3933 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
3934 break;
3935#endif
3936#ifdef CONFIG_B43_SSB
3937 case B43_BUS_SSB:
3938 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3939 if (gmode)
3940 tmp |= B43_TMSLOW_GMODE;
3941 else
3942 tmp &= ~B43_TMSLOW_GMODE;
3943 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3944 break;
3945#endif
3946 }
3947 b43_phy_take_out_of_reset(dev);
3948
3949 b43_upload_initvals_band(dev);
3950
3951 b43_phy_init(dev);
3952
3953 return 0;
3954}
3955
3956static void b43_set_beacon_listen_interval(struct b43_wldev *dev, u16 interval)
3957{
3958 interval = min_t(u16, interval, (u16)0xFF);
3959 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BCN_LI, interval);
3960}
3961
3962/* Write the short and long frame retry limit values. */
3963static void b43_set_retry_limits(struct b43_wldev *dev,
3964 unsigned int short_retry,
3965 unsigned int long_retry)
3966{
3967 /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3968 * the chip-internal counter. */
3969 short_retry = min(short_retry, (unsigned int)0xF);
3970 long_retry = min(long_retry, (unsigned int)0xF);
3971
3972 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3973 short_retry);
3974 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3975 long_retry);
3976}
3977
3978static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3979{
3980 struct b43_wl *wl = hw_to_b43_wl(hw);
3981 struct b43_wldev *dev = wl->current_dev;
3982 struct b43_phy *phy = &dev->phy;
3983 struct ieee80211_conf *conf = &hw->conf;
3984 int antenna;
3985 int err = 0;
3986
3987 mutex_lock(&wl->mutex);
3988 b43_mac_suspend(dev);
3989
3990 if (changed & IEEE80211_CONF_CHANGE_LISTEN_INTERVAL)
3991 b43_set_beacon_listen_interval(dev, conf->listen_interval);
3992
3993 if (changed & IEEE80211_CONF_CHANGE_CHANNEL) {
3994 phy->chandef = &conf->chandef;
3995 phy->channel = conf->chandef.chan->hw_value;
3996
3997 /* Switch the band (if necessary). */
3998 err = b43_switch_band(dev, conf->chandef.chan);
3999 if (err)
4000 goto out_mac_enable;
4001
4002 /* Switch to the requested channel.
4003 * The firmware takes care of races with the TX handler.
4004 */
4005 b43_switch_channel(dev, phy->channel);
4006 }
4007
4008 if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
4009 b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
4010 conf->long_frame_max_tx_count);
4011 changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
4012 if (!changed)
4013 goto out_mac_enable;
4014
4015 dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_MONITOR);
4016
4017 /* Adjust the desired TX power level. */
4018 if (conf->power_level != 0) {
4019 if (conf->power_level != phy->desired_txpower) {
4020 phy->desired_txpower = conf->power_level;
4021 b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
4022 B43_TXPWR_IGNORE_TSSI);
4023 }
4024 }
4025
4026 /* Antennas for RX and management frame TX. */
4027 antenna = B43_ANTENNA_DEFAULT;
4028 b43_mgmtframe_txantenna(dev, antenna);
4029 antenna = B43_ANTENNA_DEFAULT;
4030 if (phy->ops->set_rx_antenna)
4031 phy->ops->set_rx_antenna(dev, antenna);
4032
4033 if (wl->radio_enabled != phy->radio_on) {
4034 if (wl->radio_enabled) {
4035 b43_software_rfkill(dev, false);
4036 b43info(dev->wl, "Radio turned on by software\n");
4037 if (!dev->radio_hw_enable) {
4038 b43info(dev->wl, "The hardware RF-kill button "
4039 "still turns the radio physically off. "
4040 "Press the button to turn it on.\n");
4041 }
4042 } else {
4043 b43_software_rfkill(dev, true);
4044 b43info(dev->wl, "Radio turned off by software\n");
4045 }
4046 }
4047
4048out_mac_enable:
4049 b43_mac_enable(dev);
4050 mutex_unlock(&wl->mutex);
4051
4052 return err;
4053}
4054
4055static void b43_update_basic_rates(struct b43_wldev *dev, u32 brates)
4056{
4057 struct ieee80211_supported_band *sband =
4058 dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
4059 const struct ieee80211_rate *rate;
4060 int i;
4061 u16 basic, direct, offset, basic_offset, rateptr;
4062
4063 for (i = 0; i < sband->n_bitrates; i++) {
4064 rate = &sband->bitrates[i];
4065
4066 if (b43_is_cck_rate(rate->hw_value)) {
4067 direct = B43_SHM_SH_CCKDIRECT;
4068 basic = B43_SHM_SH_CCKBASIC;
4069 offset = b43_plcp_get_ratecode_cck(rate->hw_value);
4070 offset &= 0xF;
4071 } else {
4072 direct = B43_SHM_SH_OFDMDIRECT;
4073 basic = B43_SHM_SH_OFDMBASIC;
4074 offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
4075 offset &= 0xF;
4076 }
4077
4078 rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
4079
4080 if (b43_is_cck_rate(rate->hw_value)) {
4081 basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
4082 basic_offset &= 0xF;
4083 } else {
4084 basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
4085 basic_offset &= 0xF;
4086 }
4087
4088 /*
4089 * Get the pointer that we need to point to
4090 * from the direct map
4091 */
4092 rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
4093 direct + 2 * basic_offset);
4094 /* and write it to the basic map */
4095 b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
4096 rateptr);
4097 }
4098}
4099
4100static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
4101 struct ieee80211_vif *vif,
4102 struct ieee80211_bss_conf *conf,
4103 u64 changed)
4104{
4105 struct b43_wl *wl = hw_to_b43_wl(hw);
4106 struct b43_wldev *dev;
4107
4108 mutex_lock(&wl->mutex);
4109
4110 dev = wl->current_dev;
4111 if (!dev || b43_status(dev) < B43_STAT_STARTED)
4112 goto out_unlock_mutex;
4113
4114 B43_WARN_ON(wl->vif != vif);
4115
4116 if (changed & BSS_CHANGED_BSSID) {
4117 if (conf->bssid)
4118 memcpy(wl->bssid, conf->bssid, ETH_ALEN);
4119 else
4120 eth_zero_addr(wl->bssid);
4121 }
4122
4123 if (b43_status(dev) >= B43_STAT_INITIALIZED) {
4124 if (changed & BSS_CHANGED_BEACON &&
4125 (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
4126 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
4127 b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
4128 b43_update_templates(wl);
4129
4130 if (changed & BSS_CHANGED_BSSID)
4131 b43_write_mac_bssid_templates(dev);
4132 }
4133
4134 b43_mac_suspend(dev);
4135
4136 /* Update templates for AP/mesh mode. */
4137 if (changed & BSS_CHANGED_BEACON_INT &&
4138 (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
4139 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
4140 b43_is_mode(wl, NL80211_IFTYPE_ADHOC)) &&
4141 conf->beacon_int)
4142 b43_set_beacon_int(dev, conf->beacon_int);
4143
4144 if (changed & BSS_CHANGED_BASIC_RATES)
4145 b43_update_basic_rates(dev, conf->basic_rates);
4146
4147 if (changed & BSS_CHANGED_ERP_SLOT) {
4148 if (conf->use_short_slot)
4149 b43_short_slot_timing_enable(dev);
4150 else
4151 b43_short_slot_timing_disable(dev);
4152 }
4153
4154 b43_mac_enable(dev);
4155out_unlock_mutex:
4156 mutex_unlock(&wl->mutex);
4157}
4158
4159static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
4160 struct ieee80211_vif *vif, struct ieee80211_sta *sta,
4161 struct ieee80211_key_conf *key)
4162{
4163 struct b43_wl *wl = hw_to_b43_wl(hw);
4164 struct b43_wldev *dev;
4165 u8 algorithm;
4166 u8 index;
4167 int err;
4168 static const u8 bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
4169
4170 if (modparam_nohwcrypt)
4171 return -ENOSPC; /* User disabled HW-crypto */
4172
4173 if ((vif->type == NL80211_IFTYPE_ADHOC ||
4174 vif->type == NL80211_IFTYPE_MESH_POINT) &&
4175 (key->cipher == WLAN_CIPHER_SUITE_TKIP ||
4176 key->cipher == WLAN_CIPHER_SUITE_CCMP) &&
4177 !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
4178 /*
4179 * For now, disable hw crypto for the RSN IBSS group keys. This
4180 * could be optimized in the future, but until that gets
4181 * implemented, use of software crypto for group addressed
4182 * frames is a acceptable to allow RSN IBSS to be used.
4183 */
4184 return -EOPNOTSUPP;
4185 }
4186
4187 mutex_lock(&wl->mutex);
4188
4189 dev = wl->current_dev;
4190 err = -ENODEV;
4191 if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
4192 goto out_unlock;
4193
4194 if (dev->fw.pcm_request_failed || !dev->hwcrypto_enabled) {
4195 /* We don't have firmware for the crypto engine.
4196 * Must use software-crypto. */
4197 err = -EOPNOTSUPP;
4198 goto out_unlock;
4199 }
4200
4201 err = -EINVAL;
4202 switch (key->cipher) {
4203 case WLAN_CIPHER_SUITE_WEP40:
4204 algorithm = B43_SEC_ALGO_WEP40;
4205 break;
4206 case WLAN_CIPHER_SUITE_WEP104:
4207 algorithm = B43_SEC_ALGO_WEP104;
4208 break;
4209 case WLAN_CIPHER_SUITE_TKIP:
4210 algorithm = B43_SEC_ALGO_TKIP;
4211 break;
4212 case WLAN_CIPHER_SUITE_CCMP:
4213 algorithm = B43_SEC_ALGO_AES;
4214 break;
4215 default:
4216 B43_WARN_ON(1);
4217 goto out_unlock;
4218 }
4219 index = (u8) (key->keyidx);
4220 if (index > 3)
4221 goto out_unlock;
4222
4223 switch (cmd) {
4224 case SET_KEY:
4225 if (algorithm == B43_SEC_ALGO_TKIP &&
4226 (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE) ||
4227 !modparam_hwtkip)) {
4228 /* We support only pairwise key */
4229 err = -EOPNOTSUPP;
4230 goto out_unlock;
4231 }
4232
4233 if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
4234 if (WARN_ON(!sta)) {
4235 err = -EOPNOTSUPP;
4236 goto out_unlock;
4237 }
4238 /* Pairwise key with an assigned MAC address. */
4239 err = b43_key_write(dev, -1, algorithm,
4240 key->key, key->keylen,
4241 sta->addr, key);
4242 } else {
4243 /* Group key */
4244 err = b43_key_write(dev, index, algorithm,
4245 key->key, key->keylen, NULL, key);
4246 }
4247 if (err)
4248 goto out_unlock;
4249
4250 if (algorithm == B43_SEC_ALGO_WEP40 ||
4251 algorithm == B43_SEC_ALGO_WEP104) {
4252 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
4253 } else {
4254 b43_hf_write(dev,
4255 b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
4256 }
4257 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
4258 if (algorithm == B43_SEC_ALGO_TKIP)
4259 key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
4260 break;
4261 case DISABLE_KEY: {
4262 err = b43_key_clear(dev, key->hw_key_idx);
4263 if (err)
4264 goto out_unlock;
4265 break;
4266 }
4267 default:
4268 B43_WARN_ON(1);
4269 }
4270
4271out_unlock:
4272 if (!err) {
4273 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
4274 "mac: %pM\n",
4275 cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
4276 sta ? sta->addr : bcast_addr);
4277 b43_dump_keymemory(dev);
4278 }
4279 mutex_unlock(&wl->mutex);
4280
4281 return err;
4282}
4283
4284static void b43_op_configure_filter(struct ieee80211_hw *hw,
4285 unsigned int changed, unsigned int *fflags,
4286 u64 multicast)
4287{
4288 struct b43_wl *wl = hw_to_b43_wl(hw);
4289 struct b43_wldev *dev;
4290
4291 mutex_lock(&wl->mutex);
4292 dev = wl->current_dev;
4293 if (!dev) {
4294 *fflags = 0;
4295 goto out_unlock;
4296 }
4297
4298 *fflags &= FIF_ALLMULTI |
4299 FIF_FCSFAIL |
4300 FIF_PLCPFAIL |
4301 FIF_CONTROL |
4302 FIF_OTHER_BSS |
4303 FIF_BCN_PRBRESP_PROMISC;
4304
4305 changed &= FIF_ALLMULTI |
4306 FIF_FCSFAIL |
4307 FIF_PLCPFAIL |
4308 FIF_CONTROL |
4309 FIF_OTHER_BSS |
4310 FIF_BCN_PRBRESP_PROMISC;
4311
4312 wl->filter_flags = *fflags;
4313
4314 if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
4315 b43_adjust_opmode(dev);
4316
4317out_unlock:
4318 mutex_unlock(&wl->mutex);
4319}
4320
4321/* Locking: wl->mutex
4322 * Returns the current dev. This might be different from the passed in dev,
4323 * because the core might be gone away while we unlocked the mutex. */
4324static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev)
4325{
4326 struct b43_wl *wl;
4327 struct b43_wldev *orig_dev;
4328 u32 mask;
4329 int queue_num;
4330
4331 if (!dev)
4332 return NULL;
4333 wl = dev->wl;
4334redo:
4335 if (!dev || b43_status(dev) < B43_STAT_STARTED)
4336 return dev;
4337
4338 /* Cancel work. Unlock to avoid deadlocks. */
4339 mutex_unlock(&wl->mutex);
4340 cancel_delayed_work_sync(&dev->periodic_work);
4341 cancel_work_sync(&wl->tx_work);
4342 b43_leds_stop(dev);
4343 mutex_lock(&wl->mutex);
4344 dev = wl->current_dev;
4345 if (!dev || b43_status(dev) < B43_STAT_STARTED) {
4346 /* Whoops, aliens ate up the device while we were unlocked. */
4347 return dev;
4348 }
4349
4350 /* Disable interrupts on the device. */
4351 b43_set_status(dev, B43_STAT_INITIALIZED);
4352 if (b43_bus_host_is_sdio(dev->dev)) {
4353 /* wl->mutex is locked. That is enough. */
4354 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4355 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4356 } else {
4357 spin_lock_irq(&wl->hardirq_lock);
4358 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4359 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4360 spin_unlock_irq(&wl->hardirq_lock);
4361 }
4362 /* Synchronize and free the interrupt handlers. Unlock to avoid deadlocks. */
4363 orig_dev = dev;
4364 mutex_unlock(&wl->mutex);
4365 if (b43_bus_host_is_sdio(dev->dev))
4366 b43_sdio_free_irq(dev);
4367 else
4368 free_irq(dev->dev->irq, dev);
4369 mutex_lock(&wl->mutex);
4370 dev = wl->current_dev;
4371 if (!dev)
4372 return dev;
4373 if (dev != orig_dev) {
4374 if (b43_status(dev) >= B43_STAT_STARTED)
4375 goto redo;
4376 return dev;
4377 }
4378 mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
4379 B43_WARN_ON(mask != 0xFFFFFFFF && mask);
4380
4381 /* Drain all TX queues. */
4382 for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
4383 while (skb_queue_len(&wl->tx_queue[queue_num])) {
4384 struct sk_buff *skb;
4385
4386 skb = skb_dequeue(&wl->tx_queue[queue_num]);
4387 ieee80211_free_txskb(wl->hw, skb);
4388 }
4389 }
4390
4391 b43_mac_suspend(dev);
4392 b43_leds_exit(dev);
4393 b43dbg(wl, "Wireless interface stopped\n");
4394
4395 return dev;
4396}
4397
4398/* Locking: wl->mutex */
4399static int b43_wireless_core_start(struct b43_wldev *dev)
4400{
4401 int err;
4402
4403 B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
4404
4405 drain_txstatus_queue(dev);
4406 if (b43_bus_host_is_sdio(dev->dev)) {
4407 err = b43_sdio_request_irq(dev, b43_sdio_interrupt_handler);
4408 if (err) {
4409 b43err(dev->wl, "Cannot request SDIO IRQ\n");
4410 goto out;
4411 }
4412 } else {
4413 err = request_threaded_irq(dev->dev->irq, b43_interrupt_handler,
4414 b43_interrupt_thread_handler,
4415 IRQF_SHARED, KBUILD_MODNAME, dev);
4416 if (err) {
4417 b43err(dev->wl, "Cannot request IRQ-%d\n",
4418 dev->dev->irq);
4419 goto out;
4420 }
4421 }
4422
4423 /* We are ready to run. */
4424 ieee80211_wake_queues(dev->wl->hw);
4425 b43_set_status(dev, B43_STAT_STARTED);
4426
4427 /* Start data flow (TX/RX). */
4428 b43_mac_enable(dev);
4429 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
4430
4431 /* Start maintenance work */
4432 b43_periodic_tasks_setup(dev);
4433
4434 b43_leds_init(dev);
4435
4436 b43dbg(dev->wl, "Wireless interface started\n");
4437out:
4438 return err;
4439}
4440
4441static char *b43_phy_name(struct b43_wldev *dev, u8 phy_type)
4442{
4443 switch (phy_type) {
4444 case B43_PHYTYPE_A:
4445 return "A";
4446 case B43_PHYTYPE_B:
4447 return "B";
4448 case B43_PHYTYPE_G:
4449 return "G";
4450 case B43_PHYTYPE_N:
4451 return "N";
4452 case B43_PHYTYPE_LP:
4453 return "LP";
4454 case B43_PHYTYPE_SSLPN:
4455 return "SSLPN";
4456 case B43_PHYTYPE_HT:
4457 return "HT";
4458 case B43_PHYTYPE_LCN:
4459 return "LCN";
4460 case B43_PHYTYPE_LCNXN:
4461 return "LCNXN";
4462 case B43_PHYTYPE_LCN40:
4463 return "LCN40";
4464 case B43_PHYTYPE_AC:
4465 return "AC";
4466 }
4467 return "UNKNOWN";
4468}
4469
4470/* Get PHY and RADIO versioning numbers */
4471static int b43_phy_versioning(struct b43_wldev *dev)
4472{
4473 struct b43_phy *phy = &dev->phy;
4474 const u8 core_rev = dev->dev->core_rev;
4475 u32 tmp;
4476 u8 analog_type;
4477 u8 phy_type;
4478 u8 phy_rev;
4479 u16 radio_manuf;
4480 u16 radio_id;
4481 u16 radio_rev;
4482 u8 radio_ver;
4483 int unsupported = 0;
4484
4485 /* Get PHY versioning */
4486 tmp = b43_read16(dev, B43_MMIO_PHY_VER);
4487 analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
4488 phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
4489 phy_rev = (tmp & B43_PHYVER_VERSION);
4490
4491 /* LCNXN is continuation of N which run out of revisions */
4492 if (phy_type == B43_PHYTYPE_LCNXN) {
4493 phy_type = B43_PHYTYPE_N;
4494 phy_rev += 16;
4495 }
4496
4497 switch (phy_type) {
4498#ifdef CONFIG_B43_PHY_G
4499 case B43_PHYTYPE_G:
4500 if (phy_rev > 9)
4501 unsupported = 1;
4502 break;
4503#endif
4504#ifdef CONFIG_B43_PHY_N
4505 case B43_PHYTYPE_N:
4506 if (phy_rev >= 19)
4507 unsupported = 1;
4508 break;
4509#endif
4510#ifdef CONFIG_B43_PHY_LP
4511 case B43_PHYTYPE_LP:
4512 if (phy_rev > 2)
4513 unsupported = 1;
4514 break;
4515#endif
4516#ifdef CONFIG_B43_PHY_HT
4517 case B43_PHYTYPE_HT:
4518 if (phy_rev > 1)
4519 unsupported = 1;
4520 break;
4521#endif
4522#ifdef CONFIG_B43_PHY_LCN
4523 case B43_PHYTYPE_LCN:
4524 if (phy_rev > 1)
4525 unsupported = 1;
4526 break;
4527#endif
4528#ifdef CONFIG_B43_PHY_AC
4529 case B43_PHYTYPE_AC:
4530 if (phy_rev > 1)
4531 unsupported = 1;
4532 break;
4533#endif
4534 default:
4535 unsupported = 1;
4536 }
4537 if (unsupported) {
4538 b43err(dev->wl, "FOUND UNSUPPORTED PHY (Analog %u, Type %d (%s), Revision %u)\n",
4539 analog_type, phy_type, b43_phy_name(dev, phy_type),
4540 phy_rev);
4541 return -EOPNOTSUPP;
4542 }
4543 b43info(dev->wl, "Found PHY: Analog %u, Type %d (%s), Revision %u\n",
4544 analog_type, phy_type, b43_phy_name(dev, phy_type), phy_rev);
4545
4546 /* Get RADIO versioning */
4547 if (core_rev == 40 || core_rev == 42) {
4548 radio_manuf = 0x17F;
4549
4550 b43_write16f(dev, B43_MMIO_RADIO24_CONTROL, 0);
4551 radio_rev = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4552
4553 b43_write16f(dev, B43_MMIO_RADIO24_CONTROL, 1);
4554 radio_id = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4555
4556 radio_ver = 0; /* Is there version somewhere? */
4557 } else if (core_rev >= 24) {
4558 u16 radio24[3];
4559
4560 for (tmp = 0; tmp < 3; tmp++) {
4561 b43_write16f(dev, B43_MMIO_RADIO24_CONTROL, tmp);
4562 radio24[tmp] = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4563 }
4564
4565 radio_manuf = 0x17F;
4566 radio_id = (radio24[2] << 8) | radio24[1];
4567 radio_rev = (radio24[0] & 0xF);
4568 radio_ver = (radio24[0] & 0xF0) >> 4;
4569 } else {
4570 if (dev->dev->chip_id == 0x4317) {
4571 if (dev->dev->chip_rev == 0)
4572 tmp = 0x3205017F;
4573 else if (dev->dev->chip_rev == 1)
4574 tmp = 0x4205017F;
4575 else
4576 tmp = 0x5205017F;
4577 } else {
4578 b43_write16f(dev, B43_MMIO_RADIO_CONTROL,
4579 B43_RADIOCTL_ID);
4580 tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
4581 b43_write16f(dev, B43_MMIO_RADIO_CONTROL,
4582 B43_RADIOCTL_ID);
4583 tmp |= b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH) << 16;
4584 }
4585 radio_manuf = (tmp & 0x00000FFF);
4586 radio_id = (tmp & 0x0FFFF000) >> 12;
4587 radio_rev = (tmp & 0xF0000000) >> 28;
4588 radio_ver = 0; /* Probably not available on old hw */
4589 }
4590
4591 if (radio_manuf != 0x17F /* Broadcom */)
4592 unsupported = 1;
4593 switch (phy_type) {
4594 case B43_PHYTYPE_B:
4595 if ((radio_id & 0xFFF0) != 0x2050)
4596 unsupported = 1;
4597 break;
4598 case B43_PHYTYPE_G:
4599 if (radio_id != 0x2050)
4600 unsupported = 1;
4601 break;
4602 case B43_PHYTYPE_N:
4603 if (radio_id != 0x2055 && radio_id != 0x2056 &&
4604 radio_id != 0x2057)
4605 unsupported = 1;
4606 if (radio_id == 0x2057 &&
4607 !(radio_rev == 9 || radio_rev == 14))
4608 unsupported = 1;
4609 break;
4610 case B43_PHYTYPE_LP:
4611 if (radio_id != 0x2062 && radio_id != 0x2063)
4612 unsupported = 1;
4613 break;
4614 case B43_PHYTYPE_HT:
4615 if (radio_id != 0x2059)
4616 unsupported = 1;
4617 break;
4618 case B43_PHYTYPE_LCN:
4619 if (radio_id != 0x2064)
4620 unsupported = 1;
4621 break;
4622 case B43_PHYTYPE_AC:
4623 if (radio_id != 0x2069)
4624 unsupported = 1;
4625 break;
4626 default:
4627 B43_WARN_ON(1);
4628 }
4629 if (unsupported) {
4630 b43err(dev->wl,
4631 "FOUND UNSUPPORTED RADIO (Manuf 0x%X, ID 0x%X, Revision %u, Version %u)\n",
4632 radio_manuf, radio_id, radio_rev, radio_ver);
4633 return -EOPNOTSUPP;
4634 }
4635 b43info(dev->wl,
4636 "Found Radio: Manuf 0x%X, ID 0x%X, Revision %u, Version %u\n",
4637 radio_manuf, radio_id, radio_rev, radio_ver);
4638
4639 /* FIXME: b43 treats "id" as "ver" and ignores the real "ver" */
4640 phy->radio_manuf = radio_manuf;
4641 phy->radio_ver = radio_id;
4642 phy->radio_rev = radio_rev;
4643
4644 phy->analog = analog_type;
4645 phy->type = phy_type;
4646 phy->rev = phy_rev;
4647
4648 return 0;
4649}
4650
4651static void setup_struct_phy_for_init(struct b43_wldev *dev,
4652 struct b43_phy *phy)
4653{
4654 phy->hardware_power_control = !!modparam_hwpctl;
4655 phy->next_txpwr_check_time = jiffies;
4656 /* PHY TX errors counter. */
4657 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
4658
4659#if B43_DEBUG
4660 phy->phy_locked = false;
4661 phy->radio_locked = false;
4662#endif
4663}
4664
4665static void setup_struct_wldev_for_init(struct b43_wldev *dev)
4666{
4667 dev->dfq_valid = false;
4668
4669 /* Assume the radio is enabled. If it's not enabled, the state will
4670 * immediately get fixed on the first periodic work run. */
4671 dev->radio_hw_enable = true;
4672
4673 /* Stats */
4674 memset(&dev->stats, 0, sizeof(dev->stats));
4675
4676 setup_struct_phy_for_init(dev, &dev->phy);
4677
4678 /* IRQ related flags */
4679 dev->irq_reason = 0;
4680 memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
4681 dev->irq_mask = B43_IRQ_MASKTEMPLATE;
4682 if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
4683 dev->irq_mask &= ~B43_IRQ_PHY_TXERR;
4684
4685 dev->mac_suspended = 1;
4686
4687 /* Noise calculation context */
4688 memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
4689}
4690
4691static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
4692{
4693 struct ssb_sprom *sprom = dev->dev->bus_sprom;
4694 u64 hf;
4695
4696 if (!modparam_btcoex)
4697 return;
4698 if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
4699 return;
4700 if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
4701 return;
4702
4703 hf = b43_hf_read(dev);
4704 if (sprom->boardflags_lo & B43_BFL_BTCMOD)
4705 hf |= B43_HF_BTCOEXALT;
4706 else
4707 hf |= B43_HF_BTCOEX;
4708 b43_hf_write(dev, hf);
4709}
4710
4711static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
4712{
4713 if (!modparam_btcoex)
4714 return;
4715 //TODO
4716}
4717
4718static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
4719{
4720 struct ssb_bus *bus;
4721 u32 tmp;
4722
4723#ifdef CONFIG_B43_SSB
4724 if (dev->dev->bus_type != B43_BUS_SSB)
4725 return;
4726#else
4727 return;
4728#endif
4729
4730 bus = dev->dev->sdev->bus;
4731
4732 if ((bus->chip_id == 0x4311 && bus->chip_rev == 2) ||
4733 (bus->chip_id == 0x4312)) {
4734 tmp = ssb_read32(dev->dev->sdev, SSB_IMCFGLO);
4735 tmp &= ~SSB_IMCFGLO_REQTO;
4736 tmp &= ~SSB_IMCFGLO_SERTO;
4737 tmp |= 0x3;
4738 ssb_write32(dev->dev->sdev, SSB_IMCFGLO, tmp);
4739 ssb_commit_settings(bus);
4740 }
4741}
4742
4743static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
4744{
4745 u16 pu_delay;
4746
4747 /* The time value is in microseconds. */
4748 pu_delay = 1050;
4749 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
4750 pu_delay = 500;
4751 if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
4752 pu_delay = max(pu_delay, (u16)2400);
4753
4754 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
4755}
4756
4757/* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
4758static void b43_set_pretbtt(struct b43_wldev *dev)
4759{
4760 u16 pretbtt;
4761
4762 /* The time value is in microseconds. */
4763 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
4764 pretbtt = 2;
4765 else
4766 pretbtt = 250;
4767 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
4768 b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
4769}
4770
4771/* Shutdown a wireless core */
4772/* Locking: wl->mutex */
4773static void b43_wireless_core_exit(struct b43_wldev *dev)
4774{
4775 B43_WARN_ON(dev && b43_status(dev) > B43_STAT_INITIALIZED);
4776 if (!dev || b43_status(dev) != B43_STAT_INITIALIZED)
4777 return;
4778
4779 b43_set_status(dev, B43_STAT_UNINIT);
4780
4781 /* Stop the microcode PSM. */
4782 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
4783 B43_MACCTL_PSM_JMP0);
4784
4785 switch (dev->dev->bus_type) {
4786#ifdef CONFIG_B43_BCMA
4787 case B43_BUS_BCMA:
4788 bcma_host_pci_down(dev->dev->bdev->bus);
4789 break;
4790#endif
4791#ifdef CONFIG_B43_SSB
4792 case B43_BUS_SSB:
4793 /* TODO */
4794 break;
4795#endif
4796 }
4797
4798 b43_dma_free(dev);
4799 b43_pio_free(dev);
4800 b43_chip_exit(dev);
4801 dev->phy.ops->switch_analog(dev, 0);
4802 if (dev->wl->current_beacon) {
4803 dev_kfree_skb_any(dev->wl->current_beacon);
4804 dev->wl->current_beacon = NULL;
4805 }
4806
4807 b43_device_disable(dev, 0);
4808 b43_bus_may_powerdown(dev);
4809}
4810
4811/* Initialize a wireless core */
4812static int b43_wireless_core_init(struct b43_wldev *dev)
4813{
4814 struct ssb_sprom *sprom = dev->dev->bus_sprom;
4815 struct b43_phy *phy = &dev->phy;
4816 int err;
4817 u64 hf;
4818
4819 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4820
4821 err = b43_bus_powerup(dev, 0);
4822 if (err)
4823 goto out;
4824 if (!b43_device_is_enabled(dev))
4825 b43_wireless_core_reset(dev, phy->gmode);
4826
4827 /* Reset all data structures. */
4828 setup_struct_wldev_for_init(dev);
4829 phy->ops->prepare_structs(dev);
4830
4831 /* Enable IRQ routing to this device. */
4832 switch (dev->dev->bus_type) {
4833#ifdef CONFIG_B43_BCMA
4834 case B43_BUS_BCMA:
4835 bcma_host_pci_irq_ctl(dev->dev->bdev->bus,
4836 dev->dev->bdev, true);
4837 bcma_host_pci_up(dev->dev->bdev->bus);
4838 break;
4839#endif
4840#ifdef CONFIG_B43_SSB
4841 case B43_BUS_SSB:
4842 ssb_pcicore_dev_irqvecs_enable(&dev->dev->sdev->bus->pcicore,
4843 dev->dev->sdev);
4844 break;
4845#endif
4846 }
4847
4848 b43_imcfglo_timeouts_workaround(dev);
4849 b43_bluetooth_coext_disable(dev);
4850 if (phy->ops->prepare_hardware) {
4851 err = phy->ops->prepare_hardware(dev);
4852 if (err)
4853 goto err_busdown;
4854 }
4855 err = b43_chip_init(dev);
4856 if (err)
4857 goto err_busdown;
4858 b43_shm_write16(dev, B43_SHM_SHARED,
4859 B43_SHM_SH_WLCOREREV, dev->dev->core_rev);
4860 hf = b43_hf_read(dev);
4861 if (phy->type == B43_PHYTYPE_G) {
4862 hf |= B43_HF_SYMW;
4863 if (phy->rev == 1)
4864 hf |= B43_HF_GDCW;
4865 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4866 hf |= B43_HF_OFDMPABOOST;
4867 }
4868 if (phy->radio_ver == 0x2050) {
4869 if (phy->radio_rev == 6)
4870 hf |= B43_HF_4318TSSI;
4871 if (phy->radio_rev < 6)
4872 hf |= B43_HF_VCORECALC;
4873 }
4874 if (sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW)
4875 hf |= B43_HF_DSCRQ; /* Disable slowclock requests from ucode. */
4876#if defined(CONFIG_B43_SSB) && defined(CONFIG_SSB_DRIVER_PCICORE)
4877 if (dev->dev->bus_type == B43_BUS_SSB &&
4878 dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI &&
4879 dev->dev->sdev->bus->pcicore.dev->id.revision <= 10)
4880 hf |= B43_HF_PCISCW; /* PCI slow clock workaround. */
4881#endif
4882 hf &= ~B43_HF_SKCFPUP;
4883 b43_hf_write(dev, hf);
4884
4885 /* tell the ucode MAC capabilities */
4886 if (dev->dev->core_rev >= 13) {
4887 u32 mac_hw_cap = b43_read32(dev, B43_MMIO_MAC_HW_CAP);
4888
4889 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_MACHW_L,
4890 mac_hw_cap & 0xffff);
4891 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_MACHW_H,
4892 (mac_hw_cap >> 16) & 0xffff);
4893 }
4894
4895 b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4896 B43_DEFAULT_LONG_RETRY_LIMIT);
4897 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4898 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4899
4900 /* Disable sending probe responses from firmware.
4901 * Setting the MaxTime to one usec will always trigger
4902 * a timeout, so we never send any probe resp.
4903 * A timeout of zero is infinite. */
4904 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4905
4906 b43_rate_memory_init(dev);
4907 b43_set_phytxctl_defaults(dev);
4908
4909 /* Minimum Contention Window */
4910 if (phy->type == B43_PHYTYPE_B)
4911 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4912 else
4913 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4914 /* Maximum Contention Window */
4915 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4916
4917 /* write phytype and phyvers */
4918 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PHYTYPE, phy->type);
4919 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PHYVER, phy->rev);
4920
4921 if (b43_bus_host_is_pcmcia(dev->dev) ||
4922 b43_bus_host_is_sdio(dev->dev)) {
4923 dev->__using_pio_transfers = true;
4924 err = b43_pio_init(dev);
4925 } else if (dev->use_pio) {
4926 b43warn(dev->wl, "Forced PIO by use_pio module parameter. "
4927 "This should not be needed and will result in lower "
4928 "performance.\n");
4929 dev->__using_pio_transfers = true;
4930 err = b43_pio_init(dev);
4931 } else {
4932 dev->__using_pio_transfers = false;
4933 err = b43_dma_init(dev);
4934 }
4935 if (err)
4936 goto err_chip_exit;
4937 b43_qos_init(dev);
4938 b43_set_synth_pu_delay(dev, 1);
4939 b43_bluetooth_coext_enable(dev);
4940
4941 b43_bus_powerup(dev, !(sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW));
4942 b43_upload_card_macaddress(dev);
4943 b43_security_init(dev);
4944
4945 ieee80211_wake_queues(dev->wl->hw);
4946
4947 b43_set_status(dev, B43_STAT_INITIALIZED);
4948
4949out:
4950 return err;
4951
4952err_chip_exit:
4953 b43_chip_exit(dev);
4954err_busdown:
4955 b43_bus_may_powerdown(dev);
4956 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4957 return err;
4958}
4959
4960static int b43_op_add_interface(struct ieee80211_hw *hw,
4961 struct ieee80211_vif *vif)
4962{
4963 struct b43_wl *wl = hw_to_b43_wl(hw);
4964 struct b43_wldev *dev;
4965 int err = -EOPNOTSUPP;
4966
4967 /* TODO: allow AP devices to coexist */
4968
4969 if (vif->type != NL80211_IFTYPE_AP &&
4970 vif->type != NL80211_IFTYPE_MESH_POINT &&
4971 vif->type != NL80211_IFTYPE_STATION &&
4972 vif->type != NL80211_IFTYPE_ADHOC)
4973 return -EOPNOTSUPP;
4974
4975 mutex_lock(&wl->mutex);
4976 if (wl->operating)
4977 goto out_mutex_unlock;
4978
4979 b43dbg(wl, "Adding Interface type %d\n", vif->type);
4980
4981 dev = wl->current_dev;
4982 wl->operating = true;
4983 wl->vif = vif;
4984 wl->if_type = vif->type;
4985 memcpy(wl->mac_addr, vif->addr, ETH_ALEN);
4986
4987 b43_adjust_opmode(dev);
4988 b43_set_pretbtt(dev);
4989 b43_set_synth_pu_delay(dev, 0);
4990 b43_upload_card_macaddress(dev);
4991
4992 err = 0;
4993 out_mutex_unlock:
4994 mutex_unlock(&wl->mutex);
4995
4996 if (err == 0)
4997 b43_op_bss_info_changed(hw, vif, &vif->bss_conf, ~0);
4998
4999 return err;
5000}
5001
5002static void b43_op_remove_interface(struct ieee80211_hw *hw,
5003 struct ieee80211_vif *vif)
5004{
5005 struct b43_wl *wl = hw_to_b43_wl(hw);
5006 struct b43_wldev *dev = wl->current_dev;
5007
5008 b43dbg(wl, "Removing Interface type %d\n", vif->type);
5009
5010 mutex_lock(&wl->mutex);
5011
5012 B43_WARN_ON(!wl->operating);
5013 B43_WARN_ON(wl->vif != vif);
5014 wl->vif = NULL;
5015
5016 wl->operating = false;
5017
5018 b43_adjust_opmode(dev);
5019 eth_zero_addr(wl->mac_addr);
5020 b43_upload_card_macaddress(dev);
5021
5022 mutex_unlock(&wl->mutex);
5023}
5024
5025static int b43_op_start(struct ieee80211_hw *hw)
5026{
5027 struct b43_wl *wl = hw_to_b43_wl(hw);
5028 struct b43_wldev *dev = wl->current_dev;
5029 int did_init = 0;
5030 int err = 0;
5031
5032 /* Kill all old instance specific information to make sure
5033 * the card won't use it in the short timeframe between start
5034 * and mac80211 reconfiguring it. */
5035 eth_zero_addr(wl->bssid);
5036 eth_zero_addr(wl->mac_addr);
5037 wl->filter_flags = 0;
5038 wl->radiotap_enabled = false;
5039 b43_qos_clear(wl);
5040 wl->beacon0_uploaded = false;
5041 wl->beacon1_uploaded = false;
5042 wl->beacon_templates_virgin = true;
5043 wl->radio_enabled = true;
5044
5045 mutex_lock(&wl->mutex);
5046
5047 if (b43_status(dev) < B43_STAT_INITIALIZED) {
5048 err = b43_wireless_core_init(dev);
5049 if (err)
5050 goto out_mutex_unlock;
5051 did_init = 1;
5052 }
5053
5054 if (b43_status(dev) < B43_STAT_STARTED) {
5055 err = b43_wireless_core_start(dev);
5056 if (err) {
5057 if (did_init)
5058 b43_wireless_core_exit(dev);
5059 goto out_mutex_unlock;
5060 }
5061 }
5062
5063 /* XXX: only do if device doesn't support rfkill irq */
5064 wiphy_rfkill_start_polling(hw->wiphy);
5065
5066 out_mutex_unlock:
5067 mutex_unlock(&wl->mutex);
5068
5069 /*
5070 * Configuration may have been overwritten during initialization.
5071 * Reload the configuration, but only if initialization was
5072 * successful. Reloading the configuration after a failed init
5073 * may hang the system.
5074 */
5075 if (!err)
5076 b43_op_config(hw, ~0);
5077
5078 return err;
5079}
5080
5081static void b43_op_stop(struct ieee80211_hw *hw, bool suspend)
5082{
5083 struct b43_wl *wl = hw_to_b43_wl(hw);
5084 struct b43_wldev *dev = wl->current_dev;
5085
5086 cancel_work_sync(&(wl->beacon_update_trigger));
5087
5088 if (!dev)
5089 goto out;
5090
5091 mutex_lock(&wl->mutex);
5092 if (b43_status(dev) >= B43_STAT_STARTED) {
5093 dev = b43_wireless_core_stop(dev);
5094 if (!dev)
5095 goto out_unlock;
5096 }
5097 b43_wireless_core_exit(dev);
5098 wl->radio_enabled = false;
5099
5100out_unlock:
5101 mutex_unlock(&wl->mutex);
5102out:
5103 cancel_work_sync(&(wl->txpower_adjust_work));
5104}
5105
5106static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
5107 struct ieee80211_sta *sta, bool set)
5108{
5109 struct b43_wl *wl = hw_to_b43_wl(hw);
5110
5111 b43_update_templates(wl);
5112
5113 return 0;
5114}
5115
5116static void b43_op_sta_notify(struct ieee80211_hw *hw,
5117 struct ieee80211_vif *vif,
5118 enum sta_notify_cmd notify_cmd,
5119 struct ieee80211_sta *sta)
5120{
5121 struct b43_wl *wl = hw_to_b43_wl(hw);
5122
5123 B43_WARN_ON(!vif || wl->vif != vif);
5124}
5125
5126static void b43_op_sw_scan_start_notifier(struct ieee80211_hw *hw,
5127 struct ieee80211_vif *vif,
5128 const u8 *mac_addr)
5129{
5130 struct b43_wl *wl = hw_to_b43_wl(hw);
5131 struct b43_wldev *dev;
5132
5133 mutex_lock(&wl->mutex);
5134 dev = wl->current_dev;
5135 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
5136 /* Disable CFP update during scan on other channels. */
5137 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_SKCFPUP);
5138 }
5139 mutex_unlock(&wl->mutex);
5140}
5141
5142static void b43_op_sw_scan_complete_notifier(struct ieee80211_hw *hw,
5143 struct ieee80211_vif *vif)
5144{
5145 struct b43_wl *wl = hw_to_b43_wl(hw);
5146 struct b43_wldev *dev;
5147
5148 mutex_lock(&wl->mutex);
5149 dev = wl->current_dev;
5150 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
5151 /* Re-enable CFP update. */
5152 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_SKCFPUP);
5153 }
5154 mutex_unlock(&wl->mutex);
5155}
5156
5157static int b43_op_get_survey(struct ieee80211_hw *hw, int idx,
5158 struct survey_info *survey)
5159{
5160 struct b43_wl *wl = hw_to_b43_wl(hw);
5161 struct b43_wldev *dev = wl->current_dev;
5162 struct ieee80211_conf *conf = &hw->conf;
5163
5164 if (idx != 0)
5165 return -ENOENT;
5166
5167 survey->channel = conf->chandef.chan;
5168 survey->filled = SURVEY_INFO_NOISE_DBM;
5169 survey->noise = dev->stats.link_noise;
5170
5171 return 0;
5172}
5173
5174static const struct ieee80211_ops b43_hw_ops = {
5175 .add_chanctx = ieee80211_emulate_add_chanctx,
5176 .remove_chanctx = ieee80211_emulate_remove_chanctx,
5177 .change_chanctx = ieee80211_emulate_change_chanctx,
5178 .switch_vif_chanctx = ieee80211_emulate_switch_vif_chanctx,
5179 .tx = b43_op_tx,
5180 .wake_tx_queue = ieee80211_handle_wake_tx_queue,
5181 .conf_tx = b43_op_conf_tx,
5182 .add_interface = b43_op_add_interface,
5183 .remove_interface = b43_op_remove_interface,
5184 .config = b43_op_config,
5185 .bss_info_changed = b43_op_bss_info_changed,
5186 .configure_filter = b43_op_configure_filter,
5187 .set_key = b43_op_set_key,
5188 .update_tkip_key = b43_op_update_tkip_key,
5189 .get_stats = b43_op_get_stats,
5190 .get_tsf = b43_op_get_tsf,
5191 .set_tsf = b43_op_set_tsf,
5192 .start = b43_op_start,
5193 .stop = b43_op_stop,
5194 .set_tim = b43_op_beacon_set_tim,
5195 .sta_notify = b43_op_sta_notify,
5196 .sw_scan_start = b43_op_sw_scan_start_notifier,
5197 .sw_scan_complete = b43_op_sw_scan_complete_notifier,
5198 .get_survey = b43_op_get_survey,
5199 .rfkill_poll = b43_rfkill_poll,
5200};
5201
5202/* Hard-reset the chip. Do not call this directly.
5203 * Use b43_controller_restart()
5204 */
5205static void b43_chip_reset(struct work_struct *work)
5206{
5207 struct b43_wldev *dev =
5208 container_of(work, struct b43_wldev, restart_work);
5209 struct b43_wl *wl = dev->wl;
5210 int err = 0;
5211 int prev_status;
5212
5213 mutex_lock(&wl->mutex);
5214
5215 prev_status = b43_status(dev);
5216 /* Bring the device down... */
5217 if (prev_status >= B43_STAT_STARTED) {
5218 dev = b43_wireless_core_stop(dev);
5219 if (!dev) {
5220 err = -ENODEV;
5221 goto out;
5222 }
5223 }
5224 if (prev_status >= B43_STAT_INITIALIZED)
5225 b43_wireless_core_exit(dev);
5226
5227 /* ...and up again. */
5228 if (prev_status >= B43_STAT_INITIALIZED) {
5229 err = b43_wireless_core_init(dev);
5230 if (err)
5231 goto out;
5232 }
5233 if (prev_status >= B43_STAT_STARTED) {
5234 err = b43_wireless_core_start(dev);
5235 if (err) {
5236 b43_wireless_core_exit(dev);
5237 goto out;
5238 }
5239 }
5240out:
5241 if (err)
5242 wl->current_dev = NULL; /* Failed to init the dev. */
5243 mutex_unlock(&wl->mutex);
5244
5245 if (err) {
5246 b43err(wl, "Controller restart FAILED\n");
5247 return;
5248 }
5249
5250 /* reload configuration */
5251 b43_op_config(wl->hw, ~0);
5252 if (wl->vif)
5253 b43_op_bss_info_changed(wl->hw, wl->vif, &wl->vif->bss_conf, ~0);
5254
5255 b43info(wl, "Controller restarted\n");
5256}
5257
5258static int b43_setup_bands(struct b43_wldev *dev,
5259 bool have_2ghz_phy, bool have_5ghz_phy)
5260{
5261 struct ieee80211_hw *hw = dev->wl->hw;
5262 struct b43_phy *phy = &dev->phy;
5263 bool limited_2g;
5264 bool limited_5g;
5265
5266 /* We don't support all 2 GHz channels on some devices */
5267 limited_2g = phy->radio_ver == 0x2057 &&
5268 (phy->radio_rev == 9 || phy->radio_rev == 14);
5269 limited_5g = phy->radio_ver == 0x2057 &&
5270 phy->radio_rev == 9;
5271
5272 if (have_2ghz_phy)
5273 hw->wiphy->bands[NL80211_BAND_2GHZ] = limited_2g ?
5274 &b43_band_2ghz_limited : &b43_band_2GHz;
5275 if (dev->phy.type == B43_PHYTYPE_N) {
5276 if (have_5ghz_phy)
5277 hw->wiphy->bands[NL80211_BAND_5GHZ] = limited_5g ?
5278 &b43_band_5GHz_nphy_limited :
5279 &b43_band_5GHz_nphy;
5280 } else {
5281 if (have_5ghz_phy)
5282 hw->wiphy->bands[NL80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
5283 }
5284
5285 dev->phy.supports_2ghz = have_2ghz_phy;
5286 dev->phy.supports_5ghz = have_5ghz_phy;
5287
5288 return 0;
5289}
5290
5291static void b43_wireless_core_detach(struct b43_wldev *dev)
5292{
5293 /* We release firmware that late to not be required to re-request
5294 * is all the time when we reinit the core. */
5295 b43_release_firmware(dev);
5296 b43_phy_free(dev);
5297}
5298
5299static void b43_supported_bands(struct b43_wldev *dev, bool *have_2ghz_phy,
5300 bool *have_5ghz_phy)
5301{
5302 u16 dev_id = 0;
5303
5304#ifdef CONFIG_B43_BCMA
5305 if (dev->dev->bus_type == B43_BUS_BCMA &&
5306 dev->dev->bdev->bus->hosttype == BCMA_HOSTTYPE_PCI)
5307 dev_id = dev->dev->bdev->bus->host_pci->device;
5308#endif
5309#ifdef CONFIG_B43_SSB
5310 if (dev->dev->bus_type == B43_BUS_SSB &&
5311 dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI)
5312 dev_id = dev->dev->sdev->bus->host_pci->device;
5313#endif
5314 /* Override with SPROM value if available */
5315 if (dev->dev->bus_sprom->dev_id)
5316 dev_id = dev->dev->bus_sprom->dev_id;
5317
5318 /* Note: below IDs can be "virtual" (not maching e.g. real PCI ID) */
5319 switch (dev_id) {
5320 case 0x4324: /* BCM4306 */
5321 case 0x4312: /* BCM4311 */
5322 case 0x4319: /* BCM4318 */
5323 case 0x4328: /* BCM4321 */
5324 case 0x432b: /* BCM4322 */
5325 case 0x4350: /* BCM43222 */
5326 case 0x4353: /* BCM43224 */
5327 case 0x0576: /* BCM43224 */
5328 case 0x435f: /* BCM6362 */
5329 case 0x4331: /* BCM4331 */
5330 case 0x4359: /* BCM43228 */
5331 case 0x43a0: /* BCM4360 */
5332 case 0x43b1: /* BCM4352 */
5333 /* Dual band devices */
5334 *have_2ghz_phy = true;
5335 *have_5ghz_phy = true;
5336 return;
5337 case 0x4321: /* BCM4306 */
5338 /* There are 14e4:4321 PCI devs with 2.4 GHz BCM4321 (N-PHY) */
5339 if (dev->phy.type != B43_PHYTYPE_G)
5340 break;
5341 fallthrough;
5342 case 0x4313: /* BCM4311 */
5343 case 0x431a: /* BCM4318 */
5344 case 0x432a: /* BCM4321 */
5345 case 0x432d: /* BCM4322 */
5346 case 0x4352: /* BCM43222 */
5347 case 0x435a: /* BCM43228 */
5348 case 0x4333: /* BCM4331 */
5349 case 0x43a2: /* BCM4360 */
5350 case 0x43b3: /* BCM4352 */
5351 /* 5 GHz only devices */
5352 *have_2ghz_phy = false;
5353 *have_5ghz_phy = true;
5354 return;
5355 }
5356
5357 /* As a fallback, try to guess using PHY type */
5358 switch (dev->phy.type) {
5359 case B43_PHYTYPE_G:
5360 case B43_PHYTYPE_N:
5361 case B43_PHYTYPE_LP:
5362 case B43_PHYTYPE_HT:
5363 case B43_PHYTYPE_LCN:
5364 *have_2ghz_phy = true;
5365 *have_5ghz_phy = false;
5366 return;
5367 }
5368
5369 B43_WARN_ON(1);
5370}
5371
5372static int b43_wireless_core_attach(struct b43_wldev *dev)
5373{
5374 struct b43_wl *wl = dev->wl;
5375 struct b43_phy *phy = &dev->phy;
5376 int err;
5377 u32 tmp;
5378 bool have_2ghz_phy = false, have_5ghz_phy = false;
5379
5380 /* Do NOT do any device initialization here.
5381 * Do it in wireless_core_init() instead.
5382 * This function is for gathering basic information about the HW, only.
5383 * Also some structs may be set up here. But most likely you want to have
5384 * that in core_init(), too.
5385 */
5386
5387 err = b43_bus_powerup(dev, 0);
5388 if (err) {
5389 b43err(wl, "Bus powerup failed\n");
5390 goto out;
5391 }
5392
5393 phy->do_full_init = true;
5394
5395 /* Try to guess supported bands for the first init needs */
5396 switch (dev->dev->bus_type) {
5397#ifdef CONFIG_B43_BCMA
5398 case B43_BUS_BCMA:
5399 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOST);
5400 have_2ghz_phy = !!(tmp & B43_BCMA_IOST_2G_PHY);
5401 have_5ghz_phy = !!(tmp & B43_BCMA_IOST_5G_PHY);
5402 break;
5403#endif
5404#ifdef CONFIG_B43_SSB
5405 case B43_BUS_SSB:
5406 if (dev->dev->core_rev >= 5) {
5407 tmp = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
5408 have_2ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_2GHZ_PHY);
5409 have_5ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_5GHZ_PHY);
5410 } else
5411 B43_WARN_ON(1);
5412 break;
5413#endif
5414 }
5415
5416 dev->phy.gmode = have_2ghz_phy;
5417 b43_wireless_core_reset(dev, dev->phy.gmode);
5418
5419 /* Get the PHY type. */
5420 err = b43_phy_versioning(dev);
5421 if (err)
5422 goto err_powerdown;
5423
5424 /* Get real info about supported bands */
5425 b43_supported_bands(dev, &have_2ghz_phy, &have_5ghz_phy);
5426
5427 /* We don't support 5 GHz on some PHYs yet */
5428 if (have_5ghz_phy) {
5429 switch (dev->phy.type) {
5430 case B43_PHYTYPE_G:
5431 case B43_PHYTYPE_LP:
5432 case B43_PHYTYPE_HT:
5433 b43warn(wl, "5 GHz band is unsupported on this PHY\n");
5434 have_5ghz_phy = false;
5435 }
5436 }
5437
5438 if (!have_2ghz_phy && !have_5ghz_phy) {
5439 b43err(wl, "b43 can't support any band on this device\n");
5440 err = -EOPNOTSUPP;
5441 goto err_powerdown;
5442 }
5443
5444 err = b43_phy_allocate(dev);
5445 if (err)
5446 goto err_powerdown;
5447
5448 dev->phy.gmode = have_2ghz_phy;
5449 b43_wireless_core_reset(dev, dev->phy.gmode);
5450
5451 err = b43_validate_chipaccess(dev);
5452 if (err)
5453 goto err_phy_free;
5454 err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
5455 if (err)
5456 goto err_phy_free;
5457
5458 /* Now set some default "current_dev" */
5459 if (!wl->current_dev)
5460 wl->current_dev = dev;
5461 INIT_WORK(&dev->restart_work, b43_chip_reset);
5462
5463 dev->phy.ops->switch_analog(dev, 0);
5464 b43_device_disable(dev, 0);
5465 b43_bus_may_powerdown(dev);
5466
5467out:
5468 return err;
5469
5470err_phy_free:
5471 b43_phy_free(dev);
5472err_powerdown:
5473 b43_bus_may_powerdown(dev);
5474 return err;
5475}
5476
5477static void b43_one_core_detach(struct b43_bus_dev *dev)
5478{
5479 struct b43_wldev *wldev;
5480
5481 /* Do not cancel ieee80211-workqueue based work here.
5482 * See comment in b43_remove(). */
5483
5484 wldev = b43_bus_get_wldev(dev);
5485 b43_debugfs_remove_device(wldev);
5486 b43_wireless_core_detach(wldev);
5487 list_del(&wldev->list);
5488 b43_bus_set_wldev(dev, NULL);
5489 kfree(wldev);
5490}
5491
5492static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl)
5493{
5494 struct b43_wldev *wldev;
5495 int err = -ENOMEM;
5496
5497 wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
5498 if (!wldev)
5499 goto out;
5500
5501 wldev->use_pio = b43_modparam_pio;
5502 wldev->dev = dev;
5503 wldev->wl = wl;
5504 b43_set_status(wldev, B43_STAT_UNINIT);
5505 wldev->bad_frames_preempt = modparam_bad_frames_preempt;
5506 INIT_LIST_HEAD(&wldev->list);
5507
5508 err = b43_wireless_core_attach(wldev);
5509 if (err)
5510 goto err_kfree_wldev;
5511
5512 b43_bus_set_wldev(dev, wldev);
5513 b43_debugfs_add_device(wldev);
5514
5515 out:
5516 return err;
5517
5518 err_kfree_wldev:
5519 kfree(wldev);
5520 return err;
5521}
5522
5523#define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice) ( \
5524 (pdev->vendor == PCI_VENDOR_ID_##_vendor) && \
5525 (pdev->device == _device) && \
5526 (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) && \
5527 (pdev->subsystem_device == _subdevice) )
5528
5529#ifdef CONFIG_B43_SSB
5530static void b43_sprom_fixup(struct ssb_bus *bus)
5531{
5532 struct pci_dev *pdev;
5533
5534 /* boardflags workarounds */
5535 if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
5536 bus->chip_id == 0x4301 && bus->sprom.board_rev == 0x74)
5537 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
5538 if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
5539 bus->boardinfo.type == 0x4E && bus->sprom.board_rev > 0x40)
5540 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
5541 if (bus->bustype == SSB_BUSTYPE_PCI) {
5542 pdev = bus->host_pci;
5543 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
5544 IS_PDEV(pdev, BROADCOM, 0x4320, DELL, 0x0003) ||
5545 IS_PDEV(pdev, BROADCOM, 0x4320, HP, 0x12f8) ||
5546 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
5547 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
5548 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
5549 IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
5550 bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
5551 }
5552}
5553
5554static void b43_wireless_exit(struct b43_bus_dev *dev, struct b43_wl *wl)
5555{
5556 struct ieee80211_hw *hw = wl->hw;
5557
5558 ssb_set_devtypedata(dev->sdev, NULL);
5559 ieee80211_free_hw(hw);
5560}
5561#endif
5562
5563static struct b43_wl *b43_wireless_init(struct b43_bus_dev *dev)
5564{
5565 struct ssb_sprom *sprom = dev->bus_sprom;
5566 struct ieee80211_hw *hw;
5567 struct b43_wl *wl;
5568 char chip_name[6];
5569 int queue_num;
5570
5571 hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
5572 if (!hw) {
5573 b43err(NULL, "Could not allocate ieee80211 device\n");
5574 return ERR_PTR(-ENOMEM);
5575 }
5576 wl = hw_to_b43_wl(hw);
5577
5578 /* fill hw info */
5579 ieee80211_hw_set(hw, RX_INCLUDES_FCS);
5580 ieee80211_hw_set(hw, SIGNAL_DBM);
5581 ieee80211_hw_set(hw, MFP_CAPABLE);
5582 hw->wiphy->interface_modes =
5583 BIT(NL80211_IFTYPE_AP) |
5584 BIT(NL80211_IFTYPE_MESH_POINT) |
5585 BIT(NL80211_IFTYPE_STATION) |
5586 BIT(NL80211_IFTYPE_ADHOC);
5587
5588 hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
5589
5590 wiphy_ext_feature_set(hw->wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST);
5591
5592 wl->hw_registered = false;
5593 hw->max_rates = 2;
5594 SET_IEEE80211_DEV(hw, dev->dev);
5595 if (is_valid_ether_addr(sprom->et1mac))
5596 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
5597 else
5598 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
5599
5600 /* Initialize struct b43_wl */
5601 wl->hw = hw;
5602 mutex_init(&wl->mutex);
5603 spin_lock_init(&wl->hardirq_lock);
5604 spin_lock_init(&wl->beacon_lock);
5605 INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
5606 INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
5607 INIT_WORK(&wl->tx_work, b43_tx_work);
5608
5609 /* Initialize queues and flags. */
5610 for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
5611 skb_queue_head_init(&wl->tx_queue[queue_num]);
5612 wl->tx_queue_stopped[queue_num] = false;
5613 }
5614
5615 snprintf(chip_name, ARRAY_SIZE(chip_name),
5616 (dev->chip_id > 0x9999) ? "%d" : "%04X", dev->chip_id);
5617 b43info(wl, "Broadcom %s WLAN found (core revision %u)\n", chip_name,
5618 dev->core_rev);
5619 return wl;
5620}
5621
5622#ifdef CONFIG_B43_BCMA
5623static int b43_bcma_probe(struct bcma_device *core)
5624{
5625 struct b43_bus_dev *dev;
5626 struct b43_wl *wl;
5627 int err;
5628
5629 if (!modparam_allhwsupport &&
5630 (core->id.rev == 0x17 || core->id.rev == 0x18)) {
5631 pr_err("Support for cores revisions 0x17 and 0x18 disabled by module param allhwsupport=0. Try b43.allhwsupport=1\n");
5632 return -ENOTSUPP;
5633 }
5634
5635 dev = b43_bus_dev_bcma_init(core);
5636 if (!dev)
5637 return -ENODEV;
5638
5639 wl = b43_wireless_init(dev);
5640 if (IS_ERR(wl)) {
5641 err = PTR_ERR(wl);
5642 goto bcma_out;
5643 }
5644
5645 err = b43_one_core_attach(dev, wl);
5646 if (err)
5647 goto bcma_err_wireless_exit;
5648
5649 /* setup and start work to load firmware */
5650 INIT_WORK(&wl->firmware_load, b43_request_firmware);
5651 schedule_work(&wl->firmware_load);
5652
5653 return err;
5654
5655bcma_err_wireless_exit:
5656 ieee80211_free_hw(wl->hw);
5657bcma_out:
5658 kfree(dev);
5659 return err;
5660}
5661
5662static void b43_bcma_remove(struct bcma_device *core)
5663{
5664 struct b43_wldev *wldev = bcma_get_drvdata(core);
5665 struct b43_wl *wl = wldev->wl;
5666
5667 /* We must cancel any work here before unregistering from ieee80211,
5668 * as the ieee80211 unreg will destroy the workqueue. */
5669 cancel_work_sync(&wldev->restart_work);
5670 cancel_work_sync(&wl->firmware_load);
5671
5672 B43_WARN_ON(!wl);
5673 if (!wldev->fw.ucode.data)
5674 return; /* NULL if firmware never loaded */
5675 if (wl->current_dev == wldev && wl->hw_registered) {
5676 b43_leds_stop(wldev);
5677 ieee80211_unregister_hw(wl->hw);
5678 }
5679
5680 b43_one_core_detach(wldev->dev);
5681
5682 /* Unregister HW RNG driver */
5683 b43_rng_exit(wl);
5684
5685 b43_leds_unregister(wl);
5686 ieee80211_free_hw(wl->hw);
5687 kfree(wldev->dev);
5688}
5689
5690static struct bcma_driver b43_bcma_driver = {
5691 .name = KBUILD_MODNAME,
5692 .id_table = b43_bcma_tbl,
5693 .probe = b43_bcma_probe,
5694 .remove = b43_bcma_remove,
5695};
5696#endif
5697
5698#ifdef CONFIG_B43_SSB
5699static
5700int b43_ssb_probe(struct ssb_device *sdev, const struct ssb_device_id *id)
5701{
5702 struct b43_bus_dev *dev;
5703 struct b43_wl *wl;
5704 int err;
5705
5706 dev = b43_bus_dev_ssb_init(sdev);
5707 if (!dev)
5708 return -ENOMEM;
5709
5710 wl = ssb_get_devtypedata(sdev);
5711 if (wl) {
5712 b43err(NULL, "Dual-core devices are not supported\n");
5713 err = -ENOTSUPP;
5714 goto err_ssb_kfree_dev;
5715 }
5716
5717 b43_sprom_fixup(sdev->bus);
5718
5719 wl = b43_wireless_init(dev);
5720 if (IS_ERR(wl)) {
5721 err = PTR_ERR(wl);
5722 goto err_ssb_kfree_dev;
5723 }
5724 ssb_set_devtypedata(sdev, wl);
5725 B43_WARN_ON(ssb_get_devtypedata(sdev) != wl);
5726
5727 err = b43_one_core_attach(dev, wl);
5728 if (err)
5729 goto err_ssb_wireless_exit;
5730
5731 /* setup and start work to load firmware */
5732 INIT_WORK(&wl->firmware_load, b43_request_firmware);
5733 schedule_work(&wl->firmware_load);
5734
5735 return err;
5736
5737err_ssb_wireless_exit:
5738 b43_wireless_exit(dev, wl);
5739err_ssb_kfree_dev:
5740 kfree(dev);
5741 return err;
5742}
5743
5744static void b43_ssb_remove(struct ssb_device *sdev)
5745{
5746 struct b43_wl *wl = ssb_get_devtypedata(sdev);
5747 struct b43_wldev *wldev = ssb_get_drvdata(sdev);
5748 struct b43_bus_dev *dev = wldev->dev;
5749
5750 /* We must cancel any work here before unregistering from ieee80211,
5751 * as the ieee80211 unreg will destroy the workqueue. */
5752 cancel_work_sync(&wldev->restart_work);
5753 cancel_work_sync(&wl->firmware_load);
5754
5755 B43_WARN_ON(!wl);
5756 if (!wldev->fw.ucode.data)
5757 return; /* NULL if firmware never loaded */
5758 if (wl->current_dev == wldev && wl->hw_registered) {
5759 b43_leds_stop(wldev);
5760 ieee80211_unregister_hw(wl->hw);
5761 }
5762
5763 b43_one_core_detach(dev);
5764
5765 /* Unregister HW RNG driver */
5766 b43_rng_exit(wl);
5767
5768 b43_leds_unregister(wl);
5769 b43_wireless_exit(dev, wl);
5770 kfree(dev);
5771}
5772
5773static struct ssb_driver b43_ssb_driver = {
5774 .name = KBUILD_MODNAME,
5775 .id_table = b43_ssb_tbl,
5776 .probe = b43_ssb_probe,
5777 .remove = b43_ssb_remove,
5778};
5779#endif /* CONFIG_B43_SSB */
5780
5781/* Perform a hardware reset. This can be called from any context. */
5782void b43_controller_restart(struct b43_wldev *dev, const char *reason)
5783{
5784 /* Must avoid requeueing, if we are in shutdown. */
5785 if (b43_status(dev) < B43_STAT_INITIALIZED)
5786 return;
5787 b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
5788 ieee80211_queue_work(dev->wl->hw, &dev->restart_work);
5789}
5790
5791static void b43_print_driverinfo(void)
5792{
5793 const char *feat_pci = "", *feat_nphy = "",
5794 *feat_leds = "", *feat_sdio = "";
5795
5796#ifdef CONFIG_B43_PCI_AUTOSELECT
5797 feat_pci = "P";
5798#endif
5799#ifdef CONFIG_B43_PHY_N
5800 feat_nphy = "N";
5801#endif
5802#ifdef CONFIG_B43_LEDS
5803 feat_leds = "L";
5804#endif
5805#ifdef CONFIG_B43_SDIO
5806 feat_sdio = "S";
5807#endif
5808 printk(KERN_INFO "Broadcom 43xx driver loaded "
5809 "[ Features: %s%s%s%s ]\n",
5810 feat_pci, feat_nphy, feat_leds, feat_sdio);
5811}
5812
5813static int __init b43_init(void)
5814{
5815 int err;
5816
5817 b43_debugfs_init();
5818 err = b43_sdio_init();
5819 if (err)
5820 goto err_dfs_exit;
5821#ifdef CONFIG_B43_BCMA
5822 err = bcma_driver_register(&b43_bcma_driver);
5823 if (err)
5824 goto err_sdio_exit;
5825#endif
5826#ifdef CONFIG_B43_SSB
5827 err = ssb_driver_register(&b43_ssb_driver);
5828 if (err)
5829 goto err_bcma_driver_exit;
5830#endif
5831 b43_print_driverinfo();
5832
5833 return err;
5834
5835#ifdef CONFIG_B43_SSB
5836err_bcma_driver_exit:
5837#endif
5838#ifdef CONFIG_B43_BCMA
5839 bcma_driver_unregister(&b43_bcma_driver);
5840err_sdio_exit:
5841#endif
5842 b43_sdio_exit();
5843err_dfs_exit:
5844 b43_debugfs_exit();
5845 return err;
5846}
5847
5848static void __exit b43_exit(void)
5849{
5850#ifdef CONFIG_B43_SSB
5851 ssb_driver_unregister(&b43_ssb_driver);
5852#endif
5853#ifdef CONFIG_B43_BCMA
5854 bcma_driver_unregister(&b43_bcma_driver);
5855#endif
5856 b43_sdio_exit();
5857 b43_debugfs_exit();
5858}
5859
5860module_init(b43_init)
5861module_exit(b43_exit)
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3
4 Broadcom B43 wireless driver
5
6 Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
7 Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
8 Copyright (c) 2005-2009 Michael Buesch <m@bues.ch>
9 Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
10 Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
11 Copyright (c) 2010-2011 Rafał Miłecki <zajec5@gmail.com>
12
13 SDIO support
14 Copyright (c) 2009 Albert Herranz <albert_herranz@yahoo.es>
15
16 Some parts of the code in this file are derived from the ipw2200
17 driver Copyright(c) 2003 - 2004 Intel Corporation.
18
19
20*/
21
22#include <linux/delay.h>
23#include <linux/init.h>
24#include <linux/module.h>
25#include <linux/if_arp.h>
26#include <linux/etherdevice.h>
27#include <linux/firmware.h>
28#include <linux/workqueue.h>
29#include <linux/skbuff.h>
30#include <linux/io.h>
31#include <linux/dma-mapping.h>
32#include <linux/slab.h>
33#include <asm/unaligned.h>
34
35#include "b43.h"
36#include "main.h"
37#include "debugfs.h"
38#include "phy_common.h"
39#include "phy_g.h"
40#include "phy_n.h"
41#include "dma.h"
42#include "pio.h"
43#include "sysfs.h"
44#include "xmit.h"
45#include "lo.h"
46#include "sdio.h"
47#include <linux/mmc/sdio_func.h>
48
49MODULE_DESCRIPTION("Broadcom B43 wireless driver");
50MODULE_AUTHOR("Martin Langer");
51MODULE_AUTHOR("Stefano Brivio");
52MODULE_AUTHOR("Michael Buesch");
53MODULE_AUTHOR("Gábor Stefanik");
54MODULE_AUTHOR("Rafał Miłecki");
55MODULE_LICENSE("GPL");
56
57MODULE_FIRMWARE("b43/ucode11.fw");
58MODULE_FIRMWARE("b43/ucode13.fw");
59MODULE_FIRMWARE("b43/ucode14.fw");
60MODULE_FIRMWARE("b43/ucode15.fw");
61MODULE_FIRMWARE("b43/ucode16_lp.fw");
62MODULE_FIRMWARE("b43/ucode16_mimo.fw");
63MODULE_FIRMWARE("b43/ucode24_lcn.fw");
64MODULE_FIRMWARE("b43/ucode25_lcn.fw");
65MODULE_FIRMWARE("b43/ucode25_mimo.fw");
66MODULE_FIRMWARE("b43/ucode26_mimo.fw");
67MODULE_FIRMWARE("b43/ucode29_mimo.fw");
68MODULE_FIRMWARE("b43/ucode33_lcn40.fw");
69MODULE_FIRMWARE("b43/ucode30_mimo.fw");
70MODULE_FIRMWARE("b43/ucode5.fw");
71MODULE_FIRMWARE("b43/ucode40.fw");
72MODULE_FIRMWARE("b43/ucode42.fw");
73MODULE_FIRMWARE("b43/ucode9.fw");
74
75static int modparam_bad_frames_preempt;
76module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
77MODULE_PARM_DESC(bad_frames_preempt,
78 "enable(1) / disable(0) Bad Frames Preemption");
79
80static char modparam_fwpostfix[16];
81module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
82MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
83
84static int modparam_hwpctl;
85module_param_named(hwpctl, modparam_hwpctl, int, 0444);
86MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
87
88static int modparam_nohwcrypt;
89module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
90MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
91
92static int modparam_hwtkip;
93module_param_named(hwtkip, modparam_hwtkip, int, 0444);
94MODULE_PARM_DESC(hwtkip, "Enable hardware tkip.");
95
96static int modparam_qos = 1;
97module_param_named(qos, modparam_qos, int, 0444);
98MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
99
100static int modparam_btcoex = 1;
101module_param_named(btcoex, modparam_btcoex, int, 0444);
102MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistence (default on)");
103
104int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
105module_param_named(verbose, b43_modparam_verbose, int, 0644);
106MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
107
108static int b43_modparam_pio = 0;
109module_param_named(pio, b43_modparam_pio, int, 0644);
110MODULE_PARM_DESC(pio, "Use PIO accesses by default: 0=DMA, 1=PIO");
111
112static int modparam_allhwsupport = !IS_ENABLED(CONFIG_BRCMSMAC);
113module_param_named(allhwsupport, modparam_allhwsupport, int, 0444);
114MODULE_PARM_DESC(allhwsupport, "Enable support for all hardware (even it if overlaps with the brcmsmac driver)");
115
116#ifdef CONFIG_B43_BCMA
117static const struct bcma_device_id b43_bcma_tbl[] = {
118 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x11, BCMA_ANY_CLASS),
119 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x15, BCMA_ANY_CLASS),
120 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x17, BCMA_ANY_CLASS),
121 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x18, BCMA_ANY_CLASS),
122 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1C, BCMA_ANY_CLASS),
123 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1D, BCMA_ANY_CLASS),
124 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1E, BCMA_ANY_CLASS),
125 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x28, BCMA_ANY_CLASS),
126 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x2A, BCMA_ANY_CLASS),
127 {},
128};
129MODULE_DEVICE_TABLE(bcma, b43_bcma_tbl);
130#endif
131
132#ifdef CONFIG_B43_SSB
133static const struct ssb_device_id b43_ssb_tbl[] = {
134 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
135 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
136 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
137 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
138 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
139 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
140 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 12),
141 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
142 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
143 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
144 {},
145};
146MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
147#endif
148
149/* Channel and ratetables are shared for all devices.
150 * They can't be const, because ieee80211 puts some precalculated
151 * data in there. This data is the same for all devices, so we don't
152 * get concurrency issues */
153#define RATETAB_ENT(_rateid, _flags) \
154 { \
155 .bitrate = B43_RATE_TO_BASE100KBPS(_rateid), \
156 .hw_value = (_rateid), \
157 .flags = (_flags), \
158 }
159
160/*
161 * NOTE: When changing this, sync with xmit.c's
162 * b43_plcp_get_bitrate_idx_* functions!
163 */
164static struct ieee80211_rate __b43_ratetable[] = {
165 RATETAB_ENT(B43_CCK_RATE_1MB, 0),
166 RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
167 RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
168 RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
169 RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
170 RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
171 RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
172 RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
173 RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
174 RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
175 RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
176 RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
177};
178
179#define b43_a_ratetable (__b43_ratetable + 4)
180#define b43_a_ratetable_size 8
181#define b43_b_ratetable (__b43_ratetable + 0)
182#define b43_b_ratetable_size 4
183#define b43_g_ratetable (__b43_ratetable + 0)
184#define b43_g_ratetable_size 12
185
186#define CHAN2G(_channel, _freq, _flags) { \
187 .band = NL80211_BAND_2GHZ, \
188 .center_freq = (_freq), \
189 .hw_value = (_channel), \
190 .flags = (_flags), \
191 .max_antenna_gain = 0, \
192 .max_power = 30, \
193}
194static struct ieee80211_channel b43_2ghz_chantable[] = {
195 CHAN2G(1, 2412, 0),
196 CHAN2G(2, 2417, 0),
197 CHAN2G(3, 2422, 0),
198 CHAN2G(4, 2427, 0),
199 CHAN2G(5, 2432, 0),
200 CHAN2G(6, 2437, 0),
201 CHAN2G(7, 2442, 0),
202 CHAN2G(8, 2447, 0),
203 CHAN2G(9, 2452, 0),
204 CHAN2G(10, 2457, 0),
205 CHAN2G(11, 2462, 0),
206 CHAN2G(12, 2467, 0),
207 CHAN2G(13, 2472, 0),
208 CHAN2G(14, 2484, 0),
209};
210
211/* No support for the last 3 channels (12, 13, 14) */
212#define b43_2ghz_chantable_limited_size 11
213#undef CHAN2G
214
215#define CHAN4G(_channel, _flags) { \
216 .band = NL80211_BAND_5GHZ, \
217 .center_freq = 4000 + (5 * (_channel)), \
218 .hw_value = (_channel), \
219 .flags = (_flags), \
220 .max_antenna_gain = 0, \
221 .max_power = 30, \
222}
223#define CHAN5G(_channel, _flags) { \
224 .band = NL80211_BAND_5GHZ, \
225 .center_freq = 5000 + (5 * (_channel)), \
226 .hw_value = (_channel), \
227 .flags = (_flags), \
228 .max_antenna_gain = 0, \
229 .max_power = 30, \
230}
231static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
232 CHAN4G(184, 0), CHAN4G(186, 0),
233 CHAN4G(188, 0), CHAN4G(190, 0),
234 CHAN4G(192, 0), CHAN4G(194, 0),
235 CHAN4G(196, 0), CHAN4G(198, 0),
236 CHAN4G(200, 0), CHAN4G(202, 0),
237 CHAN4G(204, 0), CHAN4G(206, 0),
238 CHAN4G(208, 0), CHAN4G(210, 0),
239 CHAN4G(212, 0), CHAN4G(214, 0),
240 CHAN4G(216, 0), CHAN4G(218, 0),
241 CHAN4G(220, 0), CHAN4G(222, 0),
242 CHAN4G(224, 0), CHAN4G(226, 0),
243 CHAN4G(228, 0),
244 CHAN5G(32, 0), CHAN5G(34, 0),
245 CHAN5G(36, 0), CHAN5G(38, 0),
246 CHAN5G(40, 0), CHAN5G(42, 0),
247 CHAN5G(44, 0), CHAN5G(46, 0),
248 CHAN5G(48, 0), CHAN5G(50, 0),
249 CHAN5G(52, 0), CHAN5G(54, 0),
250 CHAN5G(56, 0), CHAN5G(58, 0),
251 CHAN5G(60, 0), CHAN5G(62, 0),
252 CHAN5G(64, 0), CHAN5G(66, 0),
253 CHAN5G(68, 0), CHAN5G(70, 0),
254 CHAN5G(72, 0), CHAN5G(74, 0),
255 CHAN5G(76, 0), CHAN5G(78, 0),
256 CHAN5G(80, 0), CHAN5G(82, 0),
257 CHAN5G(84, 0), CHAN5G(86, 0),
258 CHAN5G(88, 0), CHAN5G(90, 0),
259 CHAN5G(92, 0), CHAN5G(94, 0),
260 CHAN5G(96, 0), CHAN5G(98, 0),
261 CHAN5G(100, 0), CHAN5G(102, 0),
262 CHAN5G(104, 0), CHAN5G(106, 0),
263 CHAN5G(108, 0), CHAN5G(110, 0),
264 CHAN5G(112, 0), CHAN5G(114, 0),
265 CHAN5G(116, 0), CHAN5G(118, 0),
266 CHAN5G(120, 0), CHAN5G(122, 0),
267 CHAN5G(124, 0), CHAN5G(126, 0),
268 CHAN5G(128, 0), CHAN5G(130, 0),
269 CHAN5G(132, 0), CHAN5G(134, 0),
270 CHAN5G(136, 0), CHAN5G(138, 0),
271 CHAN5G(140, 0), CHAN5G(142, 0),
272 CHAN5G(144, 0), CHAN5G(145, 0),
273 CHAN5G(146, 0), CHAN5G(147, 0),
274 CHAN5G(148, 0), CHAN5G(149, 0),
275 CHAN5G(150, 0), CHAN5G(151, 0),
276 CHAN5G(152, 0), CHAN5G(153, 0),
277 CHAN5G(154, 0), CHAN5G(155, 0),
278 CHAN5G(156, 0), CHAN5G(157, 0),
279 CHAN5G(158, 0), CHAN5G(159, 0),
280 CHAN5G(160, 0), CHAN5G(161, 0),
281 CHAN5G(162, 0), CHAN5G(163, 0),
282 CHAN5G(164, 0), CHAN5G(165, 0),
283 CHAN5G(166, 0), CHAN5G(168, 0),
284 CHAN5G(170, 0), CHAN5G(172, 0),
285 CHAN5G(174, 0), CHAN5G(176, 0),
286 CHAN5G(178, 0), CHAN5G(180, 0),
287 CHAN5G(182, 0),
288};
289
290static struct ieee80211_channel b43_5ghz_nphy_chantable_limited[] = {
291 CHAN5G(36, 0), CHAN5G(40, 0),
292 CHAN5G(44, 0), CHAN5G(48, 0),
293 CHAN5G(149, 0), CHAN5G(153, 0),
294 CHAN5G(157, 0), CHAN5G(161, 0),
295 CHAN5G(165, 0),
296};
297
298static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
299 CHAN5G(34, 0), CHAN5G(36, 0),
300 CHAN5G(38, 0), CHAN5G(40, 0),
301 CHAN5G(42, 0), CHAN5G(44, 0),
302 CHAN5G(46, 0), CHAN5G(48, 0),
303 CHAN5G(52, 0), CHAN5G(56, 0),
304 CHAN5G(60, 0), CHAN5G(64, 0),
305 CHAN5G(100, 0), CHAN5G(104, 0),
306 CHAN5G(108, 0), CHAN5G(112, 0),
307 CHAN5G(116, 0), CHAN5G(120, 0),
308 CHAN5G(124, 0), CHAN5G(128, 0),
309 CHAN5G(132, 0), CHAN5G(136, 0),
310 CHAN5G(140, 0), CHAN5G(149, 0),
311 CHAN5G(153, 0), CHAN5G(157, 0),
312 CHAN5G(161, 0), CHAN5G(165, 0),
313 CHAN5G(184, 0), CHAN5G(188, 0),
314 CHAN5G(192, 0), CHAN5G(196, 0),
315 CHAN5G(200, 0), CHAN5G(204, 0),
316 CHAN5G(208, 0), CHAN5G(212, 0),
317 CHAN5G(216, 0),
318};
319#undef CHAN4G
320#undef CHAN5G
321
322static struct ieee80211_supported_band b43_band_5GHz_nphy = {
323 .band = NL80211_BAND_5GHZ,
324 .channels = b43_5ghz_nphy_chantable,
325 .n_channels = ARRAY_SIZE(b43_5ghz_nphy_chantable),
326 .bitrates = b43_a_ratetable,
327 .n_bitrates = b43_a_ratetable_size,
328};
329
330static struct ieee80211_supported_band b43_band_5GHz_nphy_limited = {
331 .band = NL80211_BAND_5GHZ,
332 .channels = b43_5ghz_nphy_chantable_limited,
333 .n_channels = ARRAY_SIZE(b43_5ghz_nphy_chantable_limited),
334 .bitrates = b43_a_ratetable,
335 .n_bitrates = b43_a_ratetable_size,
336};
337
338static struct ieee80211_supported_band b43_band_5GHz_aphy = {
339 .band = NL80211_BAND_5GHZ,
340 .channels = b43_5ghz_aphy_chantable,
341 .n_channels = ARRAY_SIZE(b43_5ghz_aphy_chantable),
342 .bitrates = b43_a_ratetable,
343 .n_bitrates = b43_a_ratetable_size,
344};
345
346static struct ieee80211_supported_band b43_band_2GHz = {
347 .band = NL80211_BAND_2GHZ,
348 .channels = b43_2ghz_chantable,
349 .n_channels = ARRAY_SIZE(b43_2ghz_chantable),
350 .bitrates = b43_g_ratetable,
351 .n_bitrates = b43_g_ratetable_size,
352};
353
354static struct ieee80211_supported_band b43_band_2ghz_limited = {
355 .band = NL80211_BAND_2GHZ,
356 .channels = b43_2ghz_chantable,
357 .n_channels = b43_2ghz_chantable_limited_size,
358 .bitrates = b43_g_ratetable,
359 .n_bitrates = b43_g_ratetable_size,
360};
361
362static void b43_wireless_core_exit(struct b43_wldev *dev);
363static int b43_wireless_core_init(struct b43_wldev *dev);
364static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev);
365static int b43_wireless_core_start(struct b43_wldev *dev);
366static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
367 struct ieee80211_vif *vif,
368 struct ieee80211_bss_conf *conf,
369 u32 changed);
370
371static int b43_ratelimit(struct b43_wl *wl)
372{
373 if (!wl || !wl->current_dev)
374 return 1;
375 if (b43_status(wl->current_dev) < B43_STAT_STARTED)
376 return 1;
377 /* We are up and running.
378 * Ratelimit the messages to avoid DoS over the net. */
379 return net_ratelimit();
380}
381
382void b43info(struct b43_wl *wl, const char *fmt, ...)
383{
384 struct va_format vaf;
385 va_list args;
386
387 if (b43_modparam_verbose < B43_VERBOSITY_INFO)
388 return;
389 if (!b43_ratelimit(wl))
390 return;
391
392 va_start(args, fmt);
393
394 vaf.fmt = fmt;
395 vaf.va = &args;
396
397 printk(KERN_INFO "b43-%s: %pV",
398 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
399
400 va_end(args);
401}
402
403void b43err(struct b43_wl *wl, const char *fmt, ...)
404{
405 struct va_format vaf;
406 va_list args;
407
408 if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
409 return;
410 if (!b43_ratelimit(wl))
411 return;
412
413 va_start(args, fmt);
414
415 vaf.fmt = fmt;
416 vaf.va = &args;
417
418 printk(KERN_ERR "b43-%s ERROR: %pV",
419 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
420
421 va_end(args);
422}
423
424void b43warn(struct b43_wl *wl, const char *fmt, ...)
425{
426 struct va_format vaf;
427 va_list args;
428
429 if (b43_modparam_verbose < B43_VERBOSITY_WARN)
430 return;
431 if (!b43_ratelimit(wl))
432 return;
433
434 va_start(args, fmt);
435
436 vaf.fmt = fmt;
437 vaf.va = &args;
438
439 printk(KERN_WARNING "b43-%s warning: %pV",
440 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
441
442 va_end(args);
443}
444
445void b43dbg(struct b43_wl *wl, const char *fmt, ...)
446{
447 struct va_format vaf;
448 va_list args;
449
450 if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
451 return;
452
453 va_start(args, fmt);
454
455 vaf.fmt = fmt;
456 vaf.va = &args;
457
458 printk(KERN_DEBUG "b43-%s debug: %pV",
459 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
460
461 va_end(args);
462}
463
464static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
465{
466 u32 macctl;
467
468 B43_WARN_ON(offset % 4 != 0);
469
470 macctl = b43_read32(dev, B43_MMIO_MACCTL);
471 if (macctl & B43_MACCTL_BE)
472 val = swab32(val);
473
474 b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
475 b43_write32(dev, B43_MMIO_RAM_DATA, val);
476}
477
478static inline void b43_shm_control_word(struct b43_wldev *dev,
479 u16 routing, u16 offset)
480{
481 u32 control;
482
483 /* "offset" is the WORD offset. */
484 control = routing;
485 control <<= 16;
486 control |= offset;
487 b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
488}
489
490u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
491{
492 u32 ret;
493
494 if (routing == B43_SHM_SHARED) {
495 B43_WARN_ON(offset & 0x0001);
496 if (offset & 0x0003) {
497 /* Unaligned access */
498 b43_shm_control_word(dev, routing, offset >> 2);
499 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
500 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
501 ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
502
503 goto out;
504 }
505 offset >>= 2;
506 }
507 b43_shm_control_word(dev, routing, offset);
508 ret = b43_read32(dev, B43_MMIO_SHM_DATA);
509out:
510 return ret;
511}
512
513u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
514{
515 u16 ret;
516
517 if (routing == B43_SHM_SHARED) {
518 B43_WARN_ON(offset & 0x0001);
519 if (offset & 0x0003) {
520 /* Unaligned access */
521 b43_shm_control_word(dev, routing, offset >> 2);
522 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
523
524 goto out;
525 }
526 offset >>= 2;
527 }
528 b43_shm_control_word(dev, routing, offset);
529 ret = b43_read16(dev, B43_MMIO_SHM_DATA);
530out:
531 return ret;
532}
533
534void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
535{
536 if (routing == B43_SHM_SHARED) {
537 B43_WARN_ON(offset & 0x0001);
538 if (offset & 0x0003) {
539 /* Unaligned access */
540 b43_shm_control_word(dev, routing, offset >> 2);
541 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
542 value & 0xFFFF);
543 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
544 b43_write16(dev, B43_MMIO_SHM_DATA,
545 (value >> 16) & 0xFFFF);
546 return;
547 }
548 offset >>= 2;
549 }
550 b43_shm_control_word(dev, routing, offset);
551 b43_write32(dev, B43_MMIO_SHM_DATA, value);
552}
553
554void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
555{
556 if (routing == B43_SHM_SHARED) {
557 B43_WARN_ON(offset & 0x0001);
558 if (offset & 0x0003) {
559 /* Unaligned access */
560 b43_shm_control_word(dev, routing, offset >> 2);
561 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
562 return;
563 }
564 offset >>= 2;
565 }
566 b43_shm_control_word(dev, routing, offset);
567 b43_write16(dev, B43_MMIO_SHM_DATA, value);
568}
569
570/* Read HostFlags */
571u64 b43_hf_read(struct b43_wldev *dev)
572{
573 u64 ret;
574
575 ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3);
576 ret <<= 16;
577 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2);
578 ret <<= 16;
579 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1);
580
581 return ret;
582}
583
584/* Write HostFlags */
585void b43_hf_write(struct b43_wldev *dev, u64 value)
586{
587 u16 lo, mi, hi;
588
589 lo = (value & 0x00000000FFFFULL);
590 mi = (value & 0x0000FFFF0000ULL) >> 16;
591 hi = (value & 0xFFFF00000000ULL) >> 32;
592 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1, lo);
593 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2, mi);
594 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3, hi);
595}
596
597/* Read the firmware capabilities bitmask (Opensource firmware only) */
598static u16 b43_fwcapa_read(struct b43_wldev *dev)
599{
600 B43_WARN_ON(!dev->fw.opensource);
601 return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
602}
603
604void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
605{
606 u32 low, high;
607
608 B43_WARN_ON(dev->dev->core_rev < 3);
609
610 /* The hardware guarantees us an atomic read, if we
611 * read the low register first. */
612 low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
613 high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
614
615 *tsf = high;
616 *tsf <<= 32;
617 *tsf |= low;
618}
619
620static void b43_time_lock(struct b43_wldev *dev)
621{
622 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_TBTTHOLD);
623 /* Commit the write */
624 b43_read32(dev, B43_MMIO_MACCTL);
625}
626
627static void b43_time_unlock(struct b43_wldev *dev)
628{
629 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_TBTTHOLD, 0);
630 /* Commit the write */
631 b43_read32(dev, B43_MMIO_MACCTL);
632}
633
634static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
635{
636 u32 low, high;
637
638 B43_WARN_ON(dev->dev->core_rev < 3);
639
640 low = tsf;
641 high = (tsf >> 32);
642 /* The hardware guarantees us an atomic write, if we
643 * write the low register first. */
644 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
645 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
646}
647
648void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
649{
650 b43_time_lock(dev);
651 b43_tsf_write_locked(dev, tsf);
652 b43_time_unlock(dev);
653}
654
655static
656void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
657{
658 static const u8 zero_addr[ETH_ALEN] = { 0 };
659 u16 data;
660
661 if (!mac)
662 mac = zero_addr;
663
664 offset |= 0x0020;
665 b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
666
667 data = mac[0];
668 data |= mac[1] << 8;
669 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
670 data = mac[2];
671 data |= mac[3] << 8;
672 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
673 data = mac[4];
674 data |= mac[5] << 8;
675 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
676}
677
678static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
679{
680 const u8 *mac;
681 const u8 *bssid;
682 u8 mac_bssid[ETH_ALEN * 2];
683 int i;
684 u32 tmp;
685
686 bssid = dev->wl->bssid;
687 mac = dev->wl->mac_addr;
688
689 b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
690
691 memcpy(mac_bssid, mac, ETH_ALEN);
692 memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
693
694 /* Write our MAC address and BSSID to template ram */
695 for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
696 tmp = (u32) (mac_bssid[i + 0]);
697 tmp |= (u32) (mac_bssid[i + 1]) << 8;
698 tmp |= (u32) (mac_bssid[i + 2]) << 16;
699 tmp |= (u32) (mac_bssid[i + 3]) << 24;
700 b43_ram_write(dev, 0x20 + i, tmp);
701 }
702}
703
704static void b43_upload_card_macaddress(struct b43_wldev *dev)
705{
706 b43_write_mac_bssid_templates(dev);
707 b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
708}
709
710static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
711{
712 /* slot_time is in usec. */
713 /* This test used to exit for all but a G PHY. */
714 if (b43_current_band(dev->wl) == NL80211_BAND_5GHZ)
715 return;
716 b43_write16(dev, B43_MMIO_IFSSLOT, 510 + slot_time);
717 /* Shared memory location 0x0010 is the slot time and should be
718 * set to slot_time; however, this register is initially 0 and changing
719 * the value adversely affects the transmit rate for BCM4311
720 * devices. Until this behavior is unterstood, delete this step
721 *
722 * b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
723 */
724}
725
726static void b43_short_slot_timing_enable(struct b43_wldev *dev)
727{
728 b43_set_slot_time(dev, 9);
729}
730
731static void b43_short_slot_timing_disable(struct b43_wldev *dev)
732{
733 b43_set_slot_time(dev, 20);
734}
735
736/* DummyTransmission function, as documented on
737 * https://bcm-v4.sipsolutions.net/802.11/DummyTransmission
738 */
739void b43_dummy_transmission(struct b43_wldev *dev, bool ofdm, bool pa_on)
740{
741 struct b43_phy *phy = &dev->phy;
742 unsigned int i, max_loop;
743 u16 value;
744 u32 buffer[5] = {
745 0x00000000,
746 0x00D40000,
747 0x00000000,
748 0x01000000,
749 0x00000000,
750 };
751
752 if (ofdm) {
753 max_loop = 0x1E;
754 buffer[0] = 0x000201CC;
755 } else {
756 max_loop = 0xFA;
757 buffer[0] = 0x000B846E;
758 }
759
760 for (i = 0; i < 5; i++)
761 b43_ram_write(dev, i * 4, buffer[i]);
762
763 b43_write16(dev, B43_MMIO_XMTSEL, 0x0000);
764
765 if (dev->dev->core_rev < 11)
766 b43_write16(dev, B43_MMIO_WEPCTL, 0x0000);
767 else
768 b43_write16(dev, B43_MMIO_WEPCTL, 0x0100);
769
770 value = (ofdm ? 0x41 : 0x40);
771 b43_write16(dev, B43_MMIO_TXE0_PHYCTL, value);
772 if (phy->type == B43_PHYTYPE_N || phy->type == B43_PHYTYPE_LP ||
773 phy->type == B43_PHYTYPE_LCN)
774 b43_write16(dev, B43_MMIO_TXE0_PHYCTL1, 0x1A02);
775
776 b43_write16(dev, B43_MMIO_TXE0_WM_0, 0x0000);
777 b43_write16(dev, B43_MMIO_TXE0_WM_1, 0x0000);
778
779 b43_write16(dev, B43_MMIO_XMTTPLATETXPTR, 0x0000);
780 b43_write16(dev, B43_MMIO_XMTTXCNT, 0x0014);
781 b43_write16(dev, B43_MMIO_XMTSEL, 0x0826);
782 b43_write16(dev, B43_MMIO_TXE0_CTL, 0x0000);
783
784 if (!pa_on && phy->type == B43_PHYTYPE_N)
785 ; /*b43_nphy_pa_override(dev, false) */
786
787 switch (phy->type) {
788 case B43_PHYTYPE_N:
789 case B43_PHYTYPE_LCN:
790 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x00D0);
791 break;
792 case B43_PHYTYPE_LP:
793 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0050);
794 break;
795 default:
796 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0030);
797 }
798 b43_read16(dev, B43_MMIO_TXE0_AUX);
799
800 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
801 b43_radio_write16(dev, 0x0051, 0x0017);
802 for (i = 0x00; i < max_loop; i++) {
803 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
804 if (value & 0x0080)
805 break;
806 udelay(10);
807 }
808 for (i = 0x00; i < 0x0A; i++) {
809 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
810 if (value & 0x0400)
811 break;
812 udelay(10);
813 }
814 for (i = 0x00; i < 0x19; i++) {
815 value = b43_read16(dev, B43_MMIO_IFSSTAT);
816 if (!(value & 0x0100))
817 break;
818 udelay(10);
819 }
820 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
821 b43_radio_write16(dev, 0x0051, 0x0037);
822}
823
824static void key_write(struct b43_wldev *dev,
825 u8 index, u8 algorithm, const u8 *key)
826{
827 unsigned int i;
828 u32 offset;
829 u16 value;
830 u16 kidx;
831
832 /* Key index/algo block */
833 kidx = b43_kidx_to_fw(dev, index);
834 value = ((kidx << 4) | algorithm);
835 b43_shm_write16(dev, B43_SHM_SHARED,
836 B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
837
838 /* Write the key to the Key Table Pointer offset */
839 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
840 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
841 value = key[i];
842 value |= (u16) (key[i + 1]) << 8;
843 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
844 }
845}
846
847static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
848{
849 u32 addrtmp[2] = { 0, 0, };
850 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
851
852 if (b43_new_kidx_api(dev))
853 pairwise_keys_start = B43_NR_GROUP_KEYS;
854
855 B43_WARN_ON(index < pairwise_keys_start);
856 /* We have four default TX keys and possibly four default RX keys.
857 * Physical mac 0 is mapped to physical key 4 or 8, depending
858 * on the firmware version.
859 * So we must adjust the index here.
860 */
861 index -= pairwise_keys_start;
862 B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
863
864 if (addr) {
865 addrtmp[0] = addr[0];
866 addrtmp[0] |= ((u32) (addr[1]) << 8);
867 addrtmp[0] |= ((u32) (addr[2]) << 16);
868 addrtmp[0] |= ((u32) (addr[3]) << 24);
869 addrtmp[1] = addr[4];
870 addrtmp[1] |= ((u32) (addr[5]) << 8);
871 }
872
873 /* Receive match transmitter address (RCMTA) mechanism */
874 b43_shm_write32(dev, B43_SHM_RCMTA,
875 (index * 2) + 0, addrtmp[0]);
876 b43_shm_write16(dev, B43_SHM_RCMTA,
877 (index * 2) + 1, addrtmp[1]);
878}
879
880/* The ucode will use phase1 key with TEK key to decrypt rx packets.
881 * When a packet is received, the iv32 is checked.
882 * - if it doesn't the packet is returned without modification (and software
883 * decryption can be done). That's what happen when iv16 wrap.
884 * - if it does, the rc4 key is computed, and decryption is tried.
885 * Either it will success and B43_RX_MAC_DEC is returned,
886 * either it fails and B43_RX_MAC_DEC|B43_RX_MAC_DECERR is returned
887 * and the packet is not usable (it got modified by the ucode).
888 * So in order to never have B43_RX_MAC_DECERR, we should provide
889 * a iv32 and phase1key that match. Because we drop packets in case of
890 * B43_RX_MAC_DECERR, if we have a correct iv32 but a wrong phase1key, all
891 * packets will be lost without higher layer knowing (ie no resync possible
892 * until next wrap).
893 *
894 * NOTE : this should support 50 key like RCMTA because
895 * (B43_SHM_SH_KEYIDXBLOCK - B43_SHM_SH_TKIPTSCTTAK)/14 = 50
896 */
897static void rx_tkip_phase1_write(struct b43_wldev *dev, u8 index, u32 iv32,
898 u16 *phase1key)
899{
900 unsigned int i;
901 u32 offset;
902 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
903
904 if (!modparam_hwtkip)
905 return;
906
907 if (b43_new_kidx_api(dev))
908 pairwise_keys_start = B43_NR_GROUP_KEYS;
909
910 B43_WARN_ON(index < pairwise_keys_start);
911 /* We have four default TX keys and possibly four default RX keys.
912 * Physical mac 0 is mapped to physical key 4 or 8, depending
913 * on the firmware version.
914 * So we must adjust the index here.
915 */
916 index -= pairwise_keys_start;
917 B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
918
919 if (b43_debug(dev, B43_DBG_KEYS)) {
920 b43dbg(dev->wl, "rx_tkip_phase1_write : idx 0x%x, iv32 0x%x\n",
921 index, iv32);
922 }
923 /* Write the key to the RX tkip shared mem */
924 offset = B43_SHM_SH_TKIPTSCTTAK + index * (10 + 4);
925 for (i = 0; i < 10; i += 2) {
926 b43_shm_write16(dev, B43_SHM_SHARED, offset + i,
927 phase1key ? phase1key[i / 2] : 0);
928 }
929 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, iv32);
930 b43_shm_write16(dev, B43_SHM_SHARED, offset + i + 2, iv32 >> 16);
931}
932
933static void b43_op_update_tkip_key(struct ieee80211_hw *hw,
934 struct ieee80211_vif *vif,
935 struct ieee80211_key_conf *keyconf,
936 struct ieee80211_sta *sta,
937 u32 iv32, u16 *phase1key)
938{
939 struct b43_wl *wl = hw_to_b43_wl(hw);
940 struct b43_wldev *dev;
941 int index = keyconf->hw_key_idx;
942
943 if (B43_WARN_ON(!modparam_hwtkip))
944 return;
945
946 /* This is only called from the RX path through mac80211, where
947 * our mutex is already locked. */
948 B43_WARN_ON(!mutex_is_locked(&wl->mutex));
949 dev = wl->current_dev;
950 B43_WARN_ON(!dev || b43_status(dev) < B43_STAT_INITIALIZED);
951
952 keymac_write(dev, index, NULL); /* First zero out mac to avoid race */
953
954 rx_tkip_phase1_write(dev, index, iv32, phase1key);
955 /* only pairwise TKIP keys are supported right now */
956 if (WARN_ON(!sta))
957 return;
958 keymac_write(dev, index, sta->addr);
959}
960
961static void do_key_write(struct b43_wldev *dev,
962 u8 index, u8 algorithm,
963 const u8 *key, size_t key_len, const u8 *mac_addr)
964{
965 u8 buf[B43_SEC_KEYSIZE] = { 0, };
966 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
967
968 if (b43_new_kidx_api(dev))
969 pairwise_keys_start = B43_NR_GROUP_KEYS;
970
971 B43_WARN_ON(index >= ARRAY_SIZE(dev->key));
972 B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
973
974 if (index >= pairwise_keys_start)
975 keymac_write(dev, index, NULL); /* First zero out mac. */
976 if (algorithm == B43_SEC_ALGO_TKIP) {
977 /*
978 * We should provide an initial iv32, phase1key pair.
979 * We could start with iv32=0 and compute the corresponding
980 * phase1key, but this means calling ieee80211_get_tkip_key
981 * with a fake skb (or export other tkip function).
982 * Because we are lazy we hope iv32 won't start with
983 * 0xffffffff and let's b43_op_update_tkip_key provide a
984 * correct pair.
985 */
986 rx_tkip_phase1_write(dev, index, 0xffffffff, (u16*)buf);
987 } else if (index >= pairwise_keys_start) /* clear it */
988 rx_tkip_phase1_write(dev, index, 0, NULL);
989 if (key)
990 memcpy(buf, key, key_len);
991 key_write(dev, index, algorithm, buf);
992 if (index >= pairwise_keys_start)
993 keymac_write(dev, index, mac_addr);
994
995 dev->key[index].algorithm = algorithm;
996}
997
998static int b43_key_write(struct b43_wldev *dev,
999 int index, u8 algorithm,
1000 const u8 *key, size_t key_len,
1001 const u8 *mac_addr,
1002 struct ieee80211_key_conf *keyconf)
1003{
1004 int i;
1005 int pairwise_keys_start;
1006
1007 /* For ALG_TKIP the key is encoded as a 256-bit (32 byte) data block:
1008 * - Temporal Encryption Key (128 bits)
1009 * - Temporal Authenticator Tx MIC Key (64 bits)
1010 * - Temporal Authenticator Rx MIC Key (64 bits)
1011 *
1012 * Hardware only store TEK
1013 */
1014 if (algorithm == B43_SEC_ALGO_TKIP && key_len == 32)
1015 key_len = 16;
1016 if (key_len > B43_SEC_KEYSIZE)
1017 return -EINVAL;
1018 for (i = 0; i < ARRAY_SIZE(dev->key); i++) {
1019 /* Check that we don't already have this key. */
1020 B43_WARN_ON(dev->key[i].keyconf == keyconf);
1021 }
1022 if (index < 0) {
1023 /* Pairwise key. Get an empty slot for the key. */
1024 if (b43_new_kidx_api(dev))
1025 pairwise_keys_start = B43_NR_GROUP_KEYS;
1026 else
1027 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1028 for (i = pairwise_keys_start;
1029 i < pairwise_keys_start + B43_NR_PAIRWISE_KEYS;
1030 i++) {
1031 B43_WARN_ON(i >= ARRAY_SIZE(dev->key));
1032 if (!dev->key[i].keyconf) {
1033 /* found empty */
1034 index = i;
1035 break;
1036 }
1037 }
1038 if (index < 0) {
1039 b43warn(dev->wl, "Out of hardware key memory\n");
1040 return -ENOSPC;
1041 }
1042 } else
1043 B43_WARN_ON(index > 3);
1044
1045 do_key_write(dev, index, algorithm, key, key_len, mac_addr);
1046 if ((index <= 3) && !b43_new_kidx_api(dev)) {
1047 /* Default RX key */
1048 B43_WARN_ON(mac_addr);
1049 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
1050 }
1051 keyconf->hw_key_idx = index;
1052 dev->key[index].keyconf = keyconf;
1053
1054 return 0;
1055}
1056
1057static int b43_key_clear(struct b43_wldev *dev, int index)
1058{
1059 if (B43_WARN_ON((index < 0) || (index >= ARRAY_SIZE(dev->key))))
1060 return -EINVAL;
1061 do_key_write(dev, index, B43_SEC_ALGO_NONE,
1062 NULL, B43_SEC_KEYSIZE, NULL);
1063 if ((index <= 3) && !b43_new_kidx_api(dev)) {
1064 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
1065 NULL, B43_SEC_KEYSIZE, NULL);
1066 }
1067 dev->key[index].keyconf = NULL;
1068
1069 return 0;
1070}
1071
1072static void b43_clear_keys(struct b43_wldev *dev)
1073{
1074 int i, count;
1075
1076 if (b43_new_kidx_api(dev))
1077 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1078 else
1079 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1080 for (i = 0; i < count; i++)
1081 b43_key_clear(dev, i);
1082}
1083
1084static void b43_dump_keymemory(struct b43_wldev *dev)
1085{
1086 unsigned int i, index, count, offset, pairwise_keys_start;
1087 u8 mac[ETH_ALEN];
1088 u16 algo;
1089 u32 rcmta0;
1090 u16 rcmta1;
1091 u64 hf;
1092 struct b43_key *key;
1093
1094 if (!b43_debug(dev, B43_DBG_KEYS))
1095 return;
1096
1097 hf = b43_hf_read(dev);
1098 b43dbg(dev->wl, "Hardware key memory dump: USEDEFKEYS=%u\n",
1099 !!(hf & B43_HF_USEDEFKEYS));
1100 if (b43_new_kidx_api(dev)) {
1101 pairwise_keys_start = B43_NR_GROUP_KEYS;
1102 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1103 } else {
1104 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1105 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1106 }
1107 for (index = 0; index < count; index++) {
1108 key = &(dev->key[index]);
1109 printk(KERN_DEBUG "Key slot %02u: %s",
1110 index, (key->keyconf == NULL) ? " " : "*");
1111 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
1112 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
1113 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1114 printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1115 }
1116
1117 algo = b43_shm_read16(dev, B43_SHM_SHARED,
1118 B43_SHM_SH_KEYIDXBLOCK + (index * 2));
1119 printk(" Algo: %04X/%02X", algo, key->algorithm);
1120
1121 if (index >= pairwise_keys_start) {
1122 if (key->algorithm == B43_SEC_ALGO_TKIP) {
1123 printk(" TKIP: ");
1124 offset = B43_SHM_SH_TKIPTSCTTAK + (index - 4) * (10 + 4);
1125 for (i = 0; i < 14; i += 2) {
1126 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1127 printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1128 }
1129 }
1130 rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
1131 ((index - pairwise_keys_start) * 2) + 0);
1132 rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
1133 ((index - pairwise_keys_start) * 2) + 1);
1134 *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
1135 *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
1136 printk(" MAC: %pM", mac);
1137 } else
1138 printk(" DEFAULT KEY");
1139 printk("\n");
1140 }
1141}
1142
1143void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1144{
1145 u32 macctl;
1146 u16 ucstat;
1147 bool hwps;
1148 bool awake;
1149 int i;
1150
1151 B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1152 (ps_flags & B43_PS_DISABLED));
1153 B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1154
1155 if (ps_flags & B43_PS_ENABLED) {
1156 hwps = true;
1157 } else if (ps_flags & B43_PS_DISABLED) {
1158 hwps = false;
1159 } else {
1160 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1161 // and thus is not an AP and we are associated, set bit 25
1162 }
1163 if (ps_flags & B43_PS_AWAKE) {
1164 awake = true;
1165 } else if (ps_flags & B43_PS_ASLEEP) {
1166 awake = false;
1167 } else {
1168 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1169 // or we are associated, or FIXME, or the latest PS-Poll packet sent was
1170 // successful, set bit26
1171 }
1172
1173/* FIXME: For now we force awake-on and hwps-off */
1174 hwps = false;
1175 awake = true;
1176
1177 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1178 if (hwps)
1179 macctl |= B43_MACCTL_HWPS;
1180 else
1181 macctl &= ~B43_MACCTL_HWPS;
1182 if (awake)
1183 macctl |= B43_MACCTL_AWAKE;
1184 else
1185 macctl &= ~B43_MACCTL_AWAKE;
1186 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1187 /* Commit write */
1188 b43_read32(dev, B43_MMIO_MACCTL);
1189 if (awake && dev->dev->core_rev >= 5) {
1190 /* Wait for the microcode to wake up. */
1191 for (i = 0; i < 100; i++) {
1192 ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1193 B43_SHM_SH_UCODESTAT);
1194 if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1195 break;
1196 udelay(10);
1197 }
1198 }
1199}
1200
1201/* https://bcm-v4.sipsolutions.net/802.11/PHY/BmacCorePllReset */
1202void b43_wireless_core_phy_pll_reset(struct b43_wldev *dev)
1203{
1204 struct bcma_drv_cc *bcma_cc __maybe_unused;
1205 struct ssb_chipcommon *ssb_cc __maybe_unused;
1206
1207 switch (dev->dev->bus_type) {
1208#ifdef CONFIG_B43_BCMA
1209 case B43_BUS_BCMA:
1210 bcma_cc = &dev->dev->bdev->bus->drv_cc;
1211
1212 bcma_cc_write32(bcma_cc, BCMA_CC_PMU_CHIPCTL_ADDR, 0);
1213 bcma_cc_mask32(bcma_cc, BCMA_CC_PMU_CHIPCTL_DATA, ~0x4);
1214 bcma_cc_set32(bcma_cc, BCMA_CC_PMU_CHIPCTL_DATA, 0x4);
1215 bcma_cc_mask32(bcma_cc, BCMA_CC_PMU_CHIPCTL_DATA, ~0x4);
1216 break;
1217#endif
1218#ifdef CONFIG_B43_SSB
1219 case B43_BUS_SSB:
1220 ssb_cc = &dev->dev->sdev->bus->chipco;
1221
1222 chipco_write32(ssb_cc, SSB_CHIPCO_CHIPCTL_ADDR, 0);
1223 chipco_mask32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, ~0x4);
1224 chipco_set32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, 0x4);
1225 chipco_mask32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, ~0x4);
1226 break;
1227#endif
1228 }
1229}
1230
1231#ifdef CONFIG_B43_BCMA
1232static void b43_bcma_phy_reset(struct b43_wldev *dev)
1233{
1234 u32 flags;
1235
1236 /* Put PHY into reset */
1237 flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1238 flags |= B43_BCMA_IOCTL_PHY_RESET;
1239 flags |= B43_BCMA_IOCTL_PHY_BW_20MHZ; /* Make 20 MHz def */
1240 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1241 udelay(2);
1242
1243 b43_phy_take_out_of_reset(dev);
1244}
1245
1246static void b43_bcma_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1247{
1248 u32 req = B43_BCMA_CLKCTLST_80211_PLL_REQ |
1249 B43_BCMA_CLKCTLST_PHY_PLL_REQ;
1250 u32 status = B43_BCMA_CLKCTLST_80211_PLL_ST |
1251 B43_BCMA_CLKCTLST_PHY_PLL_ST;
1252 u32 flags;
1253
1254 flags = B43_BCMA_IOCTL_PHY_CLKEN;
1255 if (gmode)
1256 flags |= B43_BCMA_IOCTL_GMODE;
1257 b43_device_enable(dev, flags);
1258
1259 if (dev->phy.type == B43_PHYTYPE_AC) {
1260 u16 tmp;
1261
1262 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1263 tmp &= ~B43_BCMA_IOCTL_DAC;
1264 tmp |= 0x100;
1265 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1266
1267 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1268 tmp &= ~B43_BCMA_IOCTL_PHY_CLKEN;
1269 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1270
1271 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1272 tmp |= B43_BCMA_IOCTL_PHY_CLKEN;
1273 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1274 }
1275
1276 bcma_core_set_clockmode(dev->dev->bdev, BCMA_CLKMODE_FAST);
1277 b43_bcma_phy_reset(dev);
1278 bcma_core_pll_ctl(dev->dev->bdev, req, status, true);
1279}
1280#endif
1281
1282#ifdef CONFIG_B43_SSB
1283static void b43_ssb_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1284{
1285 u32 flags = 0;
1286
1287 if (gmode)
1288 flags |= B43_TMSLOW_GMODE;
1289 flags |= B43_TMSLOW_PHYCLKEN;
1290 flags |= B43_TMSLOW_PHYRESET;
1291 if (dev->phy.type == B43_PHYTYPE_N)
1292 flags |= B43_TMSLOW_PHY_BANDWIDTH_20MHZ; /* Make 20 MHz def */
1293 b43_device_enable(dev, flags);
1294 msleep(2); /* Wait for the PLL to turn on. */
1295
1296 b43_phy_take_out_of_reset(dev);
1297}
1298#endif
1299
1300void b43_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1301{
1302 u32 macctl;
1303
1304 switch (dev->dev->bus_type) {
1305#ifdef CONFIG_B43_BCMA
1306 case B43_BUS_BCMA:
1307 b43_bcma_wireless_core_reset(dev, gmode);
1308 break;
1309#endif
1310#ifdef CONFIG_B43_SSB
1311 case B43_BUS_SSB:
1312 b43_ssb_wireless_core_reset(dev, gmode);
1313 break;
1314#endif
1315 }
1316
1317 /* Turn Analog ON, but only if we already know the PHY-type.
1318 * This protects against very early setup where we don't know the
1319 * PHY-type, yet. wireless_core_reset will be called once again later,
1320 * when we know the PHY-type. */
1321 if (dev->phy.ops)
1322 dev->phy.ops->switch_analog(dev, 1);
1323
1324 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1325 macctl &= ~B43_MACCTL_GMODE;
1326 if (gmode)
1327 macctl |= B43_MACCTL_GMODE;
1328 macctl |= B43_MACCTL_IHR_ENABLED;
1329 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1330}
1331
1332static void handle_irq_transmit_status(struct b43_wldev *dev)
1333{
1334 u32 v0, v1;
1335 u16 tmp;
1336 struct b43_txstatus stat;
1337
1338 while (1) {
1339 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1340 if (!(v0 & 0x00000001))
1341 break;
1342 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1343
1344 stat.cookie = (v0 >> 16);
1345 stat.seq = (v1 & 0x0000FFFF);
1346 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1347 tmp = (v0 & 0x0000FFFF);
1348 stat.frame_count = ((tmp & 0xF000) >> 12);
1349 stat.rts_count = ((tmp & 0x0F00) >> 8);
1350 stat.supp_reason = ((tmp & 0x001C) >> 2);
1351 stat.pm_indicated = !!(tmp & 0x0080);
1352 stat.intermediate = !!(tmp & 0x0040);
1353 stat.for_ampdu = !!(tmp & 0x0020);
1354 stat.acked = !!(tmp & 0x0002);
1355
1356 b43_handle_txstatus(dev, &stat);
1357 }
1358}
1359
1360static void drain_txstatus_queue(struct b43_wldev *dev)
1361{
1362 u32 dummy;
1363
1364 if (dev->dev->core_rev < 5)
1365 return;
1366 /* Read all entries from the microcode TXstatus FIFO
1367 * and throw them away.
1368 */
1369 while (1) {
1370 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1371 if (!(dummy & 0x00000001))
1372 break;
1373 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1374 }
1375}
1376
1377static u32 b43_jssi_read(struct b43_wldev *dev)
1378{
1379 u32 val = 0;
1380
1381 val = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1);
1382 val <<= 16;
1383 val |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0);
1384
1385 return val;
1386}
1387
1388static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1389{
1390 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0,
1391 (jssi & 0x0000FFFF));
1392 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1,
1393 (jssi & 0xFFFF0000) >> 16);
1394}
1395
1396static void b43_generate_noise_sample(struct b43_wldev *dev)
1397{
1398 b43_jssi_write(dev, 0x7F7F7F7F);
1399 b43_write32(dev, B43_MMIO_MACCMD,
1400 b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1401}
1402
1403static void b43_calculate_link_quality(struct b43_wldev *dev)
1404{
1405 /* Top half of Link Quality calculation. */
1406
1407 if (dev->phy.type != B43_PHYTYPE_G)
1408 return;
1409 if (dev->noisecalc.calculation_running)
1410 return;
1411 dev->noisecalc.calculation_running = true;
1412 dev->noisecalc.nr_samples = 0;
1413
1414 b43_generate_noise_sample(dev);
1415}
1416
1417static void handle_irq_noise(struct b43_wldev *dev)
1418{
1419 struct b43_phy_g *phy = dev->phy.g;
1420 u16 tmp;
1421 u8 noise[4];
1422 u8 i, j;
1423 s32 average;
1424
1425 /* Bottom half of Link Quality calculation. */
1426
1427 if (dev->phy.type != B43_PHYTYPE_G)
1428 return;
1429
1430 /* Possible race condition: It might be possible that the user
1431 * changed to a different channel in the meantime since we
1432 * started the calculation. We ignore that fact, since it's
1433 * not really that much of a problem. The background noise is
1434 * an estimation only anyway. Slightly wrong results will get damped
1435 * by the averaging of the 8 sample rounds. Additionally the
1436 * value is shortlived. So it will be replaced by the next noise
1437 * calculation round soon. */
1438
1439 B43_WARN_ON(!dev->noisecalc.calculation_running);
1440 *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1441 if (noise[0] == 0x7F || noise[1] == 0x7F ||
1442 noise[2] == 0x7F || noise[3] == 0x7F)
1443 goto generate_new;
1444
1445 /* Get the noise samples. */
1446 B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1447 i = dev->noisecalc.nr_samples;
1448 noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1449 noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1450 noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1451 noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1452 dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1453 dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1454 dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1455 dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1456 dev->noisecalc.nr_samples++;
1457 if (dev->noisecalc.nr_samples == 8) {
1458 /* Calculate the Link Quality by the noise samples. */
1459 average = 0;
1460 for (i = 0; i < 8; i++) {
1461 for (j = 0; j < 4; j++)
1462 average += dev->noisecalc.samples[i][j];
1463 }
1464 average /= (8 * 4);
1465 average *= 125;
1466 average += 64;
1467 average /= 128;
1468 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1469 tmp = (tmp / 128) & 0x1F;
1470 if (tmp >= 8)
1471 average += 2;
1472 else
1473 average -= 25;
1474 if (tmp == 8)
1475 average -= 72;
1476 else
1477 average -= 48;
1478
1479 dev->stats.link_noise = average;
1480 dev->noisecalc.calculation_running = false;
1481 return;
1482 }
1483generate_new:
1484 b43_generate_noise_sample(dev);
1485}
1486
1487static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1488{
1489 if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1490 ///TODO: PS TBTT
1491 } else {
1492 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1493 b43_power_saving_ctl_bits(dev, 0);
1494 }
1495 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1496 dev->dfq_valid = true;
1497}
1498
1499static void handle_irq_atim_end(struct b43_wldev *dev)
1500{
1501 if (dev->dfq_valid) {
1502 b43_write32(dev, B43_MMIO_MACCMD,
1503 b43_read32(dev, B43_MMIO_MACCMD)
1504 | B43_MACCMD_DFQ_VALID);
1505 dev->dfq_valid = false;
1506 }
1507}
1508
1509static void handle_irq_pmq(struct b43_wldev *dev)
1510{
1511 u32 tmp;
1512
1513 //TODO: AP mode.
1514
1515 while (1) {
1516 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1517 if (!(tmp & 0x00000008))
1518 break;
1519 }
1520 /* 16bit write is odd, but correct. */
1521 b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1522}
1523
1524static void b43_write_template_common(struct b43_wldev *dev,
1525 const u8 *data, u16 size,
1526 u16 ram_offset,
1527 u16 shm_size_offset, u8 rate)
1528{
1529 u32 i, tmp;
1530 struct b43_plcp_hdr4 plcp;
1531
1532 plcp.data = 0;
1533 b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1534 b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1535 ram_offset += sizeof(u32);
1536 /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1537 * So leave the first two bytes of the next write blank.
1538 */
1539 tmp = (u32) (data[0]) << 16;
1540 tmp |= (u32) (data[1]) << 24;
1541 b43_ram_write(dev, ram_offset, tmp);
1542 ram_offset += sizeof(u32);
1543 for (i = 2; i < size; i += sizeof(u32)) {
1544 tmp = (u32) (data[i + 0]);
1545 if (i + 1 < size)
1546 tmp |= (u32) (data[i + 1]) << 8;
1547 if (i + 2 < size)
1548 tmp |= (u32) (data[i + 2]) << 16;
1549 if (i + 3 < size)
1550 tmp |= (u32) (data[i + 3]) << 24;
1551 b43_ram_write(dev, ram_offset + i - 2, tmp);
1552 }
1553 b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1554 size + sizeof(struct b43_plcp_hdr6));
1555}
1556
1557/* Check if the use of the antenna that ieee80211 told us to
1558 * use is possible. This will fall back to DEFAULT.
1559 * "antenna_nr" is the antenna identifier we got from ieee80211. */
1560u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1561 u8 antenna_nr)
1562{
1563 u8 antenna_mask;
1564
1565 if (antenna_nr == 0) {
1566 /* Zero means "use default antenna". That's always OK. */
1567 return 0;
1568 }
1569
1570 /* Get the mask of available antennas. */
1571 if (dev->phy.gmode)
1572 antenna_mask = dev->dev->bus_sprom->ant_available_bg;
1573 else
1574 antenna_mask = dev->dev->bus_sprom->ant_available_a;
1575
1576 if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1577 /* This antenna is not available. Fall back to default. */
1578 return 0;
1579 }
1580
1581 return antenna_nr;
1582}
1583
1584/* Convert a b43 antenna number value to the PHY TX control value. */
1585static u16 b43_antenna_to_phyctl(int antenna)
1586{
1587 switch (antenna) {
1588 case B43_ANTENNA0:
1589 return B43_TXH_PHY_ANT0;
1590 case B43_ANTENNA1:
1591 return B43_TXH_PHY_ANT1;
1592 case B43_ANTENNA2:
1593 return B43_TXH_PHY_ANT2;
1594 case B43_ANTENNA3:
1595 return B43_TXH_PHY_ANT3;
1596 case B43_ANTENNA_AUTO0:
1597 case B43_ANTENNA_AUTO1:
1598 return B43_TXH_PHY_ANT01AUTO;
1599 }
1600 B43_WARN_ON(1);
1601 return 0;
1602}
1603
1604static void b43_write_beacon_template(struct b43_wldev *dev,
1605 u16 ram_offset,
1606 u16 shm_size_offset)
1607{
1608 unsigned int i, len, variable_len;
1609 const struct ieee80211_mgmt *bcn;
1610 const u8 *ie;
1611 bool tim_found = false;
1612 unsigned int rate;
1613 u16 ctl;
1614 int antenna;
1615 struct ieee80211_tx_info *info;
1616 unsigned long flags;
1617 struct sk_buff *beacon_skb;
1618
1619 spin_lock_irqsave(&dev->wl->beacon_lock, flags);
1620 info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1621 rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1622 /* Clone the beacon, so it cannot go away, while we write it to hw. */
1623 beacon_skb = skb_clone(dev->wl->current_beacon, GFP_ATOMIC);
1624 spin_unlock_irqrestore(&dev->wl->beacon_lock, flags);
1625
1626 if (!beacon_skb) {
1627 b43dbg(dev->wl, "Could not upload beacon. "
1628 "Failed to clone beacon skb.");
1629 return;
1630 }
1631
1632 bcn = (const struct ieee80211_mgmt *)(beacon_skb->data);
1633 len = min_t(size_t, beacon_skb->len,
1634 0x200 - sizeof(struct b43_plcp_hdr6));
1635
1636 b43_write_template_common(dev, (const u8 *)bcn,
1637 len, ram_offset, shm_size_offset, rate);
1638
1639 /* Write the PHY TX control parameters. */
1640 antenna = B43_ANTENNA_DEFAULT;
1641 antenna = b43_antenna_to_phyctl(antenna);
1642 ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1643 /* We can't send beacons with short preamble. Would get PHY errors. */
1644 ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1645 ctl &= ~B43_TXH_PHY_ANT;
1646 ctl &= ~B43_TXH_PHY_ENC;
1647 ctl |= antenna;
1648 if (b43_is_cck_rate(rate))
1649 ctl |= B43_TXH_PHY_ENC_CCK;
1650 else
1651 ctl |= B43_TXH_PHY_ENC_OFDM;
1652 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1653
1654 /* Find the position of the TIM and the DTIM_period value
1655 * and write them to SHM. */
1656 ie = bcn->u.beacon.variable;
1657 variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1658 for (i = 0; i < variable_len - 2; ) {
1659 uint8_t ie_id, ie_len;
1660
1661 ie_id = ie[i];
1662 ie_len = ie[i + 1];
1663 if (ie_id == 5) {
1664 u16 tim_position;
1665 u16 dtim_period;
1666 /* This is the TIM Information Element */
1667
1668 /* Check whether the ie_len is in the beacon data range. */
1669 if (variable_len < ie_len + 2 + i)
1670 break;
1671 /* A valid TIM is at least 4 bytes long. */
1672 if (ie_len < 4)
1673 break;
1674 tim_found = true;
1675
1676 tim_position = sizeof(struct b43_plcp_hdr6);
1677 tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1678 tim_position += i;
1679
1680 dtim_period = ie[i + 3];
1681
1682 b43_shm_write16(dev, B43_SHM_SHARED,
1683 B43_SHM_SH_TIMBPOS, tim_position);
1684 b43_shm_write16(dev, B43_SHM_SHARED,
1685 B43_SHM_SH_DTIMPER, dtim_period);
1686 break;
1687 }
1688 i += ie_len + 2;
1689 }
1690 if (!tim_found) {
1691 /*
1692 * If ucode wants to modify TIM do it behind the beacon, this
1693 * will happen, for example, when doing mesh networking.
1694 */
1695 b43_shm_write16(dev, B43_SHM_SHARED,
1696 B43_SHM_SH_TIMBPOS,
1697 len + sizeof(struct b43_plcp_hdr6));
1698 b43_shm_write16(dev, B43_SHM_SHARED,
1699 B43_SHM_SH_DTIMPER, 0);
1700 }
1701 b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1702
1703 dev_kfree_skb_any(beacon_skb);
1704}
1705
1706static void b43_upload_beacon0(struct b43_wldev *dev)
1707{
1708 struct b43_wl *wl = dev->wl;
1709
1710 if (wl->beacon0_uploaded)
1711 return;
1712 b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE0, B43_SHM_SH_BTL0);
1713 wl->beacon0_uploaded = true;
1714}
1715
1716static void b43_upload_beacon1(struct b43_wldev *dev)
1717{
1718 struct b43_wl *wl = dev->wl;
1719
1720 if (wl->beacon1_uploaded)
1721 return;
1722 b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE1, B43_SHM_SH_BTL1);
1723 wl->beacon1_uploaded = true;
1724}
1725
1726static void handle_irq_beacon(struct b43_wldev *dev)
1727{
1728 struct b43_wl *wl = dev->wl;
1729 u32 cmd, beacon0_valid, beacon1_valid;
1730
1731 if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1732 !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) &&
1733 !b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
1734 return;
1735
1736 /* This is the bottom half of the asynchronous beacon update. */
1737
1738 /* Ignore interrupt in the future. */
1739 dev->irq_mask &= ~B43_IRQ_BEACON;
1740
1741 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1742 beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1743 beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1744
1745 /* Schedule interrupt manually, if busy. */
1746 if (beacon0_valid && beacon1_valid) {
1747 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1748 dev->irq_mask |= B43_IRQ_BEACON;
1749 return;
1750 }
1751
1752 if (unlikely(wl->beacon_templates_virgin)) {
1753 /* We never uploaded a beacon before.
1754 * Upload both templates now, but only mark one valid. */
1755 wl->beacon_templates_virgin = false;
1756 b43_upload_beacon0(dev);
1757 b43_upload_beacon1(dev);
1758 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1759 cmd |= B43_MACCMD_BEACON0_VALID;
1760 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1761 } else {
1762 if (!beacon0_valid) {
1763 b43_upload_beacon0(dev);
1764 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1765 cmd |= B43_MACCMD_BEACON0_VALID;
1766 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1767 } else if (!beacon1_valid) {
1768 b43_upload_beacon1(dev);
1769 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1770 cmd |= B43_MACCMD_BEACON1_VALID;
1771 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1772 }
1773 }
1774}
1775
1776static void b43_do_beacon_update_trigger_work(struct b43_wldev *dev)
1777{
1778 u32 old_irq_mask = dev->irq_mask;
1779
1780 /* update beacon right away or defer to irq */
1781 handle_irq_beacon(dev);
1782 if (old_irq_mask != dev->irq_mask) {
1783 /* The handler updated the IRQ mask. */
1784 B43_WARN_ON(!dev->irq_mask);
1785 if (b43_read32(dev, B43_MMIO_GEN_IRQ_MASK)) {
1786 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1787 } else {
1788 /* Device interrupts are currently disabled. That means
1789 * we just ran the hardirq handler and scheduled the
1790 * IRQ thread. The thread will write the IRQ mask when
1791 * it finished, so there's nothing to do here. Writing
1792 * the mask _here_ would incorrectly re-enable IRQs. */
1793 }
1794 }
1795}
1796
1797static void b43_beacon_update_trigger_work(struct work_struct *work)
1798{
1799 struct b43_wl *wl = container_of(work, struct b43_wl,
1800 beacon_update_trigger);
1801 struct b43_wldev *dev;
1802
1803 mutex_lock(&wl->mutex);
1804 dev = wl->current_dev;
1805 if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1806 if (b43_bus_host_is_sdio(dev->dev)) {
1807 /* wl->mutex is enough. */
1808 b43_do_beacon_update_trigger_work(dev);
1809 } else {
1810 spin_lock_irq(&wl->hardirq_lock);
1811 b43_do_beacon_update_trigger_work(dev);
1812 spin_unlock_irq(&wl->hardirq_lock);
1813 }
1814 }
1815 mutex_unlock(&wl->mutex);
1816}
1817
1818/* Asynchronously update the packet templates in template RAM. */
1819static void b43_update_templates(struct b43_wl *wl)
1820{
1821 struct sk_buff *beacon, *old_beacon;
1822 unsigned long flags;
1823
1824 /* This is the top half of the asynchronous beacon update.
1825 * The bottom half is the beacon IRQ.
1826 * Beacon update must be asynchronous to avoid sending an
1827 * invalid beacon. This can happen for example, if the firmware
1828 * transmits a beacon while we are updating it. */
1829
1830 /* We could modify the existing beacon and set the aid bit in
1831 * the TIM field, but that would probably require resizing and
1832 * moving of data within the beacon template.
1833 * Simply request a new beacon and let mac80211 do the hard work. */
1834 beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1835 if (unlikely(!beacon))
1836 return;
1837
1838 spin_lock_irqsave(&wl->beacon_lock, flags);
1839 old_beacon = wl->current_beacon;
1840 wl->current_beacon = beacon;
1841 wl->beacon0_uploaded = false;
1842 wl->beacon1_uploaded = false;
1843 spin_unlock_irqrestore(&wl->beacon_lock, flags);
1844
1845 ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1846
1847 if (old_beacon)
1848 dev_kfree_skb_any(old_beacon);
1849}
1850
1851static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1852{
1853 b43_time_lock(dev);
1854 if (dev->dev->core_rev >= 3) {
1855 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1856 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1857 } else {
1858 b43_write16(dev, 0x606, (beacon_int >> 6));
1859 b43_write16(dev, 0x610, beacon_int);
1860 }
1861 b43_time_unlock(dev);
1862 b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1863}
1864
1865static void b43_handle_firmware_panic(struct b43_wldev *dev)
1866{
1867 u16 reason;
1868
1869 /* Read the register that contains the reason code for the panic. */
1870 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1871 b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1872
1873 switch (reason) {
1874 default:
1875 b43dbg(dev->wl, "The panic reason is unknown.\n");
1876 /* fallthrough */
1877 case B43_FWPANIC_DIE:
1878 /* Do not restart the controller or firmware.
1879 * The device is nonfunctional from now on.
1880 * Restarting would result in this panic to trigger again,
1881 * so we avoid that recursion. */
1882 break;
1883 case B43_FWPANIC_RESTART:
1884 b43_controller_restart(dev, "Microcode panic");
1885 break;
1886 }
1887}
1888
1889static void handle_irq_ucode_debug(struct b43_wldev *dev)
1890{
1891 unsigned int i, cnt;
1892 u16 reason, marker_id, marker_line;
1893 __le16 *buf;
1894
1895 /* The proprietary firmware doesn't have this IRQ. */
1896 if (!dev->fw.opensource)
1897 return;
1898
1899 /* Read the register that contains the reason code for this IRQ. */
1900 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1901
1902 switch (reason) {
1903 case B43_DEBUGIRQ_PANIC:
1904 b43_handle_firmware_panic(dev);
1905 break;
1906 case B43_DEBUGIRQ_DUMP_SHM:
1907 if (!B43_DEBUG)
1908 break; /* Only with driver debugging enabled. */
1909 buf = kmalloc(4096, GFP_ATOMIC);
1910 if (!buf) {
1911 b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1912 goto out;
1913 }
1914 for (i = 0; i < 4096; i += 2) {
1915 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1916 buf[i / 2] = cpu_to_le16(tmp);
1917 }
1918 b43info(dev->wl, "Shared memory dump:\n");
1919 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1920 16, 2, buf, 4096, 1);
1921 kfree(buf);
1922 break;
1923 case B43_DEBUGIRQ_DUMP_REGS:
1924 if (!B43_DEBUG)
1925 break; /* Only with driver debugging enabled. */
1926 b43info(dev->wl, "Microcode register dump:\n");
1927 for (i = 0, cnt = 0; i < 64; i++) {
1928 u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1929 if (cnt == 0)
1930 printk(KERN_INFO);
1931 printk("r%02u: 0x%04X ", i, tmp);
1932 cnt++;
1933 if (cnt == 6) {
1934 printk("\n");
1935 cnt = 0;
1936 }
1937 }
1938 printk("\n");
1939 break;
1940 case B43_DEBUGIRQ_MARKER:
1941 if (!B43_DEBUG)
1942 break; /* Only with driver debugging enabled. */
1943 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1944 B43_MARKER_ID_REG);
1945 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1946 B43_MARKER_LINE_REG);
1947 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1948 "at line number %u\n",
1949 marker_id, marker_line);
1950 break;
1951 default:
1952 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1953 reason);
1954 }
1955out:
1956 /* Acknowledge the debug-IRQ, so the firmware can continue. */
1957 b43_shm_write16(dev, B43_SHM_SCRATCH,
1958 B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1959}
1960
1961static void b43_do_interrupt_thread(struct b43_wldev *dev)
1962{
1963 u32 reason;
1964 u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1965 u32 merged_dma_reason = 0;
1966 int i;
1967
1968 if (unlikely(b43_status(dev) != B43_STAT_STARTED))
1969 return;
1970
1971 reason = dev->irq_reason;
1972 for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1973 dma_reason[i] = dev->dma_reason[i];
1974 merged_dma_reason |= dma_reason[i];
1975 }
1976
1977 if (unlikely(reason & B43_IRQ_MAC_TXERR))
1978 b43err(dev->wl, "MAC transmission error\n");
1979
1980 if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1981 b43err(dev->wl, "PHY transmission error\n");
1982 rmb();
1983 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1984 atomic_set(&dev->phy.txerr_cnt,
1985 B43_PHY_TX_BADNESS_LIMIT);
1986 b43err(dev->wl, "Too many PHY TX errors, "
1987 "restarting the controller\n");
1988 b43_controller_restart(dev, "PHY TX errors");
1989 }
1990 }
1991
1992 if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK))) {
1993 b43err(dev->wl,
1994 "Fatal DMA error: 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X\n",
1995 dma_reason[0], dma_reason[1],
1996 dma_reason[2], dma_reason[3],
1997 dma_reason[4], dma_reason[5]);
1998 b43err(dev->wl, "This device does not support DMA "
1999 "on your system. It will now be switched to PIO.\n");
2000 /* Fall back to PIO transfers if we get fatal DMA errors! */
2001 dev->use_pio = true;
2002 b43_controller_restart(dev, "DMA error");
2003 return;
2004 }
2005
2006 if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
2007 handle_irq_ucode_debug(dev);
2008 if (reason & B43_IRQ_TBTT_INDI)
2009 handle_irq_tbtt_indication(dev);
2010 if (reason & B43_IRQ_ATIM_END)
2011 handle_irq_atim_end(dev);
2012 if (reason & B43_IRQ_BEACON)
2013 handle_irq_beacon(dev);
2014 if (reason & B43_IRQ_PMQ)
2015 handle_irq_pmq(dev);
2016 if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
2017 ;/* TODO */
2018 if (reason & B43_IRQ_NOISESAMPLE_OK)
2019 handle_irq_noise(dev);
2020
2021 /* Check the DMA reason registers for received data. */
2022 if (dma_reason[0] & B43_DMAIRQ_RDESC_UFLOW) {
2023 if (B43_DEBUG)
2024 b43warn(dev->wl, "RX descriptor underrun\n");
2025 b43_dma_handle_rx_overflow(dev->dma.rx_ring);
2026 }
2027 if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
2028 if (b43_using_pio_transfers(dev))
2029 b43_pio_rx(dev->pio.rx_queue);
2030 else
2031 b43_dma_rx(dev->dma.rx_ring);
2032 }
2033 B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
2034 B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
2035 B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
2036 B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
2037 B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
2038
2039 if (reason & B43_IRQ_TX_OK)
2040 handle_irq_transmit_status(dev);
2041
2042 /* Re-enable interrupts on the device by restoring the current interrupt mask. */
2043 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
2044
2045#if B43_DEBUG
2046 if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
2047 dev->irq_count++;
2048 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
2049 if (reason & (1 << i))
2050 dev->irq_bit_count[i]++;
2051 }
2052 }
2053#endif
2054}
2055
2056/* Interrupt thread handler. Handles device interrupts in thread context. */
2057static irqreturn_t b43_interrupt_thread_handler(int irq, void *dev_id)
2058{
2059 struct b43_wldev *dev = dev_id;
2060
2061 mutex_lock(&dev->wl->mutex);
2062 b43_do_interrupt_thread(dev);
2063 mutex_unlock(&dev->wl->mutex);
2064
2065 return IRQ_HANDLED;
2066}
2067
2068static irqreturn_t b43_do_interrupt(struct b43_wldev *dev)
2069{
2070 u32 reason;
2071
2072 /* This code runs under wl->hardirq_lock, but _only_ on non-SDIO busses.
2073 * On SDIO, this runs under wl->mutex. */
2074
2075 reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2076 if (reason == 0xffffffff) /* shared IRQ */
2077 return IRQ_NONE;
2078 reason &= dev->irq_mask;
2079 if (!reason)
2080 return IRQ_NONE;
2081
2082 dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
2083 & 0x0001FC00;
2084 dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
2085 & 0x0000DC00;
2086 dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
2087 & 0x0000DC00;
2088 dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
2089 & 0x0001DC00;
2090 dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
2091 & 0x0000DC00;
2092/* Unused ring
2093 dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
2094 & 0x0000DC00;
2095*/
2096
2097 /* ACK the interrupt. */
2098 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
2099 b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
2100 b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
2101 b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
2102 b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
2103 b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
2104/* Unused ring
2105 b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
2106*/
2107
2108 /* Disable IRQs on the device. The IRQ thread handler will re-enable them. */
2109 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
2110 /* Save the reason bitmasks for the IRQ thread handler. */
2111 dev->irq_reason = reason;
2112
2113 return IRQ_WAKE_THREAD;
2114}
2115
2116/* Interrupt handler top-half. This runs with interrupts disabled. */
2117static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
2118{
2119 struct b43_wldev *dev = dev_id;
2120 irqreturn_t ret;
2121
2122 if (unlikely(b43_status(dev) < B43_STAT_STARTED))
2123 return IRQ_NONE;
2124
2125 spin_lock(&dev->wl->hardirq_lock);
2126 ret = b43_do_interrupt(dev);
2127 spin_unlock(&dev->wl->hardirq_lock);
2128
2129 return ret;
2130}
2131
2132/* SDIO interrupt handler. This runs in process context. */
2133static void b43_sdio_interrupt_handler(struct b43_wldev *dev)
2134{
2135 struct b43_wl *wl = dev->wl;
2136 irqreturn_t ret;
2137
2138 mutex_lock(&wl->mutex);
2139
2140 ret = b43_do_interrupt(dev);
2141 if (ret == IRQ_WAKE_THREAD)
2142 b43_do_interrupt_thread(dev);
2143
2144 mutex_unlock(&wl->mutex);
2145}
2146
2147void b43_do_release_fw(struct b43_firmware_file *fw)
2148{
2149 release_firmware(fw->data);
2150 fw->data = NULL;
2151 fw->filename = NULL;
2152}
2153
2154static void b43_release_firmware(struct b43_wldev *dev)
2155{
2156 complete(&dev->fw_load_complete);
2157 b43_do_release_fw(&dev->fw.ucode);
2158 b43_do_release_fw(&dev->fw.pcm);
2159 b43_do_release_fw(&dev->fw.initvals);
2160 b43_do_release_fw(&dev->fw.initvals_band);
2161}
2162
2163static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
2164{
2165 const char text[] =
2166 "You must go to " \
2167 "https://wireless.wiki.kernel.org/en/users/Drivers/b43#devicefirmware " \
2168 "and download the correct firmware for this driver version. " \
2169 "Please carefully read all instructions on this website.\n";
2170
2171 if (error)
2172 b43err(wl, text);
2173 else
2174 b43warn(wl, text);
2175}
2176
2177static void b43_fw_cb(const struct firmware *firmware, void *context)
2178{
2179 struct b43_request_fw_context *ctx = context;
2180
2181 ctx->blob = firmware;
2182 complete(&ctx->dev->fw_load_complete);
2183}
2184
2185int b43_do_request_fw(struct b43_request_fw_context *ctx,
2186 const char *name,
2187 struct b43_firmware_file *fw, bool async)
2188{
2189 struct b43_fw_header *hdr;
2190 u32 size;
2191 int err;
2192
2193 if (!name) {
2194 /* Don't fetch anything. Free possibly cached firmware. */
2195 /* FIXME: We should probably keep it anyway, to save some headache
2196 * on suspend/resume with multiband devices. */
2197 b43_do_release_fw(fw);
2198 return 0;
2199 }
2200 if (fw->filename) {
2201 if ((fw->type == ctx->req_type) &&
2202 (strcmp(fw->filename, name) == 0))
2203 return 0; /* Already have this fw. */
2204 /* Free the cached firmware first. */
2205 /* FIXME: We should probably do this later after we successfully
2206 * got the new fw. This could reduce headache with multiband devices.
2207 * We could also redesign this to cache the firmware for all possible
2208 * bands all the time. */
2209 b43_do_release_fw(fw);
2210 }
2211
2212 switch (ctx->req_type) {
2213 case B43_FWTYPE_PROPRIETARY:
2214 snprintf(ctx->fwname, sizeof(ctx->fwname),
2215 "b43%s/%s.fw",
2216 modparam_fwpostfix, name);
2217 break;
2218 case B43_FWTYPE_OPENSOURCE:
2219 snprintf(ctx->fwname, sizeof(ctx->fwname),
2220 "b43-open%s/%s.fw",
2221 modparam_fwpostfix, name);
2222 break;
2223 default:
2224 B43_WARN_ON(1);
2225 return -ENOSYS;
2226 }
2227 if (async) {
2228 /* do this part asynchronously */
2229 init_completion(&ctx->dev->fw_load_complete);
2230 err = request_firmware_nowait(THIS_MODULE, 1, ctx->fwname,
2231 ctx->dev->dev->dev, GFP_KERNEL,
2232 ctx, b43_fw_cb);
2233 if (err < 0) {
2234 pr_err("Unable to load firmware\n");
2235 return err;
2236 }
2237 wait_for_completion(&ctx->dev->fw_load_complete);
2238 if (ctx->blob)
2239 goto fw_ready;
2240 /* On some ARM systems, the async request will fail, but the next sync
2241 * request works. For this reason, we fall through here
2242 */
2243 }
2244 err = request_firmware(&ctx->blob, ctx->fwname,
2245 ctx->dev->dev->dev);
2246 if (err == -ENOENT) {
2247 snprintf(ctx->errors[ctx->req_type],
2248 sizeof(ctx->errors[ctx->req_type]),
2249 "Firmware file \"%s\" not found\n",
2250 ctx->fwname);
2251 return err;
2252 } else if (err) {
2253 snprintf(ctx->errors[ctx->req_type],
2254 sizeof(ctx->errors[ctx->req_type]),
2255 "Firmware file \"%s\" request failed (err=%d)\n",
2256 ctx->fwname, err);
2257 return err;
2258 }
2259fw_ready:
2260 if (ctx->blob->size < sizeof(struct b43_fw_header))
2261 goto err_format;
2262 hdr = (struct b43_fw_header *)(ctx->blob->data);
2263 switch (hdr->type) {
2264 case B43_FW_TYPE_UCODE:
2265 case B43_FW_TYPE_PCM:
2266 size = be32_to_cpu(hdr->size);
2267 if (size != ctx->blob->size - sizeof(struct b43_fw_header))
2268 goto err_format;
2269 /* fallthrough */
2270 case B43_FW_TYPE_IV:
2271 if (hdr->ver != 1)
2272 goto err_format;
2273 break;
2274 default:
2275 goto err_format;
2276 }
2277
2278 fw->data = ctx->blob;
2279 fw->filename = name;
2280 fw->type = ctx->req_type;
2281
2282 return 0;
2283
2284err_format:
2285 snprintf(ctx->errors[ctx->req_type],
2286 sizeof(ctx->errors[ctx->req_type]),
2287 "Firmware file \"%s\" format error.\n", ctx->fwname);
2288 release_firmware(ctx->blob);
2289
2290 return -EPROTO;
2291}
2292
2293/* https://bcm-v4.sipsolutions.net/802.11/Init/Firmware */
2294static int b43_try_request_fw(struct b43_request_fw_context *ctx)
2295{
2296 struct b43_wldev *dev = ctx->dev;
2297 struct b43_firmware *fw = &ctx->dev->fw;
2298 struct b43_phy *phy = &dev->phy;
2299 const u8 rev = ctx->dev->dev->core_rev;
2300 const char *filename;
2301 int err;
2302
2303 /* Get microcode */
2304 filename = NULL;
2305 switch (rev) {
2306 case 42:
2307 if (phy->type == B43_PHYTYPE_AC)
2308 filename = "ucode42";
2309 break;
2310 case 40:
2311 if (phy->type == B43_PHYTYPE_AC)
2312 filename = "ucode40";
2313 break;
2314 case 33:
2315 if (phy->type == B43_PHYTYPE_LCN40)
2316 filename = "ucode33_lcn40";
2317 break;
2318 case 30:
2319 if (phy->type == B43_PHYTYPE_N)
2320 filename = "ucode30_mimo";
2321 break;
2322 case 29:
2323 if (phy->type == B43_PHYTYPE_HT)
2324 filename = "ucode29_mimo";
2325 break;
2326 case 26:
2327 if (phy->type == B43_PHYTYPE_HT)
2328 filename = "ucode26_mimo";
2329 break;
2330 case 28:
2331 case 25:
2332 if (phy->type == B43_PHYTYPE_N)
2333 filename = "ucode25_mimo";
2334 else if (phy->type == B43_PHYTYPE_LCN)
2335 filename = "ucode25_lcn";
2336 break;
2337 case 24:
2338 if (phy->type == B43_PHYTYPE_LCN)
2339 filename = "ucode24_lcn";
2340 break;
2341 case 23:
2342 if (phy->type == B43_PHYTYPE_N)
2343 filename = "ucode16_mimo";
2344 break;
2345 case 16 ... 19:
2346 if (phy->type == B43_PHYTYPE_N)
2347 filename = "ucode16_mimo";
2348 else if (phy->type == B43_PHYTYPE_LP)
2349 filename = "ucode16_lp";
2350 break;
2351 case 15:
2352 filename = "ucode15";
2353 break;
2354 case 14:
2355 filename = "ucode14";
2356 break;
2357 case 13:
2358 filename = "ucode13";
2359 break;
2360 case 11 ... 12:
2361 filename = "ucode11";
2362 break;
2363 case 5 ... 10:
2364 filename = "ucode5";
2365 break;
2366 }
2367 if (!filename)
2368 goto err_no_ucode;
2369 err = b43_do_request_fw(ctx, filename, &fw->ucode, true);
2370 if (err)
2371 goto err_load;
2372
2373 /* Get PCM code */
2374 if ((rev >= 5) && (rev <= 10))
2375 filename = "pcm5";
2376 else if (rev >= 11)
2377 filename = NULL;
2378 else
2379 goto err_no_pcm;
2380 fw->pcm_request_failed = false;
2381 err = b43_do_request_fw(ctx, filename, &fw->pcm, false);
2382 if (err == -ENOENT) {
2383 /* We did not find a PCM file? Not fatal, but
2384 * core rev <= 10 must do without hwcrypto then. */
2385 fw->pcm_request_failed = true;
2386 } else if (err)
2387 goto err_load;
2388
2389 /* Get initvals */
2390 filename = NULL;
2391 switch (dev->phy.type) {
2392 case B43_PHYTYPE_G:
2393 if (rev == 13)
2394 filename = "b0g0initvals13";
2395 else if (rev >= 5 && rev <= 10)
2396 filename = "b0g0initvals5";
2397 break;
2398 case B43_PHYTYPE_N:
2399 if (rev == 30)
2400 filename = "n16initvals30";
2401 else if (rev == 28 || rev == 25)
2402 filename = "n0initvals25";
2403 else if (rev == 24)
2404 filename = "n0initvals24";
2405 else if (rev == 23)
2406 filename = "n0initvals16"; /* What about n0initvals22? */
2407 else if (rev >= 16 && rev <= 18)
2408 filename = "n0initvals16";
2409 else if (rev >= 11 && rev <= 12)
2410 filename = "n0initvals11";
2411 break;
2412 case B43_PHYTYPE_LP:
2413 if (rev >= 16 && rev <= 18)
2414 filename = "lp0initvals16";
2415 else if (rev == 15)
2416 filename = "lp0initvals15";
2417 else if (rev == 14)
2418 filename = "lp0initvals14";
2419 else if (rev == 13)
2420 filename = "lp0initvals13";
2421 break;
2422 case B43_PHYTYPE_HT:
2423 if (rev == 29)
2424 filename = "ht0initvals29";
2425 else if (rev == 26)
2426 filename = "ht0initvals26";
2427 break;
2428 case B43_PHYTYPE_LCN:
2429 if (rev == 24)
2430 filename = "lcn0initvals24";
2431 break;
2432 case B43_PHYTYPE_LCN40:
2433 if (rev == 33)
2434 filename = "lcn400initvals33";
2435 break;
2436 case B43_PHYTYPE_AC:
2437 if (rev == 42)
2438 filename = "ac1initvals42";
2439 else if (rev == 40)
2440 filename = "ac0initvals40";
2441 break;
2442 }
2443 if (!filename)
2444 goto err_no_initvals;
2445 err = b43_do_request_fw(ctx, filename, &fw->initvals, false);
2446 if (err)
2447 goto err_load;
2448
2449 /* Get bandswitch initvals */
2450 filename = NULL;
2451 switch (dev->phy.type) {
2452 case B43_PHYTYPE_G:
2453 if (rev == 13)
2454 filename = "b0g0bsinitvals13";
2455 else if (rev >= 5 && rev <= 10)
2456 filename = "b0g0bsinitvals5";
2457 break;
2458 case B43_PHYTYPE_N:
2459 if (rev == 30)
2460 filename = "n16bsinitvals30";
2461 else if (rev == 28 || rev == 25)
2462 filename = "n0bsinitvals25";
2463 else if (rev == 24)
2464 filename = "n0bsinitvals24";
2465 else if (rev == 23)
2466 filename = "n0bsinitvals16"; /* What about n0bsinitvals22? */
2467 else if (rev >= 16 && rev <= 18)
2468 filename = "n0bsinitvals16";
2469 else if (rev >= 11 && rev <= 12)
2470 filename = "n0bsinitvals11";
2471 break;
2472 case B43_PHYTYPE_LP:
2473 if (rev >= 16 && rev <= 18)
2474 filename = "lp0bsinitvals16";
2475 else if (rev == 15)
2476 filename = "lp0bsinitvals15";
2477 else if (rev == 14)
2478 filename = "lp0bsinitvals14";
2479 else if (rev == 13)
2480 filename = "lp0bsinitvals13";
2481 break;
2482 case B43_PHYTYPE_HT:
2483 if (rev == 29)
2484 filename = "ht0bsinitvals29";
2485 else if (rev == 26)
2486 filename = "ht0bsinitvals26";
2487 break;
2488 case B43_PHYTYPE_LCN:
2489 if (rev == 24)
2490 filename = "lcn0bsinitvals24";
2491 break;
2492 case B43_PHYTYPE_LCN40:
2493 if (rev == 33)
2494 filename = "lcn400bsinitvals33";
2495 break;
2496 case B43_PHYTYPE_AC:
2497 if (rev == 42)
2498 filename = "ac1bsinitvals42";
2499 else if (rev == 40)
2500 filename = "ac0bsinitvals40";
2501 break;
2502 }
2503 if (!filename)
2504 goto err_no_initvals;
2505 err = b43_do_request_fw(ctx, filename, &fw->initvals_band, false);
2506 if (err)
2507 goto err_load;
2508
2509 fw->opensource = (ctx->req_type == B43_FWTYPE_OPENSOURCE);
2510
2511 return 0;
2512
2513err_no_ucode:
2514 err = ctx->fatal_failure = -EOPNOTSUPP;
2515 b43err(dev->wl, "The driver does not know which firmware (ucode) "
2516 "is required for your device (wl-core rev %u)\n", rev);
2517 goto error;
2518
2519err_no_pcm:
2520 err = ctx->fatal_failure = -EOPNOTSUPP;
2521 b43err(dev->wl, "The driver does not know which firmware (PCM) "
2522 "is required for your device (wl-core rev %u)\n", rev);
2523 goto error;
2524
2525err_no_initvals:
2526 err = ctx->fatal_failure = -EOPNOTSUPP;
2527 b43err(dev->wl, "The driver does not know which firmware (initvals) "
2528 "is required for your device (wl-core rev %u)\n", rev);
2529 goto error;
2530
2531err_load:
2532 /* We failed to load this firmware image. The error message
2533 * already is in ctx->errors. Return and let our caller decide
2534 * what to do. */
2535 goto error;
2536
2537error:
2538 b43_release_firmware(dev);
2539 return err;
2540}
2541
2542static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl);
2543static void b43_one_core_detach(struct b43_bus_dev *dev);
2544static int b43_rng_init(struct b43_wl *wl);
2545
2546static void b43_request_firmware(struct work_struct *work)
2547{
2548 struct b43_wl *wl = container_of(work,
2549 struct b43_wl, firmware_load);
2550 struct b43_wldev *dev = wl->current_dev;
2551 struct b43_request_fw_context *ctx;
2552 unsigned int i;
2553 int err;
2554 const char *errmsg;
2555
2556 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2557 if (!ctx)
2558 return;
2559 ctx->dev = dev;
2560
2561 ctx->req_type = B43_FWTYPE_PROPRIETARY;
2562 err = b43_try_request_fw(ctx);
2563 if (!err)
2564 goto start_ieee80211; /* Successfully loaded it. */
2565 /* Was fw version known? */
2566 if (ctx->fatal_failure)
2567 goto out;
2568
2569 /* proprietary fw not found, try open source */
2570 ctx->req_type = B43_FWTYPE_OPENSOURCE;
2571 err = b43_try_request_fw(ctx);
2572 if (!err)
2573 goto start_ieee80211; /* Successfully loaded it. */
2574 if(ctx->fatal_failure)
2575 goto out;
2576
2577 /* Could not find a usable firmware. Print the errors. */
2578 for (i = 0; i < B43_NR_FWTYPES; i++) {
2579 errmsg = ctx->errors[i];
2580 if (strlen(errmsg))
2581 b43err(dev->wl, "%s", errmsg);
2582 }
2583 b43_print_fw_helptext(dev->wl, 1);
2584 goto out;
2585
2586start_ieee80211:
2587 wl->hw->queues = B43_QOS_QUEUE_NUM;
2588 if (!modparam_qos || dev->fw.opensource)
2589 wl->hw->queues = 1;
2590
2591 err = ieee80211_register_hw(wl->hw);
2592 if (err)
2593 goto out;
2594 wl->hw_registered = true;
2595 b43_leds_register(wl->current_dev);
2596
2597 /* Register HW RNG driver */
2598 b43_rng_init(wl);
2599
2600out:
2601 kfree(ctx);
2602}
2603
2604static int b43_upload_microcode(struct b43_wldev *dev)
2605{
2606 struct wiphy *wiphy = dev->wl->hw->wiphy;
2607 const size_t hdr_len = sizeof(struct b43_fw_header);
2608 const __be32 *data;
2609 unsigned int i, len;
2610 u16 fwrev, fwpatch, fwdate, fwtime;
2611 u32 tmp, macctl;
2612 int err = 0;
2613
2614 /* Jump the microcode PSM to offset 0 */
2615 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2616 B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2617 macctl |= B43_MACCTL_PSM_JMP0;
2618 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2619 /* Zero out all microcode PSM registers and shared memory. */
2620 for (i = 0; i < 64; i++)
2621 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2622 for (i = 0; i < 4096; i += 2)
2623 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2624
2625 /* Upload Microcode. */
2626 data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2627 len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2628 b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2629 for (i = 0; i < len; i++) {
2630 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2631 udelay(10);
2632 }
2633
2634 if (dev->fw.pcm.data) {
2635 /* Upload PCM data. */
2636 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2637 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2638 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2639 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2640 /* No need for autoinc bit in SHM_HW */
2641 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2642 for (i = 0; i < len; i++) {
2643 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2644 udelay(10);
2645 }
2646 }
2647
2648 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2649
2650 /* Start the microcode PSM */
2651 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_JMP0,
2652 B43_MACCTL_PSM_RUN);
2653
2654 /* Wait for the microcode to load and respond */
2655 i = 0;
2656 while (1) {
2657 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2658 if (tmp == B43_IRQ_MAC_SUSPENDED)
2659 break;
2660 i++;
2661 if (i >= 20) {
2662 b43err(dev->wl, "Microcode not responding\n");
2663 b43_print_fw_helptext(dev->wl, 1);
2664 err = -ENODEV;
2665 goto error;
2666 }
2667 msleep(50);
2668 }
2669 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON); /* dummy read */
2670
2671 /* Get and check the revisions. */
2672 fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2673 fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2674 fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2675 fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2676
2677 if (fwrev <= 0x128) {
2678 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2679 "binary drivers older than version 4.x is unsupported. "
2680 "You must upgrade your firmware files.\n");
2681 b43_print_fw_helptext(dev->wl, 1);
2682 err = -EOPNOTSUPP;
2683 goto error;
2684 }
2685 dev->fw.rev = fwrev;
2686 dev->fw.patch = fwpatch;
2687 if (dev->fw.rev >= 598)
2688 dev->fw.hdr_format = B43_FW_HDR_598;
2689 else if (dev->fw.rev >= 410)
2690 dev->fw.hdr_format = B43_FW_HDR_410;
2691 else
2692 dev->fw.hdr_format = B43_FW_HDR_351;
2693 WARN_ON(dev->fw.opensource != (fwdate == 0xFFFF));
2694
2695 dev->qos_enabled = dev->wl->hw->queues > 1;
2696 /* Default to firmware/hardware crypto acceleration. */
2697 dev->hwcrypto_enabled = true;
2698
2699 if (dev->fw.opensource) {
2700 u16 fwcapa;
2701
2702 /* Patchlevel info is encoded in the "time" field. */
2703 dev->fw.patch = fwtime;
2704 b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2705 dev->fw.rev, dev->fw.patch);
2706
2707 fwcapa = b43_fwcapa_read(dev);
2708 if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2709 b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2710 /* Disable hardware crypto and fall back to software crypto. */
2711 dev->hwcrypto_enabled = false;
2712 }
2713 /* adding QoS support should use an offline discovery mechanism */
2714 WARN(fwcapa & B43_FWCAPA_QOS, "QoS in OpenFW not supported\n");
2715 } else {
2716 b43info(dev->wl, "Loading firmware version %u.%u "
2717 "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2718 fwrev, fwpatch,
2719 (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2720 (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2721 if (dev->fw.pcm_request_failed) {
2722 b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2723 "Hardware accelerated cryptography is disabled.\n");
2724 b43_print_fw_helptext(dev->wl, 0);
2725 }
2726 }
2727
2728 snprintf(wiphy->fw_version, sizeof(wiphy->fw_version), "%u.%u",
2729 dev->fw.rev, dev->fw.patch);
2730 wiphy->hw_version = dev->dev->core_id;
2731
2732 if (dev->fw.hdr_format == B43_FW_HDR_351) {
2733 /* We're over the deadline, but we keep support for old fw
2734 * until it turns out to be in major conflict with something new. */
2735 b43warn(dev->wl, "You are using an old firmware image. "
2736 "Support for old firmware will be removed soon "
2737 "(official deadline was July 2008).\n");
2738 b43_print_fw_helptext(dev->wl, 0);
2739 }
2740
2741 return 0;
2742
2743error:
2744 /* Stop the microcode PSM. */
2745 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
2746 B43_MACCTL_PSM_JMP0);
2747
2748 return err;
2749}
2750
2751static int b43_write_initvals(struct b43_wldev *dev,
2752 const struct b43_iv *ivals,
2753 size_t count,
2754 size_t array_size)
2755{
2756 const struct b43_iv *iv;
2757 u16 offset;
2758 size_t i;
2759 bool bit32;
2760
2761 BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2762 iv = ivals;
2763 for (i = 0; i < count; i++) {
2764 if (array_size < sizeof(iv->offset_size))
2765 goto err_format;
2766 array_size -= sizeof(iv->offset_size);
2767 offset = be16_to_cpu(iv->offset_size);
2768 bit32 = !!(offset & B43_IV_32BIT);
2769 offset &= B43_IV_OFFSET_MASK;
2770 if (offset >= 0x1000)
2771 goto err_format;
2772 if (bit32) {
2773 u32 value;
2774
2775 if (array_size < sizeof(iv->data.d32))
2776 goto err_format;
2777 array_size -= sizeof(iv->data.d32);
2778
2779 value = get_unaligned_be32(&iv->data.d32);
2780 b43_write32(dev, offset, value);
2781
2782 iv = (const struct b43_iv *)((const uint8_t *)iv +
2783 sizeof(__be16) +
2784 sizeof(__be32));
2785 } else {
2786 u16 value;
2787
2788 if (array_size < sizeof(iv->data.d16))
2789 goto err_format;
2790 array_size -= sizeof(iv->data.d16);
2791
2792 value = be16_to_cpu(iv->data.d16);
2793 b43_write16(dev, offset, value);
2794
2795 iv = (const struct b43_iv *)((const uint8_t *)iv +
2796 sizeof(__be16) +
2797 sizeof(__be16));
2798 }
2799 }
2800 if (array_size)
2801 goto err_format;
2802
2803 return 0;
2804
2805err_format:
2806 b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2807 b43_print_fw_helptext(dev->wl, 1);
2808
2809 return -EPROTO;
2810}
2811
2812static int b43_upload_initvals(struct b43_wldev *dev)
2813{
2814 const size_t hdr_len = sizeof(struct b43_fw_header);
2815 const struct b43_fw_header *hdr;
2816 struct b43_firmware *fw = &dev->fw;
2817 const struct b43_iv *ivals;
2818 size_t count;
2819
2820 hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2821 ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2822 count = be32_to_cpu(hdr->size);
2823 return b43_write_initvals(dev, ivals, count,
2824 fw->initvals.data->size - hdr_len);
2825}
2826
2827static int b43_upload_initvals_band(struct b43_wldev *dev)
2828{
2829 const size_t hdr_len = sizeof(struct b43_fw_header);
2830 const struct b43_fw_header *hdr;
2831 struct b43_firmware *fw = &dev->fw;
2832 const struct b43_iv *ivals;
2833 size_t count;
2834
2835 if (!fw->initvals_band.data)
2836 return 0;
2837
2838 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2839 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2840 count = be32_to_cpu(hdr->size);
2841 return b43_write_initvals(dev, ivals, count,
2842 fw->initvals_band.data->size - hdr_len);
2843}
2844
2845/* Initialize the GPIOs
2846 * https://bcm-specs.sipsolutions.net/GPIO
2847 */
2848
2849#ifdef CONFIG_B43_SSB
2850static struct ssb_device *b43_ssb_gpio_dev(struct b43_wldev *dev)
2851{
2852 struct ssb_bus *bus = dev->dev->sdev->bus;
2853
2854#ifdef CONFIG_SSB_DRIVER_PCICORE
2855 return (bus->chipco.dev ? bus->chipco.dev : bus->pcicore.dev);
2856#else
2857 return bus->chipco.dev;
2858#endif
2859}
2860#endif
2861
2862static int b43_gpio_init(struct b43_wldev *dev)
2863{
2864#ifdef CONFIG_B43_SSB
2865 struct ssb_device *gpiodev;
2866#endif
2867 u32 mask, set;
2868
2869 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_GPOUTSMSK, 0);
2870 b43_maskset16(dev, B43_MMIO_GPIO_MASK, ~0, 0xF);
2871
2872 mask = 0x0000001F;
2873 set = 0x0000000F;
2874 if (dev->dev->chip_id == 0x4301) {
2875 mask |= 0x0060;
2876 set |= 0x0060;
2877 } else if (dev->dev->chip_id == 0x5354) {
2878 /* Don't allow overtaking buttons GPIOs */
2879 set &= 0x2; /* 0x2 is LED GPIO on BCM5354 */
2880 }
2881
2882 if (0 /* FIXME: conditional unknown */ ) {
2883 b43_write16(dev, B43_MMIO_GPIO_MASK,
2884 b43_read16(dev, B43_MMIO_GPIO_MASK)
2885 | 0x0100);
2886 /* BT Coexistance Input */
2887 mask |= 0x0080;
2888 set |= 0x0080;
2889 /* BT Coexistance Out */
2890 mask |= 0x0100;
2891 set |= 0x0100;
2892 }
2893 if (dev->dev->bus_sprom->boardflags_lo & B43_BFL_PACTRL) {
2894 /* PA is controlled by gpio 9, let ucode handle it */
2895 b43_write16(dev, B43_MMIO_GPIO_MASK,
2896 b43_read16(dev, B43_MMIO_GPIO_MASK)
2897 | 0x0200);
2898 mask |= 0x0200;
2899 set |= 0x0200;
2900 }
2901
2902 switch (dev->dev->bus_type) {
2903#ifdef CONFIG_B43_BCMA
2904 case B43_BUS_BCMA:
2905 bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, mask, set);
2906 break;
2907#endif
2908#ifdef CONFIG_B43_SSB
2909 case B43_BUS_SSB:
2910 gpiodev = b43_ssb_gpio_dev(dev);
2911 if (gpiodev)
2912 ssb_write32(gpiodev, B43_GPIO_CONTROL,
2913 (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2914 & ~mask) | set);
2915 break;
2916#endif
2917 }
2918
2919 return 0;
2920}
2921
2922/* Turn off all GPIO stuff. Call this on module unload, for example. */
2923static void b43_gpio_cleanup(struct b43_wldev *dev)
2924{
2925#ifdef CONFIG_B43_SSB
2926 struct ssb_device *gpiodev;
2927#endif
2928
2929 switch (dev->dev->bus_type) {
2930#ifdef CONFIG_B43_BCMA
2931 case B43_BUS_BCMA:
2932 bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, ~0, 0);
2933 break;
2934#endif
2935#ifdef CONFIG_B43_SSB
2936 case B43_BUS_SSB:
2937 gpiodev = b43_ssb_gpio_dev(dev);
2938 if (gpiodev)
2939 ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2940 break;
2941#endif
2942 }
2943}
2944
2945/* http://bcm-specs.sipsolutions.net/EnableMac */
2946void b43_mac_enable(struct b43_wldev *dev)
2947{
2948 if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2949 u16 fwstate;
2950
2951 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2952 B43_SHM_SH_UCODESTAT);
2953 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2954 (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2955 b43err(dev->wl, "b43_mac_enable(): The firmware "
2956 "should be suspended, but current state is %u\n",
2957 fwstate);
2958 }
2959 }
2960
2961 dev->mac_suspended--;
2962 B43_WARN_ON(dev->mac_suspended < 0);
2963 if (dev->mac_suspended == 0) {
2964 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_ENABLED);
2965 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2966 B43_IRQ_MAC_SUSPENDED);
2967 /* Commit writes */
2968 b43_read32(dev, B43_MMIO_MACCTL);
2969 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2970 b43_power_saving_ctl_bits(dev, 0);
2971 }
2972}
2973
2974/* https://bcm-specs.sipsolutions.net/SuspendMAC */
2975void b43_mac_suspend(struct b43_wldev *dev)
2976{
2977 int i;
2978 u32 tmp;
2979
2980 might_sleep();
2981 B43_WARN_ON(dev->mac_suspended < 0);
2982
2983 if (dev->mac_suspended == 0) {
2984 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2985 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_ENABLED, 0);
2986 /* force pci to flush the write */
2987 b43_read32(dev, B43_MMIO_MACCTL);
2988 for (i = 35; i; i--) {
2989 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2990 if (tmp & B43_IRQ_MAC_SUSPENDED)
2991 goto out;
2992 udelay(10);
2993 }
2994 /* Hm, it seems this will take some time. Use msleep(). */
2995 for (i = 40; i; i--) {
2996 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2997 if (tmp & B43_IRQ_MAC_SUSPENDED)
2998 goto out;
2999 msleep(1);
3000 }
3001 b43err(dev->wl, "MAC suspend failed\n");
3002 }
3003out:
3004 dev->mac_suspended++;
3005}
3006
3007/* https://bcm-v4.sipsolutions.net/802.11/PHY/N/MacPhyClkSet */
3008void b43_mac_phy_clock_set(struct b43_wldev *dev, bool on)
3009{
3010 u32 tmp;
3011
3012 switch (dev->dev->bus_type) {
3013#ifdef CONFIG_B43_BCMA
3014 case B43_BUS_BCMA:
3015 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
3016 if (on)
3017 tmp |= B43_BCMA_IOCTL_MACPHYCLKEN;
3018 else
3019 tmp &= ~B43_BCMA_IOCTL_MACPHYCLKEN;
3020 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
3021 break;
3022#endif
3023#ifdef CONFIG_B43_SSB
3024 case B43_BUS_SSB:
3025 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3026 if (on)
3027 tmp |= B43_TMSLOW_MACPHYCLKEN;
3028 else
3029 tmp &= ~B43_TMSLOW_MACPHYCLKEN;
3030 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3031 break;
3032#endif
3033 }
3034}
3035
3036/* brcms_b_switch_macfreq */
3037void b43_mac_switch_freq(struct b43_wldev *dev, u8 spurmode)
3038{
3039 u16 chip_id = dev->dev->chip_id;
3040
3041 if (chip_id == BCMA_CHIP_ID_BCM4331) {
3042 switch (spurmode) {
3043 case 2: /* 168 Mhz: 2^26/168 = 0x61862 */
3044 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x1862);
3045 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3046 break;
3047 case 1: /* 164 Mhz: 2^26/164 = 0x63e70 */
3048 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x3e70);
3049 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3050 break;
3051 default: /* 160 Mhz: 2^26/160 = 0x66666 */
3052 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x6666);
3053 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3054 break;
3055 }
3056 } else if (chip_id == BCMA_CHIP_ID_BCM43131 ||
3057 chip_id == BCMA_CHIP_ID_BCM43217 ||
3058 chip_id == BCMA_CHIP_ID_BCM43222 ||
3059 chip_id == BCMA_CHIP_ID_BCM43224 ||
3060 chip_id == BCMA_CHIP_ID_BCM43225 ||
3061 chip_id == BCMA_CHIP_ID_BCM43227 ||
3062 chip_id == BCMA_CHIP_ID_BCM43228) {
3063 switch (spurmode) {
3064 case 2: /* 126 Mhz */
3065 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x2082);
3066 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3067 break;
3068 case 1: /* 123 Mhz */
3069 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x5341);
3070 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3071 break;
3072 default: /* 120 Mhz */
3073 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x8889);
3074 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3075 break;
3076 }
3077 } else if (dev->phy.type == B43_PHYTYPE_LCN) {
3078 switch (spurmode) {
3079 case 1: /* 82 Mhz */
3080 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x7CE0);
3081 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0xC);
3082 break;
3083 default: /* 80 Mhz */
3084 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0xCCCD);
3085 b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0xC);
3086 break;
3087 }
3088 }
3089}
3090
3091static void b43_adjust_opmode(struct b43_wldev *dev)
3092{
3093 struct b43_wl *wl = dev->wl;
3094 u32 ctl;
3095 u16 cfp_pretbtt;
3096
3097 ctl = b43_read32(dev, B43_MMIO_MACCTL);
3098 /* Reset status to STA infrastructure mode. */
3099 ctl &= ~B43_MACCTL_AP;
3100 ctl &= ~B43_MACCTL_KEEP_CTL;
3101 ctl &= ~B43_MACCTL_KEEP_BADPLCP;
3102 ctl &= ~B43_MACCTL_KEEP_BAD;
3103 ctl &= ~B43_MACCTL_PROMISC;
3104 ctl &= ~B43_MACCTL_BEACPROMISC;
3105 ctl |= B43_MACCTL_INFRA;
3106
3107 if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3108 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
3109 ctl |= B43_MACCTL_AP;
3110 else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
3111 ctl &= ~B43_MACCTL_INFRA;
3112
3113 if (wl->filter_flags & FIF_CONTROL)
3114 ctl |= B43_MACCTL_KEEP_CTL;
3115 if (wl->filter_flags & FIF_FCSFAIL)
3116 ctl |= B43_MACCTL_KEEP_BAD;
3117 if (wl->filter_flags & FIF_PLCPFAIL)
3118 ctl |= B43_MACCTL_KEEP_BADPLCP;
3119 if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
3120 ctl |= B43_MACCTL_BEACPROMISC;
3121
3122 /* Workaround: On old hardware the HW-MAC-address-filter
3123 * doesn't work properly, so always run promisc in filter
3124 * it in software. */
3125 if (dev->dev->core_rev <= 4)
3126 ctl |= B43_MACCTL_PROMISC;
3127
3128 b43_write32(dev, B43_MMIO_MACCTL, ctl);
3129
3130 cfp_pretbtt = 2;
3131 if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
3132 if (dev->dev->chip_id == 0x4306 &&
3133 dev->dev->chip_rev == 3)
3134 cfp_pretbtt = 100;
3135 else
3136 cfp_pretbtt = 50;
3137 }
3138 b43_write16(dev, 0x612, cfp_pretbtt);
3139
3140 /* FIXME: We don't currently implement the PMQ mechanism,
3141 * so always disable it. If we want to implement PMQ,
3142 * we need to enable it here (clear DISCPMQ) in AP mode.
3143 */
3144 if (0 /* ctl & B43_MACCTL_AP */)
3145 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_DISCPMQ, 0);
3146 else
3147 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_DISCPMQ);
3148}
3149
3150static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
3151{
3152 u16 offset;
3153
3154 if (is_ofdm) {
3155 offset = 0x480;
3156 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
3157 } else {
3158 offset = 0x4C0;
3159 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
3160 }
3161 b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
3162 b43_shm_read16(dev, B43_SHM_SHARED, offset));
3163}
3164
3165static void b43_rate_memory_init(struct b43_wldev *dev)
3166{
3167 switch (dev->phy.type) {
3168 case B43_PHYTYPE_G:
3169 case B43_PHYTYPE_N:
3170 case B43_PHYTYPE_LP:
3171 case B43_PHYTYPE_HT:
3172 case B43_PHYTYPE_LCN:
3173 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
3174 b43_rate_memory_write(dev, B43_OFDM_RATE_9MB, 1);
3175 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
3176 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
3177 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
3178 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
3179 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
3180 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
3181 /* fallthrough */
3182 case B43_PHYTYPE_B:
3183 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
3184 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
3185 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
3186 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
3187 break;
3188 default:
3189 B43_WARN_ON(1);
3190 }
3191}
3192
3193/* Set the default values for the PHY TX Control Words. */
3194static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
3195{
3196 u16 ctl = 0;
3197
3198 ctl |= B43_TXH_PHY_ENC_CCK;
3199 ctl |= B43_TXH_PHY_ANT01AUTO;
3200 ctl |= B43_TXH_PHY_TXPWR;
3201
3202 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
3203 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
3204 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
3205}
3206
3207/* Set the TX-Antenna for management frames sent by firmware. */
3208static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
3209{
3210 u16 ant;
3211 u16 tmp;
3212
3213 ant = b43_antenna_to_phyctl(antenna);
3214
3215 /* For ACK/CTS */
3216 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
3217 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3218 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
3219 /* For Probe Resposes */
3220 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
3221 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3222 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
3223}
3224
3225/* This is the opposite of b43_chip_init() */
3226static void b43_chip_exit(struct b43_wldev *dev)
3227{
3228 b43_phy_exit(dev);
3229 b43_gpio_cleanup(dev);
3230 /* firmware is released later */
3231}
3232
3233/* Initialize the chip
3234 * https://bcm-specs.sipsolutions.net/ChipInit
3235 */
3236static int b43_chip_init(struct b43_wldev *dev)
3237{
3238 struct b43_phy *phy = &dev->phy;
3239 int err;
3240 u32 macctl;
3241 u16 value16;
3242
3243 /* Initialize the MAC control */
3244 macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
3245 if (dev->phy.gmode)
3246 macctl |= B43_MACCTL_GMODE;
3247 macctl |= B43_MACCTL_INFRA;
3248 b43_write32(dev, B43_MMIO_MACCTL, macctl);
3249
3250 err = b43_upload_microcode(dev);
3251 if (err)
3252 goto out; /* firmware is released later */
3253
3254 err = b43_gpio_init(dev);
3255 if (err)
3256 goto out; /* firmware is released later */
3257
3258 err = b43_upload_initvals(dev);
3259 if (err)
3260 goto err_gpio_clean;
3261
3262 err = b43_upload_initvals_band(dev);
3263 if (err)
3264 goto err_gpio_clean;
3265
3266 /* Turn the Analog on and initialize the PHY. */
3267 phy->ops->switch_analog(dev, 1);
3268 err = b43_phy_init(dev);
3269 if (err)
3270 goto err_gpio_clean;
3271
3272 /* Disable Interference Mitigation. */
3273 if (phy->ops->interf_mitigation)
3274 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
3275
3276 /* Select the antennae */
3277 if (phy->ops->set_rx_antenna)
3278 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
3279 b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
3280
3281 if (phy->type == B43_PHYTYPE_B) {
3282 value16 = b43_read16(dev, 0x005E);
3283 value16 |= 0x0004;
3284 b43_write16(dev, 0x005E, value16);
3285 }
3286 b43_write32(dev, 0x0100, 0x01000000);
3287 if (dev->dev->core_rev < 5)
3288 b43_write32(dev, 0x010C, 0x01000000);
3289
3290 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_INFRA, 0);
3291 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_INFRA);
3292
3293 /* Probe Response Timeout value */
3294 /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
3295 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 0);
3296
3297 /* Initially set the wireless operation mode. */
3298 b43_adjust_opmode(dev);
3299
3300 if (dev->dev->core_rev < 3) {
3301 b43_write16(dev, 0x060E, 0x0000);
3302 b43_write16(dev, 0x0610, 0x8000);
3303 b43_write16(dev, 0x0604, 0x0000);
3304 b43_write16(dev, 0x0606, 0x0200);
3305 } else {
3306 b43_write32(dev, 0x0188, 0x80000000);
3307 b43_write32(dev, 0x018C, 0x02000000);
3308 }
3309 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
3310 b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001FC00);
3311 b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
3312 b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
3313 b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
3314 b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
3315 b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
3316
3317 b43_mac_phy_clock_set(dev, true);
3318
3319 switch (dev->dev->bus_type) {
3320#ifdef CONFIG_B43_BCMA
3321 case B43_BUS_BCMA:
3322 /* FIXME: 0xE74 is quite common, but should be read from CC */
3323 b43_write16(dev, B43_MMIO_POWERUP_DELAY, 0xE74);
3324 break;
3325#endif
3326#ifdef CONFIG_B43_SSB
3327 case B43_BUS_SSB:
3328 b43_write16(dev, B43_MMIO_POWERUP_DELAY,
3329 dev->dev->sdev->bus->chipco.fast_pwrup_delay);
3330 break;
3331#endif
3332 }
3333
3334 err = 0;
3335 b43dbg(dev->wl, "Chip initialized\n");
3336out:
3337 return err;
3338
3339err_gpio_clean:
3340 b43_gpio_cleanup(dev);
3341 return err;
3342}
3343
3344static void b43_periodic_every60sec(struct b43_wldev *dev)
3345{
3346 const struct b43_phy_operations *ops = dev->phy.ops;
3347
3348 if (ops->pwork_60sec)
3349 ops->pwork_60sec(dev);
3350
3351 /* Force check the TX power emission now. */
3352 b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
3353}
3354
3355static void b43_periodic_every30sec(struct b43_wldev *dev)
3356{
3357 /* Update device statistics. */
3358 b43_calculate_link_quality(dev);
3359}
3360
3361static void b43_periodic_every15sec(struct b43_wldev *dev)
3362{
3363 struct b43_phy *phy = &dev->phy;
3364 u16 wdr;
3365
3366 if (dev->fw.opensource) {
3367 /* Check if the firmware is still alive.
3368 * It will reset the watchdog counter to 0 in its idle loop. */
3369 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
3370 if (unlikely(wdr)) {
3371 b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
3372 b43_controller_restart(dev, "Firmware watchdog");
3373 return;
3374 } else {
3375 b43_shm_write16(dev, B43_SHM_SCRATCH,
3376 B43_WATCHDOG_REG, 1);
3377 }
3378 }
3379
3380 if (phy->ops->pwork_15sec)
3381 phy->ops->pwork_15sec(dev);
3382
3383 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3384 wmb();
3385
3386#if B43_DEBUG
3387 if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
3388 unsigned int i;
3389
3390 b43dbg(dev->wl, "Stats: %7u IRQs/sec, %7u TX/sec, %7u RX/sec\n",
3391 dev->irq_count / 15,
3392 dev->tx_count / 15,
3393 dev->rx_count / 15);
3394 dev->irq_count = 0;
3395 dev->tx_count = 0;
3396 dev->rx_count = 0;
3397 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
3398 if (dev->irq_bit_count[i]) {
3399 b43dbg(dev->wl, "Stats: %7u IRQ-%02u/sec (0x%08X)\n",
3400 dev->irq_bit_count[i] / 15, i, (1 << i));
3401 dev->irq_bit_count[i] = 0;
3402 }
3403 }
3404 }
3405#endif
3406}
3407
3408static void do_periodic_work(struct b43_wldev *dev)
3409{
3410 unsigned int state;
3411
3412 state = dev->periodic_state;
3413 if (state % 4 == 0)
3414 b43_periodic_every60sec(dev);
3415 if (state % 2 == 0)
3416 b43_periodic_every30sec(dev);
3417 b43_periodic_every15sec(dev);
3418}
3419
3420/* Periodic work locking policy:
3421 * The whole periodic work handler is protected by
3422 * wl->mutex. If another lock is needed somewhere in the
3423 * pwork callchain, it's acquired in-place, where it's needed.
3424 */
3425static void b43_periodic_work_handler(struct work_struct *work)
3426{
3427 struct b43_wldev *dev = container_of(work, struct b43_wldev,
3428 periodic_work.work);
3429 struct b43_wl *wl = dev->wl;
3430 unsigned long delay;
3431
3432 mutex_lock(&wl->mutex);
3433
3434 if (unlikely(b43_status(dev) != B43_STAT_STARTED))
3435 goto out;
3436 if (b43_debug(dev, B43_DBG_PWORK_STOP))
3437 goto out_requeue;
3438
3439 do_periodic_work(dev);
3440
3441 dev->periodic_state++;
3442out_requeue:
3443 if (b43_debug(dev, B43_DBG_PWORK_FAST))
3444 delay = msecs_to_jiffies(50);
3445 else
3446 delay = round_jiffies_relative(HZ * 15);
3447 ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
3448out:
3449 mutex_unlock(&wl->mutex);
3450}
3451
3452static void b43_periodic_tasks_setup(struct b43_wldev *dev)
3453{
3454 struct delayed_work *work = &dev->periodic_work;
3455
3456 dev->periodic_state = 0;
3457 INIT_DELAYED_WORK(work, b43_periodic_work_handler);
3458 ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
3459}
3460
3461/* Check if communication with the device works correctly. */
3462static int b43_validate_chipaccess(struct b43_wldev *dev)
3463{
3464 u32 v, backup0, backup4;
3465
3466 backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
3467 backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
3468
3469 /* Check for read/write and endianness problems. */
3470 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
3471 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
3472 goto error;
3473 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
3474 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
3475 goto error;
3476
3477 /* Check if unaligned 32bit SHM_SHARED access works properly.
3478 * However, don't bail out on failure, because it's noncritical. */
3479 b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
3480 b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
3481 b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
3482 b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
3483 if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
3484 b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
3485 b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
3486 if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
3487 b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
3488 b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
3489 b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
3490 b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
3491
3492 b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
3493 b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
3494
3495 if ((dev->dev->core_rev >= 3) && (dev->dev->core_rev <= 10)) {
3496 /* The 32bit register shadows the two 16bit registers
3497 * with update sideeffects. Validate this. */
3498 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
3499 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
3500 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
3501 goto error;
3502 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
3503 goto error;
3504 }
3505 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
3506
3507 v = b43_read32(dev, B43_MMIO_MACCTL);
3508 v |= B43_MACCTL_GMODE;
3509 if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
3510 goto error;
3511
3512 return 0;
3513error:
3514 b43err(dev->wl, "Failed to validate the chipaccess\n");
3515 return -ENODEV;
3516}
3517
3518static void b43_security_init(struct b43_wldev *dev)
3519{
3520 dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
3521 /* KTP is a word address, but we address SHM bytewise.
3522 * So multiply by two.
3523 */
3524 dev->ktp *= 2;
3525 /* Number of RCMTA address slots */
3526 b43_write16(dev, B43_MMIO_RCMTA_COUNT, B43_NR_PAIRWISE_KEYS);
3527 /* Clear the key memory. */
3528 b43_clear_keys(dev);
3529}
3530
3531#ifdef CONFIG_B43_HWRNG
3532static int b43_rng_read(struct hwrng *rng, u32 *data)
3533{
3534 struct b43_wl *wl = (struct b43_wl *)rng->priv;
3535 struct b43_wldev *dev;
3536 int count = -ENODEV;
3537
3538 mutex_lock(&wl->mutex);
3539 dev = wl->current_dev;
3540 if (likely(dev && b43_status(dev) >= B43_STAT_INITIALIZED)) {
3541 *data = b43_read16(dev, B43_MMIO_RNG);
3542 count = sizeof(u16);
3543 }
3544 mutex_unlock(&wl->mutex);
3545
3546 return count;
3547}
3548#endif /* CONFIG_B43_HWRNG */
3549
3550static void b43_rng_exit(struct b43_wl *wl)
3551{
3552#ifdef CONFIG_B43_HWRNG
3553 if (wl->rng_initialized)
3554 hwrng_unregister(&wl->rng);
3555#endif /* CONFIG_B43_HWRNG */
3556}
3557
3558static int b43_rng_init(struct b43_wl *wl)
3559{
3560 int err = 0;
3561
3562#ifdef CONFIG_B43_HWRNG
3563 snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3564 "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3565 wl->rng.name = wl->rng_name;
3566 wl->rng.data_read = b43_rng_read;
3567 wl->rng.priv = (unsigned long)wl;
3568 wl->rng_initialized = true;
3569 err = hwrng_register(&wl->rng);
3570 if (err) {
3571 wl->rng_initialized = false;
3572 b43err(wl, "Failed to register the random "
3573 "number generator (%d)\n", err);
3574 }
3575#endif /* CONFIG_B43_HWRNG */
3576
3577 return err;
3578}
3579
3580static void b43_tx_work(struct work_struct *work)
3581{
3582 struct b43_wl *wl = container_of(work, struct b43_wl, tx_work);
3583 struct b43_wldev *dev;
3584 struct sk_buff *skb;
3585 int queue_num;
3586 int err = 0;
3587
3588 mutex_lock(&wl->mutex);
3589 dev = wl->current_dev;
3590 if (unlikely(!dev || b43_status(dev) < B43_STAT_STARTED)) {
3591 mutex_unlock(&wl->mutex);
3592 return;
3593 }
3594
3595 for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
3596 while (skb_queue_len(&wl->tx_queue[queue_num])) {
3597 skb = skb_dequeue(&wl->tx_queue[queue_num]);
3598 if (b43_using_pio_transfers(dev))
3599 err = b43_pio_tx(dev, skb);
3600 else
3601 err = b43_dma_tx(dev, skb);
3602 if (err == -ENOSPC) {
3603 wl->tx_queue_stopped[queue_num] = true;
3604 ieee80211_stop_queue(wl->hw, queue_num);
3605 skb_queue_head(&wl->tx_queue[queue_num], skb);
3606 break;
3607 }
3608 if (unlikely(err))
3609 ieee80211_free_txskb(wl->hw, skb);
3610 err = 0;
3611 }
3612
3613 if (!err)
3614 wl->tx_queue_stopped[queue_num] = false;
3615 }
3616
3617#if B43_DEBUG
3618 dev->tx_count++;
3619#endif
3620 mutex_unlock(&wl->mutex);
3621}
3622
3623static void b43_op_tx(struct ieee80211_hw *hw,
3624 struct ieee80211_tx_control *control,
3625 struct sk_buff *skb)
3626{
3627 struct b43_wl *wl = hw_to_b43_wl(hw);
3628
3629 if (unlikely(skb->len < 2 + 2 + 6)) {
3630 /* Too short, this can't be a valid frame. */
3631 ieee80211_free_txskb(hw, skb);
3632 return;
3633 }
3634 B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3635
3636 skb_queue_tail(&wl->tx_queue[skb->queue_mapping], skb);
3637 if (!wl->tx_queue_stopped[skb->queue_mapping]) {
3638 ieee80211_queue_work(wl->hw, &wl->tx_work);
3639 } else {
3640 ieee80211_stop_queue(wl->hw, skb->queue_mapping);
3641 }
3642}
3643
3644static void b43_qos_params_upload(struct b43_wldev *dev,
3645 const struct ieee80211_tx_queue_params *p,
3646 u16 shm_offset)
3647{
3648 u16 params[B43_NR_QOSPARAMS];
3649 int bslots, tmp;
3650 unsigned int i;
3651
3652 if (!dev->qos_enabled)
3653 return;
3654
3655 bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3656
3657 memset(¶ms, 0, sizeof(params));
3658
3659 params[B43_QOSPARAM_TXOP] = p->txop * 32;
3660 params[B43_QOSPARAM_CWMIN] = p->cw_min;
3661 params[B43_QOSPARAM_CWMAX] = p->cw_max;
3662 params[B43_QOSPARAM_CWCUR] = p->cw_min;
3663 params[B43_QOSPARAM_AIFS] = p->aifs;
3664 params[B43_QOSPARAM_BSLOTS] = bslots;
3665 params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3666
3667 for (i = 0; i < ARRAY_SIZE(params); i++) {
3668 if (i == B43_QOSPARAM_STATUS) {
3669 tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3670 shm_offset + (i * 2));
3671 /* Mark the parameters as updated. */
3672 tmp |= 0x100;
3673 b43_shm_write16(dev, B43_SHM_SHARED,
3674 shm_offset + (i * 2),
3675 tmp);
3676 } else {
3677 b43_shm_write16(dev, B43_SHM_SHARED,
3678 shm_offset + (i * 2),
3679 params[i]);
3680 }
3681 }
3682}
3683
3684/* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3685static const u16 b43_qos_shm_offsets[] = {
3686 /* [mac80211-queue-nr] = SHM_OFFSET, */
3687 [0] = B43_QOS_VOICE,
3688 [1] = B43_QOS_VIDEO,
3689 [2] = B43_QOS_BESTEFFORT,
3690 [3] = B43_QOS_BACKGROUND,
3691};
3692
3693/* Update all QOS parameters in hardware. */
3694static void b43_qos_upload_all(struct b43_wldev *dev)
3695{
3696 struct b43_wl *wl = dev->wl;
3697 struct b43_qos_params *params;
3698 unsigned int i;
3699
3700 if (!dev->qos_enabled)
3701 return;
3702
3703 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3704 ARRAY_SIZE(wl->qos_params));
3705
3706 b43_mac_suspend(dev);
3707 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3708 params = &(wl->qos_params[i]);
3709 b43_qos_params_upload(dev, &(params->p),
3710 b43_qos_shm_offsets[i]);
3711 }
3712 b43_mac_enable(dev);
3713}
3714
3715static void b43_qos_clear(struct b43_wl *wl)
3716{
3717 struct b43_qos_params *params;
3718 unsigned int i;
3719
3720 /* Initialize QoS parameters to sane defaults. */
3721
3722 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3723 ARRAY_SIZE(wl->qos_params));
3724
3725 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3726 params = &(wl->qos_params[i]);
3727
3728 switch (b43_qos_shm_offsets[i]) {
3729 case B43_QOS_VOICE:
3730 params->p.txop = 0;
3731 params->p.aifs = 2;
3732 params->p.cw_min = 0x0001;
3733 params->p.cw_max = 0x0001;
3734 break;
3735 case B43_QOS_VIDEO:
3736 params->p.txop = 0;
3737 params->p.aifs = 2;
3738 params->p.cw_min = 0x0001;
3739 params->p.cw_max = 0x0001;
3740 break;
3741 case B43_QOS_BESTEFFORT:
3742 params->p.txop = 0;
3743 params->p.aifs = 3;
3744 params->p.cw_min = 0x0001;
3745 params->p.cw_max = 0x03FF;
3746 break;
3747 case B43_QOS_BACKGROUND:
3748 params->p.txop = 0;
3749 params->p.aifs = 7;
3750 params->p.cw_min = 0x0001;
3751 params->p.cw_max = 0x03FF;
3752 break;
3753 default:
3754 B43_WARN_ON(1);
3755 }
3756 }
3757}
3758
3759/* Initialize the core's QOS capabilities */
3760static void b43_qos_init(struct b43_wldev *dev)
3761{
3762 if (!dev->qos_enabled) {
3763 /* Disable QOS support. */
3764 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_EDCF);
3765 b43_write16(dev, B43_MMIO_IFSCTL,
3766 b43_read16(dev, B43_MMIO_IFSCTL)
3767 & ~B43_MMIO_IFSCTL_USE_EDCF);
3768 b43dbg(dev->wl, "QoS disabled\n");
3769 return;
3770 }
3771
3772 /* Upload the current QOS parameters. */
3773 b43_qos_upload_all(dev);
3774
3775 /* Enable QOS support. */
3776 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3777 b43_write16(dev, B43_MMIO_IFSCTL,
3778 b43_read16(dev, B43_MMIO_IFSCTL)
3779 | B43_MMIO_IFSCTL_USE_EDCF);
3780 b43dbg(dev->wl, "QoS enabled\n");
3781}
3782
3783static int b43_op_conf_tx(struct ieee80211_hw *hw,
3784 struct ieee80211_vif *vif, u16 _queue,
3785 const struct ieee80211_tx_queue_params *params)
3786{
3787 struct b43_wl *wl = hw_to_b43_wl(hw);
3788 struct b43_wldev *dev;
3789 unsigned int queue = (unsigned int)_queue;
3790 int err = -ENODEV;
3791
3792 if (queue >= ARRAY_SIZE(wl->qos_params)) {
3793 /* Queue not available or don't support setting
3794 * params on this queue. Return success to not
3795 * confuse mac80211. */
3796 return 0;
3797 }
3798 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3799 ARRAY_SIZE(wl->qos_params));
3800
3801 mutex_lock(&wl->mutex);
3802 dev = wl->current_dev;
3803 if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3804 goto out_unlock;
3805
3806 memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3807 b43_mac_suspend(dev);
3808 b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3809 b43_qos_shm_offsets[queue]);
3810 b43_mac_enable(dev);
3811 err = 0;
3812
3813out_unlock:
3814 mutex_unlock(&wl->mutex);
3815
3816 return err;
3817}
3818
3819static int b43_op_get_stats(struct ieee80211_hw *hw,
3820 struct ieee80211_low_level_stats *stats)
3821{
3822 struct b43_wl *wl = hw_to_b43_wl(hw);
3823
3824 mutex_lock(&wl->mutex);
3825 memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3826 mutex_unlock(&wl->mutex);
3827
3828 return 0;
3829}
3830
3831static u64 b43_op_get_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
3832{
3833 struct b43_wl *wl = hw_to_b43_wl(hw);
3834 struct b43_wldev *dev;
3835 u64 tsf;
3836
3837 mutex_lock(&wl->mutex);
3838 dev = wl->current_dev;
3839
3840 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3841 b43_tsf_read(dev, &tsf);
3842 else
3843 tsf = 0;
3844
3845 mutex_unlock(&wl->mutex);
3846
3847 return tsf;
3848}
3849
3850static void b43_op_set_tsf(struct ieee80211_hw *hw,
3851 struct ieee80211_vif *vif, u64 tsf)
3852{
3853 struct b43_wl *wl = hw_to_b43_wl(hw);
3854 struct b43_wldev *dev;
3855
3856 mutex_lock(&wl->mutex);
3857 dev = wl->current_dev;
3858
3859 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3860 b43_tsf_write(dev, tsf);
3861
3862 mutex_unlock(&wl->mutex);
3863}
3864
3865static const char *band_to_string(enum nl80211_band band)
3866{
3867 switch (band) {
3868 case NL80211_BAND_5GHZ:
3869 return "5";
3870 case NL80211_BAND_2GHZ:
3871 return "2.4";
3872 default:
3873 break;
3874 }
3875 B43_WARN_ON(1);
3876 return "";
3877}
3878
3879/* Expects wl->mutex locked */
3880static int b43_switch_band(struct b43_wldev *dev,
3881 struct ieee80211_channel *chan)
3882{
3883 struct b43_phy *phy = &dev->phy;
3884 bool gmode;
3885 u32 tmp;
3886
3887 switch (chan->band) {
3888 case NL80211_BAND_5GHZ:
3889 gmode = false;
3890 break;
3891 case NL80211_BAND_2GHZ:
3892 gmode = true;
3893 break;
3894 default:
3895 B43_WARN_ON(1);
3896 return -EINVAL;
3897 }
3898
3899 if (!((gmode && phy->supports_2ghz) ||
3900 (!gmode && phy->supports_5ghz))) {
3901 b43err(dev->wl, "This device doesn't support %s-GHz band\n",
3902 band_to_string(chan->band));
3903 return -ENODEV;
3904 }
3905
3906 if (!!phy->gmode == !!gmode) {
3907 /* This device is already running. */
3908 return 0;
3909 }
3910
3911 b43dbg(dev->wl, "Switching to %s GHz band\n",
3912 band_to_string(chan->band));
3913
3914 /* Some new devices don't need disabling radio for band switching */
3915 if (!(phy->type == B43_PHYTYPE_N && phy->rev >= 3))
3916 b43_software_rfkill(dev, true);
3917
3918 phy->gmode = gmode;
3919 b43_phy_put_into_reset(dev);
3920 switch (dev->dev->bus_type) {
3921#ifdef CONFIG_B43_BCMA
3922 case B43_BUS_BCMA:
3923 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
3924 if (gmode)
3925 tmp |= B43_BCMA_IOCTL_GMODE;
3926 else
3927 tmp &= ~B43_BCMA_IOCTL_GMODE;
3928 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
3929 break;
3930#endif
3931#ifdef CONFIG_B43_SSB
3932 case B43_BUS_SSB:
3933 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3934 if (gmode)
3935 tmp |= B43_TMSLOW_GMODE;
3936 else
3937 tmp &= ~B43_TMSLOW_GMODE;
3938 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3939 break;
3940#endif
3941 }
3942 b43_phy_take_out_of_reset(dev);
3943
3944 b43_upload_initvals_band(dev);
3945
3946 b43_phy_init(dev);
3947
3948 return 0;
3949}
3950
3951static void b43_set_beacon_listen_interval(struct b43_wldev *dev, u16 interval)
3952{
3953 interval = min_t(u16, interval, (u16)0xFF);
3954 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BCN_LI, interval);
3955}
3956
3957/* Write the short and long frame retry limit values. */
3958static void b43_set_retry_limits(struct b43_wldev *dev,
3959 unsigned int short_retry,
3960 unsigned int long_retry)
3961{
3962 /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3963 * the chip-internal counter. */
3964 short_retry = min(short_retry, (unsigned int)0xF);
3965 long_retry = min(long_retry, (unsigned int)0xF);
3966
3967 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3968 short_retry);
3969 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3970 long_retry);
3971}
3972
3973static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3974{
3975 struct b43_wl *wl = hw_to_b43_wl(hw);
3976 struct b43_wldev *dev = wl->current_dev;
3977 struct b43_phy *phy = &dev->phy;
3978 struct ieee80211_conf *conf = &hw->conf;
3979 int antenna;
3980 int err = 0;
3981
3982 mutex_lock(&wl->mutex);
3983 b43_mac_suspend(dev);
3984
3985 if (changed & IEEE80211_CONF_CHANGE_LISTEN_INTERVAL)
3986 b43_set_beacon_listen_interval(dev, conf->listen_interval);
3987
3988 if (changed & IEEE80211_CONF_CHANGE_CHANNEL) {
3989 phy->chandef = &conf->chandef;
3990 phy->channel = conf->chandef.chan->hw_value;
3991
3992 /* Switch the band (if necessary). */
3993 err = b43_switch_band(dev, conf->chandef.chan);
3994 if (err)
3995 goto out_mac_enable;
3996
3997 /* Switch to the requested channel.
3998 * The firmware takes care of races with the TX handler.
3999 */
4000 b43_switch_channel(dev, phy->channel);
4001 }
4002
4003 if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
4004 b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
4005 conf->long_frame_max_tx_count);
4006 changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
4007 if (!changed)
4008 goto out_mac_enable;
4009
4010 dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_MONITOR);
4011
4012 /* Adjust the desired TX power level. */
4013 if (conf->power_level != 0) {
4014 if (conf->power_level != phy->desired_txpower) {
4015 phy->desired_txpower = conf->power_level;
4016 b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
4017 B43_TXPWR_IGNORE_TSSI);
4018 }
4019 }
4020
4021 /* Antennas for RX and management frame TX. */
4022 antenna = B43_ANTENNA_DEFAULT;
4023 b43_mgmtframe_txantenna(dev, antenna);
4024 antenna = B43_ANTENNA_DEFAULT;
4025 if (phy->ops->set_rx_antenna)
4026 phy->ops->set_rx_antenna(dev, antenna);
4027
4028 if (wl->radio_enabled != phy->radio_on) {
4029 if (wl->radio_enabled) {
4030 b43_software_rfkill(dev, false);
4031 b43info(dev->wl, "Radio turned on by software\n");
4032 if (!dev->radio_hw_enable) {
4033 b43info(dev->wl, "The hardware RF-kill button "
4034 "still turns the radio physically off. "
4035 "Press the button to turn it on.\n");
4036 }
4037 } else {
4038 b43_software_rfkill(dev, true);
4039 b43info(dev->wl, "Radio turned off by software\n");
4040 }
4041 }
4042
4043out_mac_enable:
4044 b43_mac_enable(dev);
4045 mutex_unlock(&wl->mutex);
4046
4047 return err;
4048}
4049
4050static void b43_update_basic_rates(struct b43_wldev *dev, u32 brates)
4051{
4052 struct ieee80211_supported_band *sband =
4053 dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
4054 struct ieee80211_rate *rate;
4055 int i;
4056 u16 basic, direct, offset, basic_offset, rateptr;
4057
4058 for (i = 0; i < sband->n_bitrates; i++) {
4059 rate = &sband->bitrates[i];
4060
4061 if (b43_is_cck_rate(rate->hw_value)) {
4062 direct = B43_SHM_SH_CCKDIRECT;
4063 basic = B43_SHM_SH_CCKBASIC;
4064 offset = b43_plcp_get_ratecode_cck(rate->hw_value);
4065 offset &= 0xF;
4066 } else {
4067 direct = B43_SHM_SH_OFDMDIRECT;
4068 basic = B43_SHM_SH_OFDMBASIC;
4069 offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
4070 offset &= 0xF;
4071 }
4072
4073 rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
4074
4075 if (b43_is_cck_rate(rate->hw_value)) {
4076 basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
4077 basic_offset &= 0xF;
4078 } else {
4079 basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
4080 basic_offset &= 0xF;
4081 }
4082
4083 /*
4084 * Get the pointer that we need to point to
4085 * from the direct map
4086 */
4087 rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
4088 direct + 2 * basic_offset);
4089 /* and write it to the basic map */
4090 b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
4091 rateptr);
4092 }
4093}
4094
4095static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
4096 struct ieee80211_vif *vif,
4097 struct ieee80211_bss_conf *conf,
4098 u32 changed)
4099{
4100 struct b43_wl *wl = hw_to_b43_wl(hw);
4101 struct b43_wldev *dev;
4102
4103 mutex_lock(&wl->mutex);
4104
4105 dev = wl->current_dev;
4106 if (!dev || b43_status(dev) < B43_STAT_STARTED)
4107 goto out_unlock_mutex;
4108
4109 B43_WARN_ON(wl->vif != vif);
4110
4111 if (changed & BSS_CHANGED_BSSID) {
4112 if (conf->bssid)
4113 memcpy(wl->bssid, conf->bssid, ETH_ALEN);
4114 else
4115 eth_zero_addr(wl->bssid);
4116 }
4117
4118 if (b43_status(dev) >= B43_STAT_INITIALIZED) {
4119 if (changed & BSS_CHANGED_BEACON &&
4120 (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
4121 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
4122 b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
4123 b43_update_templates(wl);
4124
4125 if (changed & BSS_CHANGED_BSSID)
4126 b43_write_mac_bssid_templates(dev);
4127 }
4128
4129 b43_mac_suspend(dev);
4130
4131 /* Update templates for AP/mesh mode. */
4132 if (changed & BSS_CHANGED_BEACON_INT &&
4133 (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
4134 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
4135 b43_is_mode(wl, NL80211_IFTYPE_ADHOC)) &&
4136 conf->beacon_int)
4137 b43_set_beacon_int(dev, conf->beacon_int);
4138
4139 if (changed & BSS_CHANGED_BASIC_RATES)
4140 b43_update_basic_rates(dev, conf->basic_rates);
4141
4142 if (changed & BSS_CHANGED_ERP_SLOT) {
4143 if (conf->use_short_slot)
4144 b43_short_slot_timing_enable(dev);
4145 else
4146 b43_short_slot_timing_disable(dev);
4147 }
4148
4149 b43_mac_enable(dev);
4150out_unlock_mutex:
4151 mutex_unlock(&wl->mutex);
4152}
4153
4154static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
4155 struct ieee80211_vif *vif, struct ieee80211_sta *sta,
4156 struct ieee80211_key_conf *key)
4157{
4158 struct b43_wl *wl = hw_to_b43_wl(hw);
4159 struct b43_wldev *dev;
4160 u8 algorithm;
4161 u8 index;
4162 int err;
4163 static const u8 bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
4164
4165 if (modparam_nohwcrypt)
4166 return -ENOSPC; /* User disabled HW-crypto */
4167
4168 if ((vif->type == NL80211_IFTYPE_ADHOC ||
4169 vif->type == NL80211_IFTYPE_MESH_POINT) &&
4170 (key->cipher == WLAN_CIPHER_SUITE_TKIP ||
4171 key->cipher == WLAN_CIPHER_SUITE_CCMP) &&
4172 !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
4173 /*
4174 * For now, disable hw crypto for the RSN IBSS group keys. This
4175 * could be optimized in the future, but until that gets
4176 * implemented, use of software crypto for group addressed
4177 * frames is a acceptable to allow RSN IBSS to be used.
4178 */
4179 return -EOPNOTSUPP;
4180 }
4181
4182 mutex_lock(&wl->mutex);
4183
4184 dev = wl->current_dev;
4185 err = -ENODEV;
4186 if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
4187 goto out_unlock;
4188
4189 if (dev->fw.pcm_request_failed || !dev->hwcrypto_enabled) {
4190 /* We don't have firmware for the crypto engine.
4191 * Must use software-crypto. */
4192 err = -EOPNOTSUPP;
4193 goto out_unlock;
4194 }
4195
4196 err = -EINVAL;
4197 switch (key->cipher) {
4198 case WLAN_CIPHER_SUITE_WEP40:
4199 algorithm = B43_SEC_ALGO_WEP40;
4200 break;
4201 case WLAN_CIPHER_SUITE_WEP104:
4202 algorithm = B43_SEC_ALGO_WEP104;
4203 break;
4204 case WLAN_CIPHER_SUITE_TKIP:
4205 algorithm = B43_SEC_ALGO_TKIP;
4206 break;
4207 case WLAN_CIPHER_SUITE_CCMP:
4208 algorithm = B43_SEC_ALGO_AES;
4209 break;
4210 default:
4211 B43_WARN_ON(1);
4212 goto out_unlock;
4213 }
4214 index = (u8) (key->keyidx);
4215 if (index > 3)
4216 goto out_unlock;
4217
4218 switch (cmd) {
4219 case SET_KEY:
4220 if (algorithm == B43_SEC_ALGO_TKIP &&
4221 (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE) ||
4222 !modparam_hwtkip)) {
4223 /* We support only pairwise key */
4224 err = -EOPNOTSUPP;
4225 goto out_unlock;
4226 }
4227
4228 if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
4229 if (WARN_ON(!sta)) {
4230 err = -EOPNOTSUPP;
4231 goto out_unlock;
4232 }
4233 /* Pairwise key with an assigned MAC address. */
4234 err = b43_key_write(dev, -1, algorithm,
4235 key->key, key->keylen,
4236 sta->addr, key);
4237 } else {
4238 /* Group key */
4239 err = b43_key_write(dev, index, algorithm,
4240 key->key, key->keylen, NULL, key);
4241 }
4242 if (err)
4243 goto out_unlock;
4244
4245 if (algorithm == B43_SEC_ALGO_WEP40 ||
4246 algorithm == B43_SEC_ALGO_WEP104) {
4247 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
4248 } else {
4249 b43_hf_write(dev,
4250 b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
4251 }
4252 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
4253 if (algorithm == B43_SEC_ALGO_TKIP)
4254 key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
4255 break;
4256 case DISABLE_KEY: {
4257 err = b43_key_clear(dev, key->hw_key_idx);
4258 if (err)
4259 goto out_unlock;
4260 break;
4261 }
4262 default:
4263 B43_WARN_ON(1);
4264 }
4265
4266out_unlock:
4267 if (!err) {
4268 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
4269 "mac: %pM\n",
4270 cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
4271 sta ? sta->addr : bcast_addr);
4272 b43_dump_keymemory(dev);
4273 }
4274 mutex_unlock(&wl->mutex);
4275
4276 return err;
4277}
4278
4279static void b43_op_configure_filter(struct ieee80211_hw *hw,
4280 unsigned int changed, unsigned int *fflags,
4281 u64 multicast)
4282{
4283 struct b43_wl *wl = hw_to_b43_wl(hw);
4284 struct b43_wldev *dev;
4285
4286 mutex_lock(&wl->mutex);
4287 dev = wl->current_dev;
4288 if (!dev) {
4289 *fflags = 0;
4290 goto out_unlock;
4291 }
4292
4293 *fflags &= FIF_ALLMULTI |
4294 FIF_FCSFAIL |
4295 FIF_PLCPFAIL |
4296 FIF_CONTROL |
4297 FIF_OTHER_BSS |
4298 FIF_BCN_PRBRESP_PROMISC;
4299
4300 changed &= FIF_ALLMULTI |
4301 FIF_FCSFAIL |
4302 FIF_PLCPFAIL |
4303 FIF_CONTROL |
4304 FIF_OTHER_BSS |
4305 FIF_BCN_PRBRESP_PROMISC;
4306
4307 wl->filter_flags = *fflags;
4308
4309 if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
4310 b43_adjust_opmode(dev);
4311
4312out_unlock:
4313 mutex_unlock(&wl->mutex);
4314}
4315
4316/* Locking: wl->mutex
4317 * Returns the current dev. This might be different from the passed in dev,
4318 * because the core might be gone away while we unlocked the mutex. */
4319static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev)
4320{
4321 struct b43_wl *wl;
4322 struct b43_wldev *orig_dev;
4323 u32 mask;
4324 int queue_num;
4325
4326 if (!dev)
4327 return NULL;
4328 wl = dev->wl;
4329redo:
4330 if (!dev || b43_status(dev) < B43_STAT_STARTED)
4331 return dev;
4332
4333 /* Cancel work. Unlock to avoid deadlocks. */
4334 mutex_unlock(&wl->mutex);
4335 cancel_delayed_work_sync(&dev->periodic_work);
4336 cancel_work_sync(&wl->tx_work);
4337 b43_leds_stop(dev);
4338 mutex_lock(&wl->mutex);
4339 dev = wl->current_dev;
4340 if (!dev || b43_status(dev) < B43_STAT_STARTED) {
4341 /* Whoops, aliens ate up the device while we were unlocked. */
4342 return dev;
4343 }
4344
4345 /* Disable interrupts on the device. */
4346 b43_set_status(dev, B43_STAT_INITIALIZED);
4347 if (b43_bus_host_is_sdio(dev->dev)) {
4348 /* wl->mutex is locked. That is enough. */
4349 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4350 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4351 } else {
4352 spin_lock_irq(&wl->hardirq_lock);
4353 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4354 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4355 spin_unlock_irq(&wl->hardirq_lock);
4356 }
4357 /* Synchronize and free the interrupt handlers. Unlock to avoid deadlocks. */
4358 orig_dev = dev;
4359 mutex_unlock(&wl->mutex);
4360 if (b43_bus_host_is_sdio(dev->dev))
4361 b43_sdio_free_irq(dev);
4362 else
4363 free_irq(dev->dev->irq, dev);
4364 mutex_lock(&wl->mutex);
4365 dev = wl->current_dev;
4366 if (!dev)
4367 return dev;
4368 if (dev != orig_dev) {
4369 if (b43_status(dev) >= B43_STAT_STARTED)
4370 goto redo;
4371 return dev;
4372 }
4373 mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
4374 B43_WARN_ON(mask != 0xFFFFFFFF && mask);
4375
4376 /* Drain all TX queues. */
4377 for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
4378 while (skb_queue_len(&wl->tx_queue[queue_num])) {
4379 struct sk_buff *skb;
4380
4381 skb = skb_dequeue(&wl->tx_queue[queue_num]);
4382 ieee80211_free_txskb(wl->hw, skb);
4383 }
4384 }
4385
4386 b43_mac_suspend(dev);
4387 b43_leds_exit(dev);
4388 b43dbg(wl, "Wireless interface stopped\n");
4389
4390 return dev;
4391}
4392
4393/* Locking: wl->mutex */
4394static int b43_wireless_core_start(struct b43_wldev *dev)
4395{
4396 int err;
4397
4398 B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
4399
4400 drain_txstatus_queue(dev);
4401 if (b43_bus_host_is_sdio(dev->dev)) {
4402 err = b43_sdio_request_irq(dev, b43_sdio_interrupt_handler);
4403 if (err) {
4404 b43err(dev->wl, "Cannot request SDIO IRQ\n");
4405 goto out;
4406 }
4407 } else {
4408 err = request_threaded_irq(dev->dev->irq, b43_interrupt_handler,
4409 b43_interrupt_thread_handler,
4410 IRQF_SHARED, KBUILD_MODNAME, dev);
4411 if (err) {
4412 b43err(dev->wl, "Cannot request IRQ-%d\n",
4413 dev->dev->irq);
4414 goto out;
4415 }
4416 }
4417
4418 /* We are ready to run. */
4419 ieee80211_wake_queues(dev->wl->hw);
4420 b43_set_status(dev, B43_STAT_STARTED);
4421
4422 /* Start data flow (TX/RX). */
4423 b43_mac_enable(dev);
4424 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
4425
4426 /* Start maintenance work */
4427 b43_periodic_tasks_setup(dev);
4428
4429 b43_leds_init(dev);
4430
4431 b43dbg(dev->wl, "Wireless interface started\n");
4432out:
4433 return err;
4434}
4435
4436static char *b43_phy_name(struct b43_wldev *dev, u8 phy_type)
4437{
4438 switch (phy_type) {
4439 case B43_PHYTYPE_A:
4440 return "A";
4441 case B43_PHYTYPE_B:
4442 return "B";
4443 case B43_PHYTYPE_G:
4444 return "G";
4445 case B43_PHYTYPE_N:
4446 return "N";
4447 case B43_PHYTYPE_LP:
4448 return "LP";
4449 case B43_PHYTYPE_SSLPN:
4450 return "SSLPN";
4451 case B43_PHYTYPE_HT:
4452 return "HT";
4453 case B43_PHYTYPE_LCN:
4454 return "LCN";
4455 case B43_PHYTYPE_LCNXN:
4456 return "LCNXN";
4457 case B43_PHYTYPE_LCN40:
4458 return "LCN40";
4459 case B43_PHYTYPE_AC:
4460 return "AC";
4461 }
4462 return "UNKNOWN";
4463}
4464
4465/* Get PHY and RADIO versioning numbers */
4466static int b43_phy_versioning(struct b43_wldev *dev)
4467{
4468 struct b43_phy *phy = &dev->phy;
4469 const u8 core_rev = dev->dev->core_rev;
4470 u32 tmp;
4471 u8 analog_type;
4472 u8 phy_type;
4473 u8 phy_rev;
4474 u16 radio_manuf;
4475 u16 radio_id;
4476 u16 radio_rev;
4477 u8 radio_ver;
4478 int unsupported = 0;
4479
4480 /* Get PHY versioning */
4481 tmp = b43_read16(dev, B43_MMIO_PHY_VER);
4482 analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
4483 phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
4484 phy_rev = (tmp & B43_PHYVER_VERSION);
4485
4486 /* LCNXN is continuation of N which run out of revisions */
4487 if (phy_type == B43_PHYTYPE_LCNXN) {
4488 phy_type = B43_PHYTYPE_N;
4489 phy_rev += 16;
4490 }
4491
4492 switch (phy_type) {
4493#ifdef CONFIG_B43_PHY_G
4494 case B43_PHYTYPE_G:
4495 if (phy_rev > 9)
4496 unsupported = 1;
4497 break;
4498#endif
4499#ifdef CONFIG_B43_PHY_N
4500 case B43_PHYTYPE_N:
4501 if (phy_rev >= 19)
4502 unsupported = 1;
4503 break;
4504#endif
4505#ifdef CONFIG_B43_PHY_LP
4506 case B43_PHYTYPE_LP:
4507 if (phy_rev > 2)
4508 unsupported = 1;
4509 break;
4510#endif
4511#ifdef CONFIG_B43_PHY_HT
4512 case B43_PHYTYPE_HT:
4513 if (phy_rev > 1)
4514 unsupported = 1;
4515 break;
4516#endif
4517#ifdef CONFIG_B43_PHY_LCN
4518 case B43_PHYTYPE_LCN:
4519 if (phy_rev > 1)
4520 unsupported = 1;
4521 break;
4522#endif
4523#ifdef CONFIG_B43_PHY_AC
4524 case B43_PHYTYPE_AC:
4525 if (phy_rev > 1)
4526 unsupported = 1;
4527 break;
4528#endif
4529 default:
4530 unsupported = 1;
4531 }
4532 if (unsupported) {
4533 b43err(dev->wl, "FOUND UNSUPPORTED PHY (Analog %u, Type %d (%s), Revision %u)\n",
4534 analog_type, phy_type, b43_phy_name(dev, phy_type),
4535 phy_rev);
4536 return -EOPNOTSUPP;
4537 }
4538 b43info(dev->wl, "Found PHY: Analog %u, Type %d (%s), Revision %u\n",
4539 analog_type, phy_type, b43_phy_name(dev, phy_type), phy_rev);
4540
4541 /* Get RADIO versioning */
4542 if (core_rev == 40 || core_rev == 42) {
4543 radio_manuf = 0x17F;
4544
4545 b43_write16f(dev, B43_MMIO_RADIO24_CONTROL, 0);
4546 radio_rev = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4547
4548 b43_write16f(dev, B43_MMIO_RADIO24_CONTROL, 1);
4549 radio_id = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4550
4551 radio_ver = 0; /* Is there version somewhere? */
4552 } else if (core_rev >= 24) {
4553 u16 radio24[3];
4554
4555 for (tmp = 0; tmp < 3; tmp++) {
4556 b43_write16f(dev, B43_MMIO_RADIO24_CONTROL, tmp);
4557 radio24[tmp] = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4558 }
4559
4560 radio_manuf = 0x17F;
4561 radio_id = (radio24[2] << 8) | radio24[1];
4562 radio_rev = (radio24[0] & 0xF);
4563 radio_ver = (radio24[0] & 0xF0) >> 4;
4564 } else {
4565 if (dev->dev->chip_id == 0x4317) {
4566 if (dev->dev->chip_rev == 0)
4567 tmp = 0x3205017F;
4568 else if (dev->dev->chip_rev == 1)
4569 tmp = 0x4205017F;
4570 else
4571 tmp = 0x5205017F;
4572 } else {
4573 b43_write16f(dev, B43_MMIO_RADIO_CONTROL,
4574 B43_RADIOCTL_ID);
4575 tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
4576 b43_write16f(dev, B43_MMIO_RADIO_CONTROL,
4577 B43_RADIOCTL_ID);
4578 tmp |= b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH) << 16;
4579 }
4580 radio_manuf = (tmp & 0x00000FFF);
4581 radio_id = (tmp & 0x0FFFF000) >> 12;
4582 radio_rev = (tmp & 0xF0000000) >> 28;
4583 radio_ver = 0; /* Probably not available on old hw */
4584 }
4585
4586 if (radio_manuf != 0x17F /* Broadcom */)
4587 unsupported = 1;
4588 switch (phy_type) {
4589 case B43_PHYTYPE_B:
4590 if ((radio_id & 0xFFF0) != 0x2050)
4591 unsupported = 1;
4592 break;
4593 case B43_PHYTYPE_G:
4594 if (radio_id != 0x2050)
4595 unsupported = 1;
4596 break;
4597 case B43_PHYTYPE_N:
4598 if (radio_id != 0x2055 && radio_id != 0x2056 &&
4599 radio_id != 0x2057)
4600 unsupported = 1;
4601 if (radio_id == 0x2057 &&
4602 !(radio_rev == 9 || radio_rev == 14))
4603 unsupported = 1;
4604 break;
4605 case B43_PHYTYPE_LP:
4606 if (radio_id != 0x2062 && radio_id != 0x2063)
4607 unsupported = 1;
4608 break;
4609 case B43_PHYTYPE_HT:
4610 if (radio_id != 0x2059)
4611 unsupported = 1;
4612 break;
4613 case B43_PHYTYPE_LCN:
4614 if (radio_id != 0x2064)
4615 unsupported = 1;
4616 break;
4617 case B43_PHYTYPE_AC:
4618 if (radio_id != 0x2069)
4619 unsupported = 1;
4620 break;
4621 default:
4622 B43_WARN_ON(1);
4623 }
4624 if (unsupported) {
4625 b43err(dev->wl,
4626 "FOUND UNSUPPORTED RADIO (Manuf 0x%X, ID 0x%X, Revision %u, Version %u)\n",
4627 radio_manuf, radio_id, radio_rev, radio_ver);
4628 return -EOPNOTSUPP;
4629 }
4630 b43info(dev->wl,
4631 "Found Radio: Manuf 0x%X, ID 0x%X, Revision %u, Version %u\n",
4632 radio_manuf, radio_id, radio_rev, radio_ver);
4633
4634 /* FIXME: b43 treats "id" as "ver" and ignores the real "ver" */
4635 phy->radio_manuf = radio_manuf;
4636 phy->radio_ver = radio_id;
4637 phy->radio_rev = radio_rev;
4638
4639 phy->analog = analog_type;
4640 phy->type = phy_type;
4641 phy->rev = phy_rev;
4642
4643 return 0;
4644}
4645
4646static void setup_struct_phy_for_init(struct b43_wldev *dev,
4647 struct b43_phy *phy)
4648{
4649 phy->hardware_power_control = !!modparam_hwpctl;
4650 phy->next_txpwr_check_time = jiffies;
4651 /* PHY TX errors counter. */
4652 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
4653
4654#if B43_DEBUG
4655 phy->phy_locked = false;
4656 phy->radio_locked = false;
4657#endif
4658}
4659
4660static void setup_struct_wldev_for_init(struct b43_wldev *dev)
4661{
4662 dev->dfq_valid = false;
4663
4664 /* Assume the radio is enabled. If it's not enabled, the state will
4665 * immediately get fixed on the first periodic work run. */
4666 dev->radio_hw_enable = true;
4667
4668 /* Stats */
4669 memset(&dev->stats, 0, sizeof(dev->stats));
4670
4671 setup_struct_phy_for_init(dev, &dev->phy);
4672
4673 /* IRQ related flags */
4674 dev->irq_reason = 0;
4675 memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
4676 dev->irq_mask = B43_IRQ_MASKTEMPLATE;
4677 if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
4678 dev->irq_mask &= ~B43_IRQ_PHY_TXERR;
4679
4680 dev->mac_suspended = 1;
4681
4682 /* Noise calculation context */
4683 memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
4684}
4685
4686static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
4687{
4688 struct ssb_sprom *sprom = dev->dev->bus_sprom;
4689 u64 hf;
4690
4691 if (!modparam_btcoex)
4692 return;
4693 if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
4694 return;
4695 if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
4696 return;
4697
4698 hf = b43_hf_read(dev);
4699 if (sprom->boardflags_lo & B43_BFL_BTCMOD)
4700 hf |= B43_HF_BTCOEXALT;
4701 else
4702 hf |= B43_HF_BTCOEX;
4703 b43_hf_write(dev, hf);
4704}
4705
4706static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
4707{
4708 if (!modparam_btcoex)
4709 return;
4710 //TODO
4711}
4712
4713static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
4714{
4715 struct ssb_bus *bus;
4716 u32 tmp;
4717
4718#ifdef CONFIG_B43_SSB
4719 if (dev->dev->bus_type != B43_BUS_SSB)
4720 return;
4721#else
4722 return;
4723#endif
4724
4725 bus = dev->dev->sdev->bus;
4726
4727 if ((bus->chip_id == 0x4311 && bus->chip_rev == 2) ||
4728 (bus->chip_id == 0x4312)) {
4729 tmp = ssb_read32(dev->dev->sdev, SSB_IMCFGLO);
4730 tmp &= ~SSB_IMCFGLO_REQTO;
4731 tmp &= ~SSB_IMCFGLO_SERTO;
4732 tmp |= 0x3;
4733 ssb_write32(dev->dev->sdev, SSB_IMCFGLO, tmp);
4734 ssb_commit_settings(bus);
4735 }
4736}
4737
4738static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
4739{
4740 u16 pu_delay;
4741
4742 /* The time value is in microseconds. */
4743 pu_delay = 1050;
4744 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
4745 pu_delay = 500;
4746 if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
4747 pu_delay = max(pu_delay, (u16)2400);
4748
4749 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
4750}
4751
4752/* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
4753static void b43_set_pretbtt(struct b43_wldev *dev)
4754{
4755 u16 pretbtt;
4756
4757 /* The time value is in microseconds. */
4758 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
4759 pretbtt = 2;
4760 else
4761 pretbtt = 250;
4762 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
4763 b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
4764}
4765
4766/* Shutdown a wireless core */
4767/* Locking: wl->mutex */
4768static void b43_wireless_core_exit(struct b43_wldev *dev)
4769{
4770 B43_WARN_ON(dev && b43_status(dev) > B43_STAT_INITIALIZED);
4771 if (!dev || b43_status(dev) != B43_STAT_INITIALIZED)
4772 return;
4773
4774 b43_set_status(dev, B43_STAT_UNINIT);
4775
4776 /* Stop the microcode PSM. */
4777 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
4778 B43_MACCTL_PSM_JMP0);
4779
4780 switch (dev->dev->bus_type) {
4781#ifdef CONFIG_B43_BCMA
4782 case B43_BUS_BCMA:
4783 bcma_host_pci_down(dev->dev->bdev->bus);
4784 break;
4785#endif
4786#ifdef CONFIG_B43_SSB
4787 case B43_BUS_SSB:
4788 /* TODO */
4789 break;
4790#endif
4791 }
4792
4793 b43_dma_free(dev);
4794 b43_pio_free(dev);
4795 b43_chip_exit(dev);
4796 dev->phy.ops->switch_analog(dev, 0);
4797 if (dev->wl->current_beacon) {
4798 dev_kfree_skb_any(dev->wl->current_beacon);
4799 dev->wl->current_beacon = NULL;
4800 }
4801
4802 b43_device_disable(dev, 0);
4803 b43_bus_may_powerdown(dev);
4804}
4805
4806/* Initialize a wireless core */
4807static int b43_wireless_core_init(struct b43_wldev *dev)
4808{
4809 struct ssb_sprom *sprom = dev->dev->bus_sprom;
4810 struct b43_phy *phy = &dev->phy;
4811 int err;
4812 u64 hf;
4813
4814 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4815
4816 err = b43_bus_powerup(dev, 0);
4817 if (err)
4818 goto out;
4819 if (!b43_device_is_enabled(dev))
4820 b43_wireless_core_reset(dev, phy->gmode);
4821
4822 /* Reset all data structures. */
4823 setup_struct_wldev_for_init(dev);
4824 phy->ops->prepare_structs(dev);
4825
4826 /* Enable IRQ routing to this device. */
4827 switch (dev->dev->bus_type) {
4828#ifdef CONFIG_B43_BCMA
4829 case B43_BUS_BCMA:
4830 bcma_host_pci_irq_ctl(dev->dev->bdev->bus,
4831 dev->dev->bdev, true);
4832 bcma_host_pci_up(dev->dev->bdev->bus);
4833 break;
4834#endif
4835#ifdef CONFIG_B43_SSB
4836 case B43_BUS_SSB:
4837 ssb_pcicore_dev_irqvecs_enable(&dev->dev->sdev->bus->pcicore,
4838 dev->dev->sdev);
4839 break;
4840#endif
4841 }
4842
4843 b43_imcfglo_timeouts_workaround(dev);
4844 b43_bluetooth_coext_disable(dev);
4845 if (phy->ops->prepare_hardware) {
4846 err = phy->ops->prepare_hardware(dev);
4847 if (err)
4848 goto err_busdown;
4849 }
4850 err = b43_chip_init(dev);
4851 if (err)
4852 goto err_busdown;
4853 b43_shm_write16(dev, B43_SHM_SHARED,
4854 B43_SHM_SH_WLCOREREV, dev->dev->core_rev);
4855 hf = b43_hf_read(dev);
4856 if (phy->type == B43_PHYTYPE_G) {
4857 hf |= B43_HF_SYMW;
4858 if (phy->rev == 1)
4859 hf |= B43_HF_GDCW;
4860 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4861 hf |= B43_HF_OFDMPABOOST;
4862 }
4863 if (phy->radio_ver == 0x2050) {
4864 if (phy->radio_rev == 6)
4865 hf |= B43_HF_4318TSSI;
4866 if (phy->radio_rev < 6)
4867 hf |= B43_HF_VCORECALC;
4868 }
4869 if (sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW)
4870 hf |= B43_HF_DSCRQ; /* Disable slowclock requests from ucode. */
4871#if defined(CONFIG_B43_SSB) && defined(CONFIG_SSB_DRIVER_PCICORE)
4872 if (dev->dev->bus_type == B43_BUS_SSB &&
4873 dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI &&
4874 dev->dev->sdev->bus->pcicore.dev->id.revision <= 10)
4875 hf |= B43_HF_PCISCW; /* PCI slow clock workaround. */
4876#endif
4877 hf &= ~B43_HF_SKCFPUP;
4878 b43_hf_write(dev, hf);
4879
4880 /* tell the ucode MAC capabilities */
4881 if (dev->dev->core_rev >= 13) {
4882 u32 mac_hw_cap = b43_read32(dev, B43_MMIO_MAC_HW_CAP);
4883
4884 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_MACHW_L,
4885 mac_hw_cap & 0xffff);
4886 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_MACHW_H,
4887 (mac_hw_cap >> 16) & 0xffff);
4888 }
4889
4890 b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4891 B43_DEFAULT_LONG_RETRY_LIMIT);
4892 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4893 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4894
4895 /* Disable sending probe responses from firmware.
4896 * Setting the MaxTime to one usec will always trigger
4897 * a timeout, so we never send any probe resp.
4898 * A timeout of zero is infinite. */
4899 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4900
4901 b43_rate_memory_init(dev);
4902 b43_set_phytxctl_defaults(dev);
4903
4904 /* Minimum Contention Window */
4905 if (phy->type == B43_PHYTYPE_B)
4906 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4907 else
4908 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4909 /* Maximum Contention Window */
4910 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4911
4912 /* write phytype and phyvers */
4913 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PHYTYPE, phy->type);
4914 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PHYVER, phy->rev);
4915
4916 if (b43_bus_host_is_pcmcia(dev->dev) ||
4917 b43_bus_host_is_sdio(dev->dev)) {
4918 dev->__using_pio_transfers = true;
4919 err = b43_pio_init(dev);
4920 } else if (dev->use_pio) {
4921 b43warn(dev->wl, "Forced PIO by use_pio module parameter. "
4922 "This should not be needed and will result in lower "
4923 "performance.\n");
4924 dev->__using_pio_transfers = true;
4925 err = b43_pio_init(dev);
4926 } else {
4927 dev->__using_pio_transfers = false;
4928 err = b43_dma_init(dev);
4929 }
4930 if (err)
4931 goto err_chip_exit;
4932 b43_qos_init(dev);
4933 b43_set_synth_pu_delay(dev, 1);
4934 b43_bluetooth_coext_enable(dev);
4935
4936 b43_bus_powerup(dev, !(sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW));
4937 b43_upload_card_macaddress(dev);
4938 b43_security_init(dev);
4939
4940 ieee80211_wake_queues(dev->wl->hw);
4941
4942 b43_set_status(dev, B43_STAT_INITIALIZED);
4943
4944out:
4945 return err;
4946
4947err_chip_exit:
4948 b43_chip_exit(dev);
4949err_busdown:
4950 b43_bus_may_powerdown(dev);
4951 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4952 return err;
4953}
4954
4955static int b43_op_add_interface(struct ieee80211_hw *hw,
4956 struct ieee80211_vif *vif)
4957{
4958 struct b43_wl *wl = hw_to_b43_wl(hw);
4959 struct b43_wldev *dev;
4960 int err = -EOPNOTSUPP;
4961
4962 /* TODO: allow WDS/AP devices to coexist */
4963
4964 if (vif->type != NL80211_IFTYPE_AP &&
4965 vif->type != NL80211_IFTYPE_MESH_POINT &&
4966 vif->type != NL80211_IFTYPE_STATION &&
4967 vif->type != NL80211_IFTYPE_WDS &&
4968 vif->type != NL80211_IFTYPE_ADHOC)
4969 return -EOPNOTSUPP;
4970
4971 mutex_lock(&wl->mutex);
4972 if (wl->operating)
4973 goto out_mutex_unlock;
4974
4975 b43dbg(wl, "Adding Interface type %d\n", vif->type);
4976
4977 dev = wl->current_dev;
4978 wl->operating = true;
4979 wl->vif = vif;
4980 wl->if_type = vif->type;
4981 memcpy(wl->mac_addr, vif->addr, ETH_ALEN);
4982
4983 b43_adjust_opmode(dev);
4984 b43_set_pretbtt(dev);
4985 b43_set_synth_pu_delay(dev, 0);
4986 b43_upload_card_macaddress(dev);
4987
4988 err = 0;
4989 out_mutex_unlock:
4990 mutex_unlock(&wl->mutex);
4991
4992 if (err == 0)
4993 b43_op_bss_info_changed(hw, vif, &vif->bss_conf, ~0);
4994
4995 return err;
4996}
4997
4998static void b43_op_remove_interface(struct ieee80211_hw *hw,
4999 struct ieee80211_vif *vif)
5000{
5001 struct b43_wl *wl = hw_to_b43_wl(hw);
5002 struct b43_wldev *dev = wl->current_dev;
5003
5004 b43dbg(wl, "Removing Interface type %d\n", vif->type);
5005
5006 mutex_lock(&wl->mutex);
5007
5008 B43_WARN_ON(!wl->operating);
5009 B43_WARN_ON(wl->vif != vif);
5010 wl->vif = NULL;
5011
5012 wl->operating = false;
5013
5014 b43_adjust_opmode(dev);
5015 eth_zero_addr(wl->mac_addr);
5016 b43_upload_card_macaddress(dev);
5017
5018 mutex_unlock(&wl->mutex);
5019}
5020
5021static int b43_op_start(struct ieee80211_hw *hw)
5022{
5023 struct b43_wl *wl = hw_to_b43_wl(hw);
5024 struct b43_wldev *dev = wl->current_dev;
5025 int did_init = 0;
5026 int err = 0;
5027
5028 /* Kill all old instance specific information to make sure
5029 * the card won't use it in the short timeframe between start
5030 * and mac80211 reconfiguring it. */
5031 eth_zero_addr(wl->bssid);
5032 eth_zero_addr(wl->mac_addr);
5033 wl->filter_flags = 0;
5034 wl->radiotap_enabled = false;
5035 b43_qos_clear(wl);
5036 wl->beacon0_uploaded = false;
5037 wl->beacon1_uploaded = false;
5038 wl->beacon_templates_virgin = true;
5039 wl->radio_enabled = true;
5040
5041 mutex_lock(&wl->mutex);
5042
5043 if (b43_status(dev) < B43_STAT_INITIALIZED) {
5044 err = b43_wireless_core_init(dev);
5045 if (err)
5046 goto out_mutex_unlock;
5047 did_init = 1;
5048 }
5049
5050 if (b43_status(dev) < B43_STAT_STARTED) {
5051 err = b43_wireless_core_start(dev);
5052 if (err) {
5053 if (did_init)
5054 b43_wireless_core_exit(dev);
5055 goto out_mutex_unlock;
5056 }
5057 }
5058
5059 /* XXX: only do if device doesn't support rfkill irq */
5060 wiphy_rfkill_start_polling(hw->wiphy);
5061
5062 out_mutex_unlock:
5063 mutex_unlock(&wl->mutex);
5064
5065 /*
5066 * Configuration may have been overwritten during initialization.
5067 * Reload the configuration, but only if initialization was
5068 * successful. Reloading the configuration after a failed init
5069 * may hang the system.
5070 */
5071 if (!err)
5072 b43_op_config(hw, ~0);
5073
5074 return err;
5075}
5076
5077static void b43_op_stop(struct ieee80211_hw *hw)
5078{
5079 struct b43_wl *wl = hw_to_b43_wl(hw);
5080 struct b43_wldev *dev = wl->current_dev;
5081
5082 cancel_work_sync(&(wl->beacon_update_trigger));
5083
5084 if (!dev)
5085 goto out;
5086
5087 mutex_lock(&wl->mutex);
5088 if (b43_status(dev) >= B43_STAT_STARTED) {
5089 dev = b43_wireless_core_stop(dev);
5090 if (!dev)
5091 goto out_unlock;
5092 }
5093 b43_wireless_core_exit(dev);
5094 wl->radio_enabled = false;
5095
5096out_unlock:
5097 mutex_unlock(&wl->mutex);
5098out:
5099 cancel_work_sync(&(wl->txpower_adjust_work));
5100}
5101
5102static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
5103 struct ieee80211_sta *sta, bool set)
5104{
5105 struct b43_wl *wl = hw_to_b43_wl(hw);
5106
5107 b43_update_templates(wl);
5108
5109 return 0;
5110}
5111
5112static void b43_op_sta_notify(struct ieee80211_hw *hw,
5113 struct ieee80211_vif *vif,
5114 enum sta_notify_cmd notify_cmd,
5115 struct ieee80211_sta *sta)
5116{
5117 struct b43_wl *wl = hw_to_b43_wl(hw);
5118
5119 B43_WARN_ON(!vif || wl->vif != vif);
5120}
5121
5122static void b43_op_sw_scan_start_notifier(struct ieee80211_hw *hw,
5123 struct ieee80211_vif *vif,
5124 const u8 *mac_addr)
5125{
5126 struct b43_wl *wl = hw_to_b43_wl(hw);
5127 struct b43_wldev *dev;
5128
5129 mutex_lock(&wl->mutex);
5130 dev = wl->current_dev;
5131 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
5132 /* Disable CFP update during scan on other channels. */
5133 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_SKCFPUP);
5134 }
5135 mutex_unlock(&wl->mutex);
5136}
5137
5138static void b43_op_sw_scan_complete_notifier(struct ieee80211_hw *hw,
5139 struct ieee80211_vif *vif)
5140{
5141 struct b43_wl *wl = hw_to_b43_wl(hw);
5142 struct b43_wldev *dev;
5143
5144 mutex_lock(&wl->mutex);
5145 dev = wl->current_dev;
5146 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
5147 /* Re-enable CFP update. */
5148 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_SKCFPUP);
5149 }
5150 mutex_unlock(&wl->mutex);
5151}
5152
5153static int b43_op_get_survey(struct ieee80211_hw *hw, int idx,
5154 struct survey_info *survey)
5155{
5156 struct b43_wl *wl = hw_to_b43_wl(hw);
5157 struct b43_wldev *dev = wl->current_dev;
5158 struct ieee80211_conf *conf = &hw->conf;
5159
5160 if (idx != 0)
5161 return -ENOENT;
5162
5163 survey->channel = conf->chandef.chan;
5164 survey->filled = SURVEY_INFO_NOISE_DBM;
5165 survey->noise = dev->stats.link_noise;
5166
5167 return 0;
5168}
5169
5170static const struct ieee80211_ops b43_hw_ops = {
5171 .tx = b43_op_tx,
5172 .conf_tx = b43_op_conf_tx,
5173 .add_interface = b43_op_add_interface,
5174 .remove_interface = b43_op_remove_interface,
5175 .config = b43_op_config,
5176 .bss_info_changed = b43_op_bss_info_changed,
5177 .configure_filter = b43_op_configure_filter,
5178 .set_key = b43_op_set_key,
5179 .update_tkip_key = b43_op_update_tkip_key,
5180 .get_stats = b43_op_get_stats,
5181 .get_tsf = b43_op_get_tsf,
5182 .set_tsf = b43_op_set_tsf,
5183 .start = b43_op_start,
5184 .stop = b43_op_stop,
5185 .set_tim = b43_op_beacon_set_tim,
5186 .sta_notify = b43_op_sta_notify,
5187 .sw_scan_start = b43_op_sw_scan_start_notifier,
5188 .sw_scan_complete = b43_op_sw_scan_complete_notifier,
5189 .get_survey = b43_op_get_survey,
5190 .rfkill_poll = b43_rfkill_poll,
5191};
5192
5193/* Hard-reset the chip. Do not call this directly.
5194 * Use b43_controller_restart()
5195 */
5196static void b43_chip_reset(struct work_struct *work)
5197{
5198 struct b43_wldev *dev =
5199 container_of(work, struct b43_wldev, restart_work);
5200 struct b43_wl *wl = dev->wl;
5201 int err = 0;
5202 int prev_status;
5203
5204 mutex_lock(&wl->mutex);
5205
5206 prev_status = b43_status(dev);
5207 /* Bring the device down... */
5208 if (prev_status >= B43_STAT_STARTED) {
5209 dev = b43_wireless_core_stop(dev);
5210 if (!dev) {
5211 err = -ENODEV;
5212 goto out;
5213 }
5214 }
5215 if (prev_status >= B43_STAT_INITIALIZED)
5216 b43_wireless_core_exit(dev);
5217
5218 /* ...and up again. */
5219 if (prev_status >= B43_STAT_INITIALIZED) {
5220 err = b43_wireless_core_init(dev);
5221 if (err)
5222 goto out;
5223 }
5224 if (prev_status >= B43_STAT_STARTED) {
5225 err = b43_wireless_core_start(dev);
5226 if (err) {
5227 b43_wireless_core_exit(dev);
5228 goto out;
5229 }
5230 }
5231out:
5232 if (err)
5233 wl->current_dev = NULL; /* Failed to init the dev. */
5234 mutex_unlock(&wl->mutex);
5235
5236 if (err) {
5237 b43err(wl, "Controller restart FAILED\n");
5238 return;
5239 }
5240
5241 /* reload configuration */
5242 b43_op_config(wl->hw, ~0);
5243 if (wl->vif)
5244 b43_op_bss_info_changed(wl->hw, wl->vif, &wl->vif->bss_conf, ~0);
5245
5246 b43info(wl, "Controller restarted\n");
5247}
5248
5249static int b43_setup_bands(struct b43_wldev *dev,
5250 bool have_2ghz_phy, bool have_5ghz_phy)
5251{
5252 struct ieee80211_hw *hw = dev->wl->hw;
5253 struct b43_phy *phy = &dev->phy;
5254 bool limited_2g;
5255 bool limited_5g;
5256
5257 /* We don't support all 2 GHz channels on some devices */
5258 limited_2g = phy->radio_ver == 0x2057 &&
5259 (phy->radio_rev == 9 || phy->radio_rev == 14);
5260 limited_5g = phy->radio_ver == 0x2057 &&
5261 phy->radio_rev == 9;
5262
5263 if (have_2ghz_phy)
5264 hw->wiphy->bands[NL80211_BAND_2GHZ] = limited_2g ?
5265 &b43_band_2ghz_limited : &b43_band_2GHz;
5266 if (dev->phy.type == B43_PHYTYPE_N) {
5267 if (have_5ghz_phy)
5268 hw->wiphy->bands[NL80211_BAND_5GHZ] = limited_5g ?
5269 &b43_band_5GHz_nphy_limited :
5270 &b43_band_5GHz_nphy;
5271 } else {
5272 if (have_5ghz_phy)
5273 hw->wiphy->bands[NL80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
5274 }
5275
5276 dev->phy.supports_2ghz = have_2ghz_phy;
5277 dev->phy.supports_5ghz = have_5ghz_phy;
5278
5279 return 0;
5280}
5281
5282static void b43_wireless_core_detach(struct b43_wldev *dev)
5283{
5284 /* We release firmware that late to not be required to re-request
5285 * is all the time when we reinit the core. */
5286 b43_release_firmware(dev);
5287 b43_phy_free(dev);
5288}
5289
5290static void b43_supported_bands(struct b43_wldev *dev, bool *have_2ghz_phy,
5291 bool *have_5ghz_phy)
5292{
5293 u16 dev_id = 0;
5294
5295#ifdef CONFIG_B43_BCMA
5296 if (dev->dev->bus_type == B43_BUS_BCMA &&
5297 dev->dev->bdev->bus->hosttype == BCMA_HOSTTYPE_PCI)
5298 dev_id = dev->dev->bdev->bus->host_pci->device;
5299#endif
5300#ifdef CONFIG_B43_SSB
5301 if (dev->dev->bus_type == B43_BUS_SSB &&
5302 dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI)
5303 dev_id = dev->dev->sdev->bus->host_pci->device;
5304#endif
5305 /* Override with SPROM value if available */
5306 if (dev->dev->bus_sprom->dev_id)
5307 dev_id = dev->dev->bus_sprom->dev_id;
5308
5309 /* Note: below IDs can be "virtual" (not maching e.g. real PCI ID) */
5310 switch (dev_id) {
5311 case 0x4324: /* BCM4306 */
5312 case 0x4312: /* BCM4311 */
5313 case 0x4319: /* BCM4318 */
5314 case 0x4328: /* BCM4321 */
5315 case 0x432b: /* BCM4322 */
5316 case 0x4350: /* BCM43222 */
5317 case 0x4353: /* BCM43224 */
5318 case 0x0576: /* BCM43224 */
5319 case 0x435f: /* BCM6362 */
5320 case 0x4331: /* BCM4331 */
5321 case 0x4359: /* BCM43228 */
5322 case 0x43a0: /* BCM4360 */
5323 case 0x43b1: /* BCM4352 */
5324 /* Dual band devices */
5325 *have_2ghz_phy = true;
5326 *have_5ghz_phy = true;
5327 return;
5328 case 0x4321: /* BCM4306 */
5329 /* There are 14e4:4321 PCI devs with 2.4 GHz BCM4321 (N-PHY) */
5330 if (dev->phy.type != B43_PHYTYPE_G)
5331 break;
5332 /* fall through */
5333 case 0x4313: /* BCM4311 */
5334 case 0x431a: /* BCM4318 */
5335 case 0x432a: /* BCM4321 */
5336 case 0x432d: /* BCM4322 */
5337 case 0x4352: /* BCM43222 */
5338 case 0x435a: /* BCM43228 */
5339 case 0x4333: /* BCM4331 */
5340 case 0x43a2: /* BCM4360 */
5341 case 0x43b3: /* BCM4352 */
5342 /* 5 GHz only devices */
5343 *have_2ghz_phy = false;
5344 *have_5ghz_phy = true;
5345 return;
5346 }
5347
5348 /* As a fallback, try to guess using PHY type */
5349 switch (dev->phy.type) {
5350 case B43_PHYTYPE_G:
5351 case B43_PHYTYPE_N:
5352 case B43_PHYTYPE_LP:
5353 case B43_PHYTYPE_HT:
5354 case B43_PHYTYPE_LCN:
5355 *have_2ghz_phy = true;
5356 *have_5ghz_phy = false;
5357 return;
5358 }
5359
5360 B43_WARN_ON(1);
5361}
5362
5363static int b43_wireless_core_attach(struct b43_wldev *dev)
5364{
5365 struct b43_wl *wl = dev->wl;
5366 struct b43_phy *phy = &dev->phy;
5367 int err;
5368 u32 tmp;
5369 bool have_2ghz_phy = false, have_5ghz_phy = false;
5370
5371 /* Do NOT do any device initialization here.
5372 * Do it in wireless_core_init() instead.
5373 * This function is for gathering basic information about the HW, only.
5374 * Also some structs may be set up here. But most likely you want to have
5375 * that in core_init(), too.
5376 */
5377
5378 err = b43_bus_powerup(dev, 0);
5379 if (err) {
5380 b43err(wl, "Bus powerup failed\n");
5381 goto out;
5382 }
5383
5384 phy->do_full_init = true;
5385
5386 /* Try to guess supported bands for the first init needs */
5387 switch (dev->dev->bus_type) {
5388#ifdef CONFIG_B43_BCMA
5389 case B43_BUS_BCMA:
5390 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOST);
5391 have_2ghz_phy = !!(tmp & B43_BCMA_IOST_2G_PHY);
5392 have_5ghz_phy = !!(tmp & B43_BCMA_IOST_5G_PHY);
5393 break;
5394#endif
5395#ifdef CONFIG_B43_SSB
5396 case B43_BUS_SSB:
5397 if (dev->dev->core_rev >= 5) {
5398 tmp = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
5399 have_2ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_2GHZ_PHY);
5400 have_5ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_5GHZ_PHY);
5401 } else
5402 B43_WARN_ON(1);
5403 break;
5404#endif
5405 }
5406
5407 dev->phy.gmode = have_2ghz_phy;
5408 b43_wireless_core_reset(dev, dev->phy.gmode);
5409
5410 /* Get the PHY type. */
5411 err = b43_phy_versioning(dev);
5412 if (err)
5413 goto err_powerdown;
5414
5415 /* Get real info about supported bands */
5416 b43_supported_bands(dev, &have_2ghz_phy, &have_5ghz_phy);
5417
5418 /* We don't support 5 GHz on some PHYs yet */
5419 if (have_5ghz_phy) {
5420 switch (dev->phy.type) {
5421 case B43_PHYTYPE_G:
5422 case B43_PHYTYPE_LP:
5423 case B43_PHYTYPE_HT:
5424 b43warn(wl, "5 GHz band is unsupported on this PHY\n");
5425 have_5ghz_phy = false;
5426 }
5427 }
5428
5429 if (!have_2ghz_phy && !have_5ghz_phy) {
5430 b43err(wl, "b43 can't support any band on this device\n");
5431 err = -EOPNOTSUPP;
5432 goto err_powerdown;
5433 }
5434
5435 err = b43_phy_allocate(dev);
5436 if (err)
5437 goto err_powerdown;
5438
5439 dev->phy.gmode = have_2ghz_phy;
5440 b43_wireless_core_reset(dev, dev->phy.gmode);
5441
5442 err = b43_validate_chipaccess(dev);
5443 if (err)
5444 goto err_phy_free;
5445 err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
5446 if (err)
5447 goto err_phy_free;
5448
5449 /* Now set some default "current_dev" */
5450 if (!wl->current_dev)
5451 wl->current_dev = dev;
5452 INIT_WORK(&dev->restart_work, b43_chip_reset);
5453
5454 dev->phy.ops->switch_analog(dev, 0);
5455 b43_device_disable(dev, 0);
5456 b43_bus_may_powerdown(dev);
5457
5458out:
5459 return err;
5460
5461err_phy_free:
5462 b43_phy_free(dev);
5463err_powerdown:
5464 b43_bus_may_powerdown(dev);
5465 return err;
5466}
5467
5468static void b43_one_core_detach(struct b43_bus_dev *dev)
5469{
5470 struct b43_wldev *wldev;
5471
5472 /* Do not cancel ieee80211-workqueue based work here.
5473 * See comment in b43_remove(). */
5474
5475 wldev = b43_bus_get_wldev(dev);
5476 b43_debugfs_remove_device(wldev);
5477 b43_wireless_core_detach(wldev);
5478 list_del(&wldev->list);
5479 b43_bus_set_wldev(dev, NULL);
5480 kfree(wldev);
5481}
5482
5483static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl)
5484{
5485 struct b43_wldev *wldev;
5486 int err = -ENOMEM;
5487
5488 wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
5489 if (!wldev)
5490 goto out;
5491
5492 wldev->use_pio = b43_modparam_pio;
5493 wldev->dev = dev;
5494 wldev->wl = wl;
5495 b43_set_status(wldev, B43_STAT_UNINIT);
5496 wldev->bad_frames_preempt = modparam_bad_frames_preempt;
5497 INIT_LIST_HEAD(&wldev->list);
5498
5499 err = b43_wireless_core_attach(wldev);
5500 if (err)
5501 goto err_kfree_wldev;
5502
5503 b43_bus_set_wldev(dev, wldev);
5504 b43_debugfs_add_device(wldev);
5505
5506 out:
5507 return err;
5508
5509 err_kfree_wldev:
5510 kfree(wldev);
5511 return err;
5512}
5513
5514#define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice) ( \
5515 (pdev->vendor == PCI_VENDOR_ID_##_vendor) && \
5516 (pdev->device == _device) && \
5517 (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) && \
5518 (pdev->subsystem_device == _subdevice) )
5519
5520#ifdef CONFIG_B43_SSB
5521static void b43_sprom_fixup(struct ssb_bus *bus)
5522{
5523 struct pci_dev *pdev;
5524
5525 /* boardflags workarounds */
5526 if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
5527 bus->chip_id == 0x4301 && bus->sprom.board_rev == 0x74)
5528 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
5529 if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
5530 bus->boardinfo.type == 0x4E && bus->sprom.board_rev > 0x40)
5531 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
5532 if (bus->bustype == SSB_BUSTYPE_PCI) {
5533 pdev = bus->host_pci;
5534 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
5535 IS_PDEV(pdev, BROADCOM, 0x4320, DELL, 0x0003) ||
5536 IS_PDEV(pdev, BROADCOM, 0x4320, HP, 0x12f8) ||
5537 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
5538 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
5539 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
5540 IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
5541 bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
5542 }
5543}
5544
5545static void b43_wireless_exit(struct b43_bus_dev *dev, struct b43_wl *wl)
5546{
5547 struct ieee80211_hw *hw = wl->hw;
5548
5549 ssb_set_devtypedata(dev->sdev, NULL);
5550 ieee80211_free_hw(hw);
5551}
5552#endif
5553
5554static struct b43_wl *b43_wireless_init(struct b43_bus_dev *dev)
5555{
5556 struct ssb_sprom *sprom = dev->bus_sprom;
5557 struct ieee80211_hw *hw;
5558 struct b43_wl *wl;
5559 char chip_name[6];
5560 int queue_num;
5561
5562 hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
5563 if (!hw) {
5564 b43err(NULL, "Could not allocate ieee80211 device\n");
5565 return ERR_PTR(-ENOMEM);
5566 }
5567 wl = hw_to_b43_wl(hw);
5568
5569 /* fill hw info */
5570 ieee80211_hw_set(hw, RX_INCLUDES_FCS);
5571 ieee80211_hw_set(hw, SIGNAL_DBM);
5572 ieee80211_hw_set(hw, MFP_CAPABLE);
5573 hw->wiphy->interface_modes =
5574 BIT(NL80211_IFTYPE_AP) |
5575 BIT(NL80211_IFTYPE_MESH_POINT) |
5576 BIT(NL80211_IFTYPE_STATION) |
5577#ifdef CONFIG_WIRELESS_WDS
5578 BIT(NL80211_IFTYPE_WDS) |
5579#endif
5580 BIT(NL80211_IFTYPE_ADHOC);
5581
5582 hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
5583
5584 wiphy_ext_feature_set(hw->wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST);
5585
5586 wl->hw_registered = false;
5587 hw->max_rates = 2;
5588 SET_IEEE80211_DEV(hw, dev->dev);
5589 if (is_valid_ether_addr(sprom->et1mac))
5590 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
5591 else
5592 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
5593
5594 /* Initialize struct b43_wl */
5595 wl->hw = hw;
5596 mutex_init(&wl->mutex);
5597 spin_lock_init(&wl->hardirq_lock);
5598 spin_lock_init(&wl->beacon_lock);
5599 INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
5600 INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
5601 INIT_WORK(&wl->tx_work, b43_tx_work);
5602
5603 /* Initialize queues and flags. */
5604 for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
5605 skb_queue_head_init(&wl->tx_queue[queue_num]);
5606 wl->tx_queue_stopped[queue_num] = false;
5607 }
5608
5609 snprintf(chip_name, ARRAY_SIZE(chip_name),
5610 (dev->chip_id > 0x9999) ? "%d" : "%04X", dev->chip_id);
5611 b43info(wl, "Broadcom %s WLAN found (core revision %u)\n", chip_name,
5612 dev->core_rev);
5613 return wl;
5614}
5615
5616#ifdef CONFIG_B43_BCMA
5617static int b43_bcma_probe(struct bcma_device *core)
5618{
5619 struct b43_bus_dev *dev;
5620 struct b43_wl *wl;
5621 int err;
5622
5623 if (!modparam_allhwsupport &&
5624 (core->id.rev == 0x17 || core->id.rev == 0x18)) {
5625 pr_err("Support for cores revisions 0x17 and 0x18 disabled by module param allhwsupport=0. Try b43.allhwsupport=1\n");
5626 return -ENOTSUPP;
5627 }
5628
5629 dev = b43_bus_dev_bcma_init(core);
5630 if (!dev)
5631 return -ENODEV;
5632
5633 wl = b43_wireless_init(dev);
5634 if (IS_ERR(wl)) {
5635 err = PTR_ERR(wl);
5636 goto bcma_out;
5637 }
5638
5639 err = b43_one_core_attach(dev, wl);
5640 if (err)
5641 goto bcma_err_wireless_exit;
5642
5643 /* setup and start work to load firmware */
5644 INIT_WORK(&wl->firmware_load, b43_request_firmware);
5645 schedule_work(&wl->firmware_load);
5646
5647 return err;
5648
5649bcma_err_wireless_exit:
5650 ieee80211_free_hw(wl->hw);
5651bcma_out:
5652 kfree(dev);
5653 return err;
5654}
5655
5656static void b43_bcma_remove(struct bcma_device *core)
5657{
5658 struct b43_wldev *wldev = bcma_get_drvdata(core);
5659 struct b43_wl *wl = wldev->wl;
5660
5661 /* We must cancel any work here before unregistering from ieee80211,
5662 * as the ieee80211 unreg will destroy the workqueue. */
5663 cancel_work_sync(&wldev->restart_work);
5664 cancel_work_sync(&wl->firmware_load);
5665
5666 B43_WARN_ON(!wl);
5667 if (!wldev->fw.ucode.data)
5668 return; /* NULL if firmware never loaded */
5669 if (wl->current_dev == wldev && wl->hw_registered) {
5670 b43_leds_stop(wldev);
5671 ieee80211_unregister_hw(wl->hw);
5672 }
5673
5674 b43_one_core_detach(wldev->dev);
5675
5676 /* Unregister HW RNG driver */
5677 b43_rng_exit(wl);
5678
5679 b43_leds_unregister(wl);
5680 ieee80211_free_hw(wl->hw);
5681 kfree(wldev->dev);
5682}
5683
5684static struct bcma_driver b43_bcma_driver = {
5685 .name = KBUILD_MODNAME,
5686 .id_table = b43_bcma_tbl,
5687 .probe = b43_bcma_probe,
5688 .remove = b43_bcma_remove,
5689};
5690#endif
5691
5692#ifdef CONFIG_B43_SSB
5693static
5694int b43_ssb_probe(struct ssb_device *sdev, const struct ssb_device_id *id)
5695{
5696 struct b43_bus_dev *dev;
5697 struct b43_wl *wl;
5698 int err;
5699
5700 dev = b43_bus_dev_ssb_init(sdev);
5701 if (!dev)
5702 return -ENOMEM;
5703
5704 wl = ssb_get_devtypedata(sdev);
5705 if (wl) {
5706 b43err(NULL, "Dual-core devices are not supported\n");
5707 err = -ENOTSUPP;
5708 goto err_ssb_kfree_dev;
5709 }
5710
5711 b43_sprom_fixup(sdev->bus);
5712
5713 wl = b43_wireless_init(dev);
5714 if (IS_ERR(wl)) {
5715 err = PTR_ERR(wl);
5716 goto err_ssb_kfree_dev;
5717 }
5718 ssb_set_devtypedata(sdev, wl);
5719 B43_WARN_ON(ssb_get_devtypedata(sdev) != wl);
5720
5721 err = b43_one_core_attach(dev, wl);
5722 if (err)
5723 goto err_ssb_wireless_exit;
5724
5725 /* setup and start work to load firmware */
5726 INIT_WORK(&wl->firmware_load, b43_request_firmware);
5727 schedule_work(&wl->firmware_load);
5728
5729 return err;
5730
5731err_ssb_wireless_exit:
5732 b43_wireless_exit(dev, wl);
5733err_ssb_kfree_dev:
5734 kfree(dev);
5735 return err;
5736}
5737
5738static void b43_ssb_remove(struct ssb_device *sdev)
5739{
5740 struct b43_wl *wl = ssb_get_devtypedata(sdev);
5741 struct b43_wldev *wldev = ssb_get_drvdata(sdev);
5742 struct b43_bus_dev *dev = wldev->dev;
5743
5744 /* We must cancel any work here before unregistering from ieee80211,
5745 * as the ieee80211 unreg will destroy the workqueue. */
5746 cancel_work_sync(&wldev->restart_work);
5747 cancel_work_sync(&wl->firmware_load);
5748
5749 B43_WARN_ON(!wl);
5750 if (!wldev->fw.ucode.data)
5751 return; /* NULL if firmware never loaded */
5752 if (wl->current_dev == wldev && wl->hw_registered) {
5753 b43_leds_stop(wldev);
5754 ieee80211_unregister_hw(wl->hw);
5755 }
5756
5757 b43_one_core_detach(dev);
5758
5759 /* Unregister HW RNG driver */
5760 b43_rng_exit(wl);
5761
5762 b43_leds_unregister(wl);
5763 b43_wireless_exit(dev, wl);
5764 kfree(dev);
5765}
5766
5767static struct ssb_driver b43_ssb_driver = {
5768 .name = KBUILD_MODNAME,
5769 .id_table = b43_ssb_tbl,
5770 .probe = b43_ssb_probe,
5771 .remove = b43_ssb_remove,
5772};
5773#endif /* CONFIG_B43_SSB */
5774
5775/* Perform a hardware reset. This can be called from any context. */
5776void b43_controller_restart(struct b43_wldev *dev, const char *reason)
5777{
5778 /* Must avoid requeueing, if we are in shutdown. */
5779 if (b43_status(dev) < B43_STAT_INITIALIZED)
5780 return;
5781 b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
5782 ieee80211_queue_work(dev->wl->hw, &dev->restart_work);
5783}
5784
5785static void b43_print_driverinfo(void)
5786{
5787 const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
5788 *feat_leds = "", *feat_sdio = "";
5789
5790#ifdef CONFIG_B43_PCI_AUTOSELECT
5791 feat_pci = "P";
5792#endif
5793#ifdef CONFIG_B43_PCMCIA
5794 feat_pcmcia = "M";
5795#endif
5796#ifdef CONFIG_B43_PHY_N
5797 feat_nphy = "N";
5798#endif
5799#ifdef CONFIG_B43_LEDS
5800 feat_leds = "L";
5801#endif
5802#ifdef CONFIG_B43_SDIO
5803 feat_sdio = "S";
5804#endif
5805 printk(KERN_INFO "Broadcom 43xx driver loaded "
5806 "[ Features: %s%s%s%s%s ]\n",
5807 feat_pci, feat_pcmcia, feat_nphy,
5808 feat_leds, feat_sdio);
5809}
5810
5811static int __init b43_init(void)
5812{
5813 int err;
5814
5815 b43_debugfs_init();
5816 err = b43_sdio_init();
5817 if (err)
5818 goto err_dfs_exit;
5819#ifdef CONFIG_B43_BCMA
5820 err = bcma_driver_register(&b43_bcma_driver);
5821 if (err)
5822 goto err_sdio_exit;
5823#endif
5824#ifdef CONFIG_B43_SSB
5825 err = ssb_driver_register(&b43_ssb_driver);
5826 if (err)
5827 goto err_bcma_driver_exit;
5828#endif
5829 b43_print_driverinfo();
5830
5831 return err;
5832
5833#ifdef CONFIG_B43_SSB
5834err_bcma_driver_exit:
5835#endif
5836#ifdef CONFIG_B43_BCMA
5837 bcma_driver_unregister(&b43_bcma_driver);
5838err_sdio_exit:
5839#endif
5840 b43_sdio_exit();
5841err_dfs_exit:
5842 b43_debugfs_exit();
5843 return err;
5844}
5845
5846static void __exit b43_exit(void)
5847{
5848#ifdef CONFIG_B43_SSB
5849 ssb_driver_unregister(&b43_ssb_driver);
5850#endif
5851#ifdef CONFIG_B43_BCMA
5852 bcma_driver_unregister(&b43_bcma_driver);
5853#endif
5854 b43_sdio_exit();
5855 b43_debugfs_exit();
5856}
5857
5858module_init(b43_init)
5859module_exit(b43_exit)