Loading...
Note: File does not exist in v6.8.
1/*
2
3 Broadcom B43 wireless driver
4
5 Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6 Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7 Copyright (c) 2005-2009 Michael Buesch <m@bues.ch>
8 Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9 Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
10 Copyright (c) 2010-2011 Rafał Miłecki <zajec5@gmail.com>
11
12 SDIO support
13 Copyright (c) 2009 Albert Herranz <albert_herranz@yahoo.es>
14
15 Some parts of the code in this file are derived from the ipw2200
16 driver Copyright(c) 2003 - 2004 Intel Corporation.
17
18 This program is free software; you can redistribute it and/or modify
19 it under the terms of the GNU General Public License as published by
20 the Free Software Foundation; either version 2 of the License, or
21 (at your option) any later version.
22
23 This program is distributed in the hope that it will be useful,
24 but WITHOUT ANY WARRANTY; without even the implied warranty of
25 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
26 GNU General Public License for more details.
27
28 You should have received a copy of the GNU General Public License
29 along with this program; see the file COPYING. If not, write to
30 the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
31 Boston, MA 02110-1301, USA.
32
33*/
34
35#include <linux/delay.h>
36#include <linux/init.h>
37#include <linux/module.h>
38#include <linux/if_arp.h>
39#include <linux/etherdevice.h>
40#include <linux/firmware.h>
41#include <linux/workqueue.h>
42#include <linux/skbuff.h>
43#include <linux/io.h>
44#include <linux/dma-mapping.h>
45#include <linux/slab.h>
46#include <asm/unaligned.h>
47
48#include "b43.h"
49#include "main.h"
50#include "debugfs.h"
51#include "phy_common.h"
52#include "phy_g.h"
53#include "phy_n.h"
54#include "dma.h"
55#include "pio.h"
56#include "sysfs.h"
57#include "xmit.h"
58#include "lo.h"
59#include "pcmcia.h"
60#include "sdio.h"
61#include <linux/mmc/sdio_func.h>
62
63MODULE_DESCRIPTION("Broadcom B43 wireless driver");
64MODULE_AUTHOR("Martin Langer");
65MODULE_AUTHOR("Stefano Brivio");
66MODULE_AUTHOR("Michael Buesch");
67MODULE_AUTHOR("Gábor Stefanik");
68MODULE_AUTHOR("Rafał Miłecki");
69MODULE_LICENSE("GPL");
70
71MODULE_FIRMWARE("b43/ucode11.fw");
72MODULE_FIRMWARE("b43/ucode13.fw");
73MODULE_FIRMWARE("b43/ucode14.fw");
74MODULE_FIRMWARE("b43/ucode15.fw");
75MODULE_FIRMWARE("b43/ucode16_mimo.fw");
76MODULE_FIRMWARE("b43/ucode5.fw");
77MODULE_FIRMWARE("b43/ucode9.fw");
78
79static int modparam_bad_frames_preempt;
80module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
81MODULE_PARM_DESC(bad_frames_preempt,
82 "enable(1) / disable(0) Bad Frames Preemption");
83
84static char modparam_fwpostfix[16];
85module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
86MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
87
88static int modparam_hwpctl;
89module_param_named(hwpctl, modparam_hwpctl, int, 0444);
90MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
91
92static int modparam_nohwcrypt;
93module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
94MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
95
96static int modparam_hwtkip;
97module_param_named(hwtkip, modparam_hwtkip, int, 0444);
98MODULE_PARM_DESC(hwtkip, "Enable hardware tkip.");
99
100static int modparam_qos = 1;
101module_param_named(qos, modparam_qos, int, 0444);
102MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
103
104static int modparam_btcoex = 1;
105module_param_named(btcoex, modparam_btcoex, int, 0444);
106MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistence (default on)");
107
108int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
109module_param_named(verbose, b43_modparam_verbose, int, 0644);
110MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
111
112static int b43_modparam_pio = 0;
113module_param_named(pio, b43_modparam_pio, int, 0644);
114MODULE_PARM_DESC(pio, "Use PIO accesses by default: 0=DMA, 1=PIO");
115
116#ifdef CONFIG_B43_BCMA
117static const struct bcma_device_id b43_bcma_tbl[] = {
118 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x11, BCMA_ANY_CLASS),
119#ifdef CONFIG_B43_BCMA_EXTRA
120 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x17, BCMA_ANY_CLASS),
121 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x18, BCMA_ANY_CLASS),
122#endif
123 BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1D, BCMA_ANY_CLASS),
124 BCMA_CORETABLE_END
125};
126MODULE_DEVICE_TABLE(bcma, b43_bcma_tbl);
127#endif
128
129#ifdef CONFIG_B43_SSB
130static const struct ssb_device_id b43_ssb_tbl[] = {
131 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
132 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
133 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
134 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
135 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
136 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
137 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 12),
138 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
139 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
140 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
141 SSB_DEVTABLE_END
142};
143MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
144#endif
145
146/* Channel and ratetables are shared for all devices.
147 * They can't be const, because ieee80211 puts some precalculated
148 * data in there. This data is the same for all devices, so we don't
149 * get concurrency issues */
150#define RATETAB_ENT(_rateid, _flags) \
151 { \
152 .bitrate = B43_RATE_TO_BASE100KBPS(_rateid), \
153 .hw_value = (_rateid), \
154 .flags = (_flags), \
155 }
156
157/*
158 * NOTE: When changing this, sync with xmit.c's
159 * b43_plcp_get_bitrate_idx_* functions!
160 */
161static struct ieee80211_rate __b43_ratetable[] = {
162 RATETAB_ENT(B43_CCK_RATE_1MB, 0),
163 RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
164 RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
165 RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
166 RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
167 RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
168 RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
169 RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
170 RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
171 RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
172 RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
173 RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
174};
175
176#define b43_a_ratetable (__b43_ratetable + 4)
177#define b43_a_ratetable_size 8
178#define b43_b_ratetable (__b43_ratetable + 0)
179#define b43_b_ratetable_size 4
180#define b43_g_ratetable (__b43_ratetable + 0)
181#define b43_g_ratetable_size 12
182
183#define CHAN4G(_channel, _freq, _flags) { \
184 .band = IEEE80211_BAND_2GHZ, \
185 .center_freq = (_freq), \
186 .hw_value = (_channel), \
187 .flags = (_flags), \
188 .max_antenna_gain = 0, \
189 .max_power = 30, \
190}
191static struct ieee80211_channel b43_2ghz_chantable[] = {
192 CHAN4G(1, 2412, 0),
193 CHAN4G(2, 2417, 0),
194 CHAN4G(3, 2422, 0),
195 CHAN4G(4, 2427, 0),
196 CHAN4G(5, 2432, 0),
197 CHAN4G(6, 2437, 0),
198 CHAN4G(7, 2442, 0),
199 CHAN4G(8, 2447, 0),
200 CHAN4G(9, 2452, 0),
201 CHAN4G(10, 2457, 0),
202 CHAN4G(11, 2462, 0),
203 CHAN4G(12, 2467, 0),
204 CHAN4G(13, 2472, 0),
205 CHAN4G(14, 2484, 0),
206};
207#undef CHAN4G
208
209#define CHAN5G(_channel, _flags) { \
210 .band = IEEE80211_BAND_5GHZ, \
211 .center_freq = 5000 + (5 * (_channel)), \
212 .hw_value = (_channel), \
213 .flags = (_flags), \
214 .max_antenna_gain = 0, \
215 .max_power = 30, \
216}
217static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
218 CHAN5G(32, 0), CHAN5G(34, 0),
219 CHAN5G(36, 0), CHAN5G(38, 0),
220 CHAN5G(40, 0), CHAN5G(42, 0),
221 CHAN5G(44, 0), CHAN5G(46, 0),
222 CHAN5G(48, 0), CHAN5G(50, 0),
223 CHAN5G(52, 0), CHAN5G(54, 0),
224 CHAN5G(56, 0), CHAN5G(58, 0),
225 CHAN5G(60, 0), CHAN5G(62, 0),
226 CHAN5G(64, 0), CHAN5G(66, 0),
227 CHAN5G(68, 0), CHAN5G(70, 0),
228 CHAN5G(72, 0), CHAN5G(74, 0),
229 CHAN5G(76, 0), CHAN5G(78, 0),
230 CHAN5G(80, 0), CHAN5G(82, 0),
231 CHAN5G(84, 0), CHAN5G(86, 0),
232 CHAN5G(88, 0), CHAN5G(90, 0),
233 CHAN5G(92, 0), CHAN5G(94, 0),
234 CHAN5G(96, 0), CHAN5G(98, 0),
235 CHAN5G(100, 0), CHAN5G(102, 0),
236 CHAN5G(104, 0), CHAN5G(106, 0),
237 CHAN5G(108, 0), CHAN5G(110, 0),
238 CHAN5G(112, 0), CHAN5G(114, 0),
239 CHAN5G(116, 0), CHAN5G(118, 0),
240 CHAN5G(120, 0), CHAN5G(122, 0),
241 CHAN5G(124, 0), CHAN5G(126, 0),
242 CHAN5G(128, 0), CHAN5G(130, 0),
243 CHAN5G(132, 0), CHAN5G(134, 0),
244 CHAN5G(136, 0), CHAN5G(138, 0),
245 CHAN5G(140, 0), CHAN5G(142, 0),
246 CHAN5G(144, 0), CHAN5G(145, 0),
247 CHAN5G(146, 0), CHAN5G(147, 0),
248 CHAN5G(148, 0), CHAN5G(149, 0),
249 CHAN5G(150, 0), CHAN5G(151, 0),
250 CHAN5G(152, 0), CHAN5G(153, 0),
251 CHAN5G(154, 0), CHAN5G(155, 0),
252 CHAN5G(156, 0), CHAN5G(157, 0),
253 CHAN5G(158, 0), CHAN5G(159, 0),
254 CHAN5G(160, 0), CHAN5G(161, 0),
255 CHAN5G(162, 0), CHAN5G(163, 0),
256 CHAN5G(164, 0), CHAN5G(165, 0),
257 CHAN5G(166, 0), CHAN5G(168, 0),
258 CHAN5G(170, 0), CHAN5G(172, 0),
259 CHAN5G(174, 0), CHAN5G(176, 0),
260 CHAN5G(178, 0), CHAN5G(180, 0),
261 CHAN5G(182, 0), CHAN5G(184, 0),
262 CHAN5G(186, 0), CHAN5G(188, 0),
263 CHAN5G(190, 0), CHAN5G(192, 0),
264 CHAN5G(194, 0), CHAN5G(196, 0),
265 CHAN5G(198, 0), CHAN5G(200, 0),
266 CHAN5G(202, 0), CHAN5G(204, 0),
267 CHAN5G(206, 0), CHAN5G(208, 0),
268 CHAN5G(210, 0), CHAN5G(212, 0),
269 CHAN5G(214, 0), CHAN5G(216, 0),
270 CHAN5G(218, 0), CHAN5G(220, 0),
271 CHAN5G(222, 0), CHAN5G(224, 0),
272 CHAN5G(226, 0), CHAN5G(228, 0),
273};
274
275static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
276 CHAN5G(34, 0), CHAN5G(36, 0),
277 CHAN5G(38, 0), CHAN5G(40, 0),
278 CHAN5G(42, 0), CHAN5G(44, 0),
279 CHAN5G(46, 0), CHAN5G(48, 0),
280 CHAN5G(52, 0), CHAN5G(56, 0),
281 CHAN5G(60, 0), CHAN5G(64, 0),
282 CHAN5G(100, 0), CHAN5G(104, 0),
283 CHAN5G(108, 0), CHAN5G(112, 0),
284 CHAN5G(116, 0), CHAN5G(120, 0),
285 CHAN5G(124, 0), CHAN5G(128, 0),
286 CHAN5G(132, 0), CHAN5G(136, 0),
287 CHAN5G(140, 0), CHAN5G(149, 0),
288 CHAN5G(153, 0), CHAN5G(157, 0),
289 CHAN5G(161, 0), CHAN5G(165, 0),
290 CHAN5G(184, 0), CHAN5G(188, 0),
291 CHAN5G(192, 0), CHAN5G(196, 0),
292 CHAN5G(200, 0), CHAN5G(204, 0),
293 CHAN5G(208, 0), CHAN5G(212, 0),
294 CHAN5G(216, 0),
295};
296#undef CHAN5G
297
298static struct ieee80211_supported_band b43_band_5GHz_nphy = {
299 .band = IEEE80211_BAND_5GHZ,
300 .channels = b43_5ghz_nphy_chantable,
301 .n_channels = ARRAY_SIZE(b43_5ghz_nphy_chantable),
302 .bitrates = b43_a_ratetable,
303 .n_bitrates = b43_a_ratetable_size,
304};
305
306static struct ieee80211_supported_band b43_band_5GHz_aphy = {
307 .band = IEEE80211_BAND_5GHZ,
308 .channels = b43_5ghz_aphy_chantable,
309 .n_channels = ARRAY_SIZE(b43_5ghz_aphy_chantable),
310 .bitrates = b43_a_ratetable,
311 .n_bitrates = b43_a_ratetable_size,
312};
313
314static struct ieee80211_supported_band b43_band_2GHz = {
315 .band = IEEE80211_BAND_2GHZ,
316 .channels = b43_2ghz_chantable,
317 .n_channels = ARRAY_SIZE(b43_2ghz_chantable),
318 .bitrates = b43_g_ratetable,
319 .n_bitrates = b43_g_ratetable_size,
320};
321
322static void b43_wireless_core_exit(struct b43_wldev *dev);
323static int b43_wireless_core_init(struct b43_wldev *dev);
324static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev);
325static int b43_wireless_core_start(struct b43_wldev *dev);
326static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
327 struct ieee80211_vif *vif,
328 struct ieee80211_bss_conf *conf,
329 u32 changed);
330
331static int b43_ratelimit(struct b43_wl *wl)
332{
333 if (!wl || !wl->current_dev)
334 return 1;
335 if (b43_status(wl->current_dev) < B43_STAT_STARTED)
336 return 1;
337 /* We are up and running.
338 * Ratelimit the messages to avoid DoS over the net. */
339 return net_ratelimit();
340}
341
342void b43info(struct b43_wl *wl, const char *fmt, ...)
343{
344 struct va_format vaf;
345 va_list args;
346
347 if (b43_modparam_verbose < B43_VERBOSITY_INFO)
348 return;
349 if (!b43_ratelimit(wl))
350 return;
351
352 va_start(args, fmt);
353
354 vaf.fmt = fmt;
355 vaf.va = &args;
356
357 printk(KERN_INFO "b43-%s: %pV",
358 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
359
360 va_end(args);
361}
362
363void b43err(struct b43_wl *wl, const char *fmt, ...)
364{
365 struct va_format vaf;
366 va_list args;
367
368 if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
369 return;
370 if (!b43_ratelimit(wl))
371 return;
372
373 va_start(args, fmt);
374
375 vaf.fmt = fmt;
376 vaf.va = &args;
377
378 printk(KERN_ERR "b43-%s ERROR: %pV",
379 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
380
381 va_end(args);
382}
383
384void b43warn(struct b43_wl *wl, const char *fmt, ...)
385{
386 struct va_format vaf;
387 va_list args;
388
389 if (b43_modparam_verbose < B43_VERBOSITY_WARN)
390 return;
391 if (!b43_ratelimit(wl))
392 return;
393
394 va_start(args, fmt);
395
396 vaf.fmt = fmt;
397 vaf.va = &args;
398
399 printk(KERN_WARNING "b43-%s warning: %pV",
400 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
401
402 va_end(args);
403}
404
405void b43dbg(struct b43_wl *wl, const char *fmt, ...)
406{
407 struct va_format vaf;
408 va_list args;
409
410 if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
411 return;
412
413 va_start(args, fmt);
414
415 vaf.fmt = fmt;
416 vaf.va = &args;
417
418 printk(KERN_DEBUG "b43-%s debug: %pV",
419 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
420
421 va_end(args);
422}
423
424static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
425{
426 u32 macctl;
427
428 B43_WARN_ON(offset % 4 != 0);
429
430 macctl = b43_read32(dev, B43_MMIO_MACCTL);
431 if (macctl & B43_MACCTL_BE)
432 val = swab32(val);
433
434 b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
435 mmiowb();
436 b43_write32(dev, B43_MMIO_RAM_DATA, val);
437}
438
439static inline void b43_shm_control_word(struct b43_wldev *dev,
440 u16 routing, u16 offset)
441{
442 u32 control;
443
444 /* "offset" is the WORD offset. */
445 control = routing;
446 control <<= 16;
447 control |= offset;
448 b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
449}
450
451u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
452{
453 u32 ret;
454
455 if (routing == B43_SHM_SHARED) {
456 B43_WARN_ON(offset & 0x0001);
457 if (offset & 0x0003) {
458 /* Unaligned access */
459 b43_shm_control_word(dev, routing, offset >> 2);
460 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
461 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
462 ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
463
464 goto out;
465 }
466 offset >>= 2;
467 }
468 b43_shm_control_word(dev, routing, offset);
469 ret = b43_read32(dev, B43_MMIO_SHM_DATA);
470out:
471 return ret;
472}
473
474u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
475{
476 u16 ret;
477
478 if (routing == B43_SHM_SHARED) {
479 B43_WARN_ON(offset & 0x0001);
480 if (offset & 0x0003) {
481 /* Unaligned access */
482 b43_shm_control_word(dev, routing, offset >> 2);
483 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
484
485 goto out;
486 }
487 offset >>= 2;
488 }
489 b43_shm_control_word(dev, routing, offset);
490 ret = b43_read16(dev, B43_MMIO_SHM_DATA);
491out:
492 return ret;
493}
494
495void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
496{
497 if (routing == B43_SHM_SHARED) {
498 B43_WARN_ON(offset & 0x0001);
499 if (offset & 0x0003) {
500 /* Unaligned access */
501 b43_shm_control_word(dev, routing, offset >> 2);
502 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
503 value & 0xFFFF);
504 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
505 b43_write16(dev, B43_MMIO_SHM_DATA,
506 (value >> 16) & 0xFFFF);
507 return;
508 }
509 offset >>= 2;
510 }
511 b43_shm_control_word(dev, routing, offset);
512 b43_write32(dev, B43_MMIO_SHM_DATA, value);
513}
514
515void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
516{
517 if (routing == B43_SHM_SHARED) {
518 B43_WARN_ON(offset & 0x0001);
519 if (offset & 0x0003) {
520 /* Unaligned access */
521 b43_shm_control_word(dev, routing, offset >> 2);
522 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
523 return;
524 }
525 offset >>= 2;
526 }
527 b43_shm_control_word(dev, routing, offset);
528 b43_write16(dev, B43_MMIO_SHM_DATA, value);
529}
530
531/* Read HostFlags */
532u64 b43_hf_read(struct b43_wldev *dev)
533{
534 u64 ret;
535
536 ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI);
537 ret <<= 16;
538 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI);
539 ret <<= 16;
540 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO);
541
542 return ret;
543}
544
545/* Write HostFlags */
546void b43_hf_write(struct b43_wldev *dev, u64 value)
547{
548 u16 lo, mi, hi;
549
550 lo = (value & 0x00000000FFFFULL);
551 mi = (value & 0x0000FFFF0000ULL) >> 16;
552 hi = (value & 0xFFFF00000000ULL) >> 32;
553 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO, lo);
554 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI, mi);
555 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI, hi);
556}
557
558/* Read the firmware capabilities bitmask (Opensource firmware only) */
559static u16 b43_fwcapa_read(struct b43_wldev *dev)
560{
561 B43_WARN_ON(!dev->fw.opensource);
562 return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
563}
564
565void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
566{
567 u32 low, high;
568
569 B43_WARN_ON(dev->dev->core_rev < 3);
570
571 /* The hardware guarantees us an atomic read, if we
572 * read the low register first. */
573 low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
574 high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
575
576 *tsf = high;
577 *tsf <<= 32;
578 *tsf |= low;
579}
580
581static void b43_time_lock(struct b43_wldev *dev)
582{
583 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_TBTTHOLD);
584 /* Commit the write */
585 b43_read32(dev, B43_MMIO_MACCTL);
586}
587
588static void b43_time_unlock(struct b43_wldev *dev)
589{
590 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_TBTTHOLD, 0);
591 /* Commit the write */
592 b43_read32(dev, B43_MMIO_MACCTL);
593}
594
595static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
596{
597 u32 low, high;
598
599 B43_WARN_ON(dev->dev->core_rev < 3);
600
601 low = tsf;
602 high = (tsf >> 32);
603 /* The hardware guarantees us an atomic write, if we
604 * write the low register first. */
605 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
606 mmiowb();
607 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
608 mmiowb();
609}
610
611void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
612{
613 b43_time_lock(dev);
614 b43_tsf_write_locked(dev, tsf);
615 b43_time_unlock(dev);
616}
617
618static
619void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
620{
621 static const u8 zero_addr[ETH_ALEN] = { 0 };
622 u16 data;
623
624 if (!mac)
625 mac = zero_addr;
626
627 offset |= 0x0020;
628 b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
629
630 data = mac[0];
631 data |= mac[1] << 8;
632 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
633 data = mac[2];
634 data |= mac[3] << 8;
635 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
636 data = mac[4];
637 data |= mac[5] << 8;
638 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
639}
640
641static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
642{
643 const u8 *mac;
644 const u8 *bssid;
645 u8 mac_bssid[ETH_ALEN * 2];
646 int i;
647 u32 tmp;
648
649 bssid = dev->wl->bssid;
650 mac = dev->wl->mac_addr;
651
652 b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
653
654 memcpy(mac_bssid, mac, ETH_ALEN);
655 memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
656
657 /* Write our MAC address and BSSID to template ram */
658 for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
659 tmp = (u32) (mac_bssid[i + 0]);
660 tmp |= (u32) (mac_bssid[i + 1]) << 8;
661 tmp |= (u32) (mac_bssid[i + 2]) << 16;
662 tmp |= (u32) (mac_bssid[i + 3]) << 24;
663 b43_ram_write(dev, 0x20 + i, tmp);
664 }
665}
666
667static void b43_upload_card_macaddress(struct b43_wldev *dev)
668{
669 b43_write_mac_bssid_templates(dev);
670 b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
671}
672
673static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
674{
675 /* slot_time is in usec. */
676 /* This test used to exit for all but a G PHY. */
677 if (b43_current_band(dev->wl) == IEEE80211_BAND_5GHZ)
678 return;
679 b43_write16(dev, B43_MMIO_IFSSLOT, 510 + slot_time);
680 /* Shared memory location 0x0010 is the slot time and should be
681 * set to slot_time; however, this register is initially 0 and changing
682 * the value adversely affects the transmit rate for BCM4311
683 * devices. Until this behavior is unterstood, delete this step
684 *
685 * b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
686 */
687}
688
689static void b43_short_slot_timing_enable(struct b43_wldev *dev)
690{
691 b43_set_slot_time(dev, 9);
692}
693
694static void b43_short_slot_timing_disable(struct b43_wldev *dev)
695{
696 b43_set_slot_time(dev, 20);
697}
698
699/* DummyTransmission function, as documented on
700 * http://bcm-v4.sipsolutions.net/802.11/DummyTransmission
701 */
702void b43_dummy_transmission(struct b43_wldev *dev, bool ofdm, bool pa_on)
703{
704 struct b43_phy *phy = &dev->phy;
705 unsigned int i, max_loop;
706 u16 value;
707 u32 buffer[5] = {
708 0x00000000,
709 0x00D40000,
710 0x00000000,
711 0x01000000,
712 0x00000000,
713 };
714
715 if (ofdm) {
716 max_loop = 0x1E;
717 buffer[0] = 0x000201CC;
718 } else {
719 max_loop = 0xFA;
720 buffer[0] = 0x000B846E;
721 }
722
723 for (i = 0; i < 5; i++)
724 b43_ram_write(dev, i * 4, buffer[i]);
725
726 b43_write16(dev, B43_MMIO_XMTSEL, 0x0000);
727
728 if (dev->dev->core_rev < 11)
729 b43_write16(dev, B43_MMIO_WEPCTL, 0x0000);
730 else
731 b43_write16(dev, B43_MMIO_WEPCTL, 0x0100);
732
733 value = (ofdm ? 0x41 : 0x40);
734 b43_write16(dev, B43_MMIO_TXE0_PHYCTL, value);
735 if (phy->type == B43_PHYTYPE_N || phy->type == B43_PHYTYPE_LP ||
736 phy->type == B43_PHYTYPE_LCN)
737 b43_write16(dev, B43_MMIO_TXE0_PHYCTL1, 0x1A02);
738
739 b43_write16(dev, B43_MMIO_TXE0_WM_0, 0x0000);
740 b43_write16(dev, B43_MMIO_TXE0_WM_1, 0x0000);
741
742 b43_write16(dev, B43_MMIO_XMTTPLATETXPTR, 0x0000);
743 b43_write16(dev, B43_MMIO_XMTTXCNT, 0x0014);
744 b43_write16(dev, B43_MMIO_XMTSEL, 0x0826);
745 b43_write16(dev, B43_MMIO_TXE0_CTL, 0x0000);
746
747 if (!pa_on && phy->type == B43_PHYTYPE_N)
748 ; /*b43_nphy_pa_override(dev, false) */
749
750 switch (phy->type) {
751 case B43_PHYTYPE_N:
752 case B43_PHYTYPE_LCN:
753 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x00D0);
754 break;
755 case B43_PHYTYPE_LP:
756 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0050);
757 break;
758 default:
759 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0030);
760 }
761 b43_read16(dev, B43_MMIO_TXE0_AUX);
762
763 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
764 b43_radio_write16(dev, 0x0051, 0x0017);
765 for (i = 0x00; i < max_loop; i++) {
766 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
767 if (value & 0x0080)
768 break;
769 udelay(10);
770 }
771 for (i = 0x00; i < 0x0A; i++) {
772 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
773 if (value & 0x0400)
774 break;
775 udelay(10);
776 }
777 for (i = 0x00; i < 0x19; i++) {
778 value = b43_read16(dev, B43_MMIO_IFSSTAT);
779 if (!(value & 0x0100))
780 break;
781 udelay(10);
782 }
783 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
784 b43_radio_write16(dev, 0x0051, 0x0037);
785}
786
787static void key_write(struct b43_wldev *dev,
788 u8 index, u8 algorithm, const u8 *key)
789{
790 unsigned int i;
791 u32 offset;
792 u16 value;
793 u16 kidx;
794
795 /* Key index/algo block */
796 kidx = b43_kidx_to_fw(dev, index);
797 value = ((kidx << 4) | algorithm);
798 b43_shm_write16(dev, B43_SHM_SHARED,
799 B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
800
801 /* Write the key to the Key Table Pointer offset */
802 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
803 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
804 value = key[i];
805 value |= (u16) (key[i + 1]) << 8;
806 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
807 }
808}
809
810static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
811{
812 u32 addrtmp[2] = { 0, 0, };
813 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
814
815 if (b43_new_kidx_api(dev))
816 pairwise_keys_start = B43_NR_GROUP_KEYS;
817
818 B43_WARN_ON(index < pairwise_keys_start);
819 /* We have four default TX keys and possibly four default RX keys.
820 * Physical mac 0 is mapped to physical key 4 or 8, depending
821 * on the firmware version.
822 * So we must adjust the index here.
823 */
824 index -= pairwise_keys_start;
825 B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
826
827 if (addr) {
828 addrtmp[0] = addr[0];
829 addrtmp[0] |= ((u32) (addr[1]) << 8);
830 addrtmp[0] |= ((u32) (addr[2]) << 16);
831 addrtmp[0] |= ((u32) (addr[3]) << 24);
832 addrtmp[1] = addr[4];
833 addrtmp[1] |= ((u32) (addr[5]) << 8);
834 }
835
836 /* Receive match transmitter address (RCMTA) mechanism */
837 b43_shm_write32(dev, B43_SHM_RCMTA,
838 (index * 2) + 0, addrtmp[0]);
839 b43_shm_write16(dev, B43_SHM_RCMTA,
840 (index * 2) + 1, addrtmp[1]);
841}
842
843/* The ucode will use phase1 key with TEK key to decrypt rx packets.
844 * When a packet is received, the iv32 is checked.
845 * - if it doesn't the packet is returned without modification (and software
846 * decryption can be done). That's what happen when iv16 wrap.
847 * - if it does, the rc4 key is computed, and decryption is tried.
848 * Either it will success and B43_RX_MAC_DEC is returned,
849 * either it fails and B43_RX_MAC_DEC|B43_RX_MAC_DECERR is returned
850 * and the packet is not usable (it got modified by the ucode).
851 * So in order to never have B43_RX_MAC_DECERR, we should provide
852 * a iv32 and phase1key that match. Because we drop packets in case of
853 * B43_RX_MAC_DECERR, if we have a correct iv32 but a wrong phase1key, all
854 * packets will be lost without higher layer knowing (ie no resync possible
855 * until next wrap).
856 *
857 * NOTE : this should support 50 key like RCMTA because
858 * (B43_SHM_SH_KEYIDXBLOCK - B43_SHM_SH_TKIPTSCTTAK)/14 = 50
859 */
860static void rx_tkip_phase1_write(struct b43_wldev *dev, u8 index, u32 iv32,
861 u16 *phase1key)
862{
863 unsigned int i;
864 u32 offset;
865 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
866
867 if (!modparam_hwtkip)
868 return;
869
870 if (b43_new_kidx_api(dev))
871 pairwise_keys_start = B43_NR_GROUP_KEYS;
872
873 B43_WARN_ON(index < pairwise_keys_start);
874 /* We have four default TX keys and possibly four default RX keys.
875 * Physical mac 0 is mapped to physical key 4 or 8, depending
876 * on the firmware version.
877 * So we must adjust the index here.
878 */
879 index -= pairwise_keys_start;
880 B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
881
882 if (b43_debug(dev, B43_DBG_KEYS)) {
883 b43dbg(dev->wl, "rx_tkip_phase1_write : idx 0x%x, iv32 0x%x\n",
884 index, iv32);
885 }
886 /* Write the key to the RX tkip shared mem */
887 offset = B43_SHM_SH_TKIPTSCTTAK + index * (10 + 4);
888 for (i = 0; i < 10; i += 2) {
889 b43_shm_write16(dev, B43_SHM_SHARED, offset + i,
890 phase1key ? phase1key[i / 2] : 0);
891 }
892 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, iv32);
893 b43_shm_write16(dev, B43_SHM_SHARED, offset + i + 2, iv32 >> 16);
894}
895
896static void b43_op_update_tkip_key(struct ieee80211_hw *hw,
897 struct ieee80211_vif *vif,
898 struct ieee80211_key_conf *keyconf,
899 struct ieee80211_sta *sta,
900 u32 iv32, u16 *phase1key)
901{
902 struct b43_wl *wl = hw_to_b43_wl(hw);
903 struct b43_wldev *dev;
904 int index = keyconf->hw_key_idx;
905
906 if (B43_WARN_ON(!modparam_hwtkip))
907 return;
908
909 /* This is only called from the RX path through mac80211, where
910 * our mutex is already locked. */
911 B43_WARN_ON(!mutex_is_locked(&wl->mutex));
912 dev = wl->current_dev;
913 B43_WARN_ON(!dev || b43_status(dev) < B43_STAT_INITIALIZED);
914
915 keymac_write(dev, index, NULL); /* First zero out mac to avoid race */
916
917 rx_tkip_phase1_write(dev, index, iv32, phase1key);
918 /* only pairwise TKIP keys are supported right now */
919 if (WARN_ON(!sta))
920 return;
921 keymac_write(dev, index, sta->addr);
922}
923
924static void do_key_write(struct b43_wldev *dev,
925 u8 index, u8 algorithm,
926 const u8 *key, size_t key_len, const u8 *mac_addr)
927{
928 u8 buf[B43_SEC_KEYSIZE] = { 0, };
929 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
930
931 if (b43_new_kidx_api(dev))
932 pairwise_keys_start = B43_NR_GROUP_KEYS;
933
934 B43_WARN_ON(index >= ARRAY_SIZE(dev->key));
935 B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
936
937 if (index >= pairwise_keys_start)
938 keymac_write(dev, index, NULL); /* First zero out mac. */
939 if (algorithm == B43_SEC_ALGO_TKIP) {
940 /*
941 * We should provide an initial iv32, phase1key pair.
942 * We could start with iv32=0 and compute the corresponding
943 * phase1key, but this means calling ieee80211_get_tkip_key
944 * with a fake skb (or export other tkip function).
945 * Because we are lazy we hope iv32 won't start with
946 * 0xffffffff and let's b43_op_update_tkip_key provide a
947 * correct pair.
948 */
949 rx_tkip_phase1_write(dev, index, 0xffffffff, (u16*)buf);
950 } else if (index >= pairwise_keys_start) /* clear it */
951 rx_tkip_phase1_write(dev, index, 0, NULL);
952 if (key)
953 memcpy(buf, key, key_len);
954 key_write(dev, index, algorithm, buf);
955 if (index >= pairwise_keys_start)
956 keymac_write(dev, index, mac_addr);
957
958 dev->key[index].algorithm = algorithm;
959}
960
961static int b43_key_write(struct b43_wldev *dev,
962 int index, u8 algorithm,
963 const u8 *key, size_t key_len,
964 const u8 *mac_addr,
965 struct ieee80211_key_conf *keyconf)
966{
967 int i;
968 int pairwise_keys_start;
969
970 /* For ALG_TKIP the key is encoded as a 256-bit (32 byte) data block:
971 * - Temporal Encryption Key (128 bits)
972 * - Temporal Authenticator Tx MIC Key (64 bits)
973 * - Temporal Authenticator Rx MIC Key (64 bits)
974 *
975 * Hardware only store TEK
976 */
977 if (algorithm == B43_SEC_ALGO_TKIP && key_len == 32)
978 key_len = 16;
979 if (key_len > B43_SEC_KEYSIZE)
980 return -EINVAL;
981 for (i = 0; i < ARRAY_SIZE(dev->key); i++) {
982 /* Check that we don't already have this key. */
983 B43_WARN_ON(dev->key[i].keyconf == keyconf);
984 }
985 if (index < 0) {
986 /* Pairwise key. Get an empty slot for the key. */
987 if (b43_new_kidx_api(dev))
988 pairwise_keys_start = B43_NR_GROUP_KEYS;
989 else
990 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
991 for (i = pairwise_keys_start;
992 i < pairwise_keys_start + B43_NR_PAIRWISE_KEYS;
993 i++) {
994 B43_WARN_ON(i >= ARRAY_SIZE(dev->key));
995 if (!dev->key[i].keyconf) {
996 /* found empty */
997 index = i;
998 break;
999 }
1000 }
1001 if (index < 0) {
1002 b43warn(dev->wl, "Out of hardware key memory\n");
1003 return -ENOSPC;
1004 }
1005 } else
1006 B43_WARN_ON(index > 3);
1007
1008 do_key_write(dev, index, algorithm, key, key_len, mac_addr);
1009 if ((index <= 3) && !b43_new_kidx_api(dev)) {
1010 /* Default RX key */
1011 B43_WARN_ON(mac_addr);
1012 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
1013 }
1014 keyconf->hw_key_idx = index;
1015 dev->key[index].keyconf = keyconf;
1016
1017 return 0;
1018}
1019
1020static int b43_key_clear(struct b43_wldev *dev, int index)
1021{
1022 if (B43_WARN_ON((index < 0) || (index >= ARRAY_SIZE(dev->key))))
1023 return -EINVAL;
1024 do_key_write(dev, index, B43_SEC_ALGO_NONE,
1025 NULL, B43_SEC_KEYSIZE, NULL);
1026 if ((index <= 3) && !b43_new_kidx_api(dev)) {
1027 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
1028 NULL, B43_SEC_KEYSIZE, NULL);
1029 }
1030 dev->key[index].keyconf = NULL;
1031
1032 return 0;
1033}
1034
1035static void b43_clear_keys(struct b43_wldev *dev)
1036{
1037 int i, count;
1038
1039 if (b43_new_kidx_api(dev))
1040 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1041 else
1042 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1043 for (i = 0; i < count; i++)
1044 b43_key_clear(dev, i);
1045}
1046
1047static void b43_dump_keymemory(struct b43_wldev *dev)
1048{
1049 unsigned int i, index, count, offset, pairwise_keys_start;
1050 u8 mac[ETH_ALEN];
1051 u16 algo;
1052 u32 rcmta0;
1053 u16 rcmta1;
1054 u64 hf;
1055 struct b43_key *key;
1056
1057 if (!b43_debug(dev, B43_DBG_KEYS))
1058 return;
1059
1060 hf = b43_hf_read(dev);
1061 b43dbg(dev->wl, "Hardware key memory dump: USEDEFKEYS=%u\n",
1062 !!(hf & B43_HF_USEDEFKEYS));
1063 if (b43_new_kidx_api(dev)) {
1064 pairwise_keys_start = B43_NR_GROUP_KEYS;
1065 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1066 } else {
1067 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1068 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1069 }
1070 for (index = 0; index < count; index++) {
1071 key = &(dev->key[index]);
1072 printk(KERN_DEBUG "Key slot %02u: %s",
1073 index, (key->keyconf == NULL) ? " " : "*");
1074 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
1075 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
1076 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1077 printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1078 }
1079
1080 algo = b43_shm_read16(dev, B43_SHM_SHARED,
1081 B43_SHM_SH_KEYIDXBLOCK + (index * 2));
1082 printk(" Algo: %04X/%02X", algo, key->algorithm);
1083
1084 if (index >= pairwise_keys_start) {
1085 if (key->algorithm == B43_SEC_ALGO_TKIP) {
1086 printk(" TKIP: ");
1087 offset = B43_SHM_SH_TKIPTSCTTAK + (index - 4) * (10 + 4);
1088 for (i = 0; i < 14; i += 2) {
1089 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1090 printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1091 }
1092 }
1093 rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
1094 ((index - pairwise_keys_start) * 2) + 0);
1095 rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
1096 ((index - pairwise_keys_start) * 2) + 1);
1097 *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
1098 *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
1099 printk(" MAC: %pM", mac);
1100 } else
1101 printk(" DEFAULT KEY");
1102 printk("\n");
1103 }
1104}
1105
1106void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1107{
1108 u32 macctl;
1109 u16 ucstat;
1110 bool hwps;
1111 bool awake;
1112 int i;
1113
1114 B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1115 (ps_flags & B43_PS_DISABLED));
1116 B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1117
1118 if (ps_flags & B43_PS_ENABLED) {
1119 hwps = true;
1120 } else if (ps_flags & B43_PS_DISABLED) {
1121 hwps = false;
1122 } else {
1123 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1124 // and thus is not an AP and we are associated, set bit 25
1125 }
1126 if (ps_flags & B43_PS_AWAKE) {
1127 awake = true;
1128 } else if (ps_flags & B43_PS_ASLEEP) {
1129 awake = false;
1130 } else {
1131 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1132 // or we are associated, or FIXME, or the latest PS-Poll packet sent was
1133 // successful, set bit26
1134 }
1135
1136/* FIXME: For now we force awake-on and hwps-off */
1137 hwps = false;
1138 awake = true;
1139
1140 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1141 if (hwps)
1142 macctl |= B43_MACCTL_HWPS;
1143 else
1144 macctl &= ~B43_MACCTL_HWPS;
1145 if (awake)
1146 macctl |= B43_MACCTL_AWAKE;
1147 else
1148 macctl &= ~B43_MACCTL_AWAKE;
1149 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1150 /* Commit write */
1151 b43_read32(dev, B43_MMIO_MACCTL);
1152 if (awake && dev->dev->core_rev >= 5) {
1153 /* Wait for the microcode to wake up. */
1154 for (i = 0; i < 100; i++) {
1155 ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1156 B43_SHM_SH_UCODESTAT);
1157 if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1158 break;
1159 udelay(10);
1160 }
1161 }
1162}
1163
1164#ifdef CONFIG_B43_BCMA
1165static void b43_bcma_phy_reset(struct b43_wldev *dev)
1166{
1167 u32 flags;
1168
1169 /* Put PHY into reset */
1170 flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1171 flags |= B43_BCMA_IOCTL_PHY_RESET;
1172 flags |= B43_BCMA_IOCTL_PHY_BW_20MHZ; /* Make 20 MHz def */
1173 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1174 udelay(2);
1175
1176 /* Take PHY out of reset */
1177 flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1178 flags &= ~B43_BCMA_IOCTL_PHY_RESET;
1179 flags |= BCMA_IOCTL_FGC;
1180 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1181 udelay(1);
1182
1183 /* Do not force clock anymore */
1184 flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1185 flags &= ~BCMA_IOCTL_FGC;
1186 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1187 udelay(1);
1188}
1189
1190static void b43_bcma_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1191{
1192 b43_device_enable(dev, B43_BCMA_IOCTL_PHY_CLKEN);
1193 bcma_core_set_clockmode(dev->dev->bdev, BCMA_CLKMODE_FAST);
1194 b43_bcma_phy_reset(dev);
1195 bcma_core_pll_ctl(dev->dev->bdev, 0x300, 0x3000000, true);
1196}
1197#endif
1198
1199static void b43_ssb_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1200{
1201 struct ssb_device *sdev = dev->dev->sdev;
1202 u32 tmslow;
1203 u32 flags = 0;
1204
1205 if (gmode)
1206 flags |= B43_TMSLOW_GMODE;
1207 flags |= B43_TMSLOW_PHYCLKEN;
1208 flags |= B43_TMSLOW_PHYRESET;
1209 if (dev->phy.type == B43_PHYTYPE_N)
1210 flags |= B43_TMSLOW_PHY_BANDWIDTH_20MHZ; /* Make 20 MHz def */
1211 b43_device_enable(dev, flags);
1212 msleep(2); /* Wait for the PLL to turn on. */
1213
1214 /* Now take the PHY out of Reset again */
1215 tmslow = ssb_read32(sdev, SSB_TMSLOW);
1216 tmslow |= SSB_TMSLOW_FGC;
1217 tmslow &= ~B43_TMSLOW_PHYRESET;
1218 ssb_write32(sdev, SSB_TMSLOW, tmslow);
1219 ssb_read32(sdev, SSB_TMSLOW); /* flush */
1220 msleep(1);
1221 tmslow &= ~SSB_TMSLOW_FGC;
1222 ssb_write32(sdev, SSB_TMSLOW, tmslow);
1223 ssb_read32(sdev, SSB_TMSLOW); /* flush */
1224 msleep(1);
1225}
1226
1227void b43_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1228{
1229 u32 macctl;
1230
1231 switch (dev->dev->bus_type) {
1232#ifdef CONFIG_B43_BCMA
1233 case B43_BUS_BCMA:
1234 b43_bcma_wireless_core_reset(dev, gmode);
1235 break;
1236#endif
1237#ifdef CONFIG_B43_SSB
1238 case B43_BUS_SSB:
1239 b43_ssb_wireless_core_reset(dev, gmode);
1240 break;
1241#endif
1242 }
1243
1244 /* Turn Analog ON, but only if we already know the PHY-type.
1245 * This protects against very early setup where we don't know the
1246 * PHY-type, yet. wireless_core_reset will be called once again later,
1247 * when we know the PHY-type. */
1248 if (dev->phy.ops)
1249 dev->phy.ops->switch_analog(dev, 1);
1250
1251 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1252 macctl &= ~B43_MACCTL_GMODE;
1253 if (gmode)
1254 macctl |= B43_MACCTL_GMODE;
1255 macctl |= B43_MACCTL_IHR_ENABLED;
1256 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1257}
1258
1259static void handle_irq_transmit_status(struct b43_wldev *dev)
1260{
1261 u32 v0, v1;
1262 u16 tmp;
1263 struct b43_txstatus stat;
1264
1265 while (1) {
1266 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1267 if (!(v0 & 0x00000001))
1268 break;
1269 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1270
1271 stat.cookie = (v0 >> 16);
1272 stat.seq = (v1 & 0x0000FFFF);
1273 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1274 tmp = (v0 & 0x0000FFFF);
1275 stat.frame_count = ((tmp & 0xF000) >> 12);
1276 stat.rts_count = ((tmp & 0x0F00) >> 8);
1277 stat.supp_reason = ((tmp & 0x001C) >> 2);
1278 stat.pm_indicated = !!(tmp & 0x0080);
1279 stat.intermediate = !!(tmp & 0x0040);
1280 stat.for_ampdu = !!(tmp & 0x0020);
1281 stat.acked = !!(tmp & 0x0002);
1282
1283 b43_handle_txstatus(dev, &stat);
1284 }
1285}
1286
1287static void drain_txstatus_queue(struct b43_wldev *dev)
1288{
1289 u32 dummy;
1290
1291 if (dev->dev->core_rev < 5)
1292 return;
1293 /* Read all entries from the microcode TXstatus FIFO
1294 * and throw them away.
1295 */
1296 while (1) {
1297 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1298 if (!(dummy & 0x00000001))
1299 break;
1300 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1301 }
1302}
1303
1304static u32 b43_jssi_read(struct b43_wldev *dev)
1305{
1306 u32 val = 0;
1307
1308 val = b43_shm_read16(dev, B43_SHM_SHARED, 0x08A);
1309 val <<= 16;
1310 val |= b43_shm_read16(dev, B43_SHM_SHARED, 0x088);
1311
1312 return val;
1313}
1314
1315static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1316{
1317 b43_shm_write16(dev, B43_SHM_SHARED, 0x088, (jssi & 0x0000FFFF));
1318 b43_shm_write16(dev, B43_SHM_SHARED, 0x08A, (jssi & 0xFFFF0000) >> 16);
1319}
1320
1321static void b43_generate_noise_sample(struct b43_wldev *dev)
1322{
1323 b43_jssi_write(dev, 0x7F7F7F7F);
1324 b43_write32(dev, B43_MMIO_MACCMD,
1325 b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1326}
1327
1328static void b43_calculate_link_quality(struct b43_wldev *dev)
1329{
1330 /* Top half of Link Quality calculation. */
1331
1332 if (dev->phy.type != B43_PHYTYPE_G)
1333 return;
1334 if (dev->noisecalc.calculation_running)
1335 return;
1336 dev->noisecalc.calculation_running = true;
1337 dev->noisecalc.nr_samples = 0;
1338
1339 b43_generate_noise_sample(dev);
1340}
1341
1342static void handle_irq_noise(struct b43_wldev *dev)
1343{
1344 struct b43_phy_g *phy = dev->phy.g;
1345 u16 tmp;
1346 u8 noise[4];
1347 u8 i, j;
1348 s32 average;
1349
1350 /* Bottom half of Link Quality calculation. */
1351
1352 if (dev->phy.type != B43_PHYTYPE_G)
1353 return;
1354
1355 /* Possible race condition: It might be possible that the user
1356 * changed to a different channel in the meantime since we
1357 * started the calculation. We ignore that fact, since it's
1358 * not really that much of a problem. The background noise is
1359 * an estimation only anyway. Slightly wrong results will get damped
1360 * by the averaging of the 8 sample rounds. Additionally the
1361 * value is shortlived. So it will be replaced by the next noise
1362 * calculation round soon. */
1363
1364 B43_WARN_ON(!dev->noisecalc.calculation_running);
1365 *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1366 if (noise[0] == 0x7F || noise[1] == 0x7F ||
1367 noise[2] == 0x7F || noise[3] == 0x7F)
1368 goto generate_new;
1369
1370 /* Get the noise samples. */
1371 B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1372 i = dev->noisecalc.nr_samples;
1373 noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1374 noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1375 noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1376 noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1377 dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1378 dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1379 dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1380 dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1381 dev->noisecalc.nr_samples++;
1382 if (dev->noisecalc.nr_samples == 8) {
1383 /* Calculate the Link Quality by the noise samples. */
1384 average = 0;
1385 for (i = 0; i < 8; i++) {
1386 for (j = 0; j < 4; j++)
1387 average += dev->noisecalc.samples[i][j];
1388 }
1389 average /= (8 * 4);
1390 average *= 125;
1391 average += 64;
1392 average /= 128;
1393 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1394 tmp = (tmp / 128) & 0x1F;
1395 if (tmp >= 8)
1396 average += 2;
1397 else
1398 average -= 25;
1399 if (tmp == 8)
1400 average -= 72;
1401 else
1402 average -= 48;
1403
1404 dev->stats.link_noise = average;
1405 dev->noisecalc.calculation_running = false;
1406 return;
1407 }
1408generate_new:
1409 b43_generate_noise_sample(dev);
1410}
1411
1412static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1413{
1414 if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1415 ///TODO: PS TBTT
1416 } else {
1417 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1418 b43_power_saving_ctl_bits(dev, 0);
1419 }
1420 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1421 dev->dfq_valid = true;
1422}
1423
1424static void handle_irq_atim_end(struct b43_wldev *dev)
1425{
1426 if (dev->dfq_valid) {
1427 b43_write32(dev, B43_MMIO_MACCMD,
1428 b43_read32(dev, B43_MMIO_MACCMD)
1429 | B43_MACCMD_DFQ_VALID);
1430 dev->dfq_valid = false;
1431 }
1432}
1433
1434static void handle_irq_pmq(struct b43_wldev *dev)
1435{
1436 u32 tmp;
1437
1438 //TODO: AP mode.
1439
1440 while (1) {
1441 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1442 if (!(tmp & 0x00000008))
1443 break;
1444 }
1445 /* 16bit write is odd, but correct. */
1446 b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1447}
1448
1449static void b43_write_template_common(struct b43_wldev *dev,
1450 const u8 *data, u16 size,
1451 u16 ram_offset,
1452 u16 shm_size_offset, u8 rate)
1453{
1454 u32 i, tmp;
1455 struct b43_plcp_hdr4 plcp;
1456
1457 plcp.data = 0;
1458 b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1459 b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1460 ram_offset += sizeof(u32);
1461 /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1462 * So leave the first two bytes of the next write blank.
1463 */
1464 tmp = (u32) (data[0]) << 16;
1465 tmp |= (u32) (data[1]) << 24;
1466 b43_ram_write(dev, ram_offset, tmp);
1467 ram_offset += sizeof(u32);
1468 for (i = 2; i < size; i += sizeof(u32)) {
1469 tmp = (u32) (data[i + 0]);
1470 if (i + 1 < size)
1471 tmp |= (u32) (data[i + 1]) << 8;
1472 if (i + 2 < size)
1473 tmp |= (u32) (data[i + 2]) << 16;
1474 if (i + 3 < size)
1475 tmp |= (u32) (data[i + 3]) << 24;
1476 b43_ram_write(dev, ram_offset + i - 2, tmp);
1477 }
1478 b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1479 size + sizeof(struct b43_plcp_hdr6));
1480}
1481
1482/* Check if the use of the antenna that ieee80211 told us to
1483 * use is possible. This will fall back to DEFAULT.
1484 * "antenna_nr" is the antenna identifier we got from ieee80211. */
1485u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1486 u8 antenna_nr)
1487{
1488 u8 antenna_mask;
1489
1490 if (antenna_nr == 0) {
1491 /* Zero means "use default antenna". That's always OK. */
1492 return 0;
1493 }
1494
1495 /* Get the mask of available antennas. */
1496 if (dev->phy.gmode)
1497 antenna_mask = dev->dev->bus_sprom->ant_available_bg;
1498 else
1499 antenna_mask = dev->dev->bus_sprom->ant_available_a;
1500
1501 if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1502 /* This antenna is not available. Fall back to default. */
1503 return 0;
1504 }
1505
1506 return antenna_nr;
1507}
1508
1509/* Convert a b43 antenna number value to the PHY TX control value. */
1510static u16 b43_antenna_to_phyctl(int antenna)
1511{
1512 switch (antenna) {
1513 case B43_ANTENNA0:
1514 return B43_TXH_PHY_ANT0;
1515 case B43_ANTENNA1:
1516 return B43_TXH_PHY_ANT1;
1517 case B43_ANTENNA2:
1518 return B43_TXH_PHY_ANT2;
1519 case B43_ANTENNA3:
1520 return B43_TXH_PHY_ANT3;
1521 case B43_ANTENNA_AUTO0:
1522 case B43_ANTENNA_AUTO1:
1523 return B43_TXH_PHY_ANT01AUTO;
1524 }
1525 B43_WARN_ON(1);
1526 return 0;
1527}
1528
1529static void b43_write_beacon_template(struct b43_wldev *dev,
1530 u16 ram_offset,
1531 u16 shm_size_offset)
1532{
1533 unsigned int i, len, variable_len;
1534 const struct ieee80211_mgmt *bcn;
1535 const u8 *ie;
1536 bool tim_found = false;
1537 unsigned int rate;
1538 u16 ctl;
1539 int antenna;
1540 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1541
1542 bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1543 len = min((size_t) dev->wl->current_beacon->len,
1544 0x200 - sizeof(struct b43_plcp_hdr6));
1545 rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1546
1547 b43_write_template_common(dev, (const u8 *)bcn,
1548 len, ram_offset, shm_size_offset, rate);
1549
1550 /* Write the PHY TX control parameters. */
1551 antenna = B43_ANTENNA_DEFAULT;
1552 antenna = b43_antenna_to_phyctl(antenna);
1553 ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1554 /* We can't send beacons with short preamble. Would get PHY errors. */
1555 ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1556 ctl &= ~B43_TXH_PHY_ANT;
1557 ctl &= ~B43_TXH_PHY_ENC;
1558 ctl |= antenna;
1559 if (b43_is_cck_rate(rate))
1560 ctl |= B43_TXH_PHY_ENC_CCK;
1561 else
1562 ctl |= B43_TXH_PHY_ENC_OFDM;
1563 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1564
1565 /* Find the position of the TIM and the DTIM_period value
1566 * and write them to SHM. */
1567 ie = bcn->u.beacon.variable;
1568 variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1569 for (i = 0; i < variable_len - 2; ) {
1570 uint8_t ie_id, ie_len;
1571
1572 ie_id = ie[i];
1573 ie_len = ie[i + 1];
1574 if (ie_id == 5) {
1575 u16 tim_position;
1576 u16 dtim_period;
1577 /* This is the TIM Information Element */
1578
1579 /* Check whether the ie_len is in the beacon data range. */
1580 if (variable_len < ie_len + 2 + i)
1581 break;
1582 /* A valid TIM is at least 4 bytes long. */
1583 if (ie_len < 4)
1584 break;
1585 tim_found = true;
1586
1587 tim_position = sizeof(struct b43_plcp_hdr6);
1588 tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1589 tim_position += i;
1590
1591 dtim_period = ie[i + 3];
1592
1593 b43_shm_write16(dev, B43_SHM_SHARED,
1594 B43_SHM_SH_TIMBPOS, tim_position);
1595 b43_shm_write16(dev, B43_SHM_SHARED,
1596 B43_SHM_SH_DTIMPER, dtim_period);
1597 break;
1598 }
1599 i += ie_len + 2;
1600 }
1601 if (!tim_found) {
1602 /*
1603 * If ucode wants to modify TIM do it behind the beacon, this
1604 * will happen, for example, when doing mesh networking.
1605 */
1606 b43_shm_write16(dev, B43_SHM_SHARED,
1607 B43_SHM_SH_TIMBPOS,
1608 len + sizeof(struct b43_plcp_hdr6));
1609 b43_shm_write16(dev, B43_SHM_SHARED,
1610 B43_SHM_SH_DTIMPER, 0);
1611 }
1612 b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1613}
1614
1615static void b43_upload_beacon0(struct b43_wldev *dev)
1616{
1617 struct b43_wl *wl = dev->wl;
1618
1619 if (wl->beacon0_uploaded)
1620 return;
1621 b43_write_beacon_template(dev, 0x68, 0x18);
1622 wl->beacon0_uploaded = true;
1623}
1624
1625static void b43_upload_beacon1(struct b43_wldev *dev)
1626{
1627 struct b43_wl *wl = dev->wl;
1628
1629 if (wl->beacon1_uploaded)
1630 return;
1631 b43_write_beacon_template(dev, 0x468, 0x1A);
1632 wl->beacon1_uploaded = true;
1633}
1634
1635static void handle_irq_beacon(struct b43_wldev *dev)
1636{
1637 struct b43_wl *wl = dev->wl;
1638 u32 cmd, beacon0_valid, beacon1_valid;
1639
1640 if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1641 !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) &&
1642 !b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
1643 return;
1644
1645 /* This is the bottom half of the asynchronous beacon update. */
1646
1647 /* Ignore interrupt in the future. */
1648 dev->irq_mask &= ~B43_IRQ_BEACON;
1649
1650 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1651 beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1652 beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1653
1654 /* Schedule interrupt manually, if busy. */
1655 if (beacon0_valid && beacon1_valid) {
1656 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1657 dev->irq_mask |= B43_IRQ_BEACON;
1658 return;
1659 }
1660
1661 if (unlikely(wl->beacon_templates_virgin)) {
1662 /* We never uploaded a beacon before.
1663 * Upload both templates now, but only mark one valid. */
1664 wl->beacon_templates_virgin = false;
1665 b43_upload_beacon0(dev);
1666 b43_upload_beacon1(dev);
1667 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1668 cmd |= B43_MACCMD_BEACON0_VALID;
1669 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1670 } else {
1671 if (!beacon0_valid) {
1672 b43_upload_beacon0(dev);
1673 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1674 cmd |= B43_MACCMD_BEACON0_VALID;
1675 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1676 } else if (!beacon1_valid) {
1677 b43_upload_beacon1(dev);
1678 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1679 cmd |= B43_MACCMD_BEACON1_VALID;
1680 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1681 }
1682 }
1683}
1684
1685static void b43_do_beacon_update_trigger_work(struct b43_wldev *dev)
1686{
1687 u32 old_irq_mask = dev->irq_mask;
1688
1689 /* update beacon right away or defer to irq */
1690 handle_irq_beacon(dev);
1691 if (old_irq_mask != dev->irq_mask) {
1692 /* The handler updated the IRQ mask. */
1693 B43_WARN_ON(!dev->irq_mask);
1694 if (b43_read32(dev, B43_MMIO_GEN_IRQ_MASK)) {
1695 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1696 } else {
1697 /* Device interrupts are currently disabled. That means
1698 * we just ran the hardirq handler and scheduled the
1699 * IRQ thread. The thread will write the IRQ mask when
1700 * it finished, so there's nothing to do here. Writing
1701 * the mask _here_ would incorrectly re-enable IRQs. */
1702 }
1703 }
1704}
1705
1706static void b43_beacon_update_trigger_work(struct work_struct *work)
1707{
1708 struct b43_wl *wl = container_of(work, struct b43_wl,
1709 beacon_update_trigger);
1710 struct b43_wldev *dev;
1711
1712 mutex_lock(&wl->mutex);
1713 dev = wl->current_dev;
1714 if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1715 if (b43_bus_host_is_sdio(dev->dev)) {
1716 /* wl->mutex is enough. */
1717 b43_do_beacon_update_trigger_work(dev);
1718 mmiowb();
1719 } else {
1720 spin_lock_irq(&wl->hardirq_lock);
1721 b43_do_beacon_update_trigger_work(dev);
1722 mmiowb();
1723 spin_unlock_irq(&wl->hardirq_lock);
1724 }
1725 }
1726 mutex_unlock(&wl->mutex);
1727}
1728
1729/* Asynchronously update the packet templates in template RAM.
1730 * Locking: Requires wl->mutex to be locked. */
1731static void b43_update_templates(struct b43_wl *wl)
1732{
1733 struct sk_buff *beacon;
1734
1735 /* This is the top half of the ansynchronous beacon update.
1736 * The bottom half is the beacon IRQ.
1737 * Beacon update must be asynchronous to avoid sending an
1738 * invalid beacon. This can happen for example, if the firmware
1739 * transmits a beacon while we are updating it. */
1740
1741 /* We could modify the existing beacon and set the aid bit in
1742 * the TIM field, but that would probably require resizing and
1743 * moving of data within the beacon template.
1744 * Simply request a new beacon and let mac80211 do the hard work. */
1745 beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1746 if (unlikely(!beacon))
1747 return;
1748
1749 if (wl->current_beacon)
1750 dev_kfree_skb_any(wl->current_beacon);
1751 wl->current_beacon = beacon;
1752 wl->beacon0_uploaded = false;
1753 wl->beacon1_uploaded = false;
1754 ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1755}
1756
1757static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1758{
1759 b43_time_lock(dev);
1760 if (dev->dev->core_rev >= 3) {
1761 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1762 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1763 } else {
1764 b43_write16(dev, 0x606, (beacon_int >> 6));
1765 b43_write16(dev, 0x610, beacon_int);
1766 }
1767 b43_time_unlock(dev);
1768 b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1769}
1770
1771static void b43_handle_firmware_panic(struct b43_wldev *dev)
1772{
1773 u16 reason;
1774
1775 /* Read the register that contains the reason code for the panic. */
1776 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1777 b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1778
1779 switch (reason) {
1780 default:
1781 b43dbg(dev->wl, "The panic reason is unknown.\n");
1782 /* fallthrough */
1783 case B43_FWPANIC_DIE:
1784 /* Do not restart the controller or firmware.
1785 * The device is nonfunctional from now on.
1786 * Restarting would result in this panic to trigger again,
1787 * so we avoid that recursion. */
1788 break;
1789 case B43_FWPANIC_RESTART:
1790 b43_controller_restart(dev, "Microcode panic");
1791 break;
1792 }
1793}
1794
1795static void handle_irq_ucode_debug(struct b43_wldev *dev)
1796{
1797 unsigned int i, cnt;
1798 u16 reason, marker_id, marker_line;
1799 __le16 *buf;
1800
1801 /* The proprietary firmware doesn't have this IRQ. */
1802 if (!dev->fw.opensource)
1803 return;
1804
1805 /* Read the register that contains the reason code for this IRQ. */
1806 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1807
1808 switch (reason) {
1809 case B43_DEBUGIRQ_PANIC:
1810 b43_handle_firmware_panic(dev);
1811 break;
1812 case B43_DEBUGIRQ_DUMP_SHM:
1813 if (!B43_DEBUG)
1814 break; /* Only with driver debugging enabled. */
1815 buf = kmalloc(4096, GFP_ATOMIC);
1816 if (!buf) {
1817 b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1818 goto out;
1819 }
1820 for (i = 0; i < 4096; i += 2) {
1821 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1822 buf[i / 2] = cpu_to_le16(tmp);
1823 }
1824 b43info(dev->wl, "Shared memory dump:\n");
1825 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1826 16, 2, buf, 4096, 1);
1827 kfree(buf);
1828 break;
1829 case B43_DEBUGIRQ_DUMP_REGS:
1830 if (!B43_DEBUG)
1831 break; /* Only with driver debugging enabled. */
1832 b43info(dev->wl, "Microcode register dump:\n");
1833 for (i = 0, cnt = 0; i < 64; i++) {
1834 u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1835 if (cnt == 0)
1836 printk(KERN_INFO);
1837 printk("r%02u: 0x%04X ", i, tmp);
1838 cnt++;
1839 if (cnt == 6) {
1840 printk("\n");
1841 cnt = 0;
1842 }
1843 }
1844 printk("\n");
1845 break;
1846 case B43_DEBUGIRQ_MARKER:
1847 if (!B43_DEBUG)
1848 break; /* Only with driver debugging enabled. */
1849 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1850 B43_MARKER_ID_REG);
1851 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1852 B43_MARKER_LINE_REG);
1853 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1854 "at line number %u\n",
1855 marker_id, marker_line);
1856 break;
1857 default:
1858 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1859 reason);
1860 }
1861out:
1862 /* Acknowledge the debug-IRQ, so the firmware can continue. */
1863 b43_shm_write16(dev, B43_SHM_SCRATCH,
1864 B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1865}
1866
1867static void b43_do_interrupt_thread(struct b43_wldev *dev)
1868{
1869 u32 reason;
1870 u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1871 u32 merged_dma_reason = 0;
1872 int i;
1873
1874 if (unlikely(b43_status(dev) != B43_STAT_STARTED))
1875 return;
1876
1877 reason = dev->irq_reason;
1878 for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1879 dma_reason[i] = dev->dma_reason[i];
1880 merged_dma_reason |= dma_reason[i];
1881 }
1882
1883 if (unlikely(reason & B43_IRQ_MAC_TXERR))
1884 b43err(dev->wl, "MAC transmission error\n");
1885
1886 if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1887 b43err(dev->wl, "PHY transmission error\n");
1888 rmb();
1889 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1890 atomic_set(&dev->phy.txerr_cnt,
1891 B43_PHY_TX_BADNESS_LIMIT);
1892 b43err(dev->wl, "Too many PHY TX errors, "
1893 "restarting the controller\n");
1894 b43_controller_restart(dev, "PHY TX errors");
1895 }
1896 }
1897
1898 if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK |
1899 B43_DMAIRQ_NONFATALMASK))) {
1900 if (merged_dma_reason & B43_DMAIRQ_FATALMASK) {
1901 b43err(dev->wl, "Fatal DMA error: "
1902 "0x%08X, 0x%08X, 0x%08X, "
1903 "0x%08X, 0x%08X, 0x%08X\n",
1904 dma_reason[0], dma_reason[1],
1905 dma_reason[2], dma_reason[3],
1906 dma_reason[4], dma_reason[5]);
1907 b43err(dev->wl, "This device does not support DMA "
1908 "on your system. It will now be switched to PIO.\n");
1909 /* Fall back to PIO transfers if we get fatal DMA errors! */
1910 dev->use_pio = true;
1911 b43_controller_restart(dev, "DMA error");
1912 return;
1913 }
1914 if (merged_dma_reason & B43_DMAIRQ_NONFATALMASK) {
1915 b43err(dev->wl, "DMA error: "
1916 "0x%08X, 0x%08X, 0x%08X, "
1917 "0x%08X, 0x%08X, 0x%08X\n",
1918 dma_reason[0], dma_reason[1],
1919 dma_reason[2], dma_reason[3],
1920 dma_reason[4], dma_reason[5]);
1921 }
1922 }
1923
1924 if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1925 handle_irq_ucode_debug(dev);
1926 if (reason & B43_IRQ_TBTT_INDI)
1927 handle_irq_tbtt_indication(dev);
1928 if (reason & B43_IRQ_ATIM_END)
1929 handle_irq_atim_end(dev);
1930 if (reason & B43_IRQ_BEACON)
1931 handle_irq_beacon(dev);
1932 if (reason & B43_IRQ_PMQ)
1933 handle_irq_pmq(dev);
1934 if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1935 ;/* TODO */
1936 if (reason & B43_IRQ_NOISESAMPLE_OK)
1937 handle_irq_noise(dev);
1938
1939 /* Check the DMA reason registers for received data. */
1940 if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
1941 if (b43_using_pio_transfers(dev))
1942 b43_pio_rx(dev->pio.rx_queue);
1943 else
1944 b43_dma_rx(dev->dma.rx_ring);
1945 }
1946 B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1947 B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
1948 B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
1949 B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1950 B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1951
1952 if (reason & B43_IRQ_TX_OK)
1953 handle_irq_transmit_status(dev);
1954
1955 /* Re-enable interrupts on the device by restoring the current interrupt mask. */
1956 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1957
1958#if B43_DEBUG
1959 if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
1960 dev->irq_count++;
1961 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
1962 if (reason & (1 << i))
1963 dev->irq_bit_count[i]++;
1964 }
1965 }
1966#endif
1967}
1968
1969/* Interrupt thread handler. Handles device interrupts in thread context. */
1970static irqreturn_t b43_interrupt_thread_handler(int irq, void *dev_id)
1971{
1972 struct b43_wldev *dev = dev_id;
1973
1974 mutex_lock(&dev->wl->mutex);
1975 b43_do_interrupt_thread(dev);
1976 mmiowb();
1977 mutex_unlock(&dev->wl->mutex);
1978
1979 return IRQ_HANDLED;
1980}
1981
1982static irqreturn_t b43_do_interrupt(struct b43_wldev *dev)
1983{
1984 u32 reason;
1985
1986 /* This code runs under wl->hardirq_lock, but _only_ on non-SDIO busses.
1987 * On SDIO, this runs under wl->mutex. */
1988
1989 reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1990 if (reason == 0xffffffff) /* shared IRQ */
1991 return IRQ_NONE;
1992 reason &= dev->irq_mask;
1993 if (!reason)
1994 return IRQ_NONE;
1995
1996 dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
1997 & 0x0001DC00;
1998 dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
1999 & 0x0000DC00;
2000 dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
2001 & 0x0000DC00;
2002 dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
2003 & 0x0001DC00;
2004 dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
2005 & 0x0000DC00;
2006/* Unused ring
2007 dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
2008 & 0x0000DC00;
2009*/
2010
2011 /* ACK the interrupt. */
2012 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
2013 b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
2014 b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
2015 b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
2016 b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
2017 b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
2018/* Unused ring
2019 b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
2020*/
2021
2022 /* Disable IRQs on the device. The IRQ thread handler will re-enable them. */
2023 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
2024 /* Save the reason bitmasks for the IRQ thread handler. */
2025 dev->irq_reason = reason;
2026
2027 return IRQ_WAKE_THREAD;
2028}
2029
2030/* Interrupt handler top-half. This runs with interrupts disabled. */
2031static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
2032{
2033 struct b43_wldev *dev = dev_id;
2034 irqreturn_t ret;
2035
2036 if (unlikely(b43_status(dev) < B43_STAT_STARTED))
2037 return IRQ_NONE;
2038
2039 spin_lock(&dev->wl->hardirq_lock);
2040 ret = b43_do_interrupt(dev);
2041 mmiowb();
2042 spin_unlock(&dev->wl->hardirq_lock);
2043
2044 return ret;
2045}
2046
2047/* SDIO interrupt handler. This runs in process context. */
2048static void b43_sdio_interrupt_handler(struct b43_wldev *dev)
2049{
2050 struct b43_wl *wl = dev->wl;
2051 irqreturn_t ret;
2052
2053 mutex_lock(&wl->mutex);
2054
2055 ret = b43_do_interrupt(dev);
2056 if (ret == IRQ_WAKE_THREAD)
2057 b43_do_interrupt_thread(dev);
2058
2059 mutex_unlock(&wl->mutex);
2060}
2061
2062void b43_do_release_fw(struct b43_firmware_file *fw)
2063{
2064 release_firmware(fw->data);
2065 fw->data = NULL;
2066 fw->filename = NULL;
2067}
2068
2069static void b43_release_firmware(struct b43_wldev *dev)
2070{
2071 b43_do_release_fw(&dev->fw.ucode);
2072 b43_do_release_fw(&dev->fw.pcm);
2073 b43_do_release_fw(&dev->fw.initvals);
2074 b43_do_release_fw(&dev->fw.initvals_band);
2075}
2076
2077static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
2078{
2079 const char text[] =
2080 "You must go to " \
2081 "http://wireless.kernel.org/en/users/Drivers/b43#devicefirmware " \
2082 "and download the correct firmware for this driver version. " \
2083 "Please carefully read all instructions on this website.\n";
2084
2085 if (error)
2086 b43err(wl, text);
2087 else
2088 b43warn(wl, text);
2089}
2090
2091int b43_do_request_fw(struct b43_request_fw_context *ctx,
2092 const char *name,
2093 struct b43_firmware_file *fw)
2094{
2095 const struct firmware *blob;
2096 struct b43_fw_header *hdr;
2097 u32 size;
2098 int err;
2099
2100 if (!name) {
2101 /* Don't fetch anything. Free possibly cached firmware. */
2102 /* FIXME: We should probably keep it anyway, to save some headache
2103 * on suspend/resume with multiband devices. */
2104 b43_do_release_fw(fw);
2105 return 0;
2106 }
2107 if (fw->filename) {
2108 if ((fw->type == ctx->req_type) &&
2109 (strcmp(fw->filename, name) == 0))
2110 return 0; /* Already have this fw. */
2111 /* Free the cached firmware first. */
2112 /* FIXME: We should probably do this later after we successfully
2113 * got the new fw. This could reduce headache with multiband devices.
2114 * We could also redesign this to cache the firmware for all possible
2115 * bands all the time. */
2116 b43_do_release_fw(fw);
2117 }
2118
2119 switch (ctx->req_type) {
2120 case B43_FWTYPE_PROPRIETARY:
2121 snprintf(ctx->fwname, sizeof(ctx->fwname),
2122 "b43%s/%s.fw",
2123 modparam_fwpostfix, name);
2124 break;
2125 case B43_FWTYPE_OPENSOURCE:
2126 snprintf(ctx->fwname, sizeof(ctx->fwname),
2127 "b43-open%s/%s.fw",
2128 modparam_fwpostfix, name);
2129 break;
2130 default:
2131 B43_WARN_ON(1);
2132 return -ENOSYS;
2133 }
2134 err = request_firmware(&blob, ctx->fwname, ctx->dev->dev->dev);
2135 if (err == -ENOENT) {
2136 snprintf(ctx->errors[ctx->req_type],
2137 sizeof(ctx->errors[ctx->req_type]),
2138 "Firmware file \"%s\" not found\n", ctx->fwname);
2139 return err;
2140 } else if (err) {
2141 snprintf(ctx->errors[ctx->req_type],
2142 sizeof(ctx->errors[ctx->req_type]),
2143 "Firmware file \"%s\" request failed (err=%d)\n",
2144 ctx->fwname, err);
2145 return err;
2146 }
2147 if (blob->size < sizeof(struct b43_fw_header))
2148 goto err_format;
2149 hdr = (struct b43_fw_header *)(blob->data);
2150 switch (hdr->type) {
2151 case B43_FW_TYPE_UCODE:
2152 case B43_FW_TYPE_PCM:
2153 size = be32_to_cpu(hdr->size);
2154 if (size != blob->size - sizeof(struct b43_fw_header))
2155 goto err_format;
2156 /* fallthrough */
2157 case B43_FW_TYPE_IV:
2158 if (hdr->ver != 1)
2159 goto err_format;
2160 break;
2161 default:
2162 goto err_format;
2163 }
2164
2165 fw->data = blob;
2166 fw->filename = name;
2167 fw->type = ctx->req_type;
2168
2169 return 0;
2170
2171err_format:
2172 snprintf(ctx->errors[ctx->req_type],
2173 sizeof(ctx->errors[ctx->req_type]),
2174 "Firmware file \"%s\" format error.\n", ctx->fwname);
2175 release_firmware(blob);
2176
2177 return -EPROTO;
2178}
2179
2180static int b43_try_request_fw(struct b43_request_fw_context *ctx)
2181{
2182 struct b43_wldev *dev = ctx->dev;
2183 struct b43_firmware *fw = &ctx->dev->fw;
2184 const u8 rev = ctx->dev->dev->core_rev;
2185 const char *filename;
2186 u32 tmshigh;
2187 int err;
2188
2189 /* Files for HT and LCN were found by trying one by one */
2190
2191 /* Get microcode */
2192 if ((rev >= 5) && (rev <= 10)) {
2193 filename = "ucode5";
2194 } else if ((rev >= 11) && (rev <= 12)) {
2195 filename = "ucode11";
2196 } else if (rev == 13) {
2197 filename = "ucode13";
2198 } else if (rev == 14) {
2199 filename = "ucode14";
2200 } else if (rev == 15) {
2201 filename = "ucode15";
2202 } else {
2203 switch (dev->phy.type) {
2204 case B43_PHYTYPE_N:
2205 if (rev >= 16)
2206 filename = "ucode16_mimo";
2207 else
2208 goto err_no_ucode;
2209 break;
2210 case B43_PHYTYPE_HT:
2211 if (rev == 29)
2212 filename = "ucode29_mimo";
2213 else
2214 goto err_no_ucode;
2215 break;
2216 case B43_PHYTYPE_LCN:
2217 if (rev == 24)
2218 filename = "ucode24_mimo";
2219 else
2220 goto err_no_ucode;
2221 break;
2222 default:
2223 goto err_no_ucode;
2224 }
2225 }
2226 err = b43_do_request_fw(ctx, filename, &fw->ucode);
2227 if (err)
2228 goto err_load;
2229
2230 /* Get PCM code */
2231 if ((rev >= 5) && (rev <= 10))
2232 filename = "pcm5";
2233 else if (rev >= 11)
2234 filename = NULL;
2235 else
2236 goto err_no_pcm;
2237 fw->pcm_request_failed = false;
2238 err = b43_do_request_fw(ctx, filename, &fw->pcm);
2239 if (err == -ENOENT) {
2240 /* We did not find a PCM file? Not fatal, but
2241 * core rev <= 10 must do without hwcrypto then. */
2242 fw->pcm_request_failed = true;
2243 } else if (err)
2244 goto err_load;
2245
2246 /* Get initvals */
2247 switch (dev->phy.type) {
2248 case B43_PHYTYPE_A:
2249 if ((rev >= 5) && (rev <= 10)) {
2250 tmshigh = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
2251 if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2252 filename = "a0g1initvals5";
2253 else
2254 filename = "a0g0initvals5";
2255 } else
2256 goto err_no_initvals;
2257 break;
2258 case B43_PHYTYPE_G:
2259 if ((rev >= 5) && (rev <= 10))
2260 filename = "b0g0initvals5";
2261 else if (rev >= 13)
2262 filename = "b0g0initvals13";
2263 else
2264 goto err_no_initvals;
2265 break;
2266 case B43_PHYTYPE_N:
2267 if (rev >= 16)
2268 filename = "n0initvals16";
2269 else if ((rev >= 11) && (rev <= 12))
2270 filename = "n0initvals11";
2271 else
2272 goto err_no_initvals;
2273 break;
2274 case B43_PHYTYPE_LP:
2275 if (rev == 13)
2276 filename = "lp0initvals13";
2277 else if (rev == 14)
2278 filename = "lp0initvals14";
2279 else if (rev >= 15)
2280 filename = "lp0initvals15";
2281 else
2282 goto err_no_initvals;
2283 break;
2284 case B43_PHYTYPE_HT:
2285 if (rev == 29)
2286 filename = "ht0initvals29";
2287 else
2288 goto err_no_initvals;
2289 break;
2290 case B43_PHYTYPE_LCN:
2291 if (rev == 24)
2292 filename = "lcn0initvals24";
2293 else
2294 goto err_no_initvals;
2295 break;
2296 default:
2297 goto err_no_initvals;
2298 }
2299 err = b43_do_request_fw(ctx, filename, &fw->initvals);
2300 if (err)
2301 goto err_load;
2302
2303 /* Get bandswitch initvals */
2304 switch (dev->phy.type) {
2305 case B43_PHYTYPE_A:
2306 if ((rev >= 5) && (rev <= 10)) {
2307 tmshigh = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
2308 if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2309 filename = "a0g1bsinitvals5";
2310 else
2311 filename = "a0g0bsinitvals5";
2312 } else if (rev >= 11)
2313 filename = NULL;
2314 else
2315 goto err_no_initvals;
2316 break;
2317 case B43_PHYTYPE_G:
2318 if ((rev >= 5) && (rev <= 10))
2319 filename = "b0g0bsinitvals5";
2320 else if (rev >= 11)
2321 filename = NULL;
2322 else
2323 goto err_no_initvals;
2324 break;
2325 case B43_PHYTYPE_N:
2326 if (rev >= 16)
2327 filename = "n0bsinitvals16";
2328 else if ((rev >= 11) && (rev <= 12))
2329 filename = "n0bsinitvals11";
2330 else
2331 goto err_no_initvals;
2332 break;
2333 case B43_PHYTYPE_LP:
2334 if (rev == 13)
2335 filename = "lp0bsinitvals13";
2336 else if (rev == 14)
2337 filename = "lp0bsinitvals14";
2338 else if (rev >= 15)
2339 filename = "lp0bsinitvals15";
2340 else
2341 goto err_no_initvals;
2342 break;
2343 case B43_PHYTYPE_HT:
2344 if (rev == 29)
2345 filename = "ht0bsinitvals29";
2346 else
2347 goto err_no_initvals;
2348 break;
2349 case B43_PHYTYPE_LCN:
2350 if (rev == 24)
2351 filename = "lcn0bsinitvals24";
2352 else
2353 goto err_no_initvals;
2354 break;
2355 default:
2356 goto err_no_initvals;
2357 }
2358 err = b43_do_request_fw(ctx, filename, &fw->initvals_band);
2359 if (err)
2360 goto err_load;
2361
2362 fw->opensource = (ctx->req_type == B43_FWTYPE_OPENSOURCE);
2363
2364 return 0;
2365
2366err_no_ucode:
2367 err = ctx->fatal_failure = -EOPNOTSUPP;
2368 b43err(dev->wl, "The driver does not know which firmware (ucode) "
2369 "is required for your device (wl-core rev %u)\n", rev);
2370 goto error;
2371
2372err_no_pcm:
2373 err = ctx->fatal_failure = -EOPNOTSUPP;
2374 b43err(dev->wl, "The driver does not know which firmware (PCM) "
2375 "is required for your device (wl-core rev %u)\n", rev);
2376 goto error;
2377
2378err_no_initvals:
2379 err = ctx->fatal_failure = -EOPNOTSUPP;
2380 b43err(dev->wl, "The driver does not know which firmware (initvals) "
2381 "is required for your device (wl-core rev %u)\n", rev);
2382 goto error;
2383
2384err_load:
2385 /* We failed to load this firmware image. The error message
2386 * already is in ctx->errors. Return and let our caller decide
2387 * what to do. */
2388 goto error;
2389
2390error:
2391 b43_release_firmware(dev);
2392 return err;
2393}
2394
2395static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl);
2396static void b43_one_core_detach(struct b43_bus_dev *dev);
2397
2398static void b43_request_firmware(struct work_struct *work)
2399{
2400 struct b43_wl *wl = container_of(work,
2401 struct b43_wl, firmware_load);
2402 struct b43_wldev *dev = wl->current_dev;
2403 struct b43_request_fw_context *ctx;
2404 unsigned int i;
2405 int err;
2406 const char *errmsg;
2407
2408 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2409 if (!ctx)
2410 return;
2411 ctx->dev = dev;
2412
2413 ctx->req_type = B43_FWTYPE_PROPRIETARY;
2414 err = b43_try_request_fw(ctx);
2415 if (!err)
2416 goto start_ieee80211; /* Successfully loaded it. */
2417 /* Was fw version known? */
2418 if (ctx->fatal_failure)
2419 goto out;
2420
2421 /* proprietary fw not found, try open source */
2422 ctx->req_type = B43_FWTYPE_OPENSOURCE;
2423 err = b43_try_request_fw(ctx);
2424 if (!err)
2425 goto start_ieee80211; /* Successfully loaded it. */
2426 if(ctx->fatal_failure)
2427 goto out;
2428
2429 /* Could not find a usable firmware. Print the errors. */
2430 for (i = 0; i < B43_NR_FWTYPES; i++) {
2431 errmsg = ctx->errors[i];
2432 if (strlen(errmsg))
2433 b43err(dev->wl, errmsg);
2434 }
2435 b43_print_fw_helptext(dev->wl, 1);
2436 goto out;
2437
2438start_ieee80211:
2439 wl->hw->queues = B43_QOS_QUEUE_NUM;
2440 if (!modparam_qos || dev->fw.opensource)
2441 wl->hw->queues = 1;
2442
2443 err = ieee80211_register_hw(wl->hw);
2444 if (err)
2445 goto err_one_core_detach;
2446 wl->hw_registred = true;
2447 b43_leds_register(wl->current_dev);
2448 goto out;
2449
2450err_one_core_detach:
2451 b43_one_core_detach(dev->dev);
2452
2453out:
2454 kfree(ctx);
2455}
2456
2457static int b43_upload_microcode(struct b43_wldev *dev)
2458{
2459 struct wiphy *wiphy = dev->wl->hw->wiphy;
2460 const size_t hdr_len = sizeof(struct b43_fw_header);
2461 const __be32 *data;
2462 unsigned int i, len;
2463 u16 fwrev, fwpatch, fwdate, fwtime;
2464 u32 tmp, macctl;
2465 int err = 0;
2466
2467 /* Jump the microcode PSM to offset 0 */
2468 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2469 B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2470 macctl |= B43_MACCTL_PSM_JMP0;
2471 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2472 /* Zero out all microcode PSM registers and shared memory. */
2473 for (i = 0; i < 64; i++)
2474 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2475 for (i = 0; i < 4096; i += 2)
2476 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2477
2478 /* Upload Microcode. */
2479 data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2480 len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2481 b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2482 for (i = 0; i < len; i++) {
2483 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2484 udelay(10);
2485 }
2486
2487 if (dev->fw.pcm.data) {
2488 /* Upload PCM data. */
2489 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2490 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2491 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2492 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2493 /* No need for autoinc bit in SHM_HW */
2494 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2495 for (i = 0; i < len; i++) {
2496 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2497 udelay(10);
2498 }
2499 }
2500
2501 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2502
2503 /* Start the microcode PSM */
2504 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_JMP0,
2505 B43_MACCTL_PSM_RUN);
2506
2507 /* Wait for the microcode to load and respond */
2508 i = 0;
2509 while (1) {
2510 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2511 if (tmp == B43_IRQ_MAC_SUSPENDED)
2512 break;
2513 i++;
2514 if (i >= 20) {
2515 b43err(dev->wl, "Microcode not responding\n");
2516 b43_print_fw_helptext(dev->wl, 1);
2517 err = -ENODEV;
2518 goto error;
2519 }
2520 msleep(50);
2521 }
2522 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON); /* dummy read */
2523
2524 /* Get and check the revisions. */
2525 fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2526 fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2527 fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2528 fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2529
2530 if (fwrev <= 0x128) {
2531 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2532 "binary drivers older than version 4.x is unsupported. "
2533 "You must upgrade your firmware files.\n");
2534 b43_print_fw_helptext(dev->wl, 1);
2535 err = -EOPNOTSUPP;
2536 goto error;
2537 }
2538 dev->fw.rev = fwrev;
2539 dev->fw.patch = fwpatch;
2540 if (dev->fw.rev >= 598)
2541 dev->fw.hdr_format = B43_FW_HDR_598;
2542 else if (dev->fw.rev >= 410)
2543 dev->fw.hdr_format = B43_FW_HDR_410;
2544 else
2545 dev->fw.hdr_format = B43_FW_HDR_351;
2546 WARN_ON(dev->fw.opensource != (fwdate == 0xFFFF));
2547
2548 dev->qos_enabled = dev->wl->hw->queues > 1;
2549 /* Default to firmware/hardware crypto acceleration. */
2550 dev->hwcrypto_enabled = true;
2551
2552 if (dev->fw.opensource) {
2553 u16 fwcapa;
2554
2555 /* Patchlevel info is encoded in the "time" field. */
2556 dev->fw.patch = fwtime;
2557 b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2558 dev->fw.rev, dev->fw.patch);
2559
2560 fwcapa = b43_fwcapa_read(dev);
2561 if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2562 b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2563 /* Disable hardware crypto and fall back to software crypto. */
2564 dev->hwcrypto_enabled = false;
2565 }
2566 /* adding QoS support should use an offline discovery mechanism */
2567 WARN(fwcapa & B43_FWCAPA_QOS, "QoS in OpenFW not supported\n");
2568 } else {
2569 b43info(dev->wl, "Loading firmware version %u.%u "
2570 "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2571 fwrev, fwpatch,
2572 (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2573 (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2574 if (dev->fw.pcm_request_failed) {
2575 b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2576 "Hardware accelerated cryptography is disabled.\n");
2577 b43_print_fw_helptext(dev->wl, 0);
2578 }
2579 }
2580
2581 snprintf(wiphy->fw_version, sizeof(wiphy->fw_version), "%u.%u",
2582 dev->fw.rev, dev->fw.patch);
2583 wiphy->hw_version = dev->dev->core_id;
2584
2585 if (dev->fw.hdr_format == B43_FW_HDR_351) {
2586 /* We're over the deadline, but we keep support for old fw
2587 * until it turns out to be in major conflict with something new. */
2588 b43warn(dev->wl, "You are using an old firmware image. "
2589 "Support for old firmware will be removed soon "
2590 "(official deadline was July 2008).\n");
2591 b43_print_fw_helptext(dev->wl, 0);
2592 }
2593
2594 return 0;
2595
2596error:
2597 /* Stop the microcode PSM. */
2598 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
2599 B43_MACCTL_PSM_JMP0);
2600
2601 return err;
2602}
2603
2604static int b43_write_initvals(struct b43_wldev *dev,
2605 const struct b43_iv *ivals,
2606 size_t count,
2607 size_t array_size)
2608{
2609 const struct b43_iv *iv;
2610 u16 offset;
2611 size_t i;
2612 bool bit32;
2613
2614 BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2615 iv = ivals;
2616 for (i = 0; i < count; i++) {
2617 if (array_size < sizeof(iv->offset_size))
2618 goto err_format;
2619 array_size -= sizeof(iv->offset_size);
2620 offset = be16_to_cpu(iv->offset_size);
2621 bit32 = !!(offset & B43_IV_32BIT);
2622 offset &= B43_IV_OFFSET_MASK;
2623 if (offset >= 0x1000)
2624 goto err_format;
2625 if (bit32) {
2626 u32 value;
2627
2628 if (array_size < sizeof(iv->data.d32))
2629 goto err_format;
2630 array_size -= sizeof(iv->data.d32);
2631
2632 value = get_unaligned_be32(&iv->data.d32);
2633 b43_write32(dev, offset, value);
2634
2635 iv = (const struct b43_iv *)((const uint8_t *)iv +
2636 sizeof(__be16) +
2637 sizeof(__be32));
2638 } else {
2639 u16 value;
2640
2641 if (array_size < sizeof(iv->data.d16))
2642 goto err_format;
2643 array_size -= sizeof(iv->data.d16);
2644
2645 value = be16_to_cpu(iv->data.d16);
2646 b43_write16(dev, offset, value);
2647
2648 iv = (const struct b43_iv *)((const uint8_t *)iv +
2649 sizeof(__be16) +
2650 sizeof(__be16));
2651 }
2652 }
2653 if (array_size)
2654 goto err_format;
2655
2656 return 0;
2657
2658err_format:
2659 b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2660 b43_print_fw_helptext(dev->wl, 1);
2661
2662 return -EPROTO;
2663}
2664
2665static int b43_upload_initvals(struct b43_wldev *dev)
2666{
2667 const size_t hdr_len = sizeof(struct b43_fw_header);
2668 const struct b43_fw_header *hdr;
2669 struct b43_firmware *fw = &dev->fw;
2670 const struct b43_iv *ivals;
2671 size_t count;
2672 int err;
2673
2674 hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2675 ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2676 count = be32_to_cpu(hdr->size);
2677 err = b43_write_initvals(dev, ivals, count,
2678 fw->initvals.data->size - hdr_len);
2679 if (err)
2680 goto out;
2681 if (fw->initvals_band.data) {
2682 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2683 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2684 count = be32_to_cpu(hdr->size);
2685 err = b43_write_initvals(dev, ivals, count,
2686 fw->initvals_band.data->size - hdr_len);
2687 if (err)
2688 goto out;
2689 }
2690out:
2691
2692 return err;
2693}
2694
2695/* Initialize the GPIOs
2696 * http://bcm-specs.sipsolutions.net/GPIO
2697 */
2698static struct ssb_device *b43_ssb_gpio_dev(struct b43_wldev *dev)
2699{
2700 struct ssb_bus *bus = dev->dev->sdev->bus;
2701
2702#ifdef CONFIG_SSB_DRIVER_PCICORE
2703 return (bus->chipco.dev ? bus->chipco.dev : bus->pcicore.dev);
2704#else
2705 return bus->chipco.dev;
2706#endif
2707}
2708
2709static int b43_gpio_init(struct b43_wldev *dev)
2710{
2711 struct ssb_device *gpiodev;
2712 u32 mask, set;
2713
2714 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_GPOUTSMSK, 0);
2715 b43_maskset16(dev, B43_MMIO_GPIO_MASK, ~0, 0xF);
2716
2717 mask = 0x0000001F;
2718 set = 0x0000000F;
2719 if (dev->dev->chip_id == 0x4301) {
2720 mask |= 0x0060;
2721 set |= 0x0060;
2722 }
2723 if (dev->dev->chip_id == 0x5354)
2724 set &= 0xff02;
2725 if (0 /* FIXME: conditional unknown */ ) {
2726 b43_write16(dev, B43_MMIO_GPIO_MASK,
2727 b43_read16(dev, B43_MMIO_GPIO_MASK)
2728 | 0x0100);
2729 mask |= 0x0180;
2730 set |= 0x0180;
2731 }
2732 if (dev->dev->bus_sprom->boardflags_lo & B43_BFL_PACTRL) {
2733 b43_write16(dev, B43_MMIO_GPIO_MASK,
2734 b43_read16(dev, B43_MMIO_GPIO_MASK)
2735 | 0x0200);
2736 mask |= 0x0200;
2737 set |= 0x0200;
2738 }
2739 if (dev->dev->core_rev >= 2)
2740 mask |= 0x0010; /* FIXME: This is redundant. */
2741
2742 switch (dev->dev->bus_type) {
2743#ifdef CONFIG_B43_BCMA
2744 case B43_BUS_BCMA:
2745 bcma_cc_write32(&dev->dev->bdev->bus->drv_cc, BCMA_CC_GPIOCTL,
2746 (bcma_cc_read32(&dev->dev->bdev->bus->drv_cc,
2747 BCMA_CC_GPIOCTL) & mask) | set);
2748 break;
2749#endif
2750#ifdef CONFIG_B43_SSB
2751 case B43_BUS_SSB:
2752 gpiodev = b43_ssb_gpio_dev(dev);
2753 if (gpiodev)
2754 ssb_write32(gpiodev, B43_GPIO_CONTROL,
2755 (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2756 & mask) | set);
2757 break;
2758#endif
2759 }
2760
2761 return 0;
2762}
2763
2764/* Turn off all GPIO stuff. Call this on module unload, for example. */
2765static void b43_gpio_cleanup(struct b43_wldev *dev)
2766{
2767 struct ssb_device *gpiodev;
2768
2769 switch (dev->dev->bus_type) {
2770#ifdef CONFIG_B43_BCMA
2771 case B43_BUS_BCMA:
2772 bcma_cc_write32(&dev->dev->bdev->bus->drv_cc, BCMA_CC_GPIOCTL,
2773 0);
2774 break;
2775#endif
2776#ifdef CONFIG_B43_SSB
2777 case B43_BUS_SSB:
2778 gpiodev = b43_ssb_gpio_dev(dev);
2779 if (gpiodev)
2780 ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2781 break;
2782#endif
2783 }
2784}
2785
2786/* http://bcm-specs.sipsolutions.net/EnableMac */
2787void b43_mac_enable(struct b43_wldev *dev)
2788{
2789 if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2790 u16 fwstate;
2791
2792 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2793 B43_SHM_SH_UCODESTAT);
2794 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2795 (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2796 b43err(dev->wl, "b43_mac_enable(): The firmware "
2797 "should be suspended, but current state is %u\n",
2798 fwstate);
2799 }
2800 }
2801
2802 dev->mac_suspended--;
2803 B43_WARN_ON(dev->mac_suspended < 0);
2804 if (dev->mac_suspended == 0) {
2805 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_ENABLED);
2806 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2807 B43_IRQ_MAC_SUSPENDED);
2808 /* Commit writes */
2809 b43_read32(dev, B43_MMIO_MACCTL);
2810 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2811 b43_power_saving_ctl_bits(dev, 0);
2812 }
2813}
2814
2815/* http://bcm-specs.sipsolutions.net/SuspendMAC */
2816void b43_mac_suspend(struct b43_wldev *dev)
2817{
2818 int i;
2819 u32 tmp;
2820
2821 might_sleep();
2822 B43_WARN_ON(dev->mac_suspended < 0);
2823
2824 if (dev->mac_suspended == 0) {
2825 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2826 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_ENABLED, 0);
2827 /* force pci to flush the write */
2828 b43_read32(dev, B43_MMIO_MACCTL);
2829 for (i = 35; i; i--) {
2830 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2831 if (tmp & B43_IRQ_MAC_SUSPENDED)
2832 goto out;
2833 udelay(10);
2834 }
2835 /* Hm, it seems this will take some time. Use msleep(). */
2836 for (i = 40; i; i--) {
2837 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2838 if (tmp & B43_IRQ_MAC_SUSPENDED)
2839 goto out;
2840 msleep(1);
2841 }
2842 b43err(dev->wl, "MAC suspend failed\n");
2843 }
2844out:
2845 dev->mac_suspended++;
2846}
2847
2848/* http://bcm-v4.sipsolutions.net/802.11/PHY/N/MacPhyClkSet */
2849void b43_mac_phy_clock_set(struct b43_wldev *dev, bool on)
2850{
2851 u32 tmp;
2852
2853 switch (dev->dev->bus_type) {
2854#ifdef CONFIG_B43_BCMA
2855 case B43_BUS_BCMA:
2856 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
2857 if (on)
2858 tmp |= B43_BCMA_IOCTL_MACPHYCLKEN;
2859 else
2860 tmp &= ~B43_BCMA_IOCTL_MACPHYCLKEN;
2861 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
2862 break;
2863#endif
2864#ifdef CONFIG_B43_SSB
2865 case B43_BUS_SSB:
2866 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
2867 if (on)
2868 tmp |= B43_TMSLOW_MACPHYCLKEN;
2869 else
2870 tmp &= ~B43_TMSLOW_MACPHYCLKEN;
2871 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
2872 break;
2873#endif
2874 }
2875}
2876
2877static void b43_adjust_opmode(struct b43_wldev *dev)
2878{
2879 struct b43_wl *wl = dev->wl;
2880 u32 ctl;
2881 u16 cfp_pretbtt;
2882
2883 ctl = b43_read32(dev, B43_MMIO_MACCTL);
2884 /* Reset status to STA infrastructure mode. */
2885 ctl &= ~B43_MACCTL_AP;
2886 ctl &= ~B43_MACCTL_KEEP_CTL;
2887 ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2888 ctl &= ~B43_MACCTL_KEEP_BAD;
2889 ctl &= ~B43_MACCTL_PROMISC;
2890 ctl &= ~B43_MACCTL_BEACPROMISC;
2891 ctl |= B43_MACCTL_INFRA;
2892
2893 if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
2894 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
2895 ctl |= B43_MACCTL_AP;
2896 else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
2897 ctl &= ~B43_MACCTL_INFRA;
2898
2899 if (wl->filter_flags & FIF_CONTROL)
2900 ctl |= B43_MACCTL_KEEP_CTL;
2901 if (wl->filter_flags & FIF_FCSFAIL)
2902 ctl |= B43_MACCTL_KEEP_BAD;
2903 if (wl->filter_flags & FIF_PLCPFAIL)
2904 ctl |= B43_MACCTL_KEEP_BADPLCP;
2905 if (wl->filter_flags & FIF_PROMISC_IN_BSS)
2906 ctl |= B43_MACCTL_PROMISC;
2907 if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2908 ctl |= B43_MACCTL_BEACPROMISC;
2909
2910 /* Workaround: On old hardware the HW-MAC-address-filter
2911 * doesn't work properly, so always run promisc in filter
2912 * it in software. */
2913 if (dev->dev->core_rev <= 4)
2914 ctl |= B43_MACCTL_PROMISC;
2915
2916 b43_write32(dev, B43_MMIO_MACCTL, ctl);
2917
2918 cfp_pretbtt = 2;
2919 if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2920 if (dev->dev->chip_id == 0x4306 &&
2921 dev->dev->chip_rev == 3)
2922 cfp_pretbtt = 100;
2923 else
2924 cfp_pretbtt = 50;
2925 }
2926 b43_write16(dev, 0x612, cfp_pretbtt);
2927
2928 /* FIXME: We don't currently implement the PMQ mechanism,
2929 * so always disable it. If we want to implement PMQ,
2930 * we need to enable it here (clear DISCPMQ) in AP mode.
2931 */
2932 if (0 /* ctl & B43_MACCTL_AP */)
2933 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_DISCPMQ, 0);
2934 else
2935 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_DISCPMQ);
2936}
2937
2938static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
2939{
2940 u16 offset;
2941
2942 if (is_ofdm) {
2943 offset = 0x480;
2944 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
2945 } else {
2946 offset = 0x4C0;
2947 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
2948 }
2949 b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
2950 b43_shm_read16(dev, B43_SHM_SHARED, offset));
2951}
2952
2953static void b43_rate_memory_init(struct b43_wldev *dev)
2954{
2955 switch (dev->phy.type) {
2956 case B43_PHYTYPE_A:
2957 case B43_PHYTYPE_G:
2958 case B43_PHYTYPE_N:
2959 case B43_PHYTYPE_LP:
2960 case B43_PHYTYPE_HT:
2961 case B43_PHYTYPE_LCN:
2962 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
2963 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
2964 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
2965 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
2966 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
2967 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
2968 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
2969 if (dev->phy.type == B43_PHYTYPE_A)
2970 break;
2971 /* fallthrough */
2972 case B43_PHYTYPE_B:
2973 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
2974 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
2975 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
2976 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
2977 break;
2978 default:
2979 B43_WARN_ON(1);
2980 }
2981}
2982
2983/* Set the default values for the PHY TX Control Words. */
2984static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
2985{
2986 u16 ctl = 0;
2987
2988 ctl |= B43_TXH_PHY_ENC_CCK;
2989 ctl |= B43_TXH_PHY_ANT01AUTO;
2990 ctl |= B43_TXH_PHY_TXPWR;
2991
2992 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
2993 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
2994 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
2995}
2996
2997/* Set the TX-Antenna for management frames sent by firmware. */
2998static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
2999{
3000 u16 ant;
3001 u16 tmp;
3002
3003 ant = b43_antenna_to_phyctl(antenna);
3004
3005 /* For ACK/CTS */
3006 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
3007 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3008 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
3009 /* For Probe Resposes */
3010 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
3011 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3012 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
3013}
3014
3015/* This is the opposite of b43_chip_init() */
3016static void b43_chip_exit(struct b43_wldev *dev)
3017{
3018 b43_phy_exit(dev);
3019 b43_gpio_cleanup(dev);
3020 /* firmware is released later */
3021}
3022
3023/* Initialize the chip
3024 * http://bcm-specs.sipsolutions.net/ChipInit
3025 */
3026static int b43_chip_init(struct b43_wldev *dev)
3027{
3028 struct b43_phy *phy = &dev->phy;
3029 int err;
3030 u32 macctl;
3031 u16 value16;
3032
3033 /* Initialize the MAC control */
3034 macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
3035 if (dev->phy.gmode)
3036 macctl |= B43_MACCTL_GMODE;
3037 macctl |= B43_MACCTL_INFRA;
3038 b43_write32(dev, B43_MMIO_MACCTL, macctl);
3039
3040 err = b43_upload_microcode(dev);
3041 if (err)
3042 goto out; /* firmware is released later */
3043
3044 err = b43_gpio_init(dev);
3045 if (err)
3046 goto out; /* firmware is released later */
3047
3048 err = b43_upload_initvals(dev);
3049 if (err)
3050 goto err_gpio_clean;
3051
3052 /* Turn the Analog on and initialize the PHY. */
3053 phy->ops->switch_analog(dev, 1);
3054 err = b43_phy_init(dev);
3055 if (err)
3056 goto err_gpio_clean;
3057
3058 /* Disable Interference Mitigation. */
3059 if (phy->ops->interf_mitigation)
3060 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
3061
3062 /* Select the antennae */
3063 if (phy->ops->set_rx_antenna)
3064 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
3065 b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
3066
3067 if (phy->type == B43_PHYTYPE_B) {
3068 value16 = b43_read16(dev, 0x005E);
3069 value16 |= 0x0004;
3070 b43_write16(dev, 0x005E, value16);
3071 }
3072 b43_write32(dev, 0x0100, 0x01000000);
3073 if (dev->dev->core_rev < 5)
3074 b43_write32(dev, 0x010C, 0x01000000);
3075
3076 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_INFRA, 0);
3077 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_INFRA);
3078
3079 /* Probe Response Timeout value */
3080 /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
3081 b43_shm_write16(dev, B43_SHM_SHARED, 0x0074, 0x0000);
3082
3083 /* Initially set the wireless operation mode. */
3084 b43_adjust_opmode(dev);
3085
3086 if (dev->dev->core_rev < 3) {
3087 b43_write16(dev, 0x060E, 0x0000);
3088 b43_write16(dev, 0x0610, 0x8000);
3089 b43_write16(dev, 0x0604, 0x0000);
3090 b43_write16(dev, 0x0606, 0x0200);
3091 } else {
3092 b43_write32(dev, 0x0188, 0x80000000);
3093 b43_write32(dev, 0x018C, 0x02000000);
3094 }
3095 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
3096 b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001DC00);
3097 b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
3098 b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
3099 b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
3100 b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
3101 b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
3102
3103 b43_mac_phy_clock_set(dev, true);
3104
3105 switch (dev->dev->bus_type) {
3106#ifdef CONFIG_B43_BCMA
3107 case B43_BUS_BCMA:
3108 /* FIXME: 0xE74 is quite common, but should be read from CC */
3109 b43_write16(dev, B43_MMIO_POWERUP_DELAY, 0xE74);
3110 break;
3111#endif
3112#ifdef CONFIG_B43_SSB
3113 case B43_BUS_SSB:
3114 b43_write16(dev, B43_MMIO_POWERUP_DELAY,
3115 dev->dev->sdev->bus->chipco.fast_pwrup_delay);
3116 break;
3117#endif
3118 }
3119
3120 err = 0;
3121 b43dbg(dev->wl, "Chip initialized\n");
3122out:
3123 return err;
3124
3125err_gpio_clean:
3126 b43_gpio_cleanup(dev);
3127 return err;
3128}
3129
3130static void b43_periodic_every60sec(struct b43_wldev *dev)
3131{
3132 const struct b43_phy_operations *ops = dev->phy.ops;
3133
3134 if (ops->pwork_60sec)
3135 ops->pwork_60sec(dev);
3136
3137 /* Force check the TX power emission now. */
3138 b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
3139}
3140
3141static void b43_periodic_every30sec(struct b43_wldev *dev)
3142{
3143 /* Update device statistics. */
3144 b43_calculate_link_quality(dev);
3145}
3146
3147static void b43_periodic_every15sec(struct b43_wldev *dev)
3148{
3149 struct b43_phy *phy = &dev->phy;
3150 u16 wdr;
3151
3152 if (dev->fw.opensource) {
3153 /* Check if the firmware is still alive.
3154 * It will reset the watchdog counter to 0 in its idle loop. */
3155 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
3156 if (unlikely(wdr)) {
3157 b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
3158 b43_controller_restart(dev, "Firmware watchdog");
3159 return;
3160 } else {
3161 b43_shm_write16(dev, B43_SHM_SCRATCH,
3162 B43_WATCHDOG_REG, 1);
3163 }
3164 }
3165
3166 if (phy->ops->pwork_15sec)
3167 phy->ops->pwork_15sec(dev);
3168
3169 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3170 wmb();
3171
3172#if B43_DEBUG
3173 if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
3174 unsigned int i;
3175
3176 b43dbg(dev->wl, "Stats: %7u IRQs/sec, %7u TX/sec, %7u RX/sec\n",
3177 dev->irq_count / 15,
3178 dev->tx_count / 15,
3179 dev->rx_count / 15);
3180 dev->irq_count = 0;
3181 dev->tx_count = 0;
3182 dev->rx_count = 0;
3183 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
3184 if (dev->irq_bit_count[i]) {
3185 b43dbg(dev->wl, "Stats: %7u IRQ-%02u/sec (0x%08X)\n",
3186 dev->irq_bit_count[i] / 15, i, (1 << i));
3187 dev->irq_bit_count[i] = 0;
3188 }
3189 }
3190 }
3191#endif
3192}
3193
3194static void do_periodic_work(struct b43_wldev *dev)
3195{
3196 unsigned int state;
3197
3198 state = dev->periodic_state;
3199 if (state % 4 == 0)
3200 b43_periodic_every60sec(dev);
3201 if (state % 2 == 0)
3202 b43_periodic_every30sec(dev);
3203 b43_periodic_every15sec(dev);
3204}
3205
3206/* Periodic work locking policy:
3207 * The whole periodic work handler is protected by
3208 * wl->mutex. If another lock is needed somewhere in the
3209 * pwork callchain, it's acquired in-place, where it's needed.
3210 */
3211static void b43_periodic_work_handler(struct work_struct *work)
3212{
3213 struct b43_wldev *dev = container_of(work, struct b43_wldev,
3214 periodic_work.work);
3215 struct b43_wl *wl = dev->wl;
3216 unsigned long delay;
3217
3218 mutex_lock(&wl->mutex);
3219
3220 if (unlikely(b43_status(dev) != B43_STAT_STARTED))
3221 goto out;
3222 if (b43_debug(dev, B43_DBG_PWORK_STOP))
3223 goto out_requeue;
3224
3225 do_periodic_work(dev);
3226
3227 dev->periodic_state++;
3228out_requeue:
3229 if (b43_debug(dev, B43_DBG_PWORK_FAST))
3230 delay = msecs_to_jiffies(50);
3231 else
3232 delay = round_jiffies_relative(HZ * 15);
3233 ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
3234out:
3235 mutex_unlock(&wl->mutex);
3236}
3237
3238static void b43_periodic_tasks_setup(struct b43_wldev *dev)
3239{
3240 struct delayed_work *work = &dev->periodic_work;
3241
3242 dev->periodic_state = 0;
3243 INIT_DELAYED_WORK(work, b43_periodic_work_handler);
3244 ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
3245}
3246
3247/* Check if communication with the device works correctly. */
3248static int b43_validate_chipaccess(struct b43_wldev *dev)
3249{
3250 u32 v, backup0, backup4;
3251
3252 backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
3253 backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
3254
3255 /* Check for read/write and endianness problems. */
3256 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
3257 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
3258 goto error;
3259 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
3260 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
3261 goto error;
3262
3263 /* Check if unaligned 32bit SHM_SHARED access works properly.
3264 * However, don't bail out on failure, because it's noncritical. */
3265 b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
3266 b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
3267 b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
3268 b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
3269 if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
3270 b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
3271 b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
3272 if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
3273 b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
3274 b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
3275 b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
3276 b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
3277
3278 b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
3279 b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
3280
3281 if ((dev->dev->core_rev >= 3) && (dev->dev->core_rev <= 10)) {
3282 /* The 32bit register shadows the two 16bit registers
3283 * with update sideeffects. Validate this. */
3284 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
3285 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
3286 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
3287 goto error;
3288 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
3289 goto error;
3290 }
3291 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
3292
3293 v = b43_read32(dev, B43_MMIO_MACCTL);
3294 v |= B43_MACCTL_GMODE;
3295 if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
3296 goto error;
3297
3298 return 0;
3299error:
3300 b43err(dev->wl, "Failed to validate the chipaccess\n");
3301 return -ENODEV;
3302}
3303
3304static void b43_security_init(struct b43_wldev *dev)
3305{
3306 dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
3307 /* KTP is a word address, but we address SHM bytewise.
3308 * So multiply by two.
3309 */
3310 dev->ktp *= 2;
3311 /* Number of RCMTA address slots */
3312 b43_write16(dev, B43_MMIO_RCMTA_COUNT, B43_NR_PAIRWISE_KEYS);
3313 /* Clear the key memory. */
3314 b43_clear_keys(dev);
3315}
3316
3317#ifdef CONFIG_B43_HWRNG
3318static int b43_rng_read(struct hwrng *rng, u32 *data)
3319{
3320 struct b43_wl *wl = (struct b43_wl *)rng->priv;
3321 struct b43_wldev *dev;
3322 int count = -ENODEV;
3323
3324 mutex_lock(&wl->mutex);
3325 dev = wl->current_dev;
3326 if (likely(dev && b43_status(dev) >= B43_STAT_INITIALIZED)) {
3327 *data = b43_read16(dev, B43_MMIO_RNG);
3328 count = sizeof(u16);
3329 }
3330 mutex_unlock(&wl->mutex);
3331
3332 return count;
3333}
3334#endif /* CONFIG_B43_HWRNG */
3335
3336static void b43_rng_exit(struct b43_wl *wl)
3337{
3338#ifdef CONFIG_B43_HWRNG
3339 if (wl->rng_initialized)
3340 hwrng_unregister(&wl->rng);
3341#endif /* CONFIG_B43_HWRNG */
3342}
3343
3344static int b43_rng_init(struct b43_wl *wl)
3345{
3346 int err = 0;
3347
3348#ifdef CONFIG_B43_HWRNG
3349 snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3350 "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3351 wl->rng.name = wl->rng_name;
3352 wl->rng.data_read = b43_rng_read;
3353 wl->rng.priv = (unsigned long)wl;
3354 wl->rng_initialized = true;
3355 err = hwrng_register(&wl->rng);
3356 if (err) {
3357 wl->rng_initialized = false;
3358 b43err(wl, "Failed to register the random "
3359 "number generator (%d)\n", err);
3360 }
3361#endif /* CONFIG_B43_HWRNG */
3362
3363 return err;
3364}
3365
3366static void b43_tx_work(struct work_struct *work)
3367{
3368 struct b43_wl *wl = container_of(work, struct b43_wl, tx_work);
3369 struct b43_wldev *dev;
3370 struct sk_buff *skb;
3371 int queue_num;
3372 int err = 0;
3373
3374 mutex_lock(&wl->mutex);
3375 dev = wl->current_dev;
3376 if (unlikely(!dev || b43_status(dev) < B43_STAT_STARTED)) {
3377 mutex_unlock(&wl->mutex);
3378 return;
3379 }
3380
3381 for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
3382 while (skb_queue_len(&wl->tx_queue[queue_num])) {
3383 skb = skb_dequeue(&wl->tx_queue[queue_num]);
3384 if (b43_using_pio_transfers(dev))
3385 err = b43_pio_tx(dev, skb);
3386 else
3387 err = b43_dma_tx(dev, skb);
3388 if (err == -ENOSPC) {
3389 wl->tx_queue_stopped[queue_num] = 1;
3390 ieee80211_stop_queue(wl->hw, queue_num);
3391 skb_queue_head(&wl->tx_queue[queue_num], skb);
3392 break;
3393 }
3394 if (unlikely(err))
3395 dev_kfree_skb(skb); /* Drop it */
3396 err = 0;
3397 }
3398
3399 if (!err)
3400 wl->tx_queue_stopped[queue_num] = 0;
3401 }
3402
3403#if B43_DEBUG
3404 dev->tx_count++;
3405#endif
3406 mutex_unlock(&wl->mutex);
3407}
3408
3409static void b43_op_tx(struct ieee80211_hw *hw,
3410 struct sk_buff *skb)
3411{
3412 struct b43_wl *wl = hw_to_b43_wl(hw);
3413
3414 if (unlikely(skb->len < 2 + 2 + 6)) {
3415 /* Too short, this can't be a valid frame. */
3416 dev_kfree_skb_any(skb);
3417 return;
3418 }
3419 B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3420
3421 skb_queue_tail(&wl->tx_queue[skb->queue_mapping], skb);
3422 if (!wl->tx_queue_stopped[skb->queue_mapping]) {
3423 ieee80211_queue_work(wl->hw, &wl->tx_work);
3424 } else {
3425 ieee80211_stop_queue(wl->hw, skb->queue_mapping);
3426 }
3427}
3428
3429static void b43_qos_params_upload(struct b43_wldev *dev,
3430 const struct ieee80211_tx_queue_params *p,
3431 u16 shm_offset)
3432{
3433 u16 params[B43_NR_QOSPARAMS];
3434 int bslots, tmp;
3435 unsigned int i;
3436
3437 if (!dev->qos_enabled)
3438 return;
3439
3440 bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3441
3442 memset(¶ms, 0, sizeof(params));
3443
3444 params[B43_QOSPARAM_TXOP] = p->txop * 32;
3445 params[B43_QOSPARAM_CWMIN] = p->cw_min;
3446 params[B43_QOSPARAM_CWMAX] = p->cw_max;
3447 params[B43_QOSPARAM_CWCUR] = p->cw_min;
3448 params[B43_QOSPARAM_AIFS] = p->aifs;
3449 params[B43_QOSPARAM_BSLOTS] = bslots;
3450 params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3451
3452 for (i = 0; i < ARRAY_SIZE(params); i++) {
3453 if (i == B43_QOSPARAM_STATUS) {
3454 tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3455 shm_offset + (i * 2));
3456 /* Mark the parameters as updated. */
3457 tmp |= 0x100;
3458 b43_shm_write16(dev, B43_SHM_SHARED,
3459 shm_offset + (i * 2),
3460 tmp);
3461 } else {
3462 b43_shm_write16(dev, B43_SHM_SHARED,
3463 shm_offset + (i * 2),
3464 params[i]);
3465 }
3466 }
3467}
3468
3469/* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3470static const u16 b43_qos_shm_offsets[] = {
3471 /* [mac80211-queue-nr] = SHM_OFFSET, */
3472 [0] = B43_QOS_VOICE,
3473 [1] = B43_QOS_VIDEO,
3474 [2] = B43_QOS_BESTEFFORT,
3475 [3] = B43_QOS_BACKGROUND,
3476};
3477
3478/* Update all QOS parameters in hardware. */
3479static void b43_qos_upload_all(struct b43_wldev *dev)
3480{
3481 struct b43_wl *wl = dev->wl;
3482 struct b43_qos_params *params;
3483 unsigned int i;
3484
3485 if (!dev->qos_enabled)
3486 return;
3487
3488 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3489 ARRAY_SIZE(wl->qos_params));
3490
3491 b43_mac_suspend(dev);
3492 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3493 params = &(wl->qos_params[i]);
3494 b43_qos_params_upload(dev, &(params->p),
3495 b43_qos_shm_offsets[i]);
3496 }
3497 b43_mac_enable(dev);
3498}
3499
3500static void b43_qos_clear(struct b43_wl *wl)
3501{
3502 struct b43_qos_params *params;
3503 unsigned int i;
3504
3505 /* Initialize QoS parameters to sane defaults. */
3506
3507 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3508 ARRAY_SIZE(wl->qos_params));
3509
3510 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3511 params = &(wl->qos_params[i]);
3512
3513 switch (b43_qos_shm_offsets[i]) {
3514 case B43_QOS_VOICE:
3515 params->p.txop = 0;
3516 params->p.aifs = 2;
3517 params->p.cw_min = 0x0001;
3518 params->p.cw_max = 0x0001;
3519 break;
3520 case B43_QOS_VIDEO:
3521 params->p.txop = 0;
3522 params->p.aifs = 2;
3523 params->p.cw_min = 0x0001;
3524 params->p.cw_max = 0x0001;
3525 break;
3526 case B43_QOS_BESTEFFORT:
3527 params->p.txop = 0;
3528 params->p.aifs = 3;
3529 params->p.cw_min = 0x0001;
3530 params->p.cw_max = 0x03FF;
3531 break;
3532 case B43_QOS_BACKGROUND:
3533 params->p.txop = 0;
3534 params->p.aifs = 7;
3535 params->p.cw_min = 0x0001;
3536 params->p.cw_max = 0x03FF;
3537 break;
3538 default:
3539 B43_WARN_ON(1);
3540 }
3541 }
3542}
3543
3544/* Initialize the core's QOS capabilities */
3545static void b43_qos_init(struct b43_wldev *dev)
3546{
3547 if (!dev->qos_enabled) {
3548 /* Disable QOS support. */
3549 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_EDCF);
3550 b43_write16(dev, B43_MMIO_IFSCTL,
3551 b43_read16(dev, B43_MMIO_IFSCTL)
3552 & ~B43_MMIO_IFSCTL_USE_EDCF);
3553 b43dbg(dev->wl, "QoS disabled\n");
3554 return;
3555 }
3556
3557 /* Upload the current QOS parameters. */
3558 b43_qos_upload_all(dev);
3559
3560 /* Enable QOS support. */
3561 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3562 b43_write16(dev, B43_MMIO_IFSCTL,
3563 b43_read16(dev, B43_MMIO_IFSCTL)
3564 | B43_MMIO_IFSCTL_USE_EDCF);
3565 b43dbg(dev->wl, "QoS enabled\n");
3566}
3567
3568static int b43_op_conf_tx(struct ieee80211_hw *hw,
3569 struct ieee80211_vif *vif, u16 _queue,
3570 const struct ieee80211_tx_queue_params *params)
3571{
3572 struct b43_wl *wl = hw_to_b43_wl(hw);
3573 struct b43_wldev *dev;
3574 unsigned int queue = (unsigned int)_queue;
3575 int err = -ENODEV;
3576
3577 if (queue >= ARRAY_SIZE(wl->qos_params)) {
3578 /* Queue not available or don't support setting
3579 * params on this queue. Return success to not
3580 * confuse mac80211. */
3581 return 0;
3582 }
3583 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3584 ARRAY_SIZE(wl->qos_params));
3585
3586 mutex_lock(&wl->mutex);
3587 dev = wl->current_dev;
3588 if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3589 goto out_unlock;
3590
3591 memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3592 b43_mac_suspend(dev);
3593 b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3594 b43_qos_shm_offsets[queue]);
3595 b43_mac_enable(dev);
3596 err = 0;
3597
3598out_unlock:
3599 mutex_unlock(&wl->mutex);
3600
3601 return err;
3602}
3603
3604static int b43_op_get_stats(struct ieee80211_hw *hw,
3605 struct ieee80211_low_level_stats *stats)
3606{
3607 struct b43_wl *wl = hw_to_b43_wl(hw);
3608
3609 mutex_lock(&wl->mutex);
3610 memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3611 mutex_unlock(&wl->mutex);
3612
3613 return 0;
3614}
3615
3616static u64 b43_op_get_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
3617{
3618 struct b43_wl *wl = hw_to_b43_wl(hw);
3619 struct b43_wldev *dev;
3620 u64 tsf;
3621
3622 mutex_lock(&wl->mutex);
3623 dev = wl->current_dev;
3624
3625 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3626 b43_tsf_read(dev, &tsf);
3627 else
3628 tsf = 0;
3629
3630 mutex_unlock(&wl->mutex);
3631
3632 return tsf;
3633}
3634
3635static void b43_op_set_tsf(struct ieee80211_hw *hw,
3636 struct ieee80211_vif *vif, u64 tsf)
3637{
3638 struct b43_wl *wl = hw_to_b43_wl(hw);
3639 struct b43_wldev *dev;
3640
3641 mutex_lock(&wl->mutex);
3642 dev = wl->current_dev;
3643
3644 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3645 b43_tsf_write(dev, tsf);
3646
3647 mutex_unlock(&wl->mutex);
3648}
3649
3650static void b43_put_phy_into_reset(struct b43_wldev *dev)
3651{
3652 u32 tmp;
3653
3654 switch (dev->dev->bus_type) {
3655#ifdef CONFIG_B43_BCMA
3656 case B43_BUS_BCMA:
3657 b43err(dev->wl,
3658 "Putting PHY into reset not supported on BCMA\n");
3659 break;
3660#endif
3661#ifdef CONFIG_B43_SSB
3662 case B43_BUS_SSB:
3663 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3664 tmp &= ~B43_TMSLOW_GMODE;
3665 tmp |= B43_TMSLOW_PHYRESET;
3666 tmp |= SSB_TMSLOW_FGC;
3667 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3668 msleep(1);
3669
3670 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3671 tmp &= ~SSB_TMSLOW_FGC;
3672 tmp |= B43_TMSLOW_PHYRESET;
3673 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3674 msleep(1);
3675
3676 break;
3677#endif
3678 }
3679}
3680
3681static const char *band_to_string(enum ieee80211_band band)
3682{
3683 switch (band) {
3684 case IEEE80211_BAND_5GHZ:
3685 return "5";
3686 case IEEE80211_BAND_2GHZ:
3687 return "2.4";
3688 default:
3689 break;
3690 }
3691 B43_WARN_ON(1);
3692 return "";
3693}
3694
3695/* Expects wl->mutex locked */
3696static int b43_switch_band(struct b43_wl *wl, struct ieee80211_channel *chan)
3697{
3698 struct b43_wldev *up_dev = NULL;
3699 struct b43_wldev *down_dev;
3700 struct b43_wldev *d;
3701 int err;
3702 bool uninitialized_var(gmode);
3703 int prev_status;
3704
3705 /* Find a device and PHY which supports the band. */
3706 list_for_each_entry(d, &wl->devlist, list) {
3707 switch (chan->band) {
3708 case IEEE80211_BAND_5GHZ:
3709 if (d->phy.supports_5ghz) {
3710 up_dev = d;
3711 gmode = false;
3712 }
3713 break;
3714 case IEEE80211_BAND_2GHZ:
3715 if (d->phy.supports_2ghz) {
3716 up_dev = d;
3717 gmode = true;
3718 }
3719 break;
3720 default:
3721 B43_WARN_ON(1);
3722 return -EINVAL;
3723 }
3724 if (up_dev)
3725 break;
3726 }
3727 if (!up_dev) {
3728 b43err(wl, "Could not find a device for %s-GHz band operation\n",
3729 band_to_string(chan->band));
3730 return -ENODEV;
3731 }
3732 if ((up_dev == wl->current_dev) &&
3733 (!!wl->current_dev->phy.gmode == !!gmode)) {
3734 /* This device is already running. */
3735 return 0;
3736 }
3737 b43dbg(wl, "Switching to %s-GHz band\n",
3738 band_to_string(chan->band));
3739 down_dev = wl->current_dev;
3740
3741 prev_status = b43_status(down_dev);
3742 /* Shutdown the currently running core. */
3743 if (prev_status >= B43_STAT_STARTED)
3744 down_dev = b43_wireless_core_stop(down_dev);
3745 if (prev_status >= B43_STAT_INITIALIZED)
3746 b43_wireless_core_exit(down_dev);
3747
3748 if (down_dev != up_dev) {
3749 /* We switch to a different core, so we put PHY into
3750 * RESET on the old core. */
3751 b43_put_phy_into_reset(down_dev);
3752 }
3753
3754 /* Now start the new core. */
3755 up_dev->phy.gmode = gmode;
3756 if (prev_status >= B43_STAT_INITIALIZED) {
3757 err = b43_wireless_core_init(up_dev);
3758 if (err) {
3759 b43err(wl, "Fatal: Could not initialize device for "
3760 "selected %s-GHz band\n",
3761 band_to_string(chan->band));
3762 goto init_failure;
3763 }
3764 }
3765 if (prev_status >= B43_STAT_STARTED) {
3766 err = b43_wireless_core_start(up_dev);
3767 if (err) {
3768 b43err(wl, "Fatal: Could not start device for "
3769 "selected %s-GHz band\n",
3770 band_to_string(chan->band));
3771 b43_wireless_core_exit(up_dev);
3772 goto init_failure;
3773 }
3774 }
3775 B43_WARN_ON(b43_status(up_dev) != prev_status);
3776
3777 wl->current_dev = up_dev;
3778
3779 return 0;
3780init_failure:
3781 /* Whoops, failed to init the new core. No core is operating now. */
3782 wl->current_dev = NULL;
3783 return err;
3784}
3785
3786/* Write the short and long frame retry limit values. */
3787static void b43_set_retry_limits(struct b43_wldev *dev,
3788 unsigned int short_retry,
3789 unsigned int long_retry)
3790{
3791 /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3792 * the chip-internal counter. */
3793 short_retry = min(short_retry, (unsigned int)0xF);
3794 long_retry = min(long_retry, (unsigned int)0xF);
3795
3796 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3797 short_retry);
3798 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3799 long_retry);
3800}
3801
3802static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3803{
3804 struct b43_wl *wl = hw_to_b43_wl(hw);
3805 struct b43_wldev *dev;
3806 struct b43_phy *phy;
3807 struct ieee80211_conf *conf = &hw->conf;
3808 int antenna;
3809 int err = 0;
3810 bool reload_bss = false;
3811
3812 mutex_lock(&wl->mutex);
3813
3814 dev = wl->current_dev;
3815
3816 /* Switch the band (if necessary). This might change the active core. */
3817 err = b43_switch_band(wl, conf->channel);
3818 if (err)
3819 goto out_unlock_mutex;
3820
3821 /* Need to reload all settings if the core changed */
3822 if (dev != wl->current_dev) {
3823 dev = wl->current_dev;
3824 changed = ~0;
3825 reload_bss = true;
3826 }
3827
3828 phy = &dev->phy;
3829
3830 if (conf_is_ht(conf))
3831 phy->is_40mhz =
3832 (conf_is_ht40_minus(conf) || conf_is_ht40_plus(conf));
3833 else
3834 phy->is_40mhz = false;
3835
3836 b43_mac_suspend(dev);
3837
3838 if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
3839 b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
3840 conf->long_frame_max_tx_count);
3841 changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
3842 if (!changed)
3843 goto out_mac_enable;
3844
3845 /* Switch to the requested channel.
3846 * The firmware takes care of races with the TX handler. */
3847 if (conf->channel->hw_value != phy->channel)
3848 b43_switch_channel(dev, conf->channel->hw_value);
3849
3850 dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_MONITOR);
3851
3852 /* Adjust the desired TX power level. */
3853 if (conf->power_level != 0) {
3854 if (conf->power_level != phy->desired_txpower) {
3855 phy->desired_txpower = conf->power_level;
3856 b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
3857 B43_TXPWR_IGNORE_TSSI);
3858 }
3859 }
3860
3861 /* Antennas for RX and management frame TX. */
3862 antenna = B43_ANTENNA_DEFAULT;
3863 b43_mgmtframe_txantenna(dev, antenna);
3864 antenna = B43_ANTENNA_DEFAULT;
3865 if (phy->ops->set_rx_antenna)
3866 phy->ops->set_rx_antenna(dev, antenna);
3867
3868 if (wl->radio_enabled != phy->radio_on) {
3869 if (wl->radio_enabled) {
3870 b43_software_rfkill(dev, false);
3871 b43info(dev->wl, "Radio turned on by software\n");
3872 if (!dev->radio_hw_enable) {
3873 b43info(dev->wl, "The hardware RF-kill button "
3874 "still turns the radio physically off. "
3875 "Press the button to turn it on.\n");
3876 }
3877 } else {
3878 b43_software_rfkill(dev, true);
3879 b43info(dev->wl, "Radio turned off by software\n");
3880 }
3881 }
3882
3883out_mac_enable:
3884 b43_mac_enable(dev);
3885out_unlock_mutex:
3886 mutex_unlock(&wl->mutex);
3887
3888 if (wl->vif && reload_bss)
3889 b43_op_bss_info_changed(hw, wl->vif, &wl->vif->bss_conf, ~0);
3890
3891 return err;
3892}
3893
3894static void b43_update_basic_rates(struct b43_wldev *dev, u32 brates)
3895{
3896 struct ieee80211_supported_band *sband =
3897 dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
3898 struct ieee80211_rate *rate;
3899 int i;
3900 u16 basic, direct, offset, basic_offset, rateptr;
3901
3902 for (i = 0; i < sband->n_bitrates; i++) {
3903 rate = &sband->bitrates[i];
3904
3905 if (b43_is_cck_rate(rate->hw_value)) {
3906 direct = B43_SHM_SH_CCKDIRECT;
3907 basic = B43_SHM_SH_CCKBASIC;
3908 offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3909 offset &= 0xF;
3910 } else {
3911 direct = B43_SHM_SH_OFDMDIRECT;
3912 basic = B43_SHM_SH_OFDMBASIC;
3913 offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3914 offset &= 0xF;
3915 }
3916
3917 rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
3918
3919 if (b43_is_cck_rate(rate->hw_value)) {
3920 basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3921 basic_offset &= 0xF;
3922 } else {
3923 basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3924 basic_offset &= 0xF;
3925 }
3926
3927 /*
3928 * Get the pointer that we need to point to
3929 * from the direct map
3930 */
3931 rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
3932 direct + 2 * basic_offset);
3933 /* and write it to the basic map */
3934 b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
3935 rateptr);
3936 }
3937}
3938
3939static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
3940 struct ieee80211_vif *vif,
3941 struct ieee80211_bss_conf *conf,
3942 u32 changed)
3943{
3944 struct b43_wl *wl = hw_to_b43_wl(hw);
3945 struct b43_wldev *dev;
3946
3947 mutex_lock(&wl->mutex);
3948
3949 dev = wl->current_dev;
3950 if (!dev || b43_status(dev) < B43_STAT_STARTED)
3951 goto out_unlock_mutex;
3952
3953 B43_WARN_ON(wl->vif != vif);
3954
3955 if (changed & BSS_CHANGED_BSSID) {
3956 if (conf->bssid)
3957 memcpy(wl->bssid, conf->bssid, ETH_ALEN);
3958 else
3959 memset(wl->bssid, 0, ETH_ALEN);
3960 }
3961
3962 if (b43_status(dev) >= B43_STAT_INITIALIZED) {
3963 if (changed & BSS_CHANGED_BEACON &&
3964 (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3965 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
3966 b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
3967 b43_update_templates(wl);
3968
3969 if (changed & BSS_CHANGED_BSSID)
3970 b43_write_mac_bssid_templates(dev);
3971 }
3972
3973 b43_mac_suspend(dev);
3974
3975 /* Update templates for AP/mesh mode. */
3976 if (changed & BSS_CHANGED_BEACON_INT &&
3977 (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3978 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
3979 b43_is_mode(wl, NL80211_IFTYPE_ADHOC)) &&
3980 conf->beacon_int)
3981 b43_set_beacon_int(dev, conf->beacon_int);
3982
3983 if (changed & BSS_CHANGED_BASIC_RATES)
3984 b43_update_basic_rates(dev, conf->basic_rates);
3985
3986 if (changed & BSS_CHANGED_ERP_SLOT) {
3987 if (conf->use_short_slot)
3988 b43_short_slot_timing_enable(dev);
3989 else
3990 b43_short_slot_timing_disable(dev);
3991 }
3992
3993 b43_mac_enable(dev);
3994out_unlock_mutex:
3995 mutex_unlock(&wl->mutex);
3996}
3997
3998static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
3999 struct ieee80211_vif *vif, struct ieee80211_sta *sta,
4000 struct ieee80211_key_conf *key)
4001{
4002 struct b43_wl *wl = hw_to_b43_wl(hw);
4003 struct b43_wldev *dev;
4004 u8 algorithm;
4005 u8 index;
4006 int err;
4007 static const u8 bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
4008
4009 if (modparam_nohwcrypt)
4010 return -ENOSPC; /* User disabled HW-crypto */
4011
4012 if ((vif->type == NL80211_IFTYPE_ADHOC ||
4013 vif->type == NL80211_IFTYPE_MESH_POINT) &&
4014 (key->cipher == WLAN_CIPHER_SUITE_TKIP ||
4015 key->cipher == WLAN_CIPHER_SUITE_CCMP) &&
4016 !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
4017 /*
4018 * For now, disable hw crypto for the RSN IBSS group keys. This
4019 * could be optimized in the future, but until that gets
4020 * implemented, use of software crypto for group addressed
4021 * frames is a acceptable to allow RSN IBSS to be used.
4022 */
4023 return -EOPNOTSUPP;
4024 }
4025
4026 mutex_lock(&wl->mutex);
4027
4028 dev = wl->current_dev;
4029 err = -ENODEV;
4030 if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
4031 goto out_unlock;
4032
4033 if (dev->fw.pcm_request_failed || !dev->hwcrypto_enabled) {
4034 /* We don't have firmware for the crypto engine.
4035 * Must use software-crypto. */
4036 err = -EOPNOTSUPP;
4037 goto out_unlock;
4038 }
4039
4040 err = -EINVAL;
4041 switch (key->cipher) {
4042 case WLAN_CIPHER_SUITE_WEP40:
4043 algorithm = B43_SEC_ALGO_WEP40;
4044 break;
4045 case WLAN_CIPHER_SUITE_WEP104:
4046 algorithm = B43_SEC_ALGO_WEP104;
4047 break;
4048 case WLAN_CIPHER_SUITE_TKIP:
4049 algorithm = B43_SEC_ALGO_TKIP;
4050 break;
4051 case WLAN_CIPHER_SUITE_CCMP:
4052 algorithm = B43_SEC_ALGO_AES;
4053 break;
4054 default:
4055 B43_WARN_ON(1);
4056 goto out_unlock;
4057 }
4058 index = (u8) (key->keyidx);
4059 if (index > 3)
4060 goto out_unlock;
4061
4062 switch (cmd) {
4063 case SET_KEY:
4064 if (algorithm == B43_SEC_ALGO_TKIP &&
4065 (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE) ||
4066 !modparam_hwtkip)) {
4067 /* We support only pairwise key */
4068 err = -EOPNOTSUPP;
4069 goto out_unlock;
4070 }
4071
4072 if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
4073 if (WARN_ON(!sta)) {
4074 err = -EOPNOTSUPP;
4075 goto out_unlock;
4076 }
4077 /* Pairwise key with an assigned MAC address. */
4078 err = b43_key_write(dev, -1, algorithm,
4079 key->key, key->keylen,
4080 sta->addr, key);
4081 } else {
4082 /* Group key */
4083 err = b43_key_write(dev, index, algorithm,
4084 key->key, key->keylen, NULL, key);
4085 }
4086 if (err)
4087 goto out_unlock;
4088
4089 if (algorithm == B43_SEC_ALGO_WEP40 ||
4090 algorithm == B43_SEC_ALGO_WEP104) {
4091 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
4092 } else {
4093 b43_hf_write(dev,
4094 b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
4095 }
4096 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
4097 if (algorithm == B43_SEC_ALGO_TKIP)
4098 key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
4099 break;
4100 case DISABLE_KEY: {
4101 err = b43_key_clear(dev, key->hw_key_idx);
4102 if (err)
4103 goto out_unlock;
4104 break;
4105 }
4106 default:
4107 B43_WARN_ON(1);
4108 }
4109
4110out_unlock:
4111 if (!err) {
4112 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
4113 "mac: %pM\n",
4114 cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
4115 sta ? sta->addr : bcast_addr);
4116 b43_dump_keymemory(dev);
4117 }
4118 mutex_unlock(&wl->mutex);
4119
4120 return err;
4121}
4122
4123static void b43_op_configure_filter(struct ieee80211_hw *hw,
4124 unsigned int changed, unsigned int *fflags,
4125 u64 multicast)
4126{
4127 struct b43_wl *wl = hw_to_b43_wl(hw);
4128 struct b43_wldev *dev;
4129
4130 mutex_lock(&wl->mutex);
4131 dev = wl->current_dev;
4132 if (!dev) {
4133 *fflags = 0;
4134 goto out_unlock;
4135 }
4136
4137 *fflags &= FIF_PROMISC_IN_BSS |
4138 FIF_ALLMULTI |
4139 FIF_FCSFAIL |
4140 FIF_PLCPFAIL |
4141 FIF_CONTROL |
4142 FIF_OTHER_BSS |
4143 FIF_BCN_PRBRESP_PROMISC;
4144
4145 changed &= FIF_PROMISC_IN_BSS |
4146 FIF_ALLMULTI |
4147 FIF_FCSFAIL |
4148 FIF_PLCPFAIL |
4149 FIF_CONTROL |
4150 FIF_OTHER_BSS |
4151 FIF_BCN_PRBRESP_PROMISC;
4152
4153 wl->filter_flags = *fflags;
4154
4155 if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
4156 b43_adjust_opmode(dev);
4157
4158out_unlock:
4159 mutex_unlock(&wl->mutex);
4160}
4161
4162/* Locking: wl->mutex
4163 * Returns the current dev. This might be different from the passed in dev,
4164 * because the core might be gone away while we unlocked the mutex. */
4165static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev)
4166{
4167 struct b43_wl *wl;
4168 struct b43_wldev *orig_dev;
4169 u32 mask;
4170 int queue_num;
4171
4172 if (!dev)
4173 return NULL;
4174 wl = dev->wl;
4175redo:
4176 if (!dev || b43_status(dev) < B43_STAT_STARTED)
4177 return dev;
4178
4179 /* Cancel work. Unlock to avoid deadlocks. */
4180 mutex_unlock(&wl->mutex);
4181 cancel_delayed_work_sync(&dev->periodic_work);
4182 cancel_work_sync(&wl->tx_work);
4183 cancel_work_sync(&wl->firmware_load);
4184 mutex_lock(&wl->mutex);
4185 dev = wl->current_dev;
4186 if (!dev || b43_status(dev) < B43_STAT_STARTED) {
4187 /* Whoops, aliens ate up the device while we were unlocked. */
4188 return dev;
4189 }
4190
4191 /* Disable interrupts on the device. */
4192 b43_set_status(dev, B43_STAT_INITIALIZED);
4193 if (b43_bus_host_is_sdio(dev->dev)) {
4194 /* wl->mutex is locked. That is enough. */
4195 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4196 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4197 } else {
4198 spin_lock_irq(&wl->hardirq_lock);
4199 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4200 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4201 spin_unlock_irq(&wl->hardirq_lock);
4202 }
4203 /* Synchronize and free the interrupt handlers. Unlock to avoid deadlocks. */
4204 orig_dev = dev;
4205 mutex_unlock(&wl->mutex);
4206 if (b43_bus_host_is_sdio(dev->dev)) {
4207 b43_sdio_free_irq(dev);
4208 } else {
4209 synchronize_irq(dev->dev->irq);
4210 free_irq(dev->dev->irq, dev);
4211 }
4212 mutex_lock(&wl->mutex);
4213 dev = wl->current_dev;
4214 if (!dev)
4215 return dev;
4216 if (dev != orig_dev) {
4217 if (b43_status(dev) >= B43_STAT_STARTED)
4218 goto redo;
4219 return dev;
4220 }
4221 mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
4222 B43_WARN_ON(mask != 0xFFFFFFFF && mask);
4223
4224 /* Drain all TX queues. */
4225 for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
4226 while (skb_queue_len(&wl->tx_queue[queue_num]))
4227 dev_kfree_skb(skb_dequeue(&wl->tx_queue[queue_num]));
4228 }
4229
4230 b43_mac_suspend(dev);
4231 b43_leds_exit(dev);
4232 b43dbg(wl, "Wireless interface stopped\n");
4233
4234 return dev;
4235}
4236
4237/* Locking: wl->mutex */
4238static int b43_wireless_core_start(struct b43_wldev *dev)
4239{
4240 int err;
4241
4242 B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
4243
4244 drain_txstatus_queue(dev);
4245 if (b43_bus_host_is_sdio(dev->dev)) {
4246 err = b43_sdio_request_irq(dev, b43_sdio_interrupt_handler);
4247 if (err) {
4248 b43err(dev->wl, "Cannot request SDIO IRQ\n");
4249 goto out;
4250 }
4251 } else {
4252 err = request_threaded_irq(dev->dev->irq, b43_interrupt_handler,
4253 b43_interrupt_thread_handler,
4254 IRQF_SHARED, KBUILD_MODNAME, dev);
4255 if (err) {
4256 b43err(dev->wl, "Cannot request IRQ-%d\n",
4257 dev->dev->irq);
4258 goto out;
4259 }
4260 }
4261
4262 /* We are ready to run. */
4263 ieee80211_wake_queues(dev->wl->hw);
4264 b43_set_status(dev, B43_STAT_STARTED);
4265
4266 /* Start data flow (TX/RX). */
4267 b43_mac_enable(dev);
4268 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
4269
4270 /* Start maintenance work */
4271 b43_periodic_tasks_setup(dev);
4272
4273 b43_leds_init(dev);
4274
4275 b43dbg(dev->wl, "Wireless interface started\n");
4276out:
4277 return err;
4278}
4279
4280/* Get PHY and RADIO versioning numbers */
4281static int b43_phy_versioning(struct b43_wldev *dev)
4282{
4283 struct b43_phy *phy = &dev->phy;
4284 u32 tmp;
4285 u8 analog_type;
4286 u8 phy_type;
4287 u8 phy_rev;
4288 u16 radio_manuf;
4289 u16 radio_ver;
4290 u16 radio_rev;
4291 int unsupported = 0;
4292
4293 /* Get PHY versioning */
4294 tmp = b43_read16(dev, B43_MMIO_PHY_VER);
4295 analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
4296 phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
4297 phy_rev = (tmp & B43_PHYVER_VERSION);
4298 switch (phy_type) {
4299 case B43_PHYTYPE_A:
4300 if (phy_rev >= 4)
4301 unsupported = 1;
4302 break;
4303 case B43_PHYTYPE_B:
4304 if (phy_rev != 2 && phy_rev != 4 && phy_rev != 6
4305 && phy_rev != 7)
4306 unsupported = 1;
4307 break;
4308 case B43_PHYTYPE_G:
4309 if (phy_rev > 9)
4310 unsupported = 1;
4311 break;
4312#ifdef CONFIG_B43_PHY_N
4313 case B43_PHYTYPE_N:
4314 if (phy_rev > 9)
4315 unsupported = 1;
4316 break;
4317#endif
4318#ifdef CONFIG_B43_PHY_LP
4319 case B43_PHYTYPE_LP:
4320 if (phy_rev > 2)
4321 unsupported = 1;
4322 break;
4323#endif
4324#ifdef CONFIG_B43_PHY_HT
4325 case B43_PHYTYPE_HT:
4326 if (phy_rev > 1)
4327 unsupported = 1;
4328 break;
4329#endif
4330#ifdef CONFIG_B43_PHY_LCN
4331 case B43_PHYTYPE_LCN:
4332 if (phy_rev > 1)
4333 unsupported = 1;
4334 break;
4335#endif
4336 default:
4337 unsupported = 1;
4338 }
4339 if (unsupported) {
4340 b43err(dev->wl, "FOUND UNSUPPORTED PHY "
4341 "(Analog %u, Type %u, Revision %u)\n",
4342 analog_type, phy_type, phy_rev);
4343 return -EOPNOTSUPP;
4344 }
4345 b43dbg(dev->wl, "Found PHY: Analog %u, Type %u, Revision %u\n",
4346 analog_type, phy_type, phy_rev);
4347
4348 /* Get RADIO versioning */
4349 if (dev->dev->core_rev >= 24) {
4350 u16 radio24[3];
4351
4352 for (tmp = 0; tmp < 3; tmp++) {
4353 b43_write16(dev, B43_MMIO_RADIO24_CONTROL, tmp);
4354 radio24[tmp] = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4355 }
4356
4357 /* Broadcom uses "id" for our "ver" and has separated "ver" */
4358 /* radio_ver = (radio24[0] & 0xF0) >> 4; */
4359
4360 radio_manuf = 0x17F;
4361 radio_ver = (radio24[2] << 8) | radio24[1];
4362 radio_rev = (radio24[0] & 0xF);
4363 } else {
4364 if (dev->dev->chip_id == 0x4317) {
4365 if (dev->dev->chip_rev == 0)
4366 tmp = 0x3205017F;
4367 else if (dev->dev->chip_rev == 1)
4368 tmp = 0x4205017F;
4369 else
4370 tmp = 0x5205017F;
4371 } else {
4372 b43_write16(dev, B43_MMIO_RADIO_CONTROL,
4373 B43_RADIOCTL_ID);
4374 tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
4375 b43_write16(dev, B43_MMIO_RADIO_CONTROL,
4376 B43_RADIOCTL_ID);
4377 tmp |= (u32)b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH)
4378 << 16;
4379 }
4380 radio_manuf = (tmp & 0x00000FFF);
4381 radio_ver = (tmp & 0x0FFFF000) >> 12;
4382 radio_rev = (tmp & 0xF0000000) >> 28;
4383 }
4384
4385 if (radio_manuf != 0x17F /* Broadcom */)
4386 unsupported = 1;
4387 switch (phy_type) {
4388 case B43_PHYTYPE_A:
4389 if (radio_ver != 0x2060)
4390 unsupported = 1;
4391 if (radio_rev != 1)
4392 unsupported = 1;
4393 if (radio_manuf != 0x17F)
4394 unsupported = 1;
4395 break;
4396 case B43_PHYTYPE_B:
4397 if ((radio_ver & 0xFFF0) != 0x2050)
4398 unsupported = 1;
4399 break;
4400 case B43_PHYTYPE_G:
4401 if (radio_ver != 0x2050)
4402 unsupported = 1;
4403 break;
4404 case B43_PHYTYPE_N:
4405 if (radio_ver != 0x2055 && radio_ver != 0x2056)
4406 unsupported = 1;
4407 break;
4408 case B43_PHYTYPE_LP:
4409 if (radio_ver != 0x2062 && radio_ver != 0x2063)
4410 unsupported = 1;
4411 break;
4412 case B43_PHYTYPE_HT:
4413 if (radio_ver != 0x2059)
4414 unsupported = 1;
4415 break;
4416 case B43_PHYTYPE_LCN:
4417 if (radio_ver != 0x2064)
4418 unsupported = 1;
4419 break;
4420 default:
4421 B43_WARN_ON(1);
4422 }
4423 if (unsupported) {
4424 b43err(dev->wl, "FOUND UNSUPPORTED RADIO "
4425 "(Manuf 0x%X, Version 0x%X, Revision %u)\n",
4426 radio_manuf, radio_ver, radio_rev);
4427 return -EOPNOTSUPP;
4428 }
4429 b43dbg(dev->wl, "Found Radio: Manuf 0x%X, Version 0x%X, Revision %u\n",
4430 radio_manuf, radio_ver, radio_rev);
4431
4432 phy->radio_manuf = radio_manuf;
4433 phy->radio_ver = radio_ver;
4434 phy->radio_rev = radio_rev;
4435
4436 phy->analog = analog_type;
4437 phy->type = phy_type;
4438 phy->rev = phy_rev;
4439
4440 return 0;
4441}
4442
4443static void setup_struct_phy_for_init(struct b43_wldev *dev,
4444 struct b43_phy *phy)
4445{
4446 phy->hardware_power_control = !!modparam_hwpctl;
4447 phy->next_txpwr_check_time = jiffies;
4448 /* PHY TX errors counter. */
4449 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
4450
4451#if B43_DEBUG
4452 phy->phy_locked = false;
4453 phy->radio_locked = false;
4454#endif
4455}
4456
4457static void setup_struct_wldev_for_init(struct b43_wldev *dev)
4458{
4459 dev->dfq_valid = false;
4460
4461 /* Assume the radio is enabled. If it's not enabled, the state will
4462 * immediately get fixed on the first periodic work run. */
4463 dev->radio_hw_enable = true;
4464
4465 /* Stats */
4466 memset(&dev->stats, 0, sizeof(dev->stats));
4467
4468 setup_struct_phy_for_init(dev, &dev->phy);
4469
4470 /* IRQ related flags */
4471 dev->irq_reason = 0;
4472 memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
4473 dev->irq_mask = B43_IRQ_MASKTEMPLATE;
4474 if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
4475 dev->irq_mask &= ~B43_IRQ_PHY_TXERR;
4476
4477 dev->mac_suspended = 1;
4478
4479 /* Noise calculation context */
4480 memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
4481}
4482
4483static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
4484{
4485 struct ssb_sprom *sprom = dev->dev->bus_sprom;
4486 u64 hf;
4487
4488 if (!modparam_btcoex)
4489 return;
4490 if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
4491 return;
4492 if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
4493 return;
4494
4495 hf = b43_hf_read(dev);
4496 if (sprom->boardflags_lo & B43_BFL_BTCMOD)
4497 hf |= B43_HF_BTCOEXALT;
4498 else
4499 hf |= B43_HF_BTCOEX;
4500 b43_hf_write(dev, hf);
4501}
4502
4503static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
4504{
4505 if (!modparam_btcoex)
4506 return;
4507 //TODO
4508}
4509
4510static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
4511{
4512 struct ssb_bus *bus;
4513 u32 tmp;
4514
4515 if (dev->dev->bus_type != B43_BUS_SSB)
4516 return;
4517
4518 bus = dev->dev->sdev->bus;
4519
4520 if ((bus->chip_id == 0x4311 && bus->chip_rev == 2) ||
4521 (bus->chip_id == 0x4312)) {
4522 tmp = ssb_read32(dev->dev->sdev, SSB_IMCFGLO);
4523 tmp &= ~SSB_IMCFGLO_REQTO;
4524 tmp &= ~SSB_IMCFGLO_SERTO;
4525 tmp |= 0x3;
4526 ssb_write32(dev->dev->sdev, SSB_IMCFGLO, tmp);
4527 ssb_commit_settings(bus);
4528 }
4529}
4530
4531static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
4532{
4533 u16 pu_delay;
4534
4535 /* The time value is in microseconds. */
4536 if (dev->phy.type == B43_PHYTYPE_A)
4537 pu_delay = 3700;
4538 else
4539 pu_delay = 1050;
4540 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
4541 pu_delay = 500;
4542 if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
4543 pu_delay = max(pu_delay, (u16)2400);
4544
4545 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
4546}
4547
4548/* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
4549static void b43_set_pretbtt(struct b43_wldev *dev)
4550{
4551 u16 pretbtt;
4552
4553 /* The time value is in microseconds. */
4554 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC)) {
4555 pretbtt = 2;
4556 } else {
4557 if (dev->phy.type == B43_PHYTYPE_A)
4558 pretbtt = 120;
4559 else
4560 pretbtt = 250;
4561 }
4562 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
4563 b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
4564}
4565
4566/* Shutdown a wireless core */
4567/* Locking: wl->mutex */
4568static void b43_wireless_core_exit(struct b43_wldev *dev)
4569{
4570 B43_WARN_ON(dev && b43_status(dev) > B43_STAT_INITIALIZED);
4571 if (!dev || b43_status(dev) != B43_STAT_INITIALIZED)
4572 return;
4573
4574 /* Unregister HW RNG driver */
4575 b43_rng_exit(dev->wl);
4576
4577 b43_set_status(dev, B43_STAT_UNINIT);
4578
4579 /* Stop the microcode PSM. */
4580 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
4581 B43_MACCTL_PSM_JMP0);
4582
4583 b43_dma_free(dev);
4584 b43_pio_free(dev);
4585 b43_chip_exit(dev);
4586 dev->phy.ops->switch_analog(dev, 0);
4587 if (dev->wl->current_beacon) {
4588 dev_kfree_skb_any(dev->wl->current_beacon);
4589 dev->wl->current_beacon = NULL;
4590 }
4591
4592 b43_device_disable(dev, 0);
4593 b43_bus_may_powerdown(dev);
4594}
4595
4596/* Initialize a wireless core */
4597static int b43_wireless_core_init(struct b43_wldev *dev)
4598{
4599 struct ssb_sprom *sprom = dev->dev->bus_sprom;
4600 struct b43_phy *phy = &dev->phy;
4601 int err;
4602 u64 hf;
4603
4604 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4605
4606 err = b43_bus_powerup(dev, 0);
4607 if (err)
4608 goto out;
4609 if (!b43_device_is_enabled(dev))
4610 b43_wireless_core_reset(dev, phy->gmode);
4611
4612 /* Reset all data structures. */
4613 setup_struct_wldev_for_init(dev);
4614 phy->ops->prepare_structs(dev);
4615
4616 /* Enable IRQ routing to this device. */
4617 switch (dev->dev->bus_type) {
4618#ifdef CONFIG_B43_BCMA
4619 case B43_BUS_BCMA:
4620 bcma_core_pci_irq_ctl(&dev->dev->bdev->bus->drv_pci,
4621 dev->dev->bdev, true);
4622 break;
4623#endif
4624#ifdef CONFIG_B43_SSB
4625 case B43_BUS_SSB:
4626 ssb_pcicore_dev_irqvecs_enable(&dev->dev->sdev->bus->pcicore,
4627 dev->dev->sdev);
4628 break;
4629#endif
4630 }
4631
4632 b43_imcfglo_timeouts_workaround(dev);
4633 b43_bluetooth_coext_disable(dev);
4634 if (phy->ops->prepare_hardware) {
4635 err = phy->ops->prepare_hardware(dev);
4636 if (err)
4637 goto err_busdown;
4638 }
4639 err = b43_chip_init(dev);
4640 if (err)
4641 goto err_busdown;
4642 b43_shm_write16(dev, B43_SHM_SHARED,
4643 B43_SHM_SH_WLCOREREV, dev->dev->core_rev);
4644 hf = b43_hf_read(dev);
4645 if (phy->type == B43_PHYTYPE_G) {
4646 hf |= B43_HF_SYMW;
4647 if (phy->rev == 1)
4648 hf |= B43_HF_GDCW;
4649 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4650 hf |= B43_HF_OFDMPABOOST;
4651 }
4652 if (phy->radio_ver == 0x2050) {
4653 if (phy->radio_rev == 6)
4654 hf |= B43_HF_4318TSSI;
4655 if (phy->radio_rev < 6)
4656 hf |= B43_HF_VCORECALC;
4657 }
4658 if (sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW)
4659 hf |= B43_HF_DSCRQ; /* Disable slowclock requests from ucode. */
4660#ifdef CONFIG_SSB_DRIVER_PCICORE
4661 if (dev->dev->bus_type == B43_BUS_SSB &&
4662 dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI &&
4663 dev->dev->sdev->bus->pcicore.dev->id.revision <= 10)
4664 hf |= B43_HF_PCISCW; /* PCI slow clock workaround. */
4665#endif
4666 hf &= ~B43_HF_SKCFPUP;
4667 b43_hf_write(dev, hf);
4668
4669 b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4670 B43_DEFAULT_LONG_RETRY_LIMIT);
4671 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4672 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4673
4674 /* Disable sending probe responses from firmware.
4675 * Setting the MaxTime to one usec will always trigger
4676 * a timeout, so we never send any probe resp.
4677 * A timeout of zero is infinite. */
4678 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4679
4680 b43_rate_memory_init(dev);
4681 b43_set_phytxctl_defaults(dev);
4682
4683 /* Minimum Contention Window */
4684 if (phy->type == B43_PHYTYPE_B)
4685 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4686 else
4687 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4688 /* Maximum Contention Window */
4689 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4690
4691 if (b43_bus_host_is_pcmcia(dev->dev) ||
4692 b43_bus_host_is_sdio(dev->dev)) {
4693 dev->__using_pio_transfers = true;
4694 err = b43_pio_init(dev);
4695 } else if (dev->use_pio) {
4696 b43warn(dev->wl, "Forced PIO by use_pio module parameter. "
4697 "This should not be needed and will result in lower "
4698 "performance.\n");
4699 dev->__using_pio_transfers = true;
4700 err = b43_pio_init(dev);
4701 } else {
4702 dev->__using_pio_transfers = false;
4703 err = b43_dma_init(dev);
4704 }
4705 if (err)
4706 goto err_chip_exit;
4707 b43_qos_init(dev);
4708 b43_set_synth_pu_delay(dev, 1);
4709 b43_bluetooth_coext_enable(dev);
4710
4711 b43_bus_powerup(dev, !(sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW));
4712 b43_upload_card_macaddress(dev);
4713 b43_security_init(dev);
4714
4715 ieee80211_wake_queues(dev->wl->hw);
4716
4717 b43_set_status(dev, B43_STAT_INITIALIZED);
4718
4719 /* Register HW RNG driver */
4720 b43_rng_init(dev->wl);
4721
4722out:
4723 return err;
4724
4725err_chip_exit:
4726 b43_chip_exit(dev);
4727err_busdown:
4728 b43_bus_may_powerdown(dev);
4729 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4730 return err;
4731}
4732
4733static int b43_op_add_interface(struct ieee80211_hw *hw,
4734 struct ieee80211_vif *vif)
4735{
4736 struct b43_wl *wl = hw_to_b43_wl(hw);
4737 struct b43_wldev *dev;
4738 int err = -EOPNOTSUPP;
4739
4740 /* TODO: allow WDS/AP devices to coexist */
4741
4742 if (vif->type != NL80211_IFTYPE_AP &&
4743 vif->type != NL80211_IFTYPE_MESH_POINT &&
4744 vif->type != NL80211_IFTYPE_STATION &&
4745 vif->type != NL80211_IFTYPE_WDS &&
4746 vif->type != NL80211_IFTYPE_ADHOC)
4747 return -EOPNOTSUPP;
4748
4749 mutex_lock(&wl->mutex);
4750 if (wl->operating)
4751 goto out_mutex_unlock;
4752
4753 b43dbg(wl, "Adding Interface type %d\n", vif->type);
4754
4755 dev = wl->current_dev;
4756 wl->operating = true;
4757 wl->vif = vif;
4758 wl->if_type = vif->type;
4759 memcpy(wl->mac_addr, vif->addr, ETH_ALEN);
4760
4761 b43_adjust_opmode(dev);
4762 b43_set_pretbtt(dev);
4763 b43_set_synth_pu_delay(dev, 0);
4764 b43_upload_card_macaddress(dev);
4765
4766 err = 0;
4767 out_mutex_unlock:
4768 mutex_unlock(&wl->mutex);
4769
4770 if (err == 0)
4771 b43_op_bss_info_changed(hw, vif, &vif->bss_conf, ~0);
4772
4773 return err;
4774}
4775
4776static void b43_op_remove_interface(struct ieee80211_hw *hw,
4777 struct ieee80211_vif *vif)
4778{
4779 struct b43_wl *wl = hw_to_b43_wl(hw);
4780 struct b43_wldev *dev = wl->current_dev;
4781
4782 b43dbg(wl, "Removing Interface type %d\n", vif->type);
4783
4784 mutex_lock(&wl->mutex);
4785
4786 B43_WARN_ON(!wl->operating);
4787 B43_WARN_ON(wl->vif != vif);
4788 wl->vif = NULL;
4789
4790 wl->operating = false;
4791
4792 b43_adjust_opmode(dev);
4793 memset(wl->mac_addr, 0, ETH_ALEN);
4794 b43_upload_card_macaddress(dev);
4795
4796 mutex_unlock(&wl->mutex);
4797}
4798
4799static int b43_op_start(struct ieee80211_hw *hw)
4800{
4801 struct b43_wl *wl = hw_to_b43_wl(hw);
4802 struct b43_wldev *dev = wl->current_dev;
4803 int did_init = 0;
4804 int err = 0;
4805
4806 /* Kill all old instance specific information to make sure
4807 * the card won't use it in the short timeframe between start
4808 * and mac80211 reconfiguring it. */
4809 memset(wl->bssid, 0, ETH_ALEN);
4810 memset(wl->mac_addr, 0, ETH_ALEN);
4811 wl->filter_flags = 0;
4812 wl->radiotap_enabled = false;
4813 b43_qos_clear(wl);
4814 wl->beacon0_uploaded = false;
4815 wl->beacon1_uploaded = false;
4816 wl->beacon_templates_virgin = true;
4817 wl->radio_enabled = true;
4818
4819 mutex_lock(&wl->mutex);
4820
4821 if (b43_status(dev) < B43_STAT_INITIALIZED) {
4822 err = b43_wireless_core_init(dev);
4823 if (err)
4824 goto out_mutex_unlock;
4825 did_init = 1;
4826 }
4827
4828 if (b43_status(dev) < B43_STAT_STARTED) {
4829 err = b43_wireless_core_start(dev);
4830 if (err) {
4831 if (did_init)
4832 b43_wireless_core_exit(dev);
4833 goto out_mutex_unlock;
4834 }
4835 }
4836
4837 /* XXX: only do if device doesn't support rfkill irq */
4838 wiphy_rfkill_start_polling(hw->wiphy);
4839
4840 out_mutex_unlock:
4841 mutex_unlock(&wl->mutex);
4842
4843 /*
4844 * Configuration may have been overwritten during initialization.
4845 * Reload the configuration, but only if initialization was
4846 * successful. Reloading the configuration after a failed init
4847 * may hang the system.
4848 */
4849 if (!err)
4850 b43_op_config(hw, ~0);
4851
4852 return err;
4853}
4854
4855static void b43_op_stop(struct ieee80211_hw *hw)
4856{
4857 struct b43_wl *wl = hw_to_b43_wl(hw);
4858 struct b43_wldev *dev = wl->current_dev;
4859
4860 cancel_work_sync(&(wl->beacon_update_trigger));
4861
4862 if (!dev)
4863 goto out;
4864
4865 mutex_lock(&wl->mutex);
4866 if (b43_status(dev) >= B43_STAT_STARTED) {
4867 dev = b43_wireless_core_stop(dev);
4868 if (!dev)
4869 goto out_unlock;
4870 }
4871 b43_wireless_core_exit(dev);
4872 wl->radio_enabled = false;
4873
4874out_unlock:
4875 mutex_unlock(&wl->mutex);
4876out:
4877 cancel_work_sync(&(wl->txpower_adjust_work));
4878}
4879
4880static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
4881 struct ieee80211_sta *sta, bool set)
4882{
4883 struct b43_wl *wl = hw_to_b43_wl(hw);
4884
4885 /* FIXME: add locking */
4886 b43_update_templates(wl);
4887
4888 return 0;
4889}
4890
4891static void b43_op_sta_notify(struct ieee80211_hw *hw,
4892 struct ieee80211_vif *vif,
4893 enum sta_notify_cmd notify_cmd,
4894 struct ieee80211_sta *sta)
4895{
4896 struct b43_wl *wl = hw_to_b43_wl(hw);
4897
4898 B43_WARN_ON(!vif || wl->vif != vif);
4899}
4900
4901static void b43_op_sw_scan_start_notifier(struct ieee80211_hw *hw)
4902{
4903 struct b43_wl *wl = hw_to_b43_wl(hw);
4904 struct b43_wldev *dev;
4905
4906 mutex_lock(&wl->mutex);
4907 dev = wl->current_dev;
4908 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4909 /* Disable CFP update during scan on other channels. */
4910 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_SKCFPUP);
4911 }
4912 mutex_unlock(&wl->mutex);
4913}
4914
4915static void b43_op_sw_scan_complete_notifier(struct ieee80211_hw *hw)
4916{
4917 struct b43_wl *wl = hw_to_b43_wl(hw);
4918 struct b43_wldev *dev;
4919
4920 mutex_lock(&wl->mutex);
4921 dev = wl->current_dev;
4922 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4923 /* Re-enable CFP update. */
4924 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_SKCFPUP);
4925 }
4926 mutex_unlock(&wl->mutex);
4927}
4928
4929static int b43_op_get_survey(struct ieee80211_hw *hw, int idx,
4930 struct survey_info *survey)
4931{
4932 struct b43_wl *wl = hw_to_b43_wl(hw);
4933 struct b43_wldev *dev = wl->current_dev;
4934 struct ieee80211_conf *conf = &hw->conf;
4935
4936 if (idx != 0)
4937 return -ENOENT;
4938
4939 survey->channel = conf->channel;
4940 survey->filled = SURVEY_INFO_NOISE_DBM;
4941 survey->noise = dev->stats.link_noise;
4942
4943 return 0;
4944}
4945
4946static const struct ieee80211_ops b43_hw_ops = {
4947 .tx = b43_op_tx,
4948 .conf_tx = b43_op_conf_tx,
4949 .add_interface = b43_op_add_interface,
4950 .remove_interface = b43_op_remove_interface,
4951 .config = b43_op_config,
4952 .bss_info_changed = b43_op_bss_info_changed,
4953 .configure_filter = b43_op_configure_filter,
4954 .set_key = b43_op_set_key,
4955 .update_tkip_key = b43_op_update_tkip_key,
4956 .get_stats = b43_op_get_stats,
4957 .get_tsf = b43_op_get_tsf,
4958 .set_tsf = b43_op_set_tsf,
4959 .start = b43_op_start,
4960 .stop = b43_op_stop,
4961 .set_tim = b43_op_beacon_set_tim,
4962 .sta_notify = b43_op_sta_notify,
4963 .sw_scan_start = b43_op_sw_scan_start_notifier,
4964 .sw_scan_complete = b43_op_sw_scan_complete_notifier,
4965 .get_survey = b43_op_get_survey,
4966 .rfkill_poll = b43_rfkill_poll,
4967};
4968
4969/* Hard-reset the chip. Do not call this directly.
4970 * Use b43_controller_restart()
4971 */
4972static void b43_chip_reset(struct work_struct *work)
4973{
4974 struct b43_wldev *dev =
4975 container_of(work, struct b43_wldev, restart_work);
4976 struct b43_wl *wl = dev->wl;
4977 int err = 0;
4978 int prev_status;
4979
4980 mutex_lock(&wl->mutex);
4981
4982 prev_status = b43_status(dev);
4983 /* Bring the device down... */
4984 if (prev_status >= B43_STAT_STARTED) {
4985 dev = b43_wireless_core_stop(dev);
4986 if (!dev) {
4987 err = -ENODEV;
4988 goto out;
4989 }
4990 }
4991 if (prev_status >= B43_STAT_INITIALIZED)
4992 b43_wireless_core_exit(dev);
4993
4994 /* ...and up again. */
4995 if (prev_status >= B43_STAT_INITIALIZED) {
4996 err = b43_wireless_core_init(dev);
4997 if (err)
4998 goto out;
4999 }
5000 if (prev_status >= B43_STAT_STARTED) {
5001 err = b43_wireless_core_start(dev);
5002 if (err) {
5003 b43_wireless_core_exit(dev);
5004 goto out;
5005 }
5006 }
5007out:
5008 if (err)
5009 wl->current_dev = NULL; /* Failed to init the dev. */
5010 mutex_unlock(&wl->mutex);
5011
5012 if (err) {
5013 b43err(wl, "Controller restart FAILED\n");
5014 return;
5015 }
5016
5017 /* reload configuration */
5018 b43_op_config(wl->hw, ~0);
5019 if (wl->vif)
5020 b43_op_bss_info_changed(wl->hw, wl->vif, &wl->vif->bss_conf, ~0);
5021
5022 b43info(wl, "Controller restarted\n");
5023}
5024
5025static int b43_setup_bands(struct b43_wldev *dev,
5026 bool have_2ghz_phy, bool have_5ghz_phy)
5027{
5028 struct ieee80211_hw *hw = dev->wl->hw;
5029
5030 if (have_2ghz_phy)
5031 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &b43_band_2GHz;
5032 if (dev->phy.type == B43_PHYTYPE_N) {
5033 if (have_5ghz_phy)
5034 hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_nphy;
5035 } else {
5036 if (have_5ghz_phy)
5037 hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
5038 }
5039
5040 dev->phy.supports_2ghz = have_2ghz_phy;
5041 dev->phy.supports_5ghz = have_5ghz_phy;
5042
5043 return 0;
5044}
5045
5046static void b43_wireless_core_detach(struct b43_wldev *dev)
5047{
5048 /* We release firmware that late to not be required to re-request
5049 * is all the time when we reinit the core. */
5050 b43_release_firmware(dev);
5051 b43_phy_free(dev);
5052}
5053
5054static int b43_wireless_core_attach(struct b43_wldev *dev)
5055{
5056 struct b43_wl *wl = dev->wl;
5057 struct pci_dev *pdev = NULL;
5058 int err;
5059 u32 tmp;
5060 bool have_2ghz_phy = false, have_5ghz_phy = false;
5061
5062 /* Do NOT do any device initialization here.
5063 * Do it in wireless_core_init() instead.
5064 * This function is for gathering basic information about the HW, only.
5065 * Also some structs may be set up here. But most likely you want to have
5066 * that in core_init(), too.
5067 */
5068
5069#ifdef CONFIG_B43_SSB
5070 if (dev->dev->bus_type == B43_BUS_SSB &&
5071 dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI)
5072 pdev = dev->dev->sdev->bus->host_pci;
5073#endif
5074
5075 err = b43_bus_powerup(dev, 0);
5076 if (err) {
5077 b43err(wl, "Bus powerup failed\n");
5078 goto out;
5079 }
5080
5081 /* Get the PHY type. */
5082 switch (dev->dev->bus_type) {
5083#ifdef CONFIG_B43_BCMA
5084 case B43_BUS_BCMA:
5085 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOST);
5086 have_2ghz_phy = !!(tmp & B43_BCMA_IOST_2G_PHY);
5087 have_5ghz_phy = !!(tmp & B43_BCMA_IOST_5G_PHY);
5088 break;
5089#endif
5090#ifdef CONFIG_B43_SSB
5091 case B43_BUS_SSB:
5092 if (dev->dev->core_rev >= 5) {
5093 tmp = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
5094 have_2ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_2GHZ_PHY);
5095 have_5ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_5GHZ_PHY);
5096 } else
5097 B43_WARN_ON(1);
5098 break;
5099#endif
5100 }
5101
5102 dev->phy.gmode = have_2ghz_phy;
5103 dev->phy.radio_on = true;
5104 b43_wireless_core_reset(dev, dev->phy.gmode);
5105
5106 err = b43_phy_versioning(dev);
5107 if (err)
5108 goto err_powerdown;
5109 /* Check if this device supports multiband. */
5110 if (!pdev ||
5111 (pdev->device != 0x4312 &&
5112 pdev->device != 0x4319 && pdev->device != 0x4324)) {
5113 /* No multiband support. */
5114 have_2ghz_phy = false;
5115 have_5ghz_phy = false;
5116 switch (dev->phy.type) {
5117 case B43_PHYTYPE_A:
5118 have_5ghz_phy = true;
5119 break;
5120 case B43_PHYTYPE_LP: //FIXME not always!
5121#if 0 //FIXME enabling 5GHz causes a NULL pointer dereference
5122 have_5ghz_phy = 1;
5123#endif
5124 case B43_PHYTYPE_G:
5125 case B43_PHYTYPE_N:
5126 case B43_PHYTYPE_HT:
5127 case B43_PHYTYPE_LCN:
5128 have_2ghz_phy = true;
5129 break;
5130 default:
5131 B43_WARN_ON(1);
5132 }
5133 }
5134 if (dev->phy.type == B43_PHYTYPE_A) {
5135 /* FIXME */
5136 b43err(wl, "IEEE 802.11a devices are unsupported\n");
5137 err = -EOPNOTSUPP;
5138 goto err_powerdown;
5139 }
5140 if (1 /* disable A-PHY */) {
5141 /* FIXME: For now we disable the A-PHY on multi-PHY devices. */
5142 if (dev->phy.type != B43_PHYTYPE_N &&
5143 dev->phy.type != B43_PHYTYPE_LP) {
5144 have_2ghz_phy = true;
5145 have_5ghz_phy = false;
5146 }
5147 }
5148
5149 err = b43_phy_allocate(dev);
5150 if (err)
5151 goto err_powerdown;
5152
5153 dev->phy.gmode = have_2ghz_phy;
5154 b43_wireless_core_reset(dev, dev->phy.gmode);
5155
5156 err = b43_validate_chipaccess(dev);
5157 if (err)
5158 goto err_phy_free;
5159 err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
5160 if (err)
5161 goto err_phy_free;
5162
5163 /* Now set some default "current_dev" */
5164 if (!wl->current_dev)
5165 wl->current_dev = dev;
5166 INIT_WORK(&dev->restart_work, b43_chip_reset);
5167
5168 dev->phy.ops->switch_analog(dev, 0);
5169 b43_device_disable(dev, 0);
5170 b43_bus_may_powerdown(dev);
5171
5172out:
5173 return err;
5174
5175err_phy_free:
5176 b43_phy_free(dev);
5177err_powerdown:
5178 b43_bus_may_powerdown(dev);
5179 return err;
5180}
5181
5182static void b43_one_core_detach(struct b43_bus_dev *dev)
5183{
5184 struct b43_wldev *wldev;
5185 struct b43_wl *wl;
5186
5187 /* Do not cancel ieee80211-workqueue based work here.
5188 * See comment in b43_remove(). */
5189
5190 wldev = b43_bus_get_wldev(dev);
5191 wl = wldev->wl;
5192 b43_debugfs_remove_device(wldev);
5193 b43_wireless_core_detach(wldev);
5194 list_del(&wldev->list);
5195 wl->nr_devs--;
5196 b43_bus_set_wldev(dev, NULL);
5197 kfree(wldev);
5198}
5199
5200static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl)
5201{
5202 struct b43_wldev *wldev;
5203 int err = -ENOMEM;
5204
5205 wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
5206 if (!wldev)
5207 goto out;
5208
5209 wldev->use_pio = b43_modparam_pio;
5210 wldev->dev = dev;
5211 wldev->wl = wl;
5212 b43_set_status(wldev, B43_STAT_UNINIT);
5213 wldev->bad_frames_preempt = modparam_bad_frames_preempt;
5214 INIT_LIST_HEAD(&wldev->list);
5215
5216 err = b43_wireless_core_attach(wldev);
5217 if (err)
5218 goto err_kfree_wldev;
5219
5220 list_add(&wldev->list, &wl->devlist);
5221 wl->nr_devs++;
5222 b43_bus_set_wldev(dev, wldev);
5223 b43_debugfs_add_device(wldev);
5224
5225 out:
5226 return err;
5227
5228 err_kfree_wldev:
5229 kfree(wldev);
5230 return err;
5231}
5232
5233#define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice) ( \
5234 (pdev->vendor == PCI_VENDOR_ID_##_vendor) && \
5235 (pdev->device == _device) && \
5236 (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) && \
5237 (pdev->subsystem_device == _subdevice) )
5238
5239static void b43_sprom_fixup(struct ssb_bus *bus)
5240{
5241 struct pci_dev *pdev;
5242
5243 /* boardflags workarounds */
5244 if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
5245 bus->chip_id == 0x4301 && bus->sprom.board_rev == 0x74)
5246 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
5247 if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
5248 bus->boardinfo.type == 0x4E && bus->sprom.board_rev > 0x40)
5249 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
5250 if (bus->bustype == SSB_BUSTYPE_PCI) {
5251 pdev = bus->host_pci;
5252 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
5253 IS_PDEV(pdev, BROADCOM, 0x4320, DELL, 0x0003) ||
5254 IS_PDEV(pdev, BROADCOM, 0x4320, HP, 0x12f8) ||
5255 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
5256 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
5257 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
5258 IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
5259 bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
5260 }
5261}
5262
5263static void b43_wireless_exit(struct b43_bus_dev *dev, struct b43_wl *wl)
5264{
5265 struct ieee80211_hw *hw = wl->hw;
5266
5267 ssb_set_devtypedata(dev->sdev, NULL);
5268 ieee80211_free_hw(hw);
5269}
5270
5271static struct b43_wl *b43_wireless_init(struct b43_bus_dev *dev)
5272{
5273 struct ssb_sprom *sprom = dev->bus_sprom;
5274 struct ieee80211_hw *hw;
5275 struct b43_wl *wl;
5276 char chip_name[6];
5277 int queue_num;
5278
5279 hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
5280 if (!hw) {
5281 b43err(NULL, "Could not allocate ieee80211 device\n");
5282 return ERR_PTR(-ENOMEM);
5283 }
5284 wl = hw_to_b43_wl(hw);
5285
5286 /* fill hw info */
5287 hw->flags = IEEE80211_HW_RX_INCLUDES_FCS |
5288 IEEE80211_HW_SIGNAL_DBM;
5289
5290 hw->wiphy->interface_modes =
5291 BIT(NL80211_IFTYPE_AP) |
5292 BIT(NL80211_IFTYPE_MESH_POINT) |
5293 BIT(NL80211_IFTYPE_STATION) |
5294 BIT(NL80211_IFTYPE_WDS) |
5295 BIT(NL80211_IFTYPE_ADHOC);
5296
5297 hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
5298
5299 wl->hw_registred = false;
5300 hw->max_rates = 2;
5301 SET_IEEE80211_DEV(hw, dev->dev);
5302 if (is_valid_ether_addr(sprom->et1mac))
5303 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
5304 else
5305 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
5306
5307 /* Initialize struct b43_wl */
5308 wl->hw = hw;
5309 mutex_init(&wl->mutex);
5310 spin_lock_init(&wl->hardirq_lock);
5311 INIT_LIST_HEAD(&wl->devlist);
5312 INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
5313 INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
5314 INIT_WORK(&wl->tx_work, b43_tx_work);
5315
5316 /* Initialize queues and flags. */
5317 for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
5318 skb_queue_head_init(&wl->tx_queue[queue_num]);
5319 wl->tx_queue_stopped[queue_num] = 0;
5320 }
5321
5322 snprintf(chip_name, ARRAY_SIZE(chip_name),
5323 (dev->chip_id > 0x9999) ? "%d" : "%04X", dev->chip_id);
5324 b43info(wl, "Broadcom %s WLAN found (core revision %u)\n", chip_name,
5325 dev->core_rev);
5326 return wl;
5327}
5328
5329#ifdef CONFIG_B43_BCMA
5330static int b43_bcma_probe(struct bcma_device *core)
5331{
5332 struct b43_bus_dev *dev;
5333 struct b43_wl *wl;
5334 int err;
5335
5336 dev = b43_bus_dev_bcma_init(core);
5337 if (!dev)
5338 return -ENODEV;
5339
5340 wl = b43_wireless_init(dev);
5341 if (IS_ERR(wl)) {
5342 err = PTR_ERR(wl);
5343 goto bcma_out;
5344 }
5345
5346 err = b43_one_core_attach(dev, wl);
5347 if (err)
5348 goto bcma_err_wireless_exit;
5349
5350 /* setup and start work to load firmware */
5351 INIT_WORK(&wl->firmware_load, b43_request_firmware);
5352 schedule_work(&wl->firmware_load);
5353
5354bcma_out:
5355 return err;
5356
5357bcma_err_wireless_exit:
5358 ieee80211_free_hw(wl->hw);
5359 return err;
5360}
5361
5362static void b43_bcma_remove(struct bcma_device *core)
5363{
5364 struct b43_wldev *wldev = bcma_get_drvdata(core);
5365 struct b43_wl *wl = wldev->wl;
5366
5367 /* We must cancel any work here before unregistering from ieee80211,
5368 * as the ieee80211 unreg will destroy the workqueue. */
5369 cancel_work_sync(&wldev->restart_work);
5370
5371 B43_WARN_ON(!wl);
5372 if (wl->current_dev == wldev && wl->hw_registred) {
5373 b43_leds_stop(wldev);
5374 ieee80211_unregister_hw(wl->hw);
5375 }
5376
5377 b43_one_core_detach(wldev->dev);
5378
5379 b43_leds_unregister(wl);
5380
5381 ieee80211_free_hw(wl->hw);
5382}
5383
5384static struct bcma_driver b43_bcma_driver = {
5385 .name = KBUILD_MODNAME,
5386 .id_table = b43_bcma_tbl,
5387 .probe = b43_bcma_probe,
5388 .remove = b43_bcma_remove,
5389};
5390#endif
5391
5392#ifdef CONFIG_B43_SSB
5393static
5394int b43_ssb_probe(struct ssb_device *sdev, const struct ssb_device_id *id)
5395{
5396 struct b43_bus_dev *dev;
5397 struct b43_wl *wl;
5398 int err;
5399 int first = 0;
5400
5401 dev = b43_bus_dev_ssb_init(sdev);
5402 if (!dev)
5403 return -ENOMEM;
5404
5405 wl = ssb_get_devtypedata(sdev);
5406 if (!wl) {
5407 /* Probing the first core. Must setup common struct b43_wl */
5408 first = 1;
5409 b43_sprom_fixup(sdev->bus);
5410 wl = b43_wireless_init(dev);
5411 if (IS_ERR(wl)) {
5412 err = PTR_ERR(wl);
5413 goto out;
5414 }
5415 ssb_set_devtypedata(sdev, wl);
5416 B43_WARN_ON(ssb_get_devtypedata(sdev) != wl);
5417 }
5418 err = b43_one_core_attach(dev, wl);
5419 if (err)
5420 goto err_wireless_exit;
5421
5422 /* setup and start work to load firmware */
5423 INIT_WORK(&wl->firmware_load, b43_request_firmware);
5424 schedule_work(&wl->firmware_load);
5425
5426 out:
5427 return err;
5428
5429 err_wireless_exit:
5430 if (first)
5431 b43_wireless_exit(dev, wl);
5432 return err;
5433}
5434
5435static void b43_ssb_remove(struct ssb_device *sdev)
5436{
5437 struct b43_wl *wl = ssb_get_devtypedata(sdev);
5438 struct b43_wldev *wldev = ssb_get_drvdata(sdev);
5439 struct b43_bus_dev *dev = wldev->dev;
5440
5441 /* We must cancel any work here before unregistering from ieee80211,
5442 * as the ieee80211 unreg will destroy the workqueue. */
5443 cancel_work_sync(&wldev->restart_work);
5444
5445 B43_WARN_ON(!wl);
5446 if (wl->current_dev == wldev && wl->hw_registred) {
5447 b43_leds_stop(wldev);
5448 ieee80211_unregister_hw(wl->hw);
5449 }
5450
5451 b43_one_core_detach(dev);
5452
5453 if (list_empty(&wl->devlist)) {
5454 b43_leds_unregister(wl);
5455 /* Last core on the chip unregistered.
5456 * We can destroy common struct b43_wl.
5457 */
5458 b43_wireless_exit(dev, wl);
5459 }
5460}
5461
5462static struct ssb_driver b43_ssb_driver = {
5463 .name = KBUILD_MODNAME,
5464 .id_table = b43_ssb_tbl,
5465 .probe = b43_ssb_probe,
5466 .remove = b43_ssb_remove,
5467};
5468#endif /* CONFIG_B43_SSB */
5469
5470/* Perform a hardware reset. This can be called from any context. */
5471void b43_controller_restart(struct b43_wldev *dev, const char *reason)
5472{
5473 /* Must avoid requeueing, if we are in shutdown. */
5474 if (b43_status(dev) < B43_STAT_INITIALIZED)
5475 return;
5476 b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
5477 ieee80211_queue_work(dev->wl->hw, &dev->restart_work);
5478}
5479
5480static void b43_print_driverinfo(void)
5481{
5482 const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
5483 *feat_leds = "", *feat_sdio = "";
5484
5485#ifdef CONFIG_B43_PCI_AUTOSELECT
5486 feat_pci = "P";
5487#endif
5488#ifdef CONFIG_B43_PCMCIA
5489 feat_pcmcia = "M";
5490#endif
5491#ifdef CONFIG_B43_PHY_N
5492 feat_nphy = "N";
5493#endif
5494#ifdef CONFIG_B43_LEDS
5495 feat_leds = "L";
5496#endif
5497#ifdef CONFIG_B43_SDIO
5498 feat_sdio = "S";
5499#endif
5500 printk(KERN_INFO "Broadcom 43xx driver loaded "
5501 "[ Features: %s%s%s%s%s ]\n",
5502 feat_pci, feat_pcmcia, feat_nphy,
5503 feat_leds, feat_sdio);
5504}
5505
5506static int __init b43_init(void)
5507{
5508 int err;
5509
5510 b43_debugfs_init();
5511 err = b43_pcmcia_init();
5512 if (err)
5513 goto err_dfs_exit;
5514 err = b43_sdio_init();
5515 if (err)
5516 goto err_pcmcia_exit;
5517#ifdef CONFIG_B43_BCMA
5518 err = bcma_driver_register(&b43_bcma_driver);
5519 if (err)
5520 goto err_sdio_exit;
5521#endif
5522#ifdef CONFIG_B43_SSB
5523 err = ssb_driver_register(&b43_ssb_driver);
5524 if (err)
5525 goto err_bcma_driver_exit;
5526#endif
5527 b43_print_driverinfo();
5528
5529 return err;
5530
5531#ifdef CONFIG_B43_SSB
5532err_bcma_driver_exit:
5533#endif
5534#ifdef CONFIG_B43_BCMA
5535 bcma_driver_unregister(&b43_bcma_driver);
5536err_sdio_exit:
5537#endif
5538 b43_sdio_exit();
5539err_pcmcia_exit:
5540 b43_pcmcia_exit();
5541err_dfs_exit:
5542 b43_debugfs_exit();
5543 return err;
5544}
5545
5546static void __exit b43_exit(void)
5547{
5548#ifdef CONFIG_B43_SSB
5549 ssb_driver_unregister(&b43_ssb_driver);
5550#endif
5551#ifdef CONFIG_B43_BCMA
5552 bcma_driver_unregister(&b43_bcma_driver);
5553#endif
5554 b43_sdio_exit();
5555 b43_pcmcia_exit();
5556 b43_debugfs_exit();
5557}
5558
5559module_init(b43_init)
5560module_exit(b43_exit)