1/*
   2 * Copyright (c) 2010 Broadcom Corporation
   3 * Copyright (c) 2013 Hauke Mehrtens <hauke@hauke-m.de>
   4 *
   5 * Permission to use, copy, modify, and/or distribute this software for any
   6 * purpose with or without fee is hereby granted, provided that the above
   7 * copyright notice and this permission notice appear in all copies.
   8 *
   9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
  12 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
  14 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
  15 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  16 */
  17
  18#define __UNDEF_NO_VERSION__
  19#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  20
  21#include <linux/etherdevice.h>
  22#include <linux/sched.h>
  23#include <linux/firmware.h>
  24#include <linux/interrupt.h>
  25#include <linux/module.h>
  26#include <linux/bcma/bcma.h>
  27#include <net/mac80211.h>
  28#include <defs.h>
  29#include "phy/phy_int.h"
  30#include "d11.h"
  31#include "channel.h"
  32#include "scb.h"
  33#include "pub.h"
  34#include "ucode_loader.h"
  35#include "mac80211_if.h"
  36#include "main.h"
  37#include "debug.h"
  38#include "led.h"
  39
  40#define N_TX_QUEUES	4 /* #tx queues on mac80211<->driver interface */
  41#define BRCMS_FLUSH_TIMEOUT	500 /* msec */
  42
  43/* Flags we support */
  44#define MAC_FILTERS (FIF_ALLMULTI | \
  45	FIF_FCSFAIL | \
  46	FIF_CONTROL | \
  47	FIF_OTHER_BSS | \
  48	FIF_BCN_PRBRESP_PROMISC | \
  49	FIF_PSPOLL)
  50
  51#define CHAN2GHZ(channel, freqency, chflags)  { \
  52	.band = NL80211_BAND_2GHZ, \
  53	.center_freq = (freqency), \
  54	.hw_value = (channel), \
  55	.flags = chflags, \
  56	.max_antenna_gain = 0, \
  57	.max_power = 19, \
  58}
  59
  60#define CHAN5GHZ(channel, chflags)  { \
  61	.band = NL80211_BAND_5GHZ, \
  62	.center_freq = 5000 + 5*(channel), \
  63	.hw_value = (channel), \
  64	.flags = chflags, \
  65	.max_antenna_gain = 0, \
  66	.max_power = 21, \
  67}
  68
  69#define RATE(rate100m, _flags) { \
  70	.bitrate = (rate100m), \
  71	.flags = (_flags), \
  72	.hw_value = (rate100m / 5), \
  73}
  74
  75struct firmware_hdr {
  76	__le32 offset;
  77	__le32 len;
  78	__le32 idx;
  79};
  80
  81static const char * const brcms_firmwares[MAX_FW_IMAGES] = {
  82	"brcm/bcm43xx",
  83	NULL
  84};
  85
  86static int n_adapters_found;
  87
  88MODULE_AUTHOR("Broadcom Corporation");
  89MODULE_DESCRIPTION("Broadcom 802.11n wireless LAN driver.");
  90MODULE_LICENSE("Dual BSD/GPL");
  91/* This needs to be adjusted when brcms_firmwares changes */
  92MODULE_FIRMWARE("brcm/bcm43xx-0.fw");
  93MODULE_FIRMWARE("brcm/bcm43xx_hdr-0.fw");
  94
  95/* recognized BCMA Core IDs */
  96static struct bcma_device_id brcms_coreid_table[] = {
  97	BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 17, BCMA_ANY_CLASS),
  98	BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 23, BCMA_ANY_CLASS),
  99	BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 24, BCMA_ANY_CLASS),
 100	{},
 101};
 102MODULE_DEVICE_TABLE(bcma, brcms_coreid_table);
 103
 104#if defined(CONFIG_BRCMDBG)
 105/*
 106 * Module parameter for setting the debug message level. Available
 107 * flags are specified by the BRCM_DL_* macros in
 108 * drivers/net/wireless/brcm80211/include/defs.h.
 109 */
 110module_param_named(debug, brcm_msg_level, uint, 0644);
 111#endif
 112
 113static struct ieee80211_channel brcms_2ghz_chantable[] = {
 114	CHAN2GHZ(1, 2412, IEEE80211_CHAN_NO_HT40MINUS),
 115	CHAN2GHZ(2, 2417, IEEE80211_CHAN_NO_HT40MINUS),
 116	CHAN2GHZ(3, 2422, IEEE80211_CHAN_NO_HT40MINUS),
 117	CHAN2GHZ(4, 2427, IEEE80211_CHAN_NO_HT40MINUS),
 118	CHAN2GHZ(5, 2432, 0),
 119	CHAN2GHZ(6, 2437, 0),
 120	CHAN2GHZ(7, 2442, 0),
 121	CHAN2GHZ(8, 2447, IEEE80211_CHAN_NO_HT40PLUS),
 122	CHAN2GHZ(9, 2452, IEEE80211_CHAN_NO_HT40PLUS),
 123	CHAN2GHZ(10, 2457, IEEE80211_CHAN_NO_HT40PLUS),
 124	CHAN2GHZ(11, 2462, IEEE80211_CHAN_NO_HT40PLUS),
 125	CHAN2GHZ(12, 2467,
 126		 IEEE80211_CHAN_NO_IR |
 127		 IEEE80211_CHAN_NO_HT40PLUS),
 128	CHAN2GHZ(13, 2472,
 129		 IEEE80211_CHAN_NO_IR |
 130		 IEEE80211_CHAN_NO_HT40PLUS),
 131	CHAN2GHZ(14, 2484,
 132		 IEEE80211_CHAN_NO_IR |
 133		 IEEE80211_CHAN_NO_HT40PLUS | IEEE80211_CHAN_NO_HT40MINUS |
 134		 IEEE80211_CHAN_NO_OFDM)
 135};
 136
 137static struct ieee80211_channel brcms_5ghz_nphy_chantable[] = {
 138	/* UNII-1 */
 139	CHAN5GHZ(36, IEEE80211_CHAN_NO_HT40MINUS),
 140	CHAN5GHZ(40, IEEE80211_CHAN_NO_HT40PLUS),
 141	CHAN5GHZ(44, IEEE80211_CHAN_NO_HT40MINUS),
 142	CHAN5GHZ(48, IEEE80211_CHAN_NO_HT40PLUS),
 143	/* UNII-2 */
 144	CHAN5GHZ(52,
 145		 IEEE80211_CHAN_RADAR |
 146		 IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40MINUS),
 147	CHAN5GHZ(56,
 148		 IEEE80211_CHAN_RADAR |
 149		 IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS),
 150	CHAN5GHZ(60,
 151		 IEEE80211_CHAN_RADAR |
 152		 IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40MINUS),
 153	CHAN5GHZ(64,
 154		 IEEE80211_CHAN_RADAR |
 155		 IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS),
 156	/* MID */
 157	CHAN5GHZ(100,
 158		 IEEE80211_CHAN_RADAR |
 159		 IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40MINUS),
 160	CHAN5GHZ(104,
 161		 IEEE80211_CHAN_RADAR |
 162		 IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS),
 163	CHAN5GHZ(108,
 164		 IEEE80211_CHAN_RADAR |
 165		 IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40MINUS),
 166	CHAN5GHZ(112,
 167		 IEEE80211_CHAN_RADAR |
 168		 IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS),
 169	CHAN5GHZ(116,
 170		 IEEE80211_CHAN_RADAR |
 171		 IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40MINUS),
 172	CHAN5GHZ(120,
 173		 IEEE80211_CHAN_RADAR |
 174		 IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS),
 175	CHAN5GHZ(124,
 176		 IEEE80211_CHAN_RADAR |
 177		 IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40MINUS),
 178	CHAN5GHZ(128,
 179		 IEEE80211_CHAN_RADAR |
 180		 IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS),
 181	CHAN5GHZ(132,
 182		 IEEE80211_CHAN_RADAR |
 183		 IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40MINUS),
 184	CHAN5GHZ(136,
 185		 IEEE80211_CHAN_RADAR |
 186		 IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS),
 187	CHAN5GHZ(140,
 188		 IEEE80211_CHAN_RADAR |
 189		 IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS |
 190		 IEEE80211_CHAN_NO_HT40MINUS),
 191	/* UNII-3 */
 192	CHAN5GHZ(149, IEEE80211_CHAN_NO_HT40MINUS),
 193	CHAN5GHZ(153, IEEE80211_CHAN_NO_HT40PLUS),
 194	CHAN5GHZ(157, IEEE80211_CHAN_NO_HT40MINUS),
 195	CHAN5GHZ(161, IEEE80211_CHAN_NO_HT40PLUS),
 196	CHAN5GHZ(165, IEEE80211_CHAN_NO_HT40PLUS | IEEE80211_CHAN_NO_HT40MINUS)
 197};
 198
 199/*
 200 * The rate table is used for both 2.4G and 5G rates. The
 201 * latter being a subset as it does not support CCK rates.
 202 */
 203static struct ieee80211_rate legacy_ratetable[] = {
 204	RATE(10, 0),
 205	RATE(20, IEEE80211_RATE_SHORT_PREAMBLE),
 206	RATE(55, IEEE80211_RATE_SHORT_PREAMBLE),
 207	RATE(110, IEEE80211_RATE_SHORT_PREAMBLE),
 208	RATE(60, 0),
 209	RATE(90, 0),
 210	RATE(120, 0),
 211	RATE(180, 0),
 212	RATE(240, 0),
 213	RATE(360, 0),
 214	RATE(480, 0),
 215	RATE(540, 0),
 216};
 217
 218static const struct ieee80211_supported_band brcms_band_2GHz_nphy_template = {
 219	.band = NL80211_BAND_2GHZ,
 220	.channels = brcms_2ghz_chantable,
 221	.n_channels = ARRAY_SIZE(brcms_2ghz_chantable),
 222	.bitrates = legacy_ratetable,
 223	.n_bitrates = ARRAY_SIZE(legacy_ratetable),
 224	.ht_cap = {
 225		   /* from include/linux/ieee80211.h */
 226		   .cap = IEEE80211_HT_CAP_GRN_FLD |
 227			  IEEE80211_HT_CAP_SGI_20 | IEEE80211_HT_CAP_SGI_40,
 228		   .ht_supported = true,
 229		   .ampdu_factor = IEEE80211_HT_MAX_AMPDU_64K,
 230		   .ampdu_density = AMPDU_DEF_MPDU_DENSITY,
 231		   .mcs = {
 232			   /* placeholders for now */
 233			   .rx_mask = {0xff, 0xff, 0, 0, 0, 0, 0, 0, 0, 0},
 234			   .rx_highest = cpu_to_le16(500),
 235			   .tx_params = IEEE80211_HT_MCS_TX_DEFINED}
 236		   }
 237};
 238
 239static const struct ieee80211_supported_band brcms_band_5GHz_nphy_template = {
 240	.band = NL80211_BAND_5GHZ,
 241	.channels = brcms_5ghz_nphy_chantable,
 242	.n_channels = ARRAY_SIZE(brcms_5ghz_nphy_chantable),
 243	.bitrates = legacy_ratetable + BRCMS_LEGACY_5G_RATE_OFFSET,
 244	.n_bitrates = ARRAY_SIZE(legacy_ratetable) -
 245			BRCMS_LEGACY_5G_RATE_OFFSET,
 246	.ht_cap = {
 247		   .cap = IEEE80211_HT_CAP_GRN_FLD | IEEE80211_HT_CAP_SGI_20 |
 248			  IEEE80211_HT_CAP_SGI_40,
 249		   .ht_supported = true,
 250		   .ampdu_factor = IEEE80211_HT_MAX_AMPDU_64K,
 251		   .ampdu_density = AMPDU_DEF_MPDU_DENSITY,
 252		   .mcs = {
 253			   /* placeholders for now */
 254			   .rx_mask = {0xff, 0xff, 0, 0, 0, 0, 0, 0, 0, 0},
 255			   .rx_highest = cpu_to_le16(500),
 256			   .tx_params = IEEE80211_HT_MCS_TX_DEFINED}
 257		   }
 258};
 259
 260/* flags the given rate in rateset as requested */
 261static void brcms_set_basic_rate(struct brcm_rateset *rs, u16 rate, bool is_br)
 262{
 263	u32 i;
 264
 265	for (i = 0; i < rs->count; i++) {
 266		if (rate != (rs->rates[i] & 0x7f))
 267			continue;
 268
 269		if (is_br)
 270			rs->rates[i] |= BRCMS_RATE_FLAG;
 271		else
 272			rs->rates[i] &= BRCMS_RATE_MASK;
 273		return;
 274	}
 275}
 276
 277/*
 278 * This function frees the WL per-device resources.
 279 *
 280 * This function frees resources owned by the WL device pointed to
 281 * by the wl parameter.
 282 *
 283 * precondition: can both be called locked and unlocked
 284 */
 285static void brcms_free(struct brcms_info *wl)
 286{
 287	struct brcms_timer *t, *next;
 288
 289	/* free ucode data */
 290	if (wl->fw.fw_cnt)
 291		brcms_ucode_data_free(&wl->ucode);
 292	if (wl->irq)
 293		free_irq(wl->irq, wl);
 294
 295	/* kill dpc */
 296	tasklet_kill(&wl->tasklet);
 297
 298	if (wl->pub) {
 299		brcms_debugfs_detach(wl->pub);
 300		brcms_c_module_unregister(wl->pub, "linux", wl);
 301	}
 302
 303	/* free common resources */
 304	if (wl->wlc) {
 305		brcms_c_detach(wl->wlc);
 306		wl->wlc = NULL;
 307		wl->pub = NULL;
 308	}
 309
 310	/* virtual interface deletion is deferred so we cannot spinwait */
 311
 312	/* wait for all pending callbacks to complete */
 313	while (atomic_read(&wl->callbacks) > 0)
 314		schedule();
 315
 316	/* free timers */
 317	for (t = wl->timers; t; t = next) {
 318		next = t->next;
 319#ifdef DEBUG
 320		kfree(t->name);
 321#endif
 322		kfree(t);
 323	}
 324}
 325
 326/*
 327* called from both kernel as from this kernel module (error flow on attach)
 328* precondition: perimeter lock is not acquired.
 329*/
 330static void brcms_remove(struct bcma_device *pdev)
 331{
 332	struct ieee80211_hw *hw = bcma_get_drvdata(pdev);
 333	struct brcms_info *wl = hw->priv;
 334
 335	if (wl->wlc) {
 336		brcms_led_unregister(wl);
 337		wiphy_rfkill_set_hw_state(wl->pub->ieee_hw->wiphy, false);
 338		wiphy_rfkill_stop_polling(wl->pub->ieee_hw->wiphy);
 339		ieee80211_unregister_hw(hw);
 340	}
 341
 342	brcms_free(wl);
 343
 344	bcma_set_drvdata(pdev, NULL);
 345	ieee80211_free_hw(hw);
 346}
 347
 348/*
 349 * Precondition: Since this function is called in brcms_pci_probe() context,
 350 * no locking is required.
 351 */
 352static void brcms_release_fw(struct brcms_info *wl)
 353{
 354	int i;
 355	for (i = 0; i < MAX_FW_IMAGES; i++) {
 356		release_firmware(wl->fw.fw_bin[i]);
 357		release_firmware(wl->fw.fw_hdr[i]);
 358	}
 359}
 360
 361/*
 362 * Precondition: Since this function is called in brcms_pci_probe() context,
 363 * no locking is required.
 364 */
 365static int brcms_request_fw(struct brcms_info *wl, struct bcma_device *pdev)
 366{
 367	int status;
 368	struct device *device = &pdev->dev;
 369	char fw_name[100];
 370	int i;
 371
 372	memset(&wl->fw, 0, sizeof(struct brcms_firmware));
 373	for (i = 0; i < MAX_FW_IMAGES; i++) {
 374		if (brcms_firmwares[i] == NULL)
 375			break;
 376		sprintf(fw_name, "%s-%d.fw", brcms_firmwares[i],
 377			UCODE_LOADER_API_VER);
 378		status = request_firmware(&wl->fw.fw_bin[i], fw_name, device);
 379		if (status) {
 380			wiphy_err(wl->wiphy, "%s: fail to load firmware %s\n",
 381				  KBUILD_MODNAME, fw_name);
 382			return status;
 383		}
 384		sprintf(fw_name, "%s_hdr-%d.fw", brcms_firmwares[i],
 385			UCODE_LOADER_API_VER);
 386		status = request_firmware(&wl->fw.fw_hdr[i], fw_name, device);
 387		if (status) {
 388			wiphy_err(wl->wiphy, "%s: fail to load firmware %s\n",
 389				  KBUILD_MODNAME, fw_name);
 390			return status;
 391		}
 392		wl->fw.hdr_num_entries[i] =
 393		    wl->fw.fw_hdr[i]->size / (sizeof(struct firmware_hdr));
 394	}
 395	wl->fw.fw_cnt = i;
 396	status = brcms_ucode_data_init(wl, &wl->ucode);
 397	brcms_release_fw(wl);
 398	return status;
 399}
 400
 401static void brcms_ops_tx(struct ieee80211_hw *hw,
 402			 struct ieee80211_tx_control *control,
 403			 struct sk_buff *skb)
 404{
 405	struct brcms_info *wl = hw->priv;
 406	struct ieee80211_tx_info *tx_info = IEEE80211_SKB_CB(skb);
 407
 408	spin_lock_bh(&wl->lock);
 409	if (!wl->pub->up) {
 410		brcms_err(wl->wlc->hw->d11core, "ops->tx called while down\n");
 411		kfree_skb(skb);
 412		goto done;
 413	}
 414	if (brcms_c_sendpkt_mac80211(wl->wlc, skb, hw))
 415		tx_info->rate_driver_data[0] = control->sta;
 416 done:
 417	spin_unlock_bh(&wl->lock);
 418}
 419
 420static int brcms_ops_start(struct ieee80211_hw *hw)
 421{
 422	struct brcms_info *wl = hw->priv;
 423	bool blocked;
 424	int err;
 425
 426	if (!wl->ucode.bcm43xx_bomminor) {
 427		err = brcms_request_fw(wl, wl->wlc->hw->d11core);
 428		if (err)
 429			return -ENOENT;
 430	}
 431
 432	ieee80211_wake_queues(hw);
 433	spin_lock_bh(&wl->lock);
 434	blocked = brcms_rfkill_set_hw_state(wl);
 435	spin_unlock_bh(&wl->lock);
 436	if (!blocked)
 437		wiphy_rfkill_stop_polling(wl->pub->ieee_hw->wiphy);
 438
 439	spin_lock_bh(&wl->lock);
 440	/* avoid acknowledging frames before a non-monitor device is added */
 441	wl->mute_tx = true;
 442
 443	if (!wl->pub->up)
 444		if (!blocked)
 445			err = brcms_up(wl);
 446		else
 447			err = -ERFKILL;
 448	else
 449		err = -ENODEV;
 450	spin_unlock_bh(&wl->lock);
 451
 452	if (err != 0)
 453		brcms_err(wl->wlc->hw->d11core, "%s: brcms_up() returned %d\n",
 454			  __func__, err);
 455
 456	bcma_core_pci_power_save(wl->wlc->hw->d11core->bus, true);
 457	return err;
 458}
 459
 460static void brcms_ops_stop(struct ieee80211_hw *hw)
 461{
 462	struct brcms_info *wl = hw->priv;
 463	int status;
 464
 465	ieee80211_stop_queues(hw);
 466
 467	if (wl->wlc == NULL)
 468		return;
 469
 470	spin_lock_bh(&wl->lock);
 471	status = brcms_c_chipmatch(wl->wlc->hw->d11core);
 472	spin_unlock_bh(&wl->lock);
 473	if (!status) {
 474		brcms_err(wl->wlc->hw->d11core,
 475			  "wl: brcms_ops_stop: chipmatch failed\n");
 476		return;
 477	}
 478
 479	bcma_core_pci_power_save(wl->wlc->hw->d11core->bus, false);
 480
 481	/* put driver in down state */
 482	spin_lock_bh(&wl->lock);
 483	brcms_down(wl);
 484	spin_unlock_bh(&wl->lock);
 485}
 486
 487static int
 488brcms_ops_add_interface(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
 489{
 490	struct brcms_info *wl = hw->priv;
 491
 492	/* Just STA, AP and ADHOC for now */
 493	if (vif->type != NL80211_IFTYPE_STATION &&
 494	    vif->type != NL80211_IFTYPE_AP &&
 495	    vif->type != NL80211_IFTYPE_ADHOC) {
 496		brcms_err(wl->wlc->hw->d11core,
 497			  "%s: Attempt to add type %d, only STA, AP and AdHoc for now\n",
 498			  __func__, vif->type);
 499		return -EOPNOTSUPP;
 500	}
 501
 502	spin_lock_bh(&wl->lock);
 503	wl->wlc->vif = vif;
 504	wl->mute_tx = false;
 505	brcms_c_mute(wl->wlc, false);
 506	if (vif->type == NL80211_IFTYPE_STATION)
 507		brcms_c_start_station(wl->wlc, vif->addr);
 508	else if (vif->type == NL80211_IFTYPE_AP)
 509		brcms_c_start_ap(wl->wlc, vif->addr, vif->bss_conf.bssid,
 510				 vif->cfg.ssid, vif->cfg.ssid_len);
 511	else if (vif->type == NL80211_IFTYPE_ADHOC)
 512		brcms_c_start_adhoc(wl->wlc, vif->addr);
 513	spin_unlock_bh(&wl->lock);
 514
 515	return 0;
 516}
 517
 518static void
 519brcms_ops_remove_interface(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
 520{
 521	struct brcms_info *wl = hw->priv;
 522
 523	spin_lock_bh(&wl->lock);
 524	wl->wlc->vif = NULL;
 525	spin_unlock_bh(&wl->lock);
 526}
 527
 528static int brcms_ops_config(struct ieee80211_hw *hw, u32 changed)
 529{
 530	struct ieee80211_conf *conf = &hw->conf;
 531	struct brcms_info *wl = hw->priv;
 532	struct bcma_device *core = wl->wlc->hw->d11core;
 533	int err = 0;
 534	int new_int;
 535
 536	spin_lock_bh(&wl->lock);
 537	if (changed & IEEE80211_CONF_CHANGE_LISTEN_INTERVAL) {
 538		brcms_c_set_beacon_listen_interval(wl->wlc,
 539						   conf->listen_interval);
 540	}
 541	if (changed & IEEE80211_CONF_CHANGE_MONITOR)
 542		brcms_dbg_info(core, "%s: change monitor mode: %s\n",
 543			       __func__, conf->flags & IEEE80211_CONF_MONITOR ?
 544			       "true" : "false");
 545	if (changed & IEEE80211_CONF_CHANGE_PS)
 546		brcms_err(core, "%s: change power-save mode: %s (implement)\n",
 547			  __func__, conf->flags & IEEE80211_CONF_PS ?
 548			  "true" : "false");
 549
 550	if (changed & IEEE80211_CONF_CHANGE_POWER) {
 551		err = brcms_c_set_tx_power(wl->wlc, conf->power_level);
 552		if (err < 0) {
 553			brcms_err(core, "%s: Error setting power_level\n",
 554				  __func__);
 555			goto config_out;
 556		}
 557		new_int = brcms_c_get_tx_power(wl->wlc);
 558		if (new_int != conf->power_level)
 559			brcms_err(core,
 560				  "%s: Power level req != actual, %d %d\n",
 561				  __func__, conf->power_level,
 562				  new_int);
 563	}
 564	if (changed & IEEE80211_CONF_CHANGE_CHANNEL) {
 565		if (conf->chandef.width == NL80211_CHAN_WIDTH_20 ||
 566		    conf->chandef.width == NL80211_CHAN_WIDTH_20_NOHT)
 567			err = brcms_c_set_channel(wl->wlc,
 568						  conf->chandef.chan->hw_value);
 569		else
 570			err = -ENOTSUPP;
 571	}
 572	if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
 573		err = brcms_c_set_rate_limit(wl->wlc,
 574					     conf->short_frame_max_tx_count,
 575					     conf->long_frame_max_tx_count);
 576
 577 config_out:
 578	spin_unlock_bh(&wl->lock);
 579	return err;
 580}
 581
 582static void
 583brcms_ops_bss_info_changed(struct ieee80211_hw *hw,
 584			struct ieee80211_vif *vif,
 585			struct ieee80211_bss_conf *info, u64 changed)
 586{
 587	struct brcms_info *wl = hw->priv;
 588	struct bcma_device *core = wl->wlc->hw->d11core;
 589
 590	if (changed & BSS_CHANGED_ASSOC) {
 591		/* association status changed (associated/disassociated)
 592		 * also implies a change in the AID.
 593		 */
 594		brcms_err(core, "%s: %s: %sassociated\n", KBUILD_MODNAME,
 595			  __func__, vif->cfg.assoc ? "" : "dis");
 596		spin_lock_bh(&wl->lock);
 597		brcms_c_associate_upd(wl->wlc, vif->cfg.assoc);
 598		spin_unlock_bh(&wl->lock);
 599	}
 600	if (changed & BSS_CHANGED_ERP_SLOT) {
 601		s8 val;
 602
 603		/* slot timing changed */
 604		if (info->use_short_slot)
 605			val = 1;
 606		else
 607			val = 0;
 608		spin_lock_bh(&wl->lock);
 609		brcms_c_set_shortslot_override(wl->wlc, val);
 610		spin_unlock_bh(&wl->lock);
 611	}
 612
 613	if (changed & BSS_CHANGED_HT) {
 614		/* 802.11n parameters changed */
 615		u16 mode = info->ht_operation_mode;
 616
 617		spin_lock_bh(&wl->lock);
 618		brcms_c_protection_upd(wl->wlc, BRCMS_PROT_N_CFG,
 619			mode & IEEE80211_HT_OP_MODE_PROTECTION);
 620		brcms_c_protection_upd(wl->wlc, BRCMS_PROT_N_NONGF,
 621			mode & IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT);
 622		brcms_c_protection_upd(wl->wlc, BRCMS_PROT_N_OBSS,
 623			mode & IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT);
 624		spin_unlock_bh(&wl->lock);
 625	}
 626	if (changed & BSS_CHANGED_BASIC_RATES) {
 627		struct ieee80211_supported_band *bi;
 628		u32 br_mask, i;
 629		u16 rate;
 630		struct brcm_rateset rs;
 631		int error;
 632
 633		/* retrieve the current rates */
 634		spin_lock_bh(&wl->lock);
 635		brcms_c_get_current_rateset(wl->wlc, &rs);
 636		spin_unlock_bh(&wl->lock);
 637
 638		br_mask = info->basic_rates;
 639		bi = hw->wiphy->bands[brcms_c_get_curband(wl->wlc)];
 640		for (i = 0; i < bi->n_bitrates; i++) {
 641			/* convert to internal rate value */
 642			rate = (bi->bitrates[i].bitrate << 1) / 10;
 643
 644			/* set/clear basic rate flag */
 645			brcms_set_basic_rate(&rs, rate, br_mask & 1);
 646			br_mask >>= 1;
 647		}
 648
 649		/* update the rate set */
 650		spin_lock_bh(&wl->lock);
 651		error = brcms_c_set_rateset(wl->wlc, &rs);
 652		spin_unlock_bh(&wl->lock);
 653		if (error)
 654			brcms_err(core, "changing basic rates failed: %d\n",
 655				  error);
 656	}
 657	if (changed & BSS_CHANGED_BEACON_INT) {
 658		/* Beacon interval changed */
 659		spin_lock_bh(&wl->lock);
 660		brcms_c_set_beacon_period(wl->wlc, info->beacon_int);
 661		spin_unlock_bh(&wl->lock);
 662	}
 663	if (changed & BSS_CHANGED_BSSID) {
 664		/* BSSID changed, for whatever reason (IBSS and managed mode) */
 665		spin_lock_bh(&wl->lock);
 666		brcms_c_set_addrmatch(wl->wlc, RCM_BSSID_OFFSET, info->bssid);
 667		spin_unlock_bh(&wl->lock);
 668	}
 669	if (changed & BSS_CHANGED_SSID) {
 670		/* BSSID changed, for whatever reason (IBSS and managed mode) */
 671		spin_lock_bh(&wl->lock);
 672		brcms_c_set_ssid(wl->wlc, vif->cfg.ssid, vif->cfg.ssid_len);
 673		spin_unlock_bh(&wl->lock);
 674	}
 675	if (changed & BSS_CHANGED_BEACON) {
 676		/* Beacon data changed, retrieve new beacon (beaconing modes) */
 677		struct sk_buff *beacon;
 678		u16 tim_offset = 0;
 679
 680		spin_lock_bh(&wl->lock);
 681		beacon = ieee80211_beacon_get_tim(hw, vif, &tim_offset, NULL, 0);
 682		brcms_c_set_new_beacon(wl->wlc, beacon, tim_offset,
 683				       info->dtim_period);
 684		spin_unlock_bh(&wl->lock);
 685	}
 686
 687	if (changed & BSS_CHANGED_AP_PROBE_RESP) {
 688		struct sk_buff *probe_resp;
 689
 690		spin_lock_bh(&wl->lock);
 691		probe_resp = ieee80211_proberesp_get(hw, vif);
 692		brcms_c_set_new_probe_resp(wl->wlc, probe_resp);
 693		spin_unlock_bh(&wl->lock);
 694	}
 695
 696	if (changed & BSS_CHANGED_BEACON_ENABLED) {
 697		/* Beaconing should be enabled/disabled (beaconing modes) */
 698		brcms_err(core, "%s: Beacon enabled: %s\n", __func__,
 699			  info->enable_beacon ? "true" : "false");
 700		if (info->enable_beacon &&
 701		    hw->wiphy->flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) {
 702			brcms_c_enable_probe_resp(wl->wlc, true);
 703		} else {
 704			brcms_c_enable_probe_resp(wl->wlc, false);
 705		}
 706	}
 707
 708	if (changed & BSS_CHANGED_CQM) {
 709		/* Connection quality monitor config changed */
 710		brcms_err(core, "%s: cqm change: threshold %d, hys %d "
 711			  " (implement)\n", __func__, info->cqm_rssi_thold,
 712			  info->cqm_rssi_hyst);
 713	}
 714
 715	if (changed & BSS_CHANGED_IBSS) {
 716		/* IBSS join status changed */
 717		brcms_err(core, "%s: IBSS joined: %s (implement)\n",
 718			  __func__, vif->cfg.ibss_joined ? "true" : "false");
 719	}
 720
 721	if (changed & BSS_CHANGED_ARP_FILTER) {
 722		/* Hardware ARP filter address list or state changed */
 723		brcms_err(core, "%s: arp filtering: %d addresses"
 724			  " (implement)\n", __func__, vif->cfg.arp_addr_cnt);
 725	}
 726
 727	if (changed & BSS_CHANGED_QOS) {
 728		/*
 729		 * QoS for this association was enabled/disabled.
 730		 * Note that it is only ever disabled for station mode.
 731		 */
 732		brcms_err(core, "%s: qos enabled: %s (implement)\n",
 733			  __func__, info->qos ? "true" : "false");
 734	}
 735	return;
 736}
 737
 738static void
 739brcms_ops_configure_filter(struct ieee80211_hw *hw,
 740			unsigned int changed_flags,
 741			unsigned int *total_flags, u64 multicast)
 742{
 743	struct brcms_info *wl = hw->priv;
 744	struct bcma_device *core = wl->wlc->hw->d11core;
 745
 746	changed_flags &= MAC_FILTERS;
 747	*total_flags &= MAC_FILTERS;
 748
 749	if (changed_flags & FIF_ALLMULTI)
 750		brcms_dbg_info(core, "FIF_ALLMULTI\n");
 751	if (changed_flags & FIF_FCSFAIL)
 752		brcms_dbg_info(core, "FIF_FCSFAIL\n");
 753	if (changed_flags & FIF_CONTROL)
 754		brcms_dbg_info(core, "FIF_CONTROL\n");
 755	if (changed_flags & FIF_OTHER_BSS)
 756		brcms_dbg_info(core, "FIF_OTHER_BSS\n");
 757	if (changed_flags & FIF_PSPOLL)
 758		brcms_dbg_info(core, "FIF_PSPOLL\n");
 759	if (changed_flags & FIF_BCN_PRBRESP_PROMISC)
 760		brcms_dbg_info(core, "FIF_BCN_PRBRESP_PROMISC\n");
 761
 762	spin_lock_bh(&wl->lock);
 763	brcms_c_mac_promisc(wl->wlc, *total_flags);
 764	spin_unlock_bh(&wl->lock);
 765	return;
 766}
 767
 768static void brcms_ops_sw_scan_start(struct ieee80211_hw *hw,
 769				    struct ieee80211_vif *vif,
 770				    const u8 *mac_addr)
 771{
 772	struct brcms_info *wl = hw->priv;
 773	spin_lock_bh(&wl->lock);
 774	brcms_c_scan_start(wl->wlc);
 775	spin_unlock_bh(&wl->lock);
 776	return;
 777}
 778
 779static void brcms_ops_sw_scan_complete(struct ieee80211_hw *hw,
 780				       struct ieee80211_vif *vif)
 781{
 782	struct brcms_info *wl = hw->priv;
 783	spin_lock_bh(&wl->lock);
 784	brcms_c_scan_stop(wl->wlc);
 785	spin_unlock_bh(&wl->lock);
 786	return;
 787}
 788
 789static int
 790brcms_ops_conf_tx(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
 791		  unsigned int link_id, u16 queue,
 792		  const struct ieee80211_tx_queue_params *params)
 793{
 794	struct brcms_info *wl = hw->priv;
 795
 796	spin_lock_bh(&wl->lock);
 797	brcms_c_wme_setparams(wl->wlc, queue, params, true);
 798	spin_unlock_bh(&wl->lock);
 799
 800	return 0;
 801}
 802
 803static int
 804brcms_ops_sta_add(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
 805	       struct ieee80211_sta *sta)
 806{
 807	struct brcms_info *wl = hw->priv;
 808	struct scb *scb = &wl->wlc->pri_scb;
 809
 810	brcms_c_init_scb(scb);
 811
 812	wl->pub->global_ampdu = &(scb->scb_ampdu);
 
 813	wl->pub->global_ampdu->max_pdu = 16;
 814
 815	/*
 816	 * minstrel_ht initiates addBA on our behalf by calling
 817	 * ieee80211_start_tx_ba_session()
 818	 */
 819	return 0;
 820}
 821
 822static int
 823brcms_ops_ampdu_action(struct ieee80211_hw *hw,
 824		    struct ieee80211_vif *vif,
 825		    struct ieee80211_ampdu_params *params)
 826{
 827	struct brcms_info *wl = hw->priv;
 828	struct scb *scb = &wl->wlc->pri_scb;
 829	int status;
 830	struct ieee80211_sta *sta = params->sta;
 831	enum ieee80211_ampdu_mlme_action action = params->action;
 832	u16 tid = params->tid;
 
 833
 834	if (WARN_ON(scb->magic != SCB_MAGIC))
 835		return -EIDRM;
 836	switch (action) {
 837	case IEEE80211_AMPDU_RX_START:
 838		break;
 839	case IEEE80211_AMPDU_RX_STOP:
 840		break;
 841	case IEEE80211_AMPDU_TX_START:
 842		spin_lock_bh(&wl->lock);
 843		status = brcms_c_aggregatable(wl->wlc, tid);
 844		spin_unlock_bh(&wl->lock);
 845		if (!status) {
 846			brcms_dbg_ht(wl->wlc->hw->d11core,
 847				     "START: tid %d is not agg\'able\n", tid);
 848			return -EINVAL;
 849		}
 850		return IEEE80211_AMPDU_TX_START_IMMEDIATE;
 851
 852	case IEEE80211_AMPDU_TX_STOP_CONT:
 853	case IEEE80211_AMPDU_TX_STOP_FLUSH:
 854	case IEEE80211_AMPDU_TX_STOP_FLUSH_CONT:
 855		spin_lock_bh(&wl->lock);
 856		brcms_c_ampdu_flush(wl->wlc, sta, tid);
 857		spin_unlock_bh(&wl->lock);
 858		ieee80211_stop_tx_ba_cb_irqsafe(vif, sta->addr, tid);
 859		break;
 860	case IEEE80211_AMPDU_TX_OPERATIONAL:
 861		/*
 862		 * BA window size from ADDBA response ('buf_size') defines how
 863		 * many outstanding MPDUs are allowed for the BA stream by
 864		 * recipient and traffic class (this is actually unused by the
 865		 * rest of the driver). 'ampdu_factor' gives maximum AMPDU size.
 866		 */
 867		spin_lock_bh(&wl->lock);
 868		brcms_c_ampdu_tx_operational(wl->wlc, tid,
 869			(1 << (IEEE80211_HT_MAX_AMPDU_FACTOR +
 870			 sta->deflink.ht_cap.ampdu_factor)) - 1);
 871		spin_unlock_bh(&wl->lock);
 872		/* Power save wakeup */
 873		break;
 874	default:
 875		brcms_err(wl->wlc->hw->d11core,
 876			  "%s: Invalid command, ignoring\n", __func__);
 877	}
 878
 879	return 0;
 880}
 881
 882static void brcms_ops_rfkill_poll(struct ieee80211_hw *hw)
 883{
 884	struct brcms_info *wl = hw->priv;
 885	bool blocked;
 886
 887	spin_lock_bh(&wl->lock);
 888	blocked = brcms_c_check_radio_disabled(wl->wlc);
 889	spin_unlock_bh(&wl->lock);
 890
 891	wiphy_rfkill_set_hw_state(wl->pub->ieee_hw->wiphy, blocked);
 892}
 893
 894static bool brcms_tx_flush_completed(struct brcms_info *wl)
 895{
 896	bool result;
 897
 898	spin_lock_bh(&wl->lock);
 899	result = brcms_c_tx_flush_completed(wl->wlc);
 900	spin_unlock_bh(&wl->lock);
 901	return result;
 902}
 903
 904static void brcms_ops_flush(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
 905			    u32 queues, bool drop)
 906{
 907	struct brcms_info *wl = hw->priv;
 908	int ret;
 909
 910	no_printk("%s: drop = %s\n", __func__, drop ? "true" : "false");
 911
 912	ret = wait_event_timeout(wl->tx_flush_wq,
 913				 brcms_tx_flush_completed(wl),
 914				 msecs_to_jiffies(BRCMS_FLUSH_TIMEOUT));
 915
 916	brcms_dbg_mac80211(wl->wlc->hw->d11core,
 917			   "ret=%d\n", jiffies_to_msecs(ret));
 918}
 919
 920static u64 brcms_ops_get_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
 921{
 922	struct brcms_info *wl = hw->priv;
 923	u64 tsf;
 924
 925	spin_lock_bh(&wl->lock);
 926	tsf = brcms_c_tsf_get(wl->wlc);
 927	spin_unlock_bh(&wl->lock);
 928
 929	return tsf;
 930}
 931
 932static void brcms_ops_set_tsf(struct ieee80211_hw *hw,
 933			   struct ieee80211_vif *vif, u64 tsf)
 934{
 935	struct brcms_info *wl = hw->priv;
 936
 937	spin_lock_bh(&wl->lock);
 938	brcms_c_tsf_set(wl->wlc, tsf);
 939	spin_unlock_bh(&wl->lock);
 940}
 941
 942static int brcms_ops_beacon_set_tim(struct ieee80211_hw *hw,
 943				 struct ieee80211_sta *sta, bool set)
 944{
 945	struct brcms_info *wl = hw->priv;
 946	struct sk_buff *beacon = NULL;
 947	u16 tim_offset = 0;
 948
 949	spin_lock_bh(&wl->lock);
 950	if (wl->wlc->vif)
 951		beacon = ieee80211_beacon_get_tim(hw, wl->wlc->vif,
 952						  &tim_offset, NULL, 0);
 953	if (beacon)
 954		brcms_c_set_new_beacon(wl->wlc, beacon, tim_offset,
 955				       wl->wlc->vif->bss_conf.dtim_period);
 956	spin_unlock_bh(&wl->lock);
 957
 958	return 0;
 959}
 960
 961static const struct ieee80211_ops brcms_ops = {
 962	.tx = brcms_ops_tx,
 963	.wake_tx_queue = ieee80211_handle_wake_tx_queue,
 964	.start = brcms_ops_start,
 965	.stop = brcms_ops_stop,
 966	.add_interface = brcms_ops_add_interface,
 967	.remove_interface = brcms_ops_remove_interface,
 968	.config = brcms_ops_config,
 969	.bss_info_changed = brcms_ops_bss_info_changed,
 970	.configure_filter = brcms_ops_configure_filter,
 971	.sw_scan_start = brcms_ops_sw_scan_start,
 972	.sw_scan_complete = brcms_ops_sw_scan_complete,
 973	.conf_tx = brcms_ops_conf_tx,
 974	.sta_add = brcms_ops_sta_add,
 975	.ampdu_action = brcms_ops_ampdu_action,
 976	.rfkill_poll = brcms_ops_rfkill_poll,
 977	.flush = brcms_ops_flush,
 978	.get_tsf = brcms_ops_get_tsf,
 979	.set_tsf = brcms_ops_set_tsf,
 980	.set_tim = brcms_ops_beacon_set_tim,
 981};
 982
 983void brcms_dpc(struct tasklet_struct *t)
 984{
 985	struct brcms_info *wl;
 986
 987	wl = from_tasklet(wl, t, tasklet);
 988
 989	spin_lock_bh(&wl->lock);
 990
 991	/* call the common second level interrupt handler */
 992	if (wl->pub->up) {
 993		if (wl->resched) {
 994			unsigned long flags;
 995
 996			spin_lock_irqsave(&wl->isr_lock, flags);
 997			brcms_c_intrsupd(wl->wlc);
 998			spin_unlock_irqrestore(&wl->isr_lock, flags);
 999		}
1000
1001		wl->resched = brcms_c_dpc(wl->wlc, true);
1002	}
1003
1004	/* brcms_c_dpc() may bring the driver down */
1005	if (!wl->pub->up)
1006		goto done;
1007
1008	/* re-schedule dpc */
1009	if (wl->resched)
1010		tasklet_schedule(&wl->tasklet);
1011	else
1012		/* re-enable interrupts */
1013		brcms_intrson(wl);
1014
1015 done:
1016	spin_unlock_bh(&wl->lock);
1017	wake_up(&wl->tx_flush_wq);
1018}
1019
1020static irqreturn_t brcms_isr(int irq, void *dev_id)
1021{
1022	struct brcms_info *wl;
1023	irqreturn_t ret = IRQ_NONE;
1024
1025	wl = (struct brcms_info *) dev_id;
1026
1027	spin_lock(&wl->isr_lock);
1028
1029	/* call common first level interrupt handler */
1030	if (brcms_c_isr(wl->wlc)) {
1031		/* schedule second level handler */
1032		tasklet_schedule(&wl->tasklet);
1033		ret = IRQ_HANDLED;
1034	}
1035
1036	spin_unlock(&wl->isr_lock);
1037
1038	return ret;
1039}
1040
1041/*
1042 * is called in brcms_pci_probe() context, therefore no locking required.
1043 */
1044static int ieee_hw_rate_init(struct ieee80211_hw *hw)
1045{
1046	struct brcms_info *wl = hw->priv;
1047	struct brcms_c_info *wlc = wl->wlc;
1048	struct ieee80211_supported_band *band;
 
1049	u16 phy_type;
1050
1051	hw->wiphy->bands[NL80211_BAND_2GHZ] = NULL;
1052	hw->wiphy->bands[NL80211_BAND_5GHZ] = NULL;
1053
1054	phy_type = brcms_c_get_phy_type(wl->wlc, 0);
1055	if (phy_type == PHY_TYPE_N || phy_type == PHY_TYPE_LCN) {
1056		band = &wlc->bandstate[BAND_2G_INDEX]->band;
1057		*band = brcms_band_2GHz_nphy_template;
1058		if (phy_type == PHY_TYPE_LCN) {
1059			/* Single stream */
1060			band->ht_cap.mcs.rx_mask[1] = 0;
1061			band->ht_cap.mcs.rx_highest = cpu_to_le16(72);
1062		}
1063		hw->wiphy->bands[NL80211_BAND_2GHZ] = band;
1064	} else {
1065		return -EPERM;
1066	}
1067
1068	/* Assume all bands use the same phy.  True for 11n devices. */
1069	if (wl->pub->_nbands > 1) {
 
1070		if (phy_type == PHY_TYPE_N || phy_type == PHY_TYPE_LCN) {
1071			band = &wlc->bandstate[BAND_5G_INDEX]->band;
1072			*band = brcms_band_5GHz_nphy_template;
1073			hw->wiphy->bands[NL80211_BAND_5GHZ] = band;
1074		} else {
1075			return -EPERM;
1076		}
1077	}
1078	return 0;
1079}
1080
1081/*
1082 * is called in brcms_pci_probe() context, therefore no locking required.
1083 */
1084static int ieee_hw_init(struct ieee80211_hw *hw)
1085{
1086	ieee80211_hw_set(hw, AMPDU_AGGREGATION);
1087	ieee80211_hw_set(hw, SIGNAL_DBM);
1088	ieee80211_hw_set(hw, REPORTS_TX_ACK_STATUS);
1089
1090	hw->extra_tx_headroom = brcms_c_get_header_len();
1091	hw->queues = N_TX_QUEUES;
1092	hw->max_rates = 2;	/* Primary rate and 1 fallback rate */
1093
1094	/* channel change time is dependent on chip and band  */
1095	hw->wiphy->interface_modes = BIT(NL80211_IFTYPE_STATION) |
1096				     BIT(NL80211_IFTYPE_AP) |
1097				     BIT(NL80211_IFTYPE_ADHOC);
1098
1099	/*
1100	 * deactivate sending probe responses by ucude, because this will
1101	 * cause problems when WPS is used.
1102	 *
1103	 * hw->wiphy->flags |= WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD;
1104	 */
1105
1106	wiphy_ext_feature_set(hw->wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST);
1107
1108	hw->rate_control_algorithm = "minstrel_ht";
1109
1110	hw->sta_data_size = 0;
1111	return ieee_hw_rate_init(hw);
1112}
1113
1114/*
1115 * attach to the WL device.
1116 *
1117 * Attach to the WL device identified by vendor and device parameters.
1118 * regs is a host accessible memory address pointing to WL device registers.
1119 *
1120 * is called in brcms_bcma_probe() context, therefore no locking required.
1121 */
1122static struct brcms_info *brcms_attach(struct bcma_device *pdev)
1123{
1124	struct brcms_info *wl = NULL;
1125	int unit, err;
1126	struct ieee80211_hw *hw;
1127	u8 perm[ETH_ALEN];
1128
1129	unit = n_adapters_found;
1130	err = 0;
1131
1132	if (unit < 0)
1133		return NULL;
1134
1135	/* allocate private info */
1136	hw = bcma_get_drvdata(pdev);
1137	if (hw != NULL)
1138		wl = hw->priv;
1139	if (WARN_ON(hw == NULL) || WARN_ON(wl == NULL))
1140		return NULL;
1141	wl->wiphy = hw->wiphy;
1142
1143	atomic_set(&wl->callbacks, 0);
1144
1145	init_waitqueue_head(&wl->tx_flush_wq);
1146
1147	/* setup the bottom half handler */
1148	tasklet_setup(&wl->tasklet, brcms_dpc);
1149
1150	spin_lock_init(&wl->lock);
1151	spin_lock_init(&wl->isr_lock);
1152
1153	/* common load-time initialization */
1154	wl->wlc = brcms_c_attach((void *)wl, pdev, unit, false, &err);
1155	if (!wl->wlc) {
1156		wiphy_err(wl->wiphy, "%s: attach() failed with code %d\n",
1157			  KBUILD_MODNAME, err);
1158		goto fail;
1159	}
1160	wl->pub = brcms_c_pub(wl->wlc);
1161
1162	wl->pub->ieee_hw = hw;
1163
1164	/* register our interrupt handler */
1165	if (request_irq(pdev->irq, brcms_isr,
1166			IRQF_SHARED, KBUILD_MODNAME, wl)) {
1167		wiphy_err(wl->wiphy, "wl%d: request_irq() failed\n", unit);
1168		goto fail;
1169	}
1170	wl->irq = pdev->irq;
1171
1172	/* register module */
1173	brcms_c_module_register(wl->pub, "linux", wl, NULL);
1174
1175	if (ieee_hw_init(hw)) {
1176		wiphy_err(wl->wiphy, "wl%d: %s: ieee_hw_init failed!\n", unit,
1177			  __func__);
1178		goto fail;
1179	}
1180
1181	brcms_c_regd_init(wl->wlc);
1182
1183	memcpy(perm, &wl->pub->cur_etheraddr, ETH_ALEN);
1184	if (WARN_ON(!is_valid_ether_addr(perm)))
1185		goto fail;
1186	SET_IEEE80211_PERM_ADDR(hw, perm);
1187
1188	err = ieee80211_register_hw(hw);
1189	if (err)
1190		wiphy_err(wl->wiphy, "%s: ieee80211_register_hw failed, status"
1191			  "%d\n", __func__, err);
1192
1193	if (wl->pub->srom_ccode[0] &&
1194	    regulatory_hint(wl->wiphy, wl->pub->srom_ccode))
1195		wiphy_err(wl->wiphy, "%s: regulatory hint failed\n", __func__);
1196
1197	brcms_debugfs_attach(wl->pub);
1198	brcms_debugfs_create_files(wl->pub);
1199	n_adapters_found++;
1200	return wl;
1201
1202fail:
1203	brcms_free(wl);
1204	return NULL;
1205}
1206
1207
1208
1209/*
1210 * determines if a device is a WL device, and if so, attaches it.
1211 *
1212 * This function determines if a device pointed to by pdev is a WL device,
1213 * and if so, performs a brcms_attach() on it.
1214 *
1215 * Perimeter lock is initialized in the course of this function.
1216 */
1217static int brcms_bcma_probe(struct bcma_device *pdev)
1218{
1219	struct brcms_info *wl;
1220	struct ieee80211_hw *hw;
1221	int ret;
1222
1223	dev_info(&pdev->dev, "mfg %x core %x rev %d class %d irq %d\n",
1224		 pdev->id.manuf, pdev->id.id, pdev->id.rev, pdev->id.class,
1225		 pdev->irq);
1226
1227	if ((pdev->id.manuf != BCMA_MANUF_BCM) ||
1228	    (pdev->id.id != BCMA_CORE_80211))
1229		return -ENODEV;
1230
1231	hw = ieee80211_alloc_hw(sizeof(struct brcms_info), &brcms_ops);
1232	if (!hw) {
1233		pr_err("%s: ieee80211_alloc_hw failed\n", __func__);
1234		return -ENOMEM;
1235	}
1236
1237	SET_IEEE80211_DEV(hw, &pdev->dev);
1238
1239	bcma_set_drvdata(pdev, hw);
1240
1241	memset(hw->priv, 0, sizeof(*wl));
1242
1243	wl = brcms_attach(pdev);
1244	if (!wl) {
1245		pr_err("%s: brcms_attach failed!\n", __func__);
1246		ret = -ENODEV;
1247		goto err_free_ieee80211;
1248	}
1249	brcms_led_register(wl);
1250
1251	return 0;
1252
1253err_free_ieee80211:
1254	ieee80211_free_hw(hw);
1255	return ret;
1256}
1257
1258static int brcms_suspend(struct bcma_device *pdev)
1259{
1260	struct brcms_info *wl;
1261	struct ieee80211_hw *hw;
1262
1263	hw = bcma_get_drvdata(pdev);
1264	wl = hw->priv;
1265	if (!wl) {
1266		pr_err("%s: %s: no driver private struct!\n", KBUILD_MODNAME,
1267		       __func__);
1268		return -ENODEV;
1269	}
1270
1271	/* only need to flag hw is down for proper resume */
1272	spin_lock_bh(&wl->lock);
1273	wl->pub->hw_up = false;
1274	spin_unlock_bh(&wl->lock);
1275
1276	brcms_dbg_info(wl->wlc->hw->d11core, "brcms_suspend ok\n");
1277
1278	return 0;
1279}
1280
1281static int brcms_resume(struct bcma_device *pdev)
1282{
1283	return 0;
1284}
1285
1286static struct bcma_driver brcms_bcma_driver = {
1287	.name     = KBUILD_MODNAME,
1288	.probe    = brcms_bcma_probe,
1289	.suspend  = brcms_suspend,
1290	.resume   = brcms_resume,
1291	.remove   = brcms_remove,
1292	.id_table = brcms_coreid_table,
1293};
1294
1295/*
1296 * This is the main entry point for the brcmsmac driver.
1297 *
1298 * This function is scheduled upon module initialization and
1299 * does the driver registration, which result in brcms_bcma_probe()
1300 * call resulting in the driver bringup.
1301 */
1302static void brcms_driver_init(struct work_struct *work)
1303{
1304	int error;
1305
1306	error = bcma_driver_register(&brcms_bcma_driver);
1307	if (error)
1308		pr_err("%s: register returned %d\n", __func__, error);
1309}
1310
1311static DECLARE_WORK(brcms_driver_work, brcms_driver_init);
1312
1313static int __init brcms_module_init(void)
1314{
1315	brcms_debugfs_init();
1316	if (!schedule_work(&brcms_driver_work))
1317		return -EBUSY;
1318
1319	return 0;
1320}
1321
1322/*
1323 * This function unloads the brcmsmac driver from the system.
1324 *
1325 * This function unconditionally unloads the brcmsmac driver module from the
1326 * system.
1327 *
1328 */
1329static void __exit brcms_module_exit(void)
1330{
1331	cancel_work_sync(&brcms_driver_work);
1332	bcma_driver_unregister(&brcms_bcma_driver);
1333	brcms_debugfs_exit();
1334}
1335
1336module_init(brcms_module_init);
1337module_exit(brcms_module_exit);
1338
1339/*
1340 * precondition: perimeter lock has been acquired
1341 */
1342void brcms_txflowcontrol(struct brcms_info *wl, struct brcms_if *wlif,
1343			 bool state, int prio)
1344{
1345	brcms_err(wl->wlc->hw->d11core, "Shouldn't be here %s\n", __func__);
1346}
1347
1348/*
1349 * precondition: perimeter lock has been acquired
1350 */
1351void brcms_init(struct brcms_info *wl)
1352{
1353	brcms_dbg_info(wl->wlc->hw->d11core, "Initializing wl%d\n",
1354		       wl->pub->unit);
1355	brcms_reset(wl);
1356	brcms_c_init(wl->wlc, wl->mute_tx);
1357}
1358
1359/*
1360 * precondition: perimeter lock has been acquired
1361 */
1362uint brcms_reset(struct brcms_info *wl)
1363{
1364	brcms_dbg_info(wl->wlc->hw->d11core, "Resetting wl%d\n", wl->pub->unit);
1365	brcms_c_reset(wl->wlc);
1366
1367	/* dpc will not be rescheduled */
1368	wl->resched = false;
1369
1370	/* inform publicly that interface is down */
1371	wl->pub->up = false;
1372
1373	return 0;
1374}
1375
1376void brcms_fatal_error(struct brcms_info *wl)
1377{
1378	brcms_err(wl->wlc->hw->d11core, "wl%d: fatal error, reinitializing\n",
1379		  wl->wlc->pub->unit);
1380	brcms_reset(wl);
1381	ieee80211_restart_hw(wl->pub->ieee_hw);
1382}
1383
1384/*
1385 * These are interrupt on/off entry points. Disable interrupts
1386 * during interrupt state transition.
1387 */
1388void brcms_intrson(struct brcms_info *wl)
1389{
1390	unsigned long flags;
1391
1392	spin_lock_irqsave(&wl->isr_lock, flags);
1393	brcms_c_intrson(wl->wlc);
1394	spin_unlock_irqrestore(&wl->isr_lock, flags);
1395}
1396
1397u32 brcms_intrsoff(struct brcms_info *wl)
1398{
1399	unsigned long flags;
1400	u32 status;
1401
1402	spin_lock_irqsave(&wl->isr_lock, flags);
1403	status = brcms_c_intrsoff(wl->wlc);
1404	spin_unlock_irqrestore(&wl->isr_lock, flags);
1405	return status;
1406}
1407
1408void brcms_intrsrestore(struct brcms_info *wl, u32 macintmask)
1409{
1410	unsigned long flags;
1411
1412	spin_lock_irqsave(&wl->isr_lock, flags);
1413	brcms_c_intrsrestore(wl->wlc, macintmask);
1414	spin_unlock_irqrestore(&wl->isr_lock, flags);
1415}
1416
1417/*
1418 * precondition: perimeter lock has been acquired
1419 */
1420int brcms_up(struct brcms_info *wl)
1421{
1422	int error = 0;
1423
1424	if (wl->pub->up)
1425		return 0;
1426
1427	error = brcms_c_up(wl->wlc);
1428
1429	return error;
1430}
1431
1432/*
1433 * precondition: perimeter lock has been acquired
1434 */
1435void brcms_down(struct brcms_info *wl)
1436	__must_hold(&wl->lock)
1437{
1438	uint callbacks, ret_val = 0;
1439
1440	/* call common down function */
1441	ret_val = brcms_c_down(wl->wlc);
1442	callbacks = atomic_read(&wl->callbacks) - ret_val;
1443
1444	/* wait for down callbacks to complete */
1445	spin_unlock_bh(&wl->lock);
1446
1447	/* For HIGH_only driver, it's important to actually schedule other work,
1448	 * not just spin wait since everything runs at schedule level
1449	 */
1450	SPINWAIT((atomic_read(&wl->callbacks) > callbacks), 100 * 1000);
1451
1452	spin_lock_bh(&wl->lock);
1453}
1454
1455/*
1456* precondition: perimeter lock is not acquired
1457 */
1458static void _brcms_timer(struct work_struct *work)
1459{
1460	struct brcms_timer *t = container_of(work, struct brcms_timer,
1461					     dly_wrk.work);
1462
1463	spin_lock_bh(&t->wl->lock);
1464
1465	if (t->set) {
1466		if (t->periodic) {
1467			atomic_inc(&t->wl->callbacks);
1468			ieee80211_queue_delayed_work(t->wl->pub->ieee_hw,
1469						     &t->dly_wrk,
1470						     msecs_to_jiffies(t->ms));
1471		} else {
1472			t->set = false;
1473		}
1474
1475		t->fn(t->arg);
1476	}
1477
1478	atomic_dec(&t->wl->callbacks);
1479
1480	spin_unlock_bh(&t->wl->lock);
1481}
1482
1483/*
1484 * Adds a timer to the list. Caller supplies a timer function.
1485 * Is called from wlc.
1486 *
1487 * precondition: perimeter lock has been acquired
1488 */
1489struct brcms_timer *brcms_init_timer(struct brcms_info *wl,
1490				     void (*fn) (void *arg),
1491				     void *arg, const char *name)
1492{
1493	struct brcms_timer *t;
1494
1495	t = kzalloc(sizeof(struct brcms_timer), GFP_ATOMIC);
1496	if (!t)
1497		return NULL;
1498
1499	INIT_DELAYED_WORK(&t->dly_wrk, _brcms_timer);
1500	t->wl = wl;
1501	t->fn = fn;
1502	t->arg = arg;
1503	t->next = wl->timers;
1504	wl->timers = t;
1505
1506#ifdef DEBUG
1507	t->name = kstrdup(name, GFP_ATOMIC);
1508#endif
1509
1510	return t;
1511}
1512
1513/*
1514 * adds only the kernel timer since it's going to be more accurate
1515 * as well as it's easier to make it periodic
1516 *
1517 * precondition: perimeter lock has been acquired
1518 */
1519void brcms_add_timer(struct brcms_timer *t, uint ms, int periodic)
1520{
1521	struct ieee80211_hw *hw = t->wl->pub->ieee_hw;
1522
1523#ifdef DEBUG
1524	if (t->set)
1525		brcms_dbg_info(t->wl->wlc->hw->d11core,
1526			       "%s: Already set. Name: %s, per %d\n",
1527			       __func__, t->name, periodic);
1528#endif
1529	t->ms = ms;
1530	t->periodic = (bool) periodic;
1531	if (!t->set) {
1532		t->set = true;
1533		atomic_inc(&t->wl->callbacks);
1534	}
1535
1536	ieee80211_queue_delayed_work(hw, &t->dly_wrk, msecs_to_jiffies(ms));
1537}
1538
1539/*
1540 * return true if timer successfully deleted, false if still pending
1541 *
1542 * precondition: perimeter lock has been acquired
1543 */
1544bool brcms_del_timer(struct brcms_timer *t)
1545{
1546	if (t->set) {
1547		t->set = false;
1548		if (!cancel_delayed_work(&t->dly_wrk))
1549			return false;
1550
1551		atomic_dec(&t->wl->callbacks);
1552	}
1553
1554	return true;
1555}
1556
1557/*
1558 * precondition: perimeter lock has been acquired
1559 */
1560void brcms_free_timer(struct brcms_timer *t)
1561{
1562	struct brcms_info *wl = t->wl;
1563	struct brcms_timer *tmp;
1564
1565	/* delete the timer in case it is active */
1566	brcms_del_timer(t);
1567
1568	if (wl->timers == t) {
1569		wl->timers = wl->timers->next;
1570#ifdef DEBUG
1571		kfree(t->name);
1572#endif
1573		kfree(t);
1574		return;
1575
1576	}
1577
1578	tmp = wl->timers;
1579	while (tmp) {
1580		if (tmp->next == t) {
1581			tmp->next = t->next;
1582#ifdef DEBUG
1583			kfree(t->name);
1584#endif
1585			kfree(t);
1586			return;
1587		}
1588		tmp = tmp->next;
1589	}
1590
1591}
1592
1593/*
1594 * precondition: no locking required
1595 */
1596int brcms_ucode_init_buf(struct brcms_info *wl, void **pbuf, u32 idx)
1597{
1598	int i, entry;
1599	const u8 *pdata;
1600	struct firmware_hdr *hdr;
1601	for (i = 0; i < wl->fw.fw_cnt; i++) {
1602		hdr = (struct firmware_hdr *)wl->fw.fw_hdr[i]->data;
1603		for (entry = 0; entry < wl->fw.hdr_num_entries[i];
1604		     entry++, hdr++) {
1605			u32 len = le32_to_cpu(hdr->len);
1606			if (le32_to_cpu(hdr->idx) == idx) {
1607				pdata = wl->fw.fw_bin[i]->data +
1608					le32_to_cpu(hdr->offset);
1609				*pbuf = kvmalloc(len, GFP_KERNEL);
1610				if (*pbuf == NULL)
1611					goto fail;
1612				memcpy(*pbuf, pdata, len);
1613				return 0;
1614			}
1615		}
1616	}
1617	brcms_err(wl->wlc->hw->d11core,
1618		  "ERROR: ucode buf tag:%d can not be found!\n", idx);
1619	*pbuf = NULL;
1620fail:
1621	return -ENODATA;
1622}
1623
1624/*
1625 * Precondition: Since this function is called in brcms_bcma_probe() context,
1626 * no locking is required.
1627 */
1628int brcms_ucode_init_uint(struct brcms_info *wl, size_t *n_bytes, u32 idx)
1629{
1630	int i, entry;
1631	const u8 *pdata;
1632	struct firmware_hdr *hdr;
1633	for (i = 0; i < wl->fw.fw_cnt; i++) {
1634		hdr = (struct firmware_hdr *)wl->fw.fw_hdr[i]->data;
1635		for (entry = 0; entry < wl->fw.hdr_num_entries[i];
1636		     entry++, hdr++) {
1637			if (le32_to_cpu(hdr->idx) == idx) {
1638				pdata = wl->fw.fw_bin[i]->data +
1639					le32_to_cpu(hdr->offset);
1640				if (le32_to_cpu(hdr->len) != 4) {
1641					brcms_err(wl->wlc->hw->d11core,
1642						  "ERROR: fw hdr len\n");
1643					return -ENOMSG;
1644				}
1645				*n_bytes = le32_to_cpu(*((__le32 *) pdata));
1646				return 0;
1647			}
1648		}
1649	}
1650	brcms_err(wl->wlc->hw->d11core,
1651		  "ERROR: ucode tag:%d can not be found!\n", idx);
1652	return -ENOMSG;
1653}
1654
1655/*
1656 * precondition: can both be called locked and unlocked
1657 */
1658void brcms_ucode_free_buf(void *p)
1659{
1660	kvfree(p);
1661}
1662
1663/*
1664 * checks validity of all firmware images loaded from user space
1665 *
1666 * Precondition: Since this function is called in brcms_bcma_probe() context,
1667 * no locking is required.
1668 */
1669int brcms_check_firmwares(struct brcms_info *wl)
1670{
1671	int i;
1672	int entry;
1673	int rc = 0;
1674	const struct firmware *fw;
1675	const struct firmware *fw_hdr;
1676	struct firmware_hdr *ucode_hdr;
1677	for (i = 0; i < MAX_FW_IMAGES && rc == 0; i++) {
1678		fw =  wl->fw.fw_bin[i];
1679		fw_hdr = wl->fw.fw_hdr[i];
1680		if (fw == NULL && fw_hdr == NULL) {
1681			break;
1682		} else if (fw == NULL || fw_hdr == NULL) {
1683			wiphy_err(wl->wiphy, "%s: invalid bin/hdr fw\n",
1684				  __func__);
1685			rc = -EBADF;
1686		} else if (fw_hdr->size % sizeof(struct firmware_hdr)) {
1687			wiphy_err(wl->wiphy, "%s: non integral fw hdr file "
1688				"size %zu/%zu\n", __func__, fw_hdr->size,
1689				sizeof(struct firmware_hdr));
1690			rc = -EBADF;
1691		} else if (fw->size < MIN_FW_SIZE || fw->size > MAX_FW_SIZE) {
1692			wiphy_err(wl->wiphy, "%s: out of bounds fw file size %zu\n",
1693				  __func__, fw->size);
1694			rc = -EBADF;
1695		} else {
1696			/* check if ucode section overruns firmware image */
1697			ucode_hdr = (struct firmware_hdr *)fw_hdr->data;
1698			for (entry = 0; entry < wl->fw.hdr_num_entries[i] &&
1699			     !rc; entry++, ucode_hdr++) {
1700				if (le32_to_cpu(ucode_hdr->offset) +
1701				    le32_to_cpu(ucode_hdr->len) >
1702				    fw->size) {
1703					wiphy_err(wl->wiphy,
1704						  "%s: conflicting bin/hdr\n",
1705						  __func__);
1706					rc = -EBADF;
1707				}
1708			}
1709		}
1710	}
1711	if (rc == 0 && wl->fw.fw_cnt != i) {
1712		wiphy_err(wl->wiphy, "%s: invalid fw_cnt=%d\n", __func__,
1713			wl->fw.fw_cnt);
1714		rc = -EBADF;
1715	}
1716	return rc;
1717}
1718
1719/*
1720 * precondition: perimeter lock has been acquired
1721 */
1722bool brcms_rfkill_set_hw_state(struct brcms_info *wl)
1723	__must_hold(&wl->lock)
1724{
1725	bool blocked = brcms_c_check_radio_disabled(wl->wlc);
1726
1727	spin_unlock_bh(&wl->lock);
1728	wiphy_rfkill_set_hw_state(wl->pub->ieee_hw->wiphy, blocked);
1729	if (blocked)
1730		wiphy_rfkill_start_polling(wl->pub->ieee_hw->wiphy);
1731	spin_lock_bh(&wl->lock);
1732	return blocked;
1733}