3   Broadcom B43 wireless driver
 
   5   Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
 
   6   Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
 
   7   Copyright (c) 2005-2009 Michael Buesch <mb@bu3sch.de>
 
   8   Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
 
   9   Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
 
  11   Some parts of the code in this file are derived from the ipw2200
 
  12   driver  Copyright(c) 2003 - 2004 Intel Corporation.
 
  14   This program is free software; you can redistribute it and/or modify
 
  15   it under the terms of the GNU General Public License as published by
 
  16   the Free Software Foundation; either version 2 of the License, or
 
  17   (at your option) any later version.
 
  19   This program is distributed in the hope that it will be useful,
 
  20   but WITHOUT ANY WARRANTY; without even the implied warranty of
 
  21   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 
  22   GNU General Public License for more details.
 
  24   You should have received a copy of the GNU General Public License
 
  25   along with this program; see the file COPYING.  If not, write to
 
  26   the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
 
  27   Boston, MA 02110-1301, USA.
 
  31 #include <linux/delay.h>
 
  32 #include <linux/init.h>
 
  33 #include <linux/moduleparam.h>
 
  34 #include <linux/if_arp.h>
 
  35 #include <linux/etherdevice.h>
 
  36 #include <linux/firmware.h>
 
  37 #include <linux/wireless.h>
 
  38 #include <linux/workqueue.h>
 
  39 #include <linux/skbuff.h>
 
  41 #include <linux/dma-mapping.h>
 
  42 #include <asm/unaligned.h>
 
  47 #include "phy_common.h"
 
  57 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
 
  58 MODULE_AUTHOR("Martin Langer");
 
  59 MODULE_AUTHOR("Stefano Brivio");
 
  60 MODULE_AUTHOR("Michael Buesch");
 
  61 MODULE_LICENSE("GPL");
 
  63 MODULE_FIRMWARE(B43_SUPPORTED_FIRMWARE_ID);
 
  66 static int modparam_bad_frames_preempt;
 
  67 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
 
  68 MODULE_PARM_DESC(bad_frames_preempt,
 
  69                  "enable(1) / disable(0) Bad Frames Preemption");
 
  71 static char modparam_fwpostfix[16];
 
  72 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
 
  73 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
 
  75 static int modparam_hwpctl;
 
  76 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
 
  77 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
 
  79 static int modparam_nohwcrypt;
 
  80 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
 
  81 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
 
  83 int b43_modparam_qos = 1;
 
  84 module_param_named(qos, b43_modparam_qos, int, 0444);
 
  85 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
 
  87 static int modparam_btcoex = 1;
 
  88 module_param_named(btcoex, modparam_btcoex, int, 0444);
 
  89 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistance (default on)");
 
  91 int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
 
  92 module_param_named(verbose, b43_modparam_verbose, int, 0644);
 
  93 MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
 
  96 static const struct ssb_device_id b43_ssb_tbl[] = {
 
  97         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
 
  98         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
 
  99         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
 
 100         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
 
 101         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
 
 102         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
 
 103         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
 
 104         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
 
 105         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
 
 109 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
 
 111 /* Channel and ratetables are shared for all devices.
 
 112  * They can't be const, because ieee80211 puts some precalculated
 
 113  * data in there. This data is the same for all devices, so we don't
 
 114  * get concurrency issues */
 
 115 #define RATETAB_ENT(_rateid, _flags) \
 
 117                 .bitrate        = B43_RATE_TO_BASE100KBPS(_rateid),     \
 
 118                 .hw_value       = (_rateid),                            \
 
 123  * NOTE: When changing this, sync with xmit.c's
 
 124  *       b43_plcp_get_bitrate_idx_* functions!
 
 126 static struct ieee80211_rate __b43_ratetable[] = {
 
 127         RATETAB_ENT(B43_CCK_RATE_1MB, 0),
 
 128         RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
 
 129         RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
 
 130         RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
 
 131         RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
 
 132         RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
 
 133         RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
 
 134         RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
 
 135         RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
 
 136         RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
 
 137         RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
 
 138         RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
 
 141 #define b43_a_ratetable         (__b43_ratetable + 4)
 
 142 #define b43_a_ratetable_size    8
 
 143 #define b43_b_ratetable         (__b43_ratetable + 0)
 
 144 #define b43_b_ratetable_size    4
 
 145 #define b43_g_ratetable         (__b43_ratetable + 0)
 
 146 #define b43_g_ratetable_size    12
 
 148 #define CHAN4G(_channel, _freq, _flags) {                       \
 
 149         .band                   = IEEE80211_BAND_2GHZ,          \
 
 150         .center_freq            = (_freq),                      \
 
 151         .hw_value               = (_channel),                   \
 
 153         .max_antenna_gain       = 0,                            \
 
 156 static struct ieee80211_channel b43_2ghz_chantable[] = {
 
 174 #define CHAN5G(_channel, _flags) {                              \
 
 175         .band                   = IEEE80211_BAND_5GHZ,          \
 
 176         .center_freq            = 5000 + (5 * (_channel)),      \
 
 177         .hw_value               = (_channel),                   \
 
 179         .max_antenna_gain       = 0,                            \
 
 182 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
 
 183         CHAN5G(32, 0),          CHAN5G(34, 0),
 
 184         CHAN5G(36, 0),          CHAN5G(38, 0),
 
 185         CHAN5G(40, 0),          CHAN5G(42, 0),
 
 186         CHAN5G(44, 0),          CHAN5G(46, 0),
 
 187         CHAN5G(48, 0),          CHAN5G(50, 0),
 
 188         CHAN5G(52, 0),          CHAN5G(54, 0),
 
 189         CHAN5G(56, 0),          CHAN5G(58, 0),
 
 190         CHAN5G(60, 0),          CHAN5G(62, 0),
 
 191         CHAN5G(64, 0),          CHAN5G(66, 0),
 
 192         CHAN5G(68, 0),          CHAN5G(70, 0),
 
 193         CHAN5G(72, 0),          CHAN5G(74, 0),
 
 194         CHAN5G(76, 0),          CHAN5G(78, 0),
 
 195         CHAN5G(80, 0),          CHAN5G(82, 0),
 
 196         CHAN5G(84, 0),          CHAN5G(86, 0),
 
 197         CHAN5G(88, 0),          CHAN5G(90, 0),
 
 198         CHAN5G(92, 0),          CHAN5G(94, 0),
 
 199         CHAN5G(96, 0),          CHAN5G(98, 0),
 
 200         CHAN5G(100, 0),         CHAN5G(102, 0),
 
 201         CHAN5G(104, 0),         CHAN5G(106, 0),
 
 202         CHAN5G(108, 0),         CHAN5G(110, 0),
 
 203         CHAN5G(112, 0),         CHAN5G(114, 0),
 
 204         CHAN5G(116, 0),         CHAN5G(118, 0),
 
 205         CHAN5G(120, 0),         CHAN5G(122, 0),
 
 206         CHAN5G(124, 0),         CHAN5G(126, 0),
 
 207         CHAN5G(128, 0),         CHAN5G(130, 0),
 
 208         CHAN5G(132, 0),         CHAN5G(134, 0),
 
 209         CHAN5G(136, 0),         CHAN5G(138, 0),
 
 210         CHAN5G(140, 0),         CHAN5G(142, 0),
 
 211         CHAN5G(144, 0),         CHAN5G(145, 0),
 
 212         CHAN5G(146, 0),         CHAN5G(147, 0),
 
 213         CHAN5G(148, 0),         CHAN5G(149, 0),
 
 214         CHAN5G(150, 0),         CHAN5G(151, 0),
 
 215         CHAN5G(152, 0),         CHAN5G(153, 0),
 
 216         CHAN5G(154, 0),         CHAN5G(155, 0),
 
 217         CHAN5G(156, 0),         CHAN5G(157, 0),
 
 218         CHAN5G(158, 0),         CHAN5G(159, 0),
 
 219         CHAN5G(160, 0),         CHAN5G(161, 0),
 
 220         CHAN5G(162, 0),         CHAN5G(163, 0),
 
 221         CHAN5G(164, 0),         CHAN5G(165, 0),
 
 222         CHAN5G(166, 0),         CHAN5G(168, 0),
 
 223         CHAN5G(170, 0),         CHAN5G(172, 0),
 
 224         CHAN5G(174, 0),         CHAN5G(176, 0),
 
 225         CHAN5G(178, 0),         CHAN5G(180, 0),
 
 226         CHAN5G(182, 0),         CHAN5G(184, 0),
 
 227         CHAN5G(186, 0),         CHAN5G(188, 0),
 
 228         CHAN5G(190, 0),         CHAN5G(192, 0),
 
 229         CHAN5G(194, 0),         CHAN5G(196, 0),
 
 230         CHAN5G(198, 0),         CHAN5G(200, 0),
 
 231         CHAN5G(202, 0),         CHAN5G(204, 0),
 
 232         CHAN5G(206, 0),         CHAN5G(208, 0),
 
 233         CHAN5G(210, 0),         CHAN5G(212, 0),
 
 234         CHAN5G(214, 0),         CHAN5G(216, 0),
 
 235         CHAN5G(218, 0),         CHAN5G(220, 0),
 
 236         CHAN5G(222, 0),         CHAN5G(224, 0),
 
 237         CHAN5G(226, 0),         CHAN5G(228, 0),
 
 240 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
 
 241         CHAN5G(34, 0),          CHAN5G(36, 0),
 
 242         CHAN5G(38, 0),          CHAN5G(40, 0),
 
 243         CHAN5G(42, 0),          CHAN5G(44, 0),
 
 244         CHAN5G(46, 0),          CHAN5G(48, 0),
 
 245         CHAN5G(52, 0),          CHAN5G(56, 0),
 
 246         CHAN5G(60, 0),          CHAN5G(64, 0),
 
 247         CHAN5G(100, 0),         CHAN5G(104, 0),
 
 248         CHAN5G(108, 0),         CHAN5G(112, 0),
 
 249         CHAN5G(116, 0),         CHAN5G(120, 0),
 
 250         CHAN5G(124, 0),         CHAN5G(128, 0),
 
 251         CHAN5G(132, 0),         CHAN5G(136, 0),
 
 252         CHAN5G(140, 0),         CHAN5G(149, 0),
 
 253         CHAN5G(153, 0),         CHAN5G(157, 0),
 
 254         CHAN5G(161, 0),         CHAN5G(165, 0),
 
 255         CHAN5G(184, 0),         CHAN5G(188, 0),
 
 256         CHAN5G(192, 0),         CHAN5G(196, 0),
 
 257         CHAN5G(200, 0),         CHAN5G(204, 0),
 
 258         CHAN5G(208, 0),         CHAN5G(212, 0),
 
 263 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
 
 264         .band           = IEEE80211_BAND_5GHZ,
 
 265         .channels       = b43_5ghz_nphy_chantable,
 
 266         .n_channels     = ARRAY_SIZE(b43_5ghz_nphy_chantable),
 
 267         .bitrates       = b43_a_ratetable,
 
 268         .n_bitrates     = b43_a_ratetable_size,
 
 271 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
 
 272         .band           = IEEE80211_BAND_5GHZ,
 
 273         .channels       = b43_5ghz_aphy_chantable,
 
 274         .n_channels     = ARRAY_SIZE(b43_5ghz_aphy_chantable),
 
 275         .bitrates       = b43_a_ratetable,
 
 276         .n_bitrates     = b43_a_ratetable_size,
 
 279 static struct ieee80211_supported_band b43_band_2GHz = {
 
 280         .band           = IEEE80211_BAND_2GHZ,
 
 281         .channels       = b43_2ghz_chantable,
 
 282         .n_channels     = ARRAY_SIZE(b43_2ghz_chantable),
 
 283         .bitrates       = b43_g_ratetable,
 
 284         .n_bitrates     = b43_g_ratetable_size,
 
 287 static void b43_wireless_core_exit(struct b43_wldev *dev);
 
 288 static int b43_wireless_core_init(struct b43_wldev *dev);
 
 289 static void b43_wireless_core_stop(struct b43_wldev *dev);
 
 290 static int b43_wireless_core_start(struct b43_wldev *dev);
 
 292 static int b43_ratelimit(struct b43_wl *wl)
 
 294         if (!wl || !wl->current_dev)
 
 296         if (b43_status(wl->current_dev) < B43_STAT_STARTED)
 
 298         /* We are up and running.
 
 299          * Ratelimit the messages to avoid DoS over the net. */
 
 300         return net_ratelimit();
 
 303 void b43info(struct b43_wl *wl, const char *fmt, ...)
 
 307         if (b43_modparam_verbose < B43_VERBOSITY_INFO)
 
 309         if (!b43_ratelimit(wl))
 
 312         printk(KERN_INFO "b43-%s: ",
 
 313                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
 
 318 void b43err(struct b43_wl *wl, const char *fmt, ...)
 
 322         if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
 
 324         if (!b43_ratelimit(wl))
 
 327         printk(KERN_ERR "b43-%s ERROR: ",
 
 328                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
 
 333 void b43warn(struct b43_wl *wl, const char *fmt, ...)
 
 337         if (b43_modparam_verbose < B43_VERBOSITY_WARN)
 
 339         if (!b43_ratelimit(wl))
 
 342         printk(KERN_WARNING "b43-%s warning: ",
 
 343                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
 
 348 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
 
 352         if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
 
 355         printk(KERN_DEBUG "b43-%s debug: ",
 
 356                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
 
 361 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
 
 365         B43_WARN_ON(offset % 4 != 0);
 
 367         macctl = b43_read32(dev, B43_MMIO_MACCTL);
 
 368         if (macctl & B43_MACCTL_BE)
 
 371         b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
 
 373         b43_write32(dev, B43_MMIO_RAM_DATA, val);
 
 376 static inline void b43_shm_control_word(struct b43_wldev *dev,
 
 377                                         u16 routing, u16 offset)
 
 381         /* "offset" is the WORD offset. */
 
 385         b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
 
 388 u32 __b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
 
 392         if (routing == B43_SHM_SHARED) {
 
 393                 B43_WARN_ON(offset & 0x0001);
 
 394                 if (offset & 0x0003) {
 
 395                         /* Unaligned access */
 
 396                         b43_shm_control_word(dev, routing, offset >> 2);
 
 397                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
 
 399                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
 
 400                         ret |= b43_read16(dev, B43_MMIO_SHM_DATA);
 
 406         b43_shm_control_word(dev, routing, offset);
 
 407         ret = b43_read32(dev, B43_MMIO_SHM_DATA);
 
 412 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
 
 414         struct b43_wl *wl = dev->wl;
 
 418         spin_lock_irqsave(&wl->shm_lock, flags);
 
 419         ret = __b43_shm_read32(dev, routing, offset);
 
 420         spin_unlock_irqrestore(&wl->shm_lock, flags);
 
 425 u16 __b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
 
 429         if (routing == B43_SHM_SHARED) {
 
 430                 B43_WARN_ON(offset & 0x0001);
 
 431                 if (offset & 0x0003) {
 
 432                         /* Unaligned access */
 
 433                         b43_shm_control_word(dev, routing, offset >> 2);
 
 434                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
 
 440         b43_shm_control_word(dev, routing, offset);
 
 441         ret = b43_read16(dev, B43_MMIO_SHM_DATA);
 
 446 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
 
 448         struct b43_wl *wl = dev->wl;
 
 452         spin_lock_irqsave(&wl->shm_lock, flags);
 
 453         ret = __b43_shm_read16(dev, routing, offset);
 
 454         spin_unlock_irqrestore(&wl->shm_lock, flags);
 
 459 void __b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
 
 461         if (routing == B43_SHM_SHARED) {
 
 462                 B43_WARN_ON(offset & 0x0001);
 
 463                 if (offset & 0x0003) {
 
 464                         /* Unaligned access */
 
 465                         b43_shm_control_word(dev, routing, offset >> 2);
 
 466                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
 
 467                                     (value >> 16) & 0xffff);
 
 468                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
 
 469                         b43_write16(dev, B43_MMIO_SHM_DATA, value & 0xffff);
 
 474         b43_shm_control_word(dev, routing, offset);
 
 475         b43_write32(dev, B43_MMIO_SHM_DATA, value);
 
 478 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
 
 480         struct b43_wl *wl = dev->wl;
 
 483         spin_lock_irqsave(&wl->shm_lock, flags);
 
 484         __b43_shm_write32(dev, routing, offset, value);
 
 485         spin_unlock_irqrestore(&wl->shm_lock, flags);
 
 488 void __b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
 
 490         if (routing == B43_SHM_SHARED) {
 
 491                 B43_WARN_ON(offset & 0x0001);
 
 492                 if (offset & 0x0003) {
 
 493                         /* Unaligned access */
 
 494                         b43_shm_control_word(dev, routing, offset >> 2);
 
 495                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
 
 500         b43_shm_control_word(dev, routing, offset);
 
 501         b43_write16(dev, B43_MMIO_SHM_DATA, value);
 
 504 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
 
 506         struct b43_wl *wl = dev->wl;
 
 509         spin_lock_irqsave(&wl->shm_lock, flags);
 
 510         __b43_shm_write16(dev, routing, offset, value);
 
 511         spin_unlock_irqrestore(&wl->shm_lock, flags);
 
 515 u64 b43_hf_read(struct b43_wldev *dev)
 
 519         ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI);
 
 521         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI);
 
 523         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO);
 
 528 /* Write HostFlags */
 
 529 void b43_hf_write(struct b43_wldev *dev, u64 value)
 
 533         lo = (value & 0x00000000FFFFULL);
 
 534         mi = (value & 0x0000FFFF0000ULL) >> 16;
 
 535         hi = (value & 0xFFFF00000000ULL) >> 32;
 
 536         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO, lo);
 
 537         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI, mi);
 
 538         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI, hi);
 
 541 void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
 
 545         B43_WARN_ON(dev->dev->id.revision < 3);
 
 547         /* The hardware guarantees us an atomic read, if we
 
 548          * read the low register first. */
 
 549         low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
 
 550         high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
 
 557 static void b43_time_lock(struct b43_wldev *dev)
 
 561         macctl = b43_read32(dev, B43_MMIO_MACCTL);
 
 562         macctl |= B43_MACCTL_TBTTHOLD;
 
 563         b43_write32(dev, B43_MMIO_MACCTL, macctl);
 
 564         /* Commit the write */
 
 565         b43_read32(dev, B43_MMIO_MACCTL);
 
 568 static void b43_time_unlock(struct b43_wldev *dev)
 
 572         macctl = b43_read32(dev, B43_MMIO_MACCTL);
 
 573         macctl &= ~B43_MACCTL_TBTTHOLD;
 
 574         b43_write32(dev, B43_MMIO_MACCTL, macctl);
 
 575         /* Commit the write */
 
 576         b43_read32(dev, B43_MMIO_MACCTL);
 
 579 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
 
 583         B43_WARN_ON(dev->dev->id.revision < 3);
 
 587         /* The hardware guarantees us an atomic write, if we
 
 588          * write the low register first. */
 
 589         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
 
 591         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
 
 595 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
 
 598         b43_tsf_write_locked(dev, tsf);
 
 599         b43_time_unlock(dev);
 
 603 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
 
 605         static const u8 zero_addr[ETH_ALEN] = { 0 };
 
 612         b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
 
 616         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
 
 619         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
 
 622         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
 
 625 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
 
 629         u8 mac_bssid[ETH_ALEN * 2];
 
 633         bssid = dev->wl->bssid;
 
 634         mac = dev->wl->mac_addr;
 
 636         b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
 
 638         memcpy(mac_bssid, mac, ETH_ALEN);
 
 639         memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
 
 641         /* Write our MAC address and BSSID to template ram */
 
 642         for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
 
 643                 tmp = (u32) (mac_bssid[i + 0]);
 
 644                 tmp |= (u32) (mac_bssid[i + 1]) << 8;
 
 645                 tmp |= (u32) (mac_bssid[i + 2]) << 16;
 
 646                 tmp |= (u32) (mac_bssid[i + 3]) << 24;
 
 647                 b43_ram_write(dev, 0x20 + i, tmp);
 
 651 static void b43_upload_card_macaddress(struct b43_wldev *dev)
 
 653         b43_write_mac_bssid_templates(dev);
 
 654         b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
 
 657 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
 
 659         /* slot_time is in usec. */
 
 660         if (dev->phy.type != B43_PHYTYPE_G)
 
 662         b43_write16(dev, 0x684, 510 + slot_time);
 
 663         b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
 
 666 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
 
 668         b43_set_slot_time(dev, 9);
 
 671 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
 
 673         b43_set_slot_time(dev, 20);
 
 676 /* Enable a Generic IRQ. "mask" is the mask of which IRQs to enable.
 
 677  * Returns the _previously_ enabled IRQ mask.
 
 679 static inline u32 b43_interrupt_enable(struct b43_wldev *dev, u32 mask)
 
 683         old_mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
 
 684         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, old_mask | mask);
 
 689 /* Disable a Generic IRQ. "mask" is the mask of which IRQs to disable.
 
 690  * Returns the _previously_ enabled IRQ mask.
 
 692 static inline u32 b43_interrupt_disable(struct b43_wldev *dev, u32 mask)
 
 696         old_mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
 
 697         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, old_mask & ~mask);
 
 702 /* Synchronize IRQ top- and bottom-half.
 
 703  * IRQs must be masked before calling this.
 
 704  * This must not be called with the irq_lock held.
 
 706 static void b43_synchronize_irq(struct b43_wldev *dev)
 
 708         synchronize_irq(dev->dev->irq);
 
 709         tasklet_kill(&dev->isr_tasklet);
 
 712 /* DummyTransmission function, as documented on
 
 713  * http://bcm-specs.sipsolutions.net/DummyTransmission
 
 715 void b43_dummy_transmission(struct b43_wldev *dev)
 
 717         struct b43_wl *wl = dev->wl;
 
 718         struct b43_phy *phy = &dev->phy;
 
 719         unsigned int i, max_loop;
 
 732                 buffer[0] = 0x000201CC;
 
 737                 buffer[0] = 0x000B846E;
 
 744         spin_lock_irq(&wl->irq_lock);
 
 745         write_lock(&wl->tx_lock);
 
 747         for (i = 0; i < 5; i++)
 
 748                 b43_ram_write(dev, i * 4, buffer[i]);
 
 751         b43_read32(dev, B43_MMIO_MACCTL);
 
 753         b43_write16(dev, 0x0568, 0x0000);
 
 754         b43_write16(dev, 0x07C0, 0x0000);
 
 755         value = ((phy->type == B43_PHYTYPE_A) ? 1 : 0);
 
 756         b43_write16(dev, 0x050C, value);
 
 757         b43_write16(dev, 0x0508, 0x0000);
 
 758         b43_write16(dev, 0x050A, 0x0000);
 
 759         b43_write16(dev, 0x054C, 0x0000);
 
 760         b43_write16(dev, 0x056A, 0x0014);
 
 761         b43_write16(dev, 0x0568, 0x0826);
 
 762         b43_write16(dev, 0x0500, 0x0000);
 
 763         b43_write16(dev, 0x0502, 0x0030);
 
 765         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
 
 766                 b43_radio_write16(dev, 0x0051, 0x0017);
 
 767         for (i = 0x00; i < max_loop; i++) {
 
 768                 value = b43_read16(dev, 0x050E);
 
 773         for (i = 0x00; i < 0x0A; i++) {
 
 774                 value = b43_read16(dev, 0x050E);
 
 779         for (i = 0x00; i < 0x19; i++) {
 
 780                 value = b43_read16(dev, 0x0690);
 
 781                 if (!(value & 0x0100))
 
 785         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
 
 786                 b43_radio_write16(dev, 0x0051, 0x0037);
 
 788         write_unlock(&wl->tx_lock);
 
 789         spin_unlock_irq(&wl->irq_lock);
 
 792 static void key_write(struct b43_wldev *dev,
 
 793                       u8 index, u8 algorithm, const u8 *key)
 
 800         /* Key index/algo block */
 
 801         kidx = b43_kidx_to_fw(dev, index);
 
 802         value = ((kidx << 4) | algorithm);
 
 803         b43_shm_write16(dev, B43_SHM_SHARED,
 
 804                         B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
 
 806         /* Write the key to the Key Table Pointer offset */
 
 807         offset = dev->ktp + (index * B43_SEC_KEYSIZE);
 
 808         for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
 
 810                 value |= (u16) (key[i + 1]) << 8;
 
 811                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
 
 815 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
 
 817         u32 addrtmp[2] = { 0, 0, };
 
 818         u8 per_sta_keys_start = 8;
 
 820         if (b43_new_kidx_api(dev))
 
 821                 per_sta_keys_start = 4;
 
 823         B43_WARN_ON(index < per_sta_keys_start);
 
 824         /* We have two default TX keys and possibly two default RX keys.
 
 825          * Physical mac 0 is mapped to physical key 4 or 8, depending
 
 826          * on the firmware version.
 
 827          * So we must adjust the index here.
 
 829         index -= per_sta_keys_start;
 
 832                 addrtmp[0] = addr[0];
 
 833                 addrtmp[0] |= ((u32) (addr[1]) << 8);
 
 834                 addrtmp[0] |= ((u32) (addr[2]) << 16);
 
 835                 addrtmp[0] |= ((u32) (addr[3]) << 24);
 
 836                 addrtmp[1] = addr[4];
 
 837                 addrtmp[1] |= ((u32) (addr[5]) << 8);
 
 840         if (dev->dev->id.revision >= 5) {
 
 841                 /* Receive match transmitter address mechanism */
 
 842                 b43_shm_write32(dev, B43_SHM_RCMTA,
 
 843                                 (index * 2) + 0, addrtmp[0]);
 
 844                 b43_shm_write16(dev, B43_SHM_RCMTA,
 
 845                                 (index * 2) + 1, addrtmp[1]);
 
 847                 /* RXE (Receive Engine) and
 
 848                  * PSM (Programmable State Machine) mechanism
 
 851                         /* TODO write to RCM 16, 19, 22 and 25 */
 
 853                         b43_shm_write32(dev, B43_SHM_SHARED,
 
 854                                         B43_SHM_SH_PSM + (index * 6) + 0,
 
 856                         b43_shm_write16(dev, B43_SHM_SHARED,
 
 857                                         B43_SHM_SH_PSM + (index * 6) + 4,
 
 863 static void do_key_write(struct b43_wldev *dev,
 
 864                          u8 index, u8 algorithm,
 
 865                          const u8 *key, size_t key_len, const u8 *mac_addr)
 
 867         u8 buf[B43_SEC_KEYSIZE] = { 0, };
 
 868         u8 per_sta_keys_start = 8;
 
 870         if (b43_new_kidx_api(dev))
 
 871                 per_sta_keys_start = 4;
 
 873         B43_WARN_ON(index >= dev->max_nr_keys);
 
 874         B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
 
 876         if (index >= per_sta_keys_start)
 
 877                 keymac_write(dev, index, NULL); /* First zero out mac. */
 
 879                 memcpy(buf, key, key_len);
 
 880         key_write(dev, index, algorithm, buf);
 
 881         if (index >= per_sta_keys_start)
 
 882                 keymac_write(dev, index, mac_addr);
 
 884         dev->key[index].algorithm = algorithm;
 
 887 static int b43_key_write(struct b43_wldev *dev,
 
 888                          int index, u8 algorithm,
 
 889                          const u8 *key, size_t key_len,
 
 891                          struct ieee80211_key_conf *keyconf)
 
 896         if (key_len > B43_SEC_KEYSIZE)
 
 898         for (i = 0; i < dev->max_nr_keys; i++) {
 
 899                 /* Check that we don't already have this key. */
 
 900                 B43_WARN_ON(dev->key[i].keyconf == keyconf);
 
 903                 /* Pairwise key. Get an empty slot for the key. */
 
 904                 if (b43_new_kidx_api(dev))
 
 908                 for (i = sta_keys_start; i < dev->max_nr_keys; i++) {
 
 909                         if (!dev->key[i].keyconf) {
 
 916                         b43warn(dev->wl, "Out of hardware key memory\n");
 
 920                 B43_WARN_ON(index > 3);
 
 922         do_key_write(dev, index, algorithm, key, key_len, mac_addr);
 
 923         if ((index <= 3) && !b43_new_kidx_api(dev)) {
 
 925                 B43_WARN_ON(mac_addr);
 
 926                 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
 
 928         keyconf->hw_key_idx = index;
 
 929         dev->key[index].keyconf = keyconf;
 
 934 static int b43_key_clear(struct b43_wldev *dev, int index)
 
 936         if (B43_WARN_ON((index < 0) || (index >= dev->max_nr_keys)))
 
 938         do_key_write(dev, index, B43_SEC_ALGO_NONE,
 
 939                      NULL, B43_SEC_KEYSIZE, NULL);
 
 940         if ((index <= 3) && !b43_new_kidx_api(dev)) {
 
 941                 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
 
 942                              NULL, B43_SEC_KEYSIZE, NULL);
 
 944         dev->key[index].keyconf = NULL;
 
 949 static void b43_clear_keys(struct b43_wldev *dev)
 
 953         for (i = 0; i < dev->max_nr_keys; i++)
 
 954                 b43_key_clear(dev, i);
 
 957 static void b43_dump_keymemory(struct b43_wldev *dev)
 
 959         unsigned int i, index, offset;
 
 960         DECLARE_MAC_BUF(macbuf);
 
 968         if (!b43_debug(dev, B43_DBG_KEYS))
 
 971         hf = b43_hf_read(dev);
 
 972         b43dbg(dev->wl, "Hardware key memory dump:  USEDEFKEYS=%u\n",
 
 973                !!(hf & B43_HF_USEDEFKEYS));
 
 974         for (index = 0; index < dev->max_nr_keys; index++) {
 
 975                 key = &(dev->key[index]);
 
 976                 printk(KERN_DEBUG "Key slot %02u: %s",
 
 977                        index, (key->keyconf == NULL) ? " " : "*");
 
 978                 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
 
 979                 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
 
 980                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
 
 981                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
 
 984                 algo = b43_shm_read16(dev, B43_SHM_SHARED,
 
 985                                       B43_SHM_SH_KEYIDXBLOCK + (index * 2));
 
 986                 printk("   Algo: %04X/%02X", algo, key->algorithm);
 
 989                         rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
 
 990                                                 ((index - 4) * 2) + 0);
 
 991                         rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
 
 992                                                 ((index - 4) * 2) + 1);
 
 993                         *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
 
 994                         *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
 
 996                                print_mac(macbuf, mac));
 
 998                         printk("   DEFAULT KEY");
 
1003 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
 
1011         B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
 
1012                     (ps_flags & B43_PS_DISABLED));
 
1013         B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
 
1015         if (ps_flags & B43_PS_ENABLED) {
 
1017         } else if (ps_flags & B43_PS_DISABLED) {
 
1020                 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
 
1021                 //      and thus is not an AP and we are associated, set bit 25
 
1023         if (ps_flags & B43_PS_AWAKE) {
 
1025         } else if (ps_flags & B43_PS_ASLEEP) {
 
1028                 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
 
1029                 //      or we are associated, or FIXME, or the latest PS-Poll packet sent was
 
1030                 //      successful, set bit26
 
1033 /* FIXME: For now we force awake-on and hwps-off */
 
1037         macctl = b43_read32(dev, B43_MMIO_MACCTL);
 
1039                 macctl |= B43_MACCTL_HWPS;
 
1041                 macctl &= ~B43_MACCTL_HWPS;
 
1043                 macctl |= B43_MACCTL_AWAKE;
 
1045                 macctl &= ~B43_MACCTL_AWAKE;
 
1046         b43_write32(dev, B43_MMIO_MACCTL, macctl);
 
1048         b43_read32(dev, B43_MMIO_MACCTL);
 
1049         if (awake && dev->dev->id.revision >= 5) {
 
1050                 /* Wait for the microcode to wake up. */
 
1051                 for (i = 0; i < 100; i++) {
 
1052                         ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
 
1053                                                 B43_SHM_SH_UCODESTAT);
 
1054                         if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
 
1061 void b43_wireless_core_reset(struct b43_wldev *dev, u32 flags)
 
1066         flags |= B43_TMSLOW_PHYCLKEN;
 
1067         flags |= B43_TMSLOW_PHYRESET;
 
1068         ssb_device_enable(dev->dev, flags);
 
1069         msleep(2);              /* Wait for the PLL to turn on. */
 
1071         /* Now take the PHY out of Reset again */
 
1072         tmslow = ssb_read32(dev->dev, SSB_TMSLOW);
 
1073         tmslow |= SSB_TMSLOW_FGC;
 
1074         tmslow &= ~B43_TMSLOW_PHYRESET;
 
1075         ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
 
1076         ssb_read32(dev->dev, SSB_TMSLOW);       /* flush */
 
1078         tmslow &= ~SSB_TMSLOW_FGC;
 
1079         ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
 
1080         ssb_read32(dev->dev, SSB_TMSLOW);       /* flush */
 
1083         /* Turn Analog ON, but only if we already know the PHY-type.
 
1084          * This protects against very early setup where we don't know the
 
1085          * PHY-type, yet. wireless_core_reset will be called once again later,
 
1086          * when we know the PHY-type. */
 
1088                 dev->phy.ops->switch_analog(dev, 1);
 
1090         macctl = b43_read32(dev, B43_MMIO_MACCTL);
 
1091         macctl &= ~B43_MACCTL_GMODE;
 
1092         if (flags & B43_TMSLOW_GMODE)
 
1093                 macctl |= B43_MACCTL_GMODE;
 
1094         macctl |= B43_MACCTL_IHR_ENABLED;
 
1095         b43_write32(dev, B43_MMIO_MACCTL, macctl);
 
1098 static void handle_irq_transmit_status(struct b43_wldev *dev)
 
1102         struct b43_txstatus stat;
 
1105                 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
 
1106                 if (!(v0 & 0x00000001))
 
1108                 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
 
1110                 stat.cookie = (v0 >> 16);
 
1111                 stat.seq = (v1 & 0x0000FFFF);
 
1112                 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
 
1113                 tmp = (v0 & 0x0000FFFF);
 
1114                 stat.frame_count = ((tmp & 0xF000) >> 12);
 
1115                 stat.rts_count = ((tmp & 0x0F00) >> 8);
 
1116                 stat.supp_reason = ((tmp & 0x001C) >> 2);
 
1117                 stat.pm_indicated = !!(tmp & 0x0080);
 
1118                 stat.intermediate = !!(tmp & 0x0040);
 
1119                 stat.for_ampdu = !!(tmp & 0x0020);
 
1120                 stat.acked = !!(tmp & 0x0002);
 
1122                 b43_handle_txstatus(dev, &stat);
 
1126 static void drain_txstatus_queue(struct b43_wldev *dev)
 
1130         if (dev->dev->id.revision < 5)
 
1132         /* Read all entries from the microcode TXstatus FIFO
 
1133          * and throw them away.
 
1136                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
 
1137                 if (!(dummy & 0x00000001))
 
1139                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
 
1143 static u32 b43_jssi_read(struct b43_wldev *dev)
 
1147         val = b43_shm_read16(dev, B43_SHM_SHARED, 0x08A);
 
1149         val |= b43_shm_read16(dev, B43_SHM_SHARED, 0x088);
 
1154 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
 
1156         b43_shm_write16(dev, B43_SHM_SHARED, 0x088, (jssi & 0x0000FFFF));
 
1157         b43_shm_write16(dev, B43_SHM_SHARED, 0x08A, (jssi & 0xFFFF0000) >> 16);
 
1160 static void b43_generate_noise_sample(struct b43_wldev *dev)
 
1162         b43_jssi_write(dev, 0x7F7F7F7F);
 
1163         b43_write32(dev, B43_MMIO_MACCMD,
 
1164                     b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
 
1167 static void b43_calculate_link_quality(struct b43_wldev *dev)
 
1169         /* Top half of Link Quality calculation. */
 
1171         if (dev->phy.type != B43_PHYTYPE_G)
 
1173         if (dev->noisecalc.calculation_running)
 
1175         dev->noisecalc.calculation_running = 1;
 
1176         dev->noisecalc.nr_samples = 0;
 
1178         b43_generate_noise_sample(dev);
 
1181 static void handle_irq_noise(struct b43_wldev *dev)
 
1183         struct b43_phy_g *phy = dev->phy.g;
 
1189         /* Bottom half of Link Quality calculation. */
 
1191         if (dev->phy.type != B43_PHYTYPE_G)
 
1194         /* Possible race condition: It might be possible that the user
 
1195          * changed to a different channel in the meantime since we
 
1196          * started the calculation. We ignore that fact, since it's
 
1197          * not really that much of a problem. The background noise is
 
1198          * an estimation only anyway. Slightly wrong results will get damped
 
1199          * by the averaging of the 8 sample rounds. Additionally the
 
1200          * value is shortlived. So it will be replaced by the next noise
 
1201          * calculation round soon. */
 
1203         B43_WARN_ON(!dev->noisecalc.calculation_running);
 
1204         *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
 
1205         if (noise[0] == 0x7F || noise[1] == 0x7F ||
 
1206             noise[2] == 0x7F || noise[3] == 0x7F)
 
1209         /* Get the noise samples. */
 
1210         B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
 
1211         i = dev->noisecalc.nr_samples;
 
1212         noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
 
1213         noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
 
1214         noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
 
1215         noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
 
1216         dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
 
1217         dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
 
1218         dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
 
1219         dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
 
1220         dev->noisecalc.nr_samples++;
 
1221         if (dev->noisecalc.nr_samples == 8) {
 
1222                 /* Calculate the Link Quality by the noise samples. */
 
1224                 for (i = 0; i < 8; i++) {
 
1225                         for (j = 0; j < 4; j++)
 
1226                                 average += dev->noisecalc.samples[i][j];
 
1232                 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
 
1233                 tmp = (tmp / 128) & 0x1F;
 
1243                 dev->stats.link_noise = average;
 
1244                 dev->noisecalc.calculation_running = 0;
 
1248         b43_generate_noise_sample(dev);
 
1251 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
 
1253         if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
 
1256                 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
 
1257                         b43_power_saving_ctl_bits(dev, 0);
 
1259         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
 
1263 static void handle_irq_atim_end(struct b43_wldev *dev)
 
1265         if (dev->dfq_valid) {
 
1266                 b43_write32(dev, B43_MMIO_MACCMD,
 
1267                             b43_read32(dev, B43_MMIO_MACCMD)
 
1268                             | B43_MACCMD_DFQ_VALID);
 
1273 static void handle_irq_pmq(struct b43_wldev *dev)
 
1280                 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
 
1281                 if (!(tmp & 0x00000008))
 
1284         /* 16bit write is odd, but correct. */
 
1285         b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
 
1288 static void b43_write_template_common(struct b43_wldev *dev,
 
1289                                       const u8 *data, u16 size,
 
1291                                       u16 shm_size_offset, u8 rate)
 
1294         struct b43_plcp_hdr4 plcp;
 
1297         b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
 
1298         b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
 
1299         ram_offset += sizeof(u32);
 
1300         /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
 
1301          * So leave the first two bytes of the next write blank.
 
1303         tmp = (u32) (data[0]) << 16;
 
1304         tmp |= (u32) (data[1]) << 24;
 
1305         b43_ram_write(dev, ram_offset, tmp);
 
1306         ram_offset += sizeof(u32);
 
1307         for (i = 2; i < size; i += sizeof(u32)) {
 
1308                 tmp = (u32) (data[i + 0]);
 
1310                         tmp |= (u32) (data[i + 1]) << 8;
 
1312                         tmp |= (u32) (data[i + 2]) << 16;
 
1314                         tmp |= (u32) (data[i + 3]) << 24;
 
1315                 b43_ram_write(dev, ram_offset + i - 2, tmp);
 
1317         b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
 
1318                         size + sizeof(struct b43_plcp_hdr6));
 
1321 /* Check if the use of the antenna that ieee80211 told us to
 
1322  * use is possible. This will fall back to DEFAULT.
 
1323  * "antenna_nr" is the antenna identifier we got from ieee80211. */
 
1324 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
 
1329         if (antenna_nr == 0) {
 
1330                 /* Zero means "use default antenna". That's always OK. */
 
1334         /* Get the mask of available antennas. */
 
1336                 antenna_mask = dev->dev->bus->sprom.ant_available_bg;
 
1338                 antenna_mask = dev->dev->bus->sprom.ant_available_a;
 
1340         if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
 
1341                 /* This antenna is not available. Fall back to default. */
 
1348 /* Convert a b43 antenna number value to the PHY TX control value. */
 
1349 static u16 b43_antenna_to_phyctl(int antenna)
 
1353                 return B43_TXH_PHY_ANT0;
 
1355                 return B43_TXH_PHY_ANT1;
 
1357                 return B43_TXH_PHY_ANT2;
 
1359                 return B43_TXH_PHY_ANT3;
 
1360         case B43_ANTENNA_AUTO:
 
1361                 return B43_TXH_PHY_ANT01AUTO;
 
1367 static void b43_write_beacon_template(struct b43_wldev *dev,
 
1369                                       u16 shm_size_offset)
 
1371         unsigned int i, len, variable_len;
 
1372         const struct ieee80211_mgmt *bcn;
 
1378         struct ieee80211_tx_info *info = IEEE80211_SKB_CB(dev->wl->current_beacon);
 
1380         bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
 
1381         len = min((size_t) dev->wl->current_beacon->len,
 
1382                   0x200 - sizeof(struct b43_plcp_hdr6));
 
1383         rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
 
1385         b43_write_template_common(dev, (const u8 *)bcn,
 
1386                                   len, ram_offset, shm_size_offset, rate);
 
1388         /* Write the PHY TX control parameters. */
 
1389         antenna = B43_ANTENNA_DEFAULT;
 
1390         antenna = b43_antenna_to_phyctl(antenna);
 
1391         ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
 
1392         /* We can't send beacons with short preamble. Would get PHY errors. */
 
1393         ctl &= ~B43_TXH_PHY_SHORTPRMBL;
 
1394         ctl &= ~B43_TXH_PHY_ANT;
 
1395         ctl &= ~B43_TXH_PHY_ENC;
 
1397         if (b43_is_cck_rate(rate))
 
1398                 ctl |= B43_TXH_PHY_ENC_CCK;
 
1400                 ctl |= B43_TXH_PHY_ENC_OFDM;
 
1401         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
 
1403         /* Find the position of the TIM and the DTIM_period value
 
1404          * and write them to SHM. */
 
1405         ie = bcn->u.beacon.variable;
 
1406         variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
 
1407         for (i = 0; i < variable_len - 2; ) {
 
1408                 uint8_t ie_id, ie_len;
 
1415                         /* This is the TIM Information Element */
 
1417                         /* Check whether the ie_len is in the beacon data range. */
 
1418                         if (variable_len < ie_len + 2 + i)
 
1420                         /* A valid TIM is at least 4 bytes long. */
 
1425                         tim_position = sizeof(struct b43_plcp_hdr6);
 
1426                         tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
 
1429                         dtim_period = ie[i + 3];
 
1431                         b43_shm_write16(dev, B43_SHM_SHARED,
 
1432                                         B43_SHM_SH_TIMBPOS, tim_position);
 
1433                         b43_shm_write16(dev, B43_SHM_SHARED,
 
1434                                         B43_SHM_SH_DTIMPER, dtim_period);
 
1441                  * If ucode wants to modify TIM do it behind the beacon, this
 
1442                  * will happen, for example, when doing mesh networking.
 
1444                 b43_shm_write16(dev, B43_SHM_SHARED,
 
1446                                 len + sizeof(struct b43_plcp_hdr6));
 
1447                 b43_shm_write16(dev, B43_SHM_SHARED,
 
1448                                 B43_SHM_SH_DTIMPER, 0);
 
1450         b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
 
1453 static void b43_write_probe_resp_plcp(struct b43_wldev *dev,
 
1454                                       u16 shm_offset, u16 size,
 
1455                                       struct ieee80211_rate *rate)
 
1457         struct b43_plcp_hdr4 plcp;
 
1462         b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate->hw_value);
 
1463         dur = ieee80211_generic_frame_duration(dev->wl->hw,
 
1466         /* Write PLCP in two parts and timing for packet transfer */
 
1467         tmp = le32_to_cpu(plcp.data);
 
1468         b43_shm_write16(dev, B43_SHM_SHARED, shm_offset, tmp & 0xFFFF);
 
1469         b43_shm_write16(dev, B43_SHM_SHARED, shm_offset + 2, tmp >> 16);
 
1470         b43_shm_write16(dev, B43_SHM_SHARED, shm_offset + 6, le16_to_cpu(dur));
 
1473 /* Instead of using custom probe response template, this function
 
1474  * just patches custom beacon template by:
 
1475  * 1) Changing packet type
 
1476  * 2) Patching duration field
 
1479 static const u8 *b43_generate_probe_resp(struct b43_wldev *dev,
 
1481                                          struct ieee80211_rate *rate)
 
1485         u16 src_size, elem_size, src_pos, dest_pos;
 
1487         struct ieee80211_hdr *hdr;
 
1490         src_size = dev->wl->current_beacon->len;
 
1491         src_data = (const u8 *)dev->wl->current_beacon->data;
 
1493         /* Get the start offset of the variable IEs in the packet. */
 
1494         ie_start = offsetof(struct ieee80211_mgmt, u.probe_resp.variable);
 
1495         B43_WARN_ON(ie_start != offsetof(struct ieee80211_mgmt, u.beacon.variable));
 
1497         if (B43_WARN_ON(src_size < ie_start))
 
1500         dest_data = kmalloc(src_size, GFP_ATOMIC);
 
1501         if (unlikely(!dest_data))
 
1504         /* Copy the static data and all Information Elements, except the TIM. */
 
1505         memcpy(dest_data, src_data, ie_start);
 
1507         dest_pos = ie_start;
 
1508         for ( ; src_pos < src_size - 2; src_pos += elem_size) {
 
1509                 elem_size = src_data[src_pos + 1] + 2;
 
1510                 if (src_data[src_pos] == 5) {
 
1511                         /* This is the TIM. */
 
1514                 memcpy(dest_data + dest_pos, src_data + src_pos,
 
1516                 dest_pos += elem_size;
 
1518         *dest_size = dest_pos;
 
1519         hdr = (struct ieee80211_hdr *)dest_data;
 
1521         /* Set the frame control. */
 
1522         hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
 
1523                                          IEEE80211_STYPE_PROBE_RESP);
 
1524         dur = ieee80211_generic_frame_duration(dev->wl->hw,
 
1525                                                dev->wl->vif, *dest_size,
 
1527         hdr->duration_id = dur;
 
1532 static void b43_write_probe_resp_template(struct b43_wldev *dev,
 
1534                                           u16 shm_size_offset,
 
1535                                           struct ieee80211_rate *rate)
 
1537         const u8 *probe_resp_data;
 
1540         size = dev->wl->current_beacon->len;
 
1541         probe_resp_data = b43_generate_probe_resp(dev, &size, rate);
 
1542         if (unlikely(!probe_resp_data))
 
1545         /* Looks like PLCP headers plus packet timings are stored for
 
1546          * all possible basic rates
 
1548         b43_write_probe_resp_plcp(dev, 0x31A, size, &b43_b_ratetable[0]);
 
1549         b43_write_probe_resp_plcp(dev, 0x32C, size, &b43_b_ratetable[1]);
 
1550         b43_write_probe_resp_plcp(dev, 0x33E, size, &b43_b_ratetable[2]);
 
1551         b43_write_probe_resp_plcp(dev, 0x350, size, &b43_b_ratetable[3]);
 
1553         size = min((size_t) size, 0x200 - sizeof(struct b43_plcp_hdr6));
 
1554         b43_write_template_common(dev, probe_resp_data,
 
1555                                   size, ram_offset, shm_size_offset,
 
1557         kfree(probe_resp_data);
 
1560 static void b43_upload_beacon0(struct b43_wldev *dev)
 
1562         struct b43_wl *wl = dev->wl;
 
1564         if (wl->beacon0_uploaded)
 
1566         b43_write_beacon_template(dev, 0x68, 0x18);
 
1567         /* FIXME: Probe resp upload doesn't really belong here,
 
1568          *        but we don't use that feature anyway. */
 
1569         b43_write_probe_resp_template(dev, 0x268, 0x4A,
 
1570                                       &__b43_ratetable[3]);
 
1571         wl->beacon0_uploaded = 1;
 
1574 static void b43_upload_beacon1(struct b43_wldev *dev)
 
1576         struct b43_wl *wl = dev->wl;
 
1578         if (wl->beacon1_uploaded)
 
1580         b43_write_beacon_template(dev, 0x468, 0x1A);
 
1581         wl->beacon1_uploaded = 1;
 
1584 static void handle_irq_beacon(struct b43_wldev *dev)
 
1586         struct b43_wl *wl = dev->wl;
 
1587         u32 cmd, beacon0_valid, beacon1_valid;
 
1589         if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
 
1590             !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
 
1593         /* This is the bottom half of the asynchronous beacon update. */
 
1595         /* Ignore interrupt in the future. */
 
1596         dev->irq_savedstate &= ~B43_IRQ_BEACON;
 
1598         cmd = b43_read32(dev, B43_MMIO_MACCMD);
 
1599         beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
 
1600         beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
 
1602         /* Schedule interrupt manually, if busy. */
 
1603         if (beacon0_valid && beacon1_valid) {
 
1604                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
 
1605                 dev->irq_savedstate |= B43_IRQ_BEACON;
 
1609         if (unlikely(wl->beacon_templates_virgin)) {
 
1610                 /* We never uploaded a beacon before.
 
1611                  * Upload both templates now, but only mark one valid. */
 
1612                 wl->beacon_templates_virgin = 0;
 
1613                 b43_upload_beacon0(dev);
 
1614                 b43_upload_beacon1(dev);
 
1615                 cmd = b43_read32(dev, B43_MMIO_MACCMD);
 
1616                 cmd |= B43_MACCMD_BEACON0_VALID;
 
1617                 b43_write32(dev, B43_MMIO_MACCMD, cmd);
 
1619                 if (!beacon0_valid) {
 
1620                         b43_upload_beacon0(dev);
 
1621                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
 
1622                         cmd |= B43_MACCMD_BEACON0_VALID;
 
1623                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
 
1624                 } else if (!beacon1_valid) {
 
1625                         b43_upload_beacon1(dev);
 
1626                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
 
1627                         cmd |= B43_MACCMD_BEACON1_VALID;
 
1628                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
 
1633 static void b43_beacon_update_trigger_work(struct work_struct *work)
 
1635         struct b43_wl *wl = container_of(work, struct b43_wl,
 
1636                                          beacon_update_trigger);
 
1637         struct b43_wldev *dev;
 
1639         mutex_lock(&wl->mutex);
 
1640         dev = wl->current_dev;
 
1641         if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
 
1642                 spin_lock_irq(&wl->irq_lock);
 
1643                 /* update beacon right away or defer to irq */
 
1644                 dev->irq_savedstate = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
 
1645                 handle_irq_beacon(dev);
 
1646                 /* The handler might have updated the IRQ mask. */
 
1647                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK,
 
1648                             dev->irq_savedstate);
 
1650                 spin_unlock_irq(&wl->irq_lock);
 
1652         mutex_unlock(&wl->mutex);
 
1655 /* Asynchronously update the packet templates in template RAM.
 
1656  * Locking: Requires wl->irq_lock to be locked. */
 
1657 static void b43_update_templates(struct b43_wl *wl)
 
1659         struct sk_buff *beacon;
 
1661         /* This is the top half of the ansynchronous beacon update.
 
1662          * The bottom half is the beacon IRQ.
 
1663          * Beacon update must be asynchronous to avoid sending an
 
1664          * invalid beacon. This can happen for example, if the firmware
 
1665          * transmits a beacon while we are updating it. */
 
1667         /* We could modify the existing beacon and set the aid bit in
 
1668          * the TIM field, but that would probably require resizing and
 
1669          * moving of data within the beacon template.
 
1670          * Simply request a new beacon and let mac80211 do the hard work. */
 
1671         beacon = ieee80211_beacon_get(wl->hw, wl->vif);
 
1672         if (unlikely(!beacon))
 
1675         if (wl->current_beacon)
 
1676                 dev_kfree_skb_any(wl->current_beacon);
 
1677         wl->current_beacon = beacon;
 
1678         wl->beacon0_uploaded = 0;
 
1679         wl->beacon1_uploaded = 0;
 
1680         queue_work(wl->hw->workqueue, &wl->beacon_update_trigger);
 
1683 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
 
1686         if (dev->dev->id.revision >= 3) {
 
1687                 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
 
1688                 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
 
1690                 b43_write16(dev, 0x606, (beacon_int >> 6));
 
1691                 b43_write16(dev, 0x610, beacon_int);
 
1693         b43_time_unlock(dev);
 
1694         b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
 
1697 static void b43_handle_firmware_panic(struct b43_wldev *dev)
 
1701         /* Read the register that contains the reason code for the panic. */
 
1702         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
 
1703         b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
 
1707                 b43dbg(dev->wl, "The panic reason is unknown.\n");
 
1709         case B43_FWPANIC_DIE:
 
1710                 /* Do not restart the controller or firmware.
 
1711                  * The device is nonfunctional from now on.
 
1712                  * Restarting would result in this panic to trigger again,
 
1713                  * so we avoid that recursion. */
 
1715         case B43_FWPANIC_RESTART:
 
1716                 b43_controller_restart(dev, "Microcode panic");
 
1721 static void handle_irq_ucode_debug(struct b43_wldev *dev)
 
1723         unsigned int i, cnt;
 
1724         u16 reason, marker_id, marker_line;
 
1727         /* The proprietary firmware doesn't have this IRQ. */
 
1728         if (!dev->fw.opensource)
 
1731         /* Read the register that contains the reason code for this IRQ. */
 
1732         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
 
1735         case B43_DEBUGIRQ_PANIC:
 
1736                 b43_handle_firmware_panic(dev);
 
1738         case B43_DEBUGIRQ_DUMP_SHM:
 
1740                         break; /* Only with driver debugging enabled. */
 
1741                 buf = kmalloc(4096, GFP_ATOMIC);
 
1743                         b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
 
1746                 for (i = 0; i < 4096; i += 2) {
 
1747                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
 
1748                         buf[i / 2] = cpu_to_le16(tmp);
 
1750                 b43info(dev->wl, "Shared memory dump:\n");
 
1751                 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
 
1752                                16, 2, buf, 4096, 1);
 
1755         case B43_DEBUGIRQ_DUMP_REGS:
 
1757                         break; /* Only with driver debugging enabled. */
 
1758                 b43info(dev->wl, "Microcode register dump:\n");
 
1759                 for (i = 0, cnt = 0; i < 64; i++) {
 
1760                         u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
 
1763                         printk("r%02u: 0x%04X  ", i, tmp);
 
1772         case B43_DEBUGIRQ_MARKER:
 
1774                         break; /* Only with driver debugging enabled. */
 
1775                 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
 
1777                 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
 
1778                                              B43_MARKER_LINE_REG);
 
1779                 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
 
1780                         "at line number %u\n",
 
1781                         marker_id, marker_line);
 
1784                 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
 
1788         /* Acknowledge the debug-IRQ, so the firmware can continue. */
 
1789         b43_shm_write16(dev, B43_SHM_SCRATCH,
 
1790                         B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
 
1793 /* Interrupt handler bottom-half */
 
1794 static void b43_interrupt_tasklet(struct b43_wldev *dev)
 
1797         u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
 
1798         u32 merged_dma_reason = 0;
 
1800         unsigned long flags;
 
1802         spin_lock_irqsave(&dev->wl->irq_lock, flags);
 
1804         B43_WARN_ON(b43_status(dev) != B43_STAT_STARTED);
 
1806         reason = dev->irq_reason;
 
1807         for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
 
1808                 dma_reason[i] = dev->dma_reason[i];
 
1809                 merged_dma_reason |= dma_reason[i];
 
1812         if (unlikely(reason & B43_IRQ_MAC_TXERR))
 
1813                 b43err(dev->wl, "MAC transmission error\n");
 
1815         if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
 
1816                 b43err(dev->wl, "PHY transmission error\n");
 
1818                 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
 
1819                         atomic_set(&dev->phy.txerr_cnt,
 
1820                                    B43_PHY_TX_BADNESS_LIMIT);
 
1821                         b43err(dev->wl, "Too many PHY TX errors, "
 
1822                                         "restarting the controller\n");
 
1823                         b43_controller_restart(dev, "PHY TX errors");
 
1827         if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK |
 
1828                                           B43_DMAIRQ_NONFATALMASK))) {
 
1829                 if (merged_dma_reason & B43_DMAIRQ_FATALMASK) {
 
1830                         b43err(dev->wl, "Fatal DMA error: "
 
1831                                "0x%08X, 0x%08X, 0x%08X, "
 
1832                                "0x%08X, 0x%08X, 0x%08X\n",
 
1833                                dma_reason[0], dma_reason[1],
 
1834                                dma_reason[2], dma_reason[3],
 
1835                                dma_reason[4], dma_reason[5]);
 
1836                         b43_controller_restart(dev, "DMA error");
 
1838                         spin_unlock_irqrestore(&dev->wl->irq_lock, flags);
 
1841                 if (merged_dma_reason & B43_DMAIRQ_NONFATALMASK) {
 
1842                         b43err(dev->wl, "DMA error: "
 
1843                                "0x%08X, 0x%08X, 0x%08X, "
 
1844                                "0x%08X, 0x%08X, 0x%08X\n",
 
1845                                dma_reason[0], dma_reason[1],
 
1846                                dma_reason[2], dma_reason[3],
 
1847                                dma_reason[4], dma_reason[5]);
 
1851         if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
 
1852                 handle_irq_ucode_debug(dev);
 
1853         if (reason & B43_IRQ_TBTT_INDI)
 
1854                 handle_irq_tbtt_indication(dev);
 
1855         if (reason & B43_IRQ_ATIM_END)
 
1856                 handle_irq_atim_end(dev);
 
1857         if (reason & B43_IRQ_BEACON)
 
1858                 handle_irq_beacon(dev);
 
1859         if (reason & B43_IRQ_PMQ)
 
1860                 handle_irq_pmq(dev);
 
1861         if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
 
1863         if (reason & B43_IRQ_NOISESAMPLE_OK)
 
1864                 handle_irq_noise(dev);
 
1866         /* Check the DMA reason registers for received data. */
 
1867         if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
 
1868                 if (b43_using_pio_transfers(dev))
 
1869                         b43_pio_rx(dev->pio.rx_queue);
 
1871                         b43_dma_rx(dev->dma.rx_ring);
 
1873         B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
 
1874         B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
 
1875         B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
 
1876         B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
 
1877         B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
 
1879         if (reason & B43_IRQ_TX_OK)
 
1880                 handle_irq_transmit_status(dev);
 
1882         b43_interrupt_enable(dev, dev->irq_savedstate);
 
1884         spin_unlock_irqrestore(&dev->wl->irq_lock, flags);
 
1887 static void b43_interrupt_ack(struct b43_wldev *dev, u32 reason)
 
1889         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
 
1891         b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
 
1892         b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
 
1893         b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
 
1894         b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
 
1895         b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
 
1896         b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
 
1899 /* Interrupt handler top-half */
 
1900 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
 
1902         irqreturn_t ret = IRQ_NONE;
 
1903         struct b43_wldev *dev = dev_id;
 
1909         spin_lock(&dev->wl->irq_lock);
 
1911         if (b43_status(dev) < B43_STAT_STARTED)
 
1913         reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
 
1914         if (reason == 0xffffffff)       /* shared IRQ */
 
1917         reason &= b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
 
1921         dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
 
1923         dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
 
1925         dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
 
1927         dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
 
1929         dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
 
1931         dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
 
1934         b43_interrupt_ack(dev, reason);
 
1935         /* disable all IRQs. They are enabled again in the bottom half. */
 
1936         dev->irq_savedstate = b43_interrupt_disable(dev, B43_IRQ_ALL);
 
1937         /* save the reason code and call our bottom half. */
 
1938         dev->irq_reason = reason;
 
1939         tasklet_schedule(&dev->isr_tasklet);
 
1942         spin_unlock(&dev->wl->irq_lock);
 
1947 void b43_do_release_fw(struct b43_firmware_file *fw)
 
1949         release_firmware(fw->data);
 
1951         fw->filename = NULL;
 
1954 static void b43_release_firmware(struct b43_wldev *dev)
 
1956         b43_do_release_fw(&dev->fw.ucode);
 
1957         b43_do_release_fw(&dev->fw.pcm);
 
1958         b43_do_release_fw(&dev->fw.initvals);
 
1959         b43_do_release_fw(&dev->fw.initvals_band);
 
1962 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
 
1966                 "http://wireless.kernel.org/en/users/Drivers/b43#devicefirmware " \
 
1967                 "and download the correct firmware for this driver version. " \
 
1968                 "Please carefully read all instructions on this website.\n";
 
1976 int b43_do_request_fw(struct b43_request_fw_context *ctx,
 
1978                       struct b43_firmware_file *fw)
 
1980         const struct firmware *blob;
 
1981         struct b43_fw_header *hdr;
 
1986                 /* Don't fetch anything. Free possibly cached firmware. */
 
1987                 /* FIXME: We should probably keep it anyway, to save some headache
 
1988                  * on suspend/resume with multiband devices. */
 
1989                 b43_do_release_fw(fw);
 
1993                 if ((fw->type == ctx->req_type) &&
 
1994                     (strcmp(fw->filename, name) == 0))
 
1995                         return 0; /* Already have this fw. */
 
1996                 /* Free the cached firmware first. */
 
1997                 /* FIXME: We should probably do this later after we successfully
 
1998                  * got the new fw. This could reduce headache with multiband devices.
 
1999                  * We could also redesign this to cache the firmware for all possible
 
2000                  * bands all the time. */
 
2001                 b43_do_release_fw(fw);
 
2004         switch (ctx->req_type) {
 
2005         case B43_FWTYPE_PROPRIETARY:
 
2006                 snprintf(ctx->fwname, sizeof(ctx->fwname),
 
2008                          modparam_fwpostfix, name);
 
2010         case B43_FWTYPE_OPENSOURCE:
 
2011                 snprintf(ctx->fwname, sizeof(ctx->fwname),
 
2013                          modparam_fwpostfix, name);
 
2019         err = request_firmware(&blob, ctx->fwname, ctx->dev->dev->dev);
 
2020         if (err == -ENOENT) {
 
2021                 snprintf(ctx->errors[ctx->req_type],
 
2022                          sizeof(ctx->errors[ctx->req_type]),
 
2023                          "Firmware file \"%s\" not found\n", ctx->fwname);
 
2026                 snprintf(ctx->errors[ctx->req_type],
 
2027                          sizeof(ctx->errors[ctx->req_type]),
 
2028                          "Firmware file \"%s\" request failed (err=%d)\n",
 
2032         if (blob->size < sizeof(struct b43_fw_header))
 
2034         hdr = (struct b43_fw_header *)(blob->data);
 
2035         switch (hdr->type) {
 
2036         case B43_FW_TYPE_UCODE:
 
2037         case B43_FW_TYPE_PCM:
 
2038                 size = be32_to_cpu(hdr->size);
 
2039                 if (size != blob->size - sizeof(struct b43_fw_header))
 
2042         case B43_FW_TYPE_IV:
 
2051         fw->filename = name;
 
2052         fw->type = ctx->req_type;
 
2057         snprintf(ctx->errors[ctx->req_type],
 
2058                  sizeof(ctx->errors[ctx->req_type]),
 
2059                  "Firmware file \"%s\" format error.\n", ctx->fwname);
 
2060         release_firmware(blob);
 
2065 static int b43_try_request_fw(struct b43_request_fw_context *ctx)
 
2067         struct b43_wldev *dev = ctx->dev;
 
2068         struct b43_firmware *fw = &ctx->dev->fw;
 
2069         const u8 rev = ctx->dev->dev->id.revision;
 
2070         const char *filename;
 
2075         tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
 
2076         if ((rev >= 5) && (rev <= 10))
 
2077                 filename = "ucode5";
 
2078         else if ((rev >= 11) && (rev <= 12))
 
2079                 filename = "ucode11";
 
2081                 filename = "ucode13";
 
2084         err = b43_do_request_fw(ctx, filename, &fw->ucode);
 
2089         if ((rev >= 5) && (rev <= 10))
 
2095         fw->pcm_request_failed = 0;
 
2096         err = b43_do_request_fw(ctx, filename, &fw->pcm);
 
2097         if (err == -ENOENT) {
 
2098                 /* We did not find a PCM file? Not fatal, but
 
2099                  * core rev <= 10 must do without hwcrypto then. */
 
2100                 fw->pcm_request_failed = 1;
 
2105         switch (dev->phy.type) {
 
2107                 if ((rev >= 5) && (rev <= 10)) {
 
2108                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
 
2109                                 filename = "a0g1initvals5";
 
2111                                 filename = "a0g0initvals5";
 
2113                         goto err_no_initvals;
 
2116                 if ((rev >= 5) && (rev <= 10))
 
2117                         filename = "b0g0initvals5";
 
2119                         filename = "b0g0initvals13";
 
2121                         goto err_no_initvals;
 
2124                 if ((rev >= 11) && (rev <= 12))
 
2125                         filename = "n0initvals11";
 
2127                         goto err_no_initvals;
 
2130                 goto err_no_initvals;
 
2132         err = b43_do_request_fw(ctx, filename, &fw->initvals);
 
2136         /* Get bandswitch initvals */
 
2137         switch (dev->phy.type) {
 
2139                 if ((rev >= 5) && (rev <= 10)) {
 
2140                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
 
2141                                 filename = "a0g1bsinitvals5";
 
2143                                 filename = "a0g0bsinitvals5";
 
2144                 } else if (rev >= 11)
 
2147                         goto err_no_initvals;
 
2150                 if ((rev >= 5) && (rev <= 10))
 
2151                         filename = "b0g0bsinitvals5";
 
2155                         goto err_no_initvals;
 
2158                 if ((rev >= 11) && (rev <= 12))
 
2159                         filename = "n0bsinitvals11";
 
2161                         goto err_no_initvals;
 
2164                 goto err_no_initvals;
 
2166         err = b43_do_request_fw(ctx, filename, &fw->initvals_band);
 
2173         err = ctx->fatal_failure = -EOPNOTSUPP;
 
2174         b43err(dev->wl, "The driver does not know which firmware (ucode) "
 
2175                "is required for your device (wl-core rev %u)\n", rev);
 
2179         err = ctx->fatal_failure = -EOPNOTSUPP;
 
2180         b43err(dev->wl, "The driver does not know which firmware (PCM) "
 
2181                "is required for your device (wl-core rev %u)\n", rev);
 
2185         err = ctx->fatal_failure = -EOPNOTSUPP;
 
2186         b43err(dev->wl, "The driver does not know which firmware (initvals) "
 
2187                "is required for your device (wl-core rev %u)\n", rev);
 
2191         /* We failed to load this firmware image. The error message
 
2192          * already is in ctx->errors. Return and let our caller decide
 
2197         b43_release_firmware(dev);
 
2201 static int b43_request_firmware(struct b43_wldev *dev)
 
2203         struct b43_request_fw_context *ctx;
 
2208         ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
 
2213         ctx->req_type = B43_FWTYPE_PROPRIETARY;
 
2214         err = b43_try_request_fw(ctx);
 
2216                 goto out; /* Successfully loaded it. */
 
2217         err = ctx->fatal_failure;
 
2221         ctx->req_type = B43_FWTYPE_OPENSOURCE;
 
2222         err = b43_try_request_fw(ctx);
 
2224                 goto out; /* Successfully loaded it. */
 
2225         err = ctx->fatal_failure;
 
2229         /* Could not find a usable firmware. Print the errors. */
 
2230         for (i = 0; i < B43_NR_FWTYPES; i++) {
 
2231                 errmsg = ctx->errors[i];
 
2233                         b43err(dev->wl, errmsg);
 
2235         b43_print_fw_helptext(dev->wl, 1);
 
2243 static int b43_upload_microcode(struct b43_wldev *dev)
 
2245         const size_t hdr_len = sizeof(struct b43_fw_header);
 
2247         unsigned int i, len;
 
2248         u16 fwrev, fwpatch, fwdate, fwtime;
 
2252         /* Jump the microcode PSM to offset 0 */
 
2253         macctl = b43_read32(dev, B43_MMIO_MACCTL);
 
2254         B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
 
2255         macctl |= B43_MACCTL_PSM_JMP0;
 
2256         b43_write32(dev, B43_MMIO_MACCTL, macctl);
 
2257         /* Zero out all microcode PSM registers and shared memory. */
 
2258         for (i = 0; i < 64; i++)
 
2259                 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
 
2260         for (i = 0; i < 4096; i += 2)
 
2261                 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
 
2263         /* Upload Microcode. */
 
2264         data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
 
2265         len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
 
2266         b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
 
2267         for (i = 0; i < len; i++) {
 
2268                 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
 
2272         if (dev->fw.pcm.data) {
 
2273                 /* Upload PCM data. */
 
2274                 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
 
2275                 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
 
2276                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
 
2277                 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
 
2278                 /* No need for autoinc bit in SHM_HW */
 
2279                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
 
2280                 for (i = 0; i < len; i++) {
 
2281                         b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
 
2286         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
 
2288         /* Start the microcode PSM */
 
2289         macctl = b43_read32(dev, B43_MMIO_MACCTL);
 
2290         macctl &= ~B43_MACCTL_PSM_JMP0;
 
2291         macctl |= B43_MACCTL_PSM_RUN;
 
2292         b43_write32(dev, B43_MMIO_MACCTL, macctl);
 
2294         /* Wait for the microcode to load and respond */
 
2297                 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
 
2298                 if (tmp == B43_IRQ_MAC_SUSPENDED)
 
2302                         b43err(dev->wl, "Microcode not responding\n");
 
2303                         b43_print_fw_helptext(dev->wl, 1);
 
2307                 msleep_interruptible(50);
 
2308                 if (signal_pending(current)) {
 
2313         b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);       /* dummy read */
 
2315         /* Get and check the revisions. */
 
2316         fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
 
2317         fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
 
2318         fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
 
2319         fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
 
2321         if (fwrev <= 0x128) {
 
2322                 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
 
2323                        "binary drivers older than version 4.x is unsupported. "
 
2324                        "You must upgrade your firmware files.\n");
 
2325                 b43_print_fw_helptext(dev->wl, 1);
 
2329         dev->fw.rev = fwrev;
 
2330         dev->fw.patch = fwpatch;
 
2331         dev->fw.opensource = (fwdate == 0xFFFF);
 
2333         if (dev->fw.opensource) {
 
2334                 /* Patchlevel info is encoded in the "time" field. */
 
2335                 dev->fw.patch = fwtime;
 
2336                 b43info(dev->wl, "Loading OpenSource firmware version %u.%u%s\n",
 
2337                         dev->fw.rev, dev->fw.patch,
 
2338                         dev->fw.pcm_request_failed ? " (Hardware crypto not supported)" : "");
 
2340                 b43info(dev->wl, "Loading firmware version %u.%u "
 
2341                         "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
 
2343                         (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
 
2344                         (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
 
2345                 if (dev->fw.pcm_request_failed) {
 
2346                         b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
 
2347                                 "Hardware accelerated cryptography is disabled.\n");
 
2348                         b43_print_fw_helptext(dev->wl, 0);
 
2352         if (b43_is_old_txhdr_format(dev)) {
 
2353                 /* We're over the deadline, but we keep support for old fw
 
2354                  * until it turns out to be in major conflict with something new. */
 
2355                 b43warn(dev->wl, "You are using an old firmware image. "
 
2356                         "Support for old firmware will be removed soon "
 
2357                         "(official deadline was July 2008).\n");
 
2358                 b43_print_fw_helptext(dev->wl, 0);
 
2364         macctl = b43_read32(dev, B43_MMIO_MACCTL);
 
2365         macctl &= ~B43_MACCTL_PSM_RUN;
 
2366         macctl |= B43_MACCTL_PSM_JMP0;
 
2367         b43_write32(dev, B43_MMIO_MACCTL, macctl);
 
2372 static int b43_write_initvals(struct b43_wldev *dev,
 
2373                               const struct b43_iv *ivals,
 
2377         const struct b43_iv *iv;
 
2382         BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
 
2384         for (i = 0; i < count; i++) {
 
2385                 if (array_size < sizeof(iv->offset_size))
 
2387                 array_size -= sizeof(iv->offset_size);
 
2388                 offset = be16_to_cpu(iv->offset_size);
 
2389                 bit32 = !!(offset & B43_IV_32BIT);
 
2390                 offset &= B43_IV_OFFSET_MASK;
 
2391                 if (offset >= 0x1000)
 
2396                         if (array_size < sizeof(iv->data.d32))
 
2398                         array_size -= sizeof(iv->data.d32);
 
2400                         value = get_unaligned_be32(&iv->data.d32);
 
2401                         b43_write32(dev, offset, value);
 
2403                         iv = (const struct b43_iv *)((const uint8_t *)iv +
 
2409                         if (array_size < sizeof(iv->data.d16))
 
2411                         array_size -= sizeof(iv->data.d16);
 
2413                         value = be16_to_cpu(iv->data.d16);
 
2414                         b43_write16(dev, offset, value);
 
2416                         iv = (const struct b43_iv *)((const uint8_t *)iv +
 
2427         b43err(dev->wl, "Initial Values Firmware file-format error.\n");
 
2428         b43_print_fw_helptext(dev->wl, 1);
 
2433 static int b43_upload_initvals(struct b43_wldev *dev)
 
2435         const size_t hdr_len = sizeof(struct b43_fw_header);
 
2436         const struct b43_fw_header *hdr;
 
2437         struct b43_firmware *fw = &dev->fw;
 
2438         const struct b43_iv *ivals;
 
2442         hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
 
2443         ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
 
2444         count = be32_to_cpu(hdr->size);
 
2445         err = b43_write_initvals(dev, ivals, count,
 
2446                                  fw->initvals.data->size - hdr_len);
 
2449         if (fw->initvals_band.data) {
 
2450                 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
 
2451                 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
 
2452                 count = be32_to_cpu(hdr->size);
 
2453                 err = b43_write_initvals(dev, ivals, count,
 
2454                                          fw->initvals_band.data->size - hdr_len);
 
2463 /* Initialize the GPIOs
 
2464  * http://bcm-specs.sipsolutions.net/GPIO
 
2466 static int b43_gpio_init(struct b43_wldev *dev)
 
2468         struct ssb_bus *bus = dev->dev->bus;
 
2469         struct ssb_device *gpiodev, *pcidev = NULL;
 
2472         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
 
2473                     & ~B43_MACCTL_GPOUTSMSK);
 
2475         b43_write16(dev, B43_MMIO_GPIO_MASK, b43_read16(dev, B43_MMIO_GPIO_MASK)
 
2480         if (dev->dev->bus->chip_id == 0x4301) {
 
2484         if (0 /* FIXME: conditional unknown */ ) {
 
2485                 b43_write16(dev, B43_MMIO_GPIO_MASK,
 
2486                             b43_read16(dev, B43_MMIO_GPIO_MASK)
 
2491         if (dev->dev->bus->sprom.boardflags_lo & B43_BFL_PACTRL) {
 
2492                 b43_write16(dev, B43_MMIO_GPIO_MASK,
 
2493                             b43_read16(dev, B43_MMIO_GPIO_MASK)
 
2498         if (dev->dev->id.revision >= 2)
 
2499                 mask |= 0x0010; /* FIXME: This is redundant. */
 
2501 #ifdef CONFIG_SSB_DRIVER_PCICORE
 
2502         pcidev = bus->pcicore.dev;
 
2504         gpiodev = bus->chipco.dev ? : pcidev;
 
2507         ssb_write32(gpiodev, B43_GPIO_CONTROL,
 
2508                     (ssb_read32(gpiodev, B43_GPIO_CONTROL)
 
2514 /* Turn off all GPIO stuff. Call this on module unload, for example. */
 
2515 static void b43_gpio_cleanup(struct b43_wldev *dev)
 
2517         struct ssb_bus *bus = dev->dev->bus;
 
2518         struct ssb_device *gpiodev, *pcidev = NULL;
 
2520 #ifdef CONFIG_SSB_DRIVER_PCICORE
 
2521         pcidev = bus->pcicore.dev;
 
2523         gpiodev = bus->chipco.dev ? : pcidev;
 
2526         ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
 
2529 /* http://bcm-specs.sipsolutions.net/EnableMac */
 
2530 void b43_mac_enable(struct b43_wldev *dev)
 
2532         if (b43_debug(dev, B43_DBG_FIRMWARE)) {
 
2535                 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
 
2536                                          B43_SHM_SH_UCODESTAT);
 
2537                 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
 
2538                     (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
 
2539                         b43err(dev->wl, "b43_mac_enable(): The firmware "
 
2540                                "should be suspended, but current state is %u\n",
 
2545         dev->mac_suspended--;
 
2546         B43_WARN_ON(dev->mac_suspended < 0);
 
2547         if (dev->mac_suspended == 0) {
 
2548                 b43_write32(dev, B43_MMIO_MACCTL,
 
2549                             b43_read32(dev, B43_MMIO_MACCTL)
 
2550                             | B43_MACCTL_ENABLED);
 
2551                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
 
2552                             B43_IRQ_MAC_SUSPENDED);
 
2554                 b43_read32(dev, B43_MMIO_MACCTL);
 
2555                 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
 
2556                 b43_power_saving_ctl_bits(dev, 0);
 
2560 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
 
2561 void b43_mac_suspend(struct b43_wldev *dev)
 
2567         B43_WARN_ON(dev->mac_suspended < 0);
 
2569         if (dev->mac_suspended == 0) {
 
2570                 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
 
2571                 b43_write32(dev, B43_MMIO_MACCTL,
 
2572                             b43_read32(dev, B43_MMIO_MACCTL)
 
2573                             & ~B43_MACCTL_ENABLED);
 
2574                 /* force pci to flush the write */
 
2575                 b43_read32(dev, B43_MMIO_MACCTL);
 
2576                 for (i = 35; i; i--) {
 
2577                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
 
2578                         if (tmp & B43_IRQ_MAC_SUSPENDED)
 
2582                 /* Hm, it seems this will take some time. Use msleep(). */
 
2583                 for (i = 40; i; i--) {
 
2584                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
 
2585                         if (tmp & B43_IRQ_MAC_SUSPENDED)
 
2589                 b43err(dev->wl, "MAC suspend failed\n");
 
2592         dev->mac_suspended++;
 
2595 static void b43_adjust_opmode(struct b43_wldev *dev)
 
2597         struct b43_wl *wl = dev->wl;
 
2601         ctl = b43_read32(dev, B43_MMIO_MACCTL);
 
2602         /* Reset status to STA infrastructure mode. */
 
2603         ctl &= ~B43_MACCTL_AP;
 
2604         ctl &= ~B43_MACCTL_KEEP_CTL;
 
2605         ctl &= ~B43_MACCTL_KEEP_BADPLCP;
 
2606         ctl &= ~B43_MACCTL_KEEP_BAD;
 
2607         ctl &= ~B43_MACCTL_PROMISC;
 
2608         ctl &= ~B43_MACCTL_BEACPROMISC;
 
2609         ctl |= B43_MACCTL_INFRA;
 
2611         if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
 
2612             b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
 
2613                 ctl |= B43_MACCTL_AP;
 
2614         else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
 
2615                 ctl &= ~B43_MACCTL_INFRA;
 
2617         if (wl->filter_flags & FIF_CONTROL)
 
2618                 ctl |= B43_MACCTL_KEEP_CTL;
 
2619         if (wl->filter_flags & FIF_FCSFAIL)
 
2620                 ctl |= B43_MACCTL_KEEP_BAD;
 
2621         if (wl->filter_flags & FIF_PLCPFAIL)
 
2622                 ctl |= B43_MACCTL_KEEP_BADPLCP;
 
2623         if (wl->filter_flags & FIF_PROMISC_IN_BSS)
 
2624                 ctl |= B43_MACCTL_PROMISC;
 
2625         if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
 
2626                 ctl |= B43_MACCTL_BEACPROMISC;
 
2628         /* Workaround: On old hardware the HW-MAC-address-filter
 
2629          * doesn't work properly, so always run promisc in filter
 
2630          * it in software. */
 
2631         if (dev->dev->id.revision <= 4)
 
2632                 ctl |= B43_MACCTL_PROMISC;
 
2634         b43_write32(dev, B43_MMIO_MACCTL, ctl);
 
2637         if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
 
2638                 if (dev->dev->bus->chip_id == 0x4306 &&
 
2639                     dev->dev->bus->chip_rev == 3)
 
2644         b43_write16(dev, 0x612, cfp_pretbtt);
 
2647 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
 
2653                 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
 
2656                 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
 
2658         b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
 
2659                         b43_shm_read16(dev, B43_SHM_SHARED, offset));
 
2662 static void b43_rate_memory_init(struct b43_wldev *dev)
 
2664         switch (dev->phy.type) {
 
2668                 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
 
2669                 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
 
2670                 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
 
2671                 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
 
2672                 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
 
2673                 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
 
2674                 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
 
2675                 if (dev->phy.type == B43_PHYTYPE_A)
 
2679                 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
 
2680                 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
 
2681                 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
 
2682                 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
 
2689 /* Set the default values for the PHY TX Control Words. */
 
2690 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
 
2694         ctl |= B43_TXH_PHY_ENC_CCK;
 
2695         ctl |= B43_TXH_PHY_ANT01AUTO;
 
2696         ctl |= B43_TXH_PHY_TXPWR;
 
2698         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
 
2699         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
 
2700         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
 
2703 /* Set the TX-Antenna for management frames sent by firmware. */
 
2704 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
 
2709         ant = b43_antenna_to_phyctl(antenna);
 
2712         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
 
2713         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
 
2714         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
 
2715         /* For Probe Resposes */
 
2716         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
 
2717         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
 
2718         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
 
2721 /* This is the opposite of b43_chip_init() */
 
2722 static void b43_chip_exit(struct b43_wldev *dev)
 
2725         b43_gpio_cleanup(dev);
 
2726         /* firmware is released later */
 
2729 /* Initialize the chip
 
2730  * http://bcm-specs.sipsolutions.net/ChipInit
 
2732 static int b43_chip_init(struct b43_wldev *dev)
 
2734         struct b43_phy *phy = &dev->phy;
 
2736         u32 value32, macctl;
 
2739         /* Initialize the MAC control */
 
2740         macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
 
2742                 macctl |= B43_MACCTL_GMODE;
 
2743         macctl |= B43_MACCTL_INFRA;
 
2744         b43_write32(dev, B43_MMIO_MACCTL, macctl);
 
2746         err = b43_request_firmware(dev);
 
2749         err = b43_upload_microcode(dev);
 
2751                 goto out;       /* firmware is released later */
 
2753         err = b43_gpio_init(dev);
 
2755                 goto out;       /* firmware is released later */
 
2757         err = b43_upload_initvals(dev);
 
2759                 goto err_gpio_clean;
 
2761         /* Turn the Analog on and initialize the PHY. */
 
2762         phy->ops->switch_analog(dev, 1);
 
2763         err = b43_phy_init(dev);
 
2765                 goto err_gpio_clean;
 
2767         /* Disable Interference Mitigation. */
 
2768         if (phy->ops->interf_mitigation)
 
2769                 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
 
2771         /* Select the antennae */
 
2772         if (phy->ops->set_rx_antenna)
 
2773                 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
 
2774         b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
 
2776         if (phy->type == B43_PHYTYPE_B) {
 
2777                 value16 = b43_read16(dev, 0x005E);
 
2779                 b43_write16(dev, 0x005E, value16);
 
2781         b43_write32(dev, 0x0100, 0x01000000);
 
2782         if (dev->dev->id.revision < 5)
 
2783                 b43_write32(dev, 0x010C, 0x01000000);
 
2785         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
 
2786                     & ~B43_MACCTL_INFRA);
 
2787         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
 
2788                     | B43_MACCTL_INFRA);
 
2790         /* Probe Response Timeout value */
 
2791         /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
 
2792         b43_shm_write16(dev, B43_SHM_SHARED, 0x0074, 0x0000);
 
2794         /* Initially set the wireless operation mode. */
 
2795         b43_adjust_opmode(dev);
 
2797         if (dev->dev->id.revision < 3) {
 
2798                 b43_write16(dev, 0x060E, 0x0000);
 
2799                 b43_write16(dev, 0x0610, 0x8000);
 
2800                 b43_write16(dev, 0x0604, 0x0000);
 
2801                 b43_write16(dev, 0x0606, 0x0200);
 
2803                 b43_write32(dev, 0x0188, 0x80000000);
 
2804                 b43_write32(dev, 0x018C, 0x02000000);
 
2806         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
 
2807         b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001DC00);
 
2808         b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
 
2809         b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
 
2810         b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
 
2811         b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
 
2812         b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
 
2814         value32 = ssb_read32(dev->dev, SSB_TMSLOW);
 
2815         value32 |= 0x00100000;
 
2816         ssb_write32(dev->dev, SSB_TMSLOW, value32);
 
2818         b43_write16(dev, B43_MMIO_POWERUP_DELAY,
 
2819                     dev->dev->bus->chipco.fast_pwrup_delay);
 
2822         b43dbg(dev->wl, "Chip initialized\n");
 
2827         b43_gpio_cleanup(dev);
 
2831 static void b43_periodic_every60sec(struct b43_wldev *dev)
 
2833         const struct b43_phy_operations *ops = dev->phy.ops;
 
2835         if (ops->pwork_60sec)
 
2836                 ops->pwork_60sec(dev);
 
2838         /* Force check the TX power emission now. */
 
2839         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
 
2842 static void b43_periodic_every30sec(struct b43_wldev *dev)
 
2844         /* Update device statistics. */
 
2845         b43_calculate_link_quality(dev);
 
2848 static void b43_periodic_every15sec(struct b43_wldev *dev)
 
2850         struct b43_phy *phy = &dev->phy;
 
2853         if (dev->fw.opensource) {
 
2854                 /* Check if the firmware is still alive.
 
2855                  * It will reset the watchdog counter to 0 in its idle loop. */
 
2856                 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
 
2857                 if (unlikely(wdr)) {
 
2858                         b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
 
2859                         b43_controller_restart(dev, "Firmware watchdog");
 
2862                         b43_shm_write16(dev, B43_SHM_SCRATCH,
 
2863                                         B43_WATCHDOG_REG, 1);
 
2867         if (phy->ops->pwork_15sec)
 
2868                 phy->ops->pwork_15sec(dev);
 
2870         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
 
2874 static void do_periodic_work(struct b43_wldev *dev)
 
2878         state = dev->periodic_state;
 
2880                 b43_periodic_every60sec(dev);
 
2882                 b43_periodic_every30sec(dev);
 
2883         b43_periodic_every15sec(dev);
 
2886 /* Periodic work locking policy:
 
2887  *      The whole periodic work handler is protected by
 
2888  *      wl->mutex. If another lock is needed somewhere in the
 
2889  *      pwork callchain, it's aquired in-place, where it's needed.
 
2891 static void b43_periodic_work_handler(struct work_struct *work)
 
2893         struct b43_wldev *dev = container_of(work, struct b43_wldev,
 
2894                                              periodic_work.work);
 
2895         struct b43_wl *wl = dev->wl;
 
2896         unsigned long delay;
 
2898         mutex_lock(&wl->mutex);
 
2900         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
 
2902         if (b43_debug(dev, B43_DBG_PWORK_STOP))
 
2905         do_periodic_work(dev);
 
2907         dev->periodic_state++;
 
2909         if (b43_debug(dev, B43_DBG_PWORK_FAST))
 
2910                 delay = msecs_to_jiffies(50);
 
2912                 delay = round_jiffies_relative(HZ * 15);
 
2913         queue_delayed_work(wl->hw->workqueue, &dev->periodic_work, delay);
 
2915         mutex_unlock(&wl->mutex);
 
2918 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
 
2920         struct delayed_work *work = &dev->periodic_work;
 
2922         dev->periodic_state = 0;
 
2923         INIT_DELAYED_WORK(work, b43_periodic_work_handler);
 
2924         queue_delayed_work(dev->wl->hw->workqueue, work, 0);
 
2927 /* Check if communication with the device works correctly. */
 
2928 static int b43_validate_chipaccess(struct b43_wldev *dev)
 
2932         backup = b43_shm_read32(dev, B43_SHM_SHARED, 0);
 
2934         /* Check for read/write and endianness problems. */
 
2935         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
 
2936         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
 
2938         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
 
2939         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
 
2942         b43_shm_write32(dev, B43_SHM_SHARED, 0, backup);
 
2944         if ((dev->dev->id.revision >= 3) && (dev->dev->id.revision <= 10)) {
 
2945                 /* The 32bit register shadows the two 16bit registers
 
2946                  * with update sideeffects. Validate this. */
 
2947                 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
 
2948                 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
 
2949                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
 
2951                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
 
2954         b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
 
2956         v = b43_read32(dev, B43_MMIO_MACCTL);
 
2957         v |= B43_MACCTL_GMODE;
 
2958         if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
 
2963         b43err(dev->wl, "Failed to validate the chipaccess\n");
 
2967 static void b43_security_init(struct b43_wldev *dev)
 
2969         dev->max_nr_keys = (dev->dev->id.revision >= 5) ? 58 : 20;
 
2970         B43_WARN_ON(dev->max_nr_keys > ARRAY_SIZE(dev->key));
 
2971         dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
 
2972         /* KTP is a word address, but we address SHM bytewise.
 
2973          * So multiply by two.
 
2976         if (dev->dev->id.revision >= 5) {
 
2977                 /* Number of RCMTA address slots */
 
2978                 b43_write16(dev, B43_MMIO_RCMTA_COUNT, dev->max_nr_keys - 8);
 
2980         b43_clear_keys(dev);
 
2983 static int b43_rng_read(struct hwrng *rng, u32 *data)
 
2985         struct b43_wl *wl = (struct b43_wl *)rng->priv;
 
2986         unsigned long flags;
 
2988         /* Don't take wl->mutex here, as it could deadlock with
 
2989          * hwrng internal locking. It's not needed to take
 
2990          * wl->mutex here, anyway. */
 
2992         spin_lock_irqsave(&wl->irq_lock, flags);
 
2993         *data = b43_read16(wl->current_dev, B43_MMIO_RNG);
 
2994         spin_unlock_irqrestore(&wl->irq_lock, flags);
 
2996         return (sizeof(u16));
 
2999 static void b43_rng_exit(struct b43_wl *wl)
 
3001         if (wl->rng_initialized)
 
3002                 hwrng_unregister(&wl->rng);
 
3005 static int b43_rng_init(struct b43_wl *wl)
 
3009         snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
 
3010                  "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
 
3011         wl->rng.name = wl->rng_name;
 
3012         wl->rng.data_read = b43_rng_read;
 
3013         wl->rng.priv = (unsigned long)wl;
 
3014         wl->rng_initialized = 1;
 
3015         err = hwrng_register(&wl->rng);
 
3017                 wl->rng_initialized = 0;
 
3018                 b43err(wl, "Failed to register the random "
 
3019                        "number generator (%d)\n", err);
 
3025 static int b43_op_tx(struct ieee80211_hw *hw,
 
3026                      struct sk_buff *skb)
 
3028         struct b43_wl *wl = hw_to_b43_wl(hw);
 
3029         struct b43_wldev *dev = wl->current_dev;
 
3030         unsigned long flags;
 
3033         if (unlikely(skb->len < 2 + 2 + 6)) {
 
3034                 /* Too short, this can't be a valid frame. */
 
3037         B43_WARN_ON(skb_shinfo(skb)->nr_frags);
 
3041         /* Transmissions on seperate queues can run concurrently. */
 
3042         read_lock_irqsave(&wl->tx_lock, flags);
 
3045         if (likely(b43_status(dev) >= B43_STAT_STARTED)) {
 
3046                 if (b43_using_pio_transfers(dev))
 
3047                         err = b43_pio_tx(dev, skb);
 
3049                         err = b43_dma_tx(dev, skb);
 
3052         read_unlock_irqrestore(&wl->tx_lock, flags);
 
3056         return NETDEV_TX_OK;
 
3059         /* We can not transmit this packet. Drop it. */
 
3060         dev_kfree_skb_any(skb);
 
3061         return NETDEV_TX_OK;
 
3064 /* Locking: wl->irq_lock */
 
3065 static void b43_qos_params_upload(struct b43_wldev *dev,
 
3066                                   const struct ieee80211_tx_queue_params *p,
 
3069         u16 params[B43_NR_QOSPARAMS];
 
3073         bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
 
3075         memset(¶ms, 0, sizeof(params));
 
3077         params[B43_QOSPARAM_TXOP] = p->txop * 32;
 
3078         params[B43_QOSPARAM_CWMIN] = p->cw_min;
 
3079         params[B43_QOSPARAM_CWMAX] = p->cw_max;
 
3080         params[B43_QOSPARAM_CWCUR] = p->cw_min;
 
3081         params[B43_QOSPARAM_AIFS] = p->aifs;
 
3082         params[B43_QOSPARAM_BSLOTS] = bslots;
 
3083         params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
 
3085         for (i = 0; i < ARRAY_SIZE(params); i++) {
 
3086                 if (i == B43_QOSPARAM_STATUS) {
 
3087                         tmp = b43_shm_read16(dev, B43_SHM_SHARED,
 
3088                                              shm_offset + (i * 2));
 
3089                         /* Mark the parameters as updated. */
 
3091                         b43_shm_write16(dev, B43_SHM_SHARED,
 
3092                                         shm_offset + (i * 2),
 
3095                         b43_shm_write16(dev, B43_SHM_SHARED,
 
3096                                         shm_offset + (i * 2),
 
3102 /* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
 
3103 static const u16 b43_qos_shm_offsets[] = {
 
3104         /* [mac80211-queue-nr] = SHM_OFFSET, */
 
3105         [0] = B43_QOS_VOICE,
 
3106         [1] = B43_QOS_VIDEO,
 
3107         [2] = B43_QOS_BESTEFFORT,
 
3108         [3] = B43_QOS_BACKGROUND,
 
3111 /* Update all QOS parameters in hardware. */
 
3112 static void b43_qos_upload_all(struct b43_wldev *dev)
 
3114         struct b43_wl *wl = dev->wl;
 
3115         struct b43_qos_params *params;
 
3118         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
 
3119                      ARRAY_SIZE(wl->qos_params));
 
3121         b43_mac_suspend(dev);
 
3122         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
 
3123                 params = &(wl->qos_params[i]);
 
3124                 b43_qos_params_upload(dev, &(params->p),
 
3125                                       b43_qos_shm_offsets[i]);
 
3127         b43_mac_enable(dev);
 
3130 static void b43_qos_clear(struct b43_wl *wl)
 
3132         struct b43_qos_params *params;
 
3135         /* Initialize QoS parameters to sane defaults. */
 
3137         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
 
3138                      ARRAY_SIZE(wl->qos_params));
 
3140         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
 
3141                 params = &(wl->qos_params[i]);
 
3143                 switch (b43_qos_shm_offsets[i]) {
 
3147                         params->p.cw_min = 0x0001;
 
3148                         params->p.cw_max = 0x0001;
 
3153                         params->p.cw_min = 0x0001;
 
3154                         params->p.cw_max = 0x0001;
 
3156                 case B43_QOS_BESTEFFORT:
 
3159                         params->p.cw_min = 0x0001;
 
3160                         params->p.cw_max = 0x03FF;
 
3162                 case B43_QOS_BACKGROUND:
 
3165                         params->p.cw_min = 0x0001;
 
3166                         params->p.cw_max = 0x03FF;
 
3174 /* Initialize the core's QOS capabilities */
 
3175 static void b43_qos_init(struct b43_wldev *dev)
 
3177         /* Upload the current QOS parameters. */
 
3178         b43_qos_upload_all(dev);
 
3180         /* Enable QOS support. */
 
3181         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
 
3182         b43_write16(dev, B43_MMIO_IFSCTL,
 
3183                     b43_read16(dev, B43_MMIO_IFSCTL)
 
3184                     | B43_MMIO_IFSCTL_USE_EDCF);
 
3187 static int b43_op_conf_tx(struct ieee80211_hw *hw, u16 _queue,
 
3188                           const struct ieee80211_tx_queue_params *params)
 
3190         struct b43_wl *wl = hw_to_b43_wl(hw);
 
3191         struct b43_wldev *dev;
 
3192         unsigned int queue = (unsigned int)_queue;
 
3195         if (queue >= ARRAY_SIZE(wl->qos_params)) {
 
3196                 /* Queue not available or don't support setting
 
3197                  * params on this queue. Return success to not
 
3198                  * confuse mac80211. */
 
3201         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
 
3202                      ARRAY_SIZE(wl->qos_params));
 
3204         mutex_lock(&wl->mutex);
 
3205         dev = wl->current_dev;
 
3206         if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
 
3209         memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
 
3210         b43_mac_suspend(dev);
 
3211         b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
 
3212                               b43_qos_shm_offsets[queue]);
 
3213         b43_mac_enable(dev);
 
3217         mutex_unlock(&wl->mutex);
 
3222 static int b43_op_get_tx_stats(struct ieee80211_hw *hw,
 
3223                                struct ieee80211_tx_queue_stats *stats)
 
3225         struct b43_wl *wl = hw_to_b43_wl(hw);
 
3226         struct b43_wldev *dev = wl->current_dev;
 
3227         unsigned long flags;
 
3232         spin_lock_irqsave(&wl->irq_lock, flags);
 
3233         if (likely(b43_status(dev) >= B43_STAT_STARTED)) {
 
3234                 if (b43_using_pio_transfers(dev))
 
3235                         b43_pio_get_tx_stats(dev, stats);
 
3237                         b43_dma_get_tx_stats(dev, stats);
 
3240         spin_unlock_irqrestore(&wl->irq_lock, flags);
 
3245 static int b43_op_get_stats(struct ieee80211_hw *hw,
 
3246                             struct ieee80211_low_level_stats *stats)
 
3248         struct b43_wl *wl = hw_to_b43_wl(hw);
 
3249         unsigned long flags;
 
3251         spin_lock_irqsave(&wl->irq_lock, flags);
 
3252         memcpy(stats, &wl->ieee_stats, sizeof(*stats));
 
3253         spin_unlock_irqrestore(&wl->irq_lock, flags);
 
3258 static u64 b43_op_get_tsf(struct ieee80211_hw *hw)
 
3260         struct b43_wl *wl = hw_to_b43_wl(hw);
 
3261         struct b43_wldev *dev;
 
3264         mutex_lock(&wl->mutex);
 
3265         spin_lock_irq(&wl->irq_lock);
 
3266         dev = wl->current_dev;
 
3268         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
 
3269                 b43_tsf_read(dev, &tsf);
 
3273         spin_unlock_irq(&wl->irq_lock);
 
3274         mutex_unlock(&wl->mutex);
 
3279 static void b43_op_set_tsf(struct ieee80211_hw *hw, u64 tsf)
 
3281         struct b43_wl *wl = hw_to_b43_wl(hw);
 
3282         struct b43_wldev *dev;
 
3284         mutex_lock(&wl->mutex);
 
3285         spin_lock_irq(&wl->irq_lock);
 
3286         dev = wl->current_dev;
 
3288         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
 
3289                 b43_tsf_write(dev, tsf);
 
3291         spin_unlock_irq(&wl->irq_lock);
 
3292         mutex_unlock(&wl->mutex);
 
3295 static void b43_put_phy_into_reset(struct b43_wldev *dev)
 
3297         struct ssb_device *sdev = dev->dev;
 
3300         tmslow = ssb_read32(sdev, SSB_TMSLOW);
 
3301         tmslow &= ~B43_TMSLOW_GMODE;
 
3302         tmslow |= B43_TMSLOW_PHYRESET;
 
3303         tmslow |= SSB_TMSLOW_FGC;
 
3304         ssb_write32(sdev, SSB_TMSLOW, tmslow);
 
3307         tmslow = ssb_read32(sdev, SSB_TMSLOW);
 
3308         tmslow &= ~SSB_TMSLOW_FGC;
 
3309         tmslow |= B43_TMSLOW_PHYRESET;
 
3310         ssb_write32(sdev, SSB_TMSLOW, tmslow);
 
3314 static const char *band_to_string(enum ieee80211_band band)
 
3317         case IEEE80211_BAND_5GHZ:
 
3319         case IEEE80211_BAND_2GHZ:
 
3328 /* Expects wl->mutex locked */
 
3329 static int b43_switch_band(struct b43_wl *wl, struct ieee80211_channel *chan)
 
3331         struct b43_wldev *up_dev = NULL;
 
3332         struct b43_wldev *down_dev;
 
3333         struct b43_wldev *d;
 
3335         bool uninitialized_var(gmode);
 
3338         /* Find a device and PHY which supports the band. */
 
3339         list_for_each_entry(d, &wl->devlist, list) {
 
3340                 switch (chan->band) {
 
3341                 case IEEE80211_BAND_5GHZ:
 
3342                         if (d->phy.supports_5ghz) {
 
3347                 case IEEE80211_BAND_2GHZ:
 
3348                         if (d->phy.supports_2ghz) {
 
3361                 b43err(wl, "Could not find a device for %s-GHz band operation\n",
 
3362                        band_to_string(chan->band));
 
3365         if ((up_dev == wl->current_dev) &&
 
3366             (!!wl->current_dev->phy.gmode == !!gmode)) {
 
3367                 /* This device is already running. */
 
3370         b43dbg(wl, "Switching to %s-GHz band\n",
 
3371                band_to_string(chan->band));
 
3372         down_dev = wl->current_dev;
 
3374         prev_status = b43_status(down_dev);
 
3375         /* Shutdown the currently running core. */
 
3376         if (prev_status >= B43_STAT_STARTED)
 
3377                 b43_wireless_core_stop(down_dev);
 
3378         if (prev_status >= B43_STAT_INITIALIZED)
 
3379                 b43_wireless_core_exit(down_dev);
 
3381         if (down_dev != up_dev) {
 
3382                 /* We switch to a different core, so we put PHY into
 
3383                  * RESET on the old core. */
 
3384                 b43_put_phy_into_reset(down_dev);
 
3387         /* Now start the new core. */
 
3388         up_dev->phy.gmode = gmode;
 
3389         if (prev_status >= B43_STAT_INITIALIZED) {
 
3390                 err = b43_wireless_core_init(up_dev);
 
3392                         b43err(wl, "Fatal: Could not initialize device for "
 
3393                                "selected %s-GHz band\n",
 
3394                                band_to_string(chan->band));
 
3398         if (prev_status >= B43_STAT_STARTED) {
 
3399                 err = b43_wireless_core_start(up_dev);
 
3401                         b43err(wl, "Fatal: Coult not start device for "
 
3402                                "selected %s-GHz band\n",
 
3403                                band_to_string(chan->band));
 
3404                         b43_wireless_core_exit(up_dev);
 
3408         B43_WARN_ON(b43_status(up_dev) != prev_status);
 
3410         wl->current_dev = up_dev;
 
3414         /* Whoops, failed to init the new core. No core is operating now. */
 
3415         wl->current_dev = NULL;
 
3419 /* Write the short and long frame retry limit values. */
 
3420 static void b43_set_retry_limits(struct b43_wldev *dev,
 
3421                                  unsigned int short_retry,
 
3422                                  unsigned int long_retry)
 
3424         /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
 
3425          * the chip-internal counter. */
 
3426         short_retry = min(short_retry, (unsigned int)0xF);
 
3427         long_retry = min(long_retry, (unsigned int)0xF);
 
3429         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
 
3431         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
 
3435 static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
 
3437         struct b43_wl *wl = hw_to_b43_wl(hw);
 
3438         struct b43_wldev *dev;
 
3439         struct b43_phy *phy;
 
3440         struct ieee80211_conf *conf = &hw->conf;
 
3441         unsigned long flags;
 
3445         mutex_lock(&wl->mutex);
 
3447         /* Switch the band (if necessary). This might change the active core. */
 
3448         err = b43_switch_band(wl, conf->channel);
 
3450                 goto out_unlock_mutex;
 
3451         dev = wl->current_dev;
 
3454         b43_mac_suspend(dev);
 
3456         if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
 
3457                 b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
 
3458                                           conf->long_frame_max_tx_count);
 
3459         changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
 
3461                 goto out_mac_enable;
 
3463         /* Switch to the requested channel.
 
3464          * The firmware takes care of races with the TX handler. */
 
3465         if (conf->channel->hw_value != phy->channel)
 
3466                 b43_switch_channel(dev, conf->channel->hw_value);
 
3468         dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_RADIOTAP);
 
3470         /* Adjust the desired TX power level. */
 
3471         if (conf->power_level != 0) {
 
3472                 spin_lock_irqsave(&wl->irq_lock, flags);
 
3473                 if (conf->power_level != phy->desired_txpower) {
 
3474                         phy->desired_txpower = conf->power_level;
 
3475                         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
 
3476                                                    B43_TXPWR_IGNORE_TSSI);
 
3478                 spin_unlock_irqrestore(&wl->irq_lock, flags);
 
3481         /* Antennas for RX and management frame TX. */
 
3482         antenna = B43_ANTENNA_DEFAULT;
 
3483         b43_mgmtframe_txantenna(dev, antenna);
 
3484         antenna = B43_ANTENNA_DEFAULT;
 
3485         if (phy->ops->set_rx_antenna)
 
3486                 phy->ops->set_rx_antenna(dev, antenna);
 
3488         /* Update templates for AP/mesh mode. */
 
3489         if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
 
3490             b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
 
3491                 b43_set_beacon_int(dev, conf->beacon_int);
 
3493         if (!!conf->radio_enabled != phy->radio_on) {
 
3494                 if (conf->radio_enabled) {
 
3495                         b43_software_rfkill(dev, RFKILL_STATE_UNBLOCKED);
 
3496                         b43info(dev->wl, "Radio turned on by software\n");
 
3497                         if (!dev->radio_hw_enable) {
 
3498                                 b43info(dev->wl, "The hardware RF-kill button "
 
3499                                         "still turns the radio physically off. "
 
3500                                         "Press the button to turn it on.\n");
 
3503                         b43_software_rfkill(dev, RFKILL_STATE_SOFT_BLOCKED);
 
3504                         b43info(dev->wl, "Radio turned off by software\n");
 
3509         b43_mac_enable(dev);
 
3511         mutex_unlock(&wl->mutex);
 
3516 static void b43_update_basic_rates(struct b43_wldev *dev, u32 brates)
 
3518         struct ieee80211_supported_band *sband =
 
3519                 dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
 
3520         struct ieee80211_rate *rate;
 
3522         u16 basic, direct, offset, basic_offset, rateptr;
 
3524         for (i = 0; i < sband->n_bitrates; i++) {
 
3525                 rate = &sband->bitrates[i];
 
3527                 if (b43_is_cck_rate(rate->hw_value)) {
 
3528                         direct = B43_SHM_SH_CCKDIRECT;
 
3529                         basic = B43_SHM_SH_CCKBASIC;
 
3530                         offset = b43_plcp_get_ratecode_cck(rate->hw_value);
 
3533                         direct = B43_SHM_SH_OFDMDIRECT;
 
3534                         basic = B43_SHM_SH_OFDMBASIC;
 
3535                         offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
 
3539                 rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
 
3541                 if (b43_is_cck_rate(rate->hw_value)) {
 
3542                         basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
 
3543                         basic_offset &= 0xF;
 
3545                         basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
 
3546                         basic_offset &= 0xF;
 
3550                  * Get the pointer that we need to point to
 
3551                  * from the direct map
 
3553                 rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
 
3554                                          direct + 2 * basic_offset);
 
3555                 /* and write it to the basic map */
 
3556                 b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
 
3561 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
 
3562                                     struct ieee80211_vif *vif,
 
3563                                     struct ieee80211_bss_conf *conf,
 
3566         struct b43_wl *wl = hw_to_b43_wl(hw);
 
3567         struct b43_wldev *dev;
 
3569         mutex_lock(&wl->mutex);
 
3571         dev = wl->current_dev;
 
3572         if (!dev || b43_status(dev) < B43_STAT_STARTED)
 
3573                 goto out_unlock_mutex;
 
3574         b43_mac_suspend(dev);
 
3576         if (changed & BSS_CHANGED_BASIC_RATES)
 
3577                 b43_update_basic_rates(dev, conf->basic_rates);
 
3579         if (changed & BSS_CHANGED_ERP_SLOT) {
 
3580                 if (conf->use_short_slot)
 
3581                         b43_short_slot_timing_enable(dev);
 
3583                         b43_short_slot_timing_disable(dev);
 
3586         b43_mac_enable(dev);
 
3588         mutex_unlock(&wl->mutex);
 
3593 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
 
3594                           struct ieee80211_vif *vif, struct ieee80211_sta *sta,
 
3595                           struct ieee80211_key_conf *key)
 
3597         struct b43_wl *wl = hw_to_b43_wl(hw);
 
3598         struct b43_wldev *dev;
 
3602         static const u8 bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
 
3604         if (modparam_nohwcrypt)
 
3605                 return -ENOSPC; /* User disabled HW-crypto */
 
3607         mutex_lock(&wl->mutex);
 
3608         spin_lock_irq(&wl->irq_lock);
 
3609         write_lock(&wl->tx_lock);
 
3610         /* Why do we need all this locking here?
 
3611          * mutex     -> Every config operation must take it.
 
3612          * irq_lock  -> We modify the dev->key array, which is accessed
 
3613          *              in the IRQ handlers.
 
3614          * tx_lock   -> We modify the dev->key array, which is accessed
 
3615          *              in the TX handler.
 
3618         dev = wl->current_dev;
 
3620         if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
 
3623         if (dev->fw.pcm_request_failed) {
 
3624                 /* We don't have firmware for the crypto engine.
 
3625                  * Must use software-crypto. */
 
3633                 if (key->keylen == LEN_WEP40)
 
3634                         algorithm = B43_SEC_ALGO_WEP40;
 
3636                         algorithm = B43_SEC_ALGO_WEP104;
 
3639                 algorithm = B43_SEC_ALGO_TKIP;
 
3642                 algorithm = B43_SEC_ALGO_AES;
 
3648         index = (u8) (key->keyidx);
 
3654                 if (algorithm == B43_SEC_ALGO_TKIP) {
 
3655                         /* FIXME: No TKIP hardware encryption for now. */
 
3660                 if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
 
3661                         if (WARN_ON(!sta)) {
 
3665                         /* Pairwise key with an assigned MAC address. */
 
3666                         err = b43_key_write(dev, -1, algorithm,
 
3667                                             key->key, key->keylen,
 
3671                         err = b43_key_write(dev, index, algorithm,
 
3672                                             key->key, key->keylen, NULL, key);
 
3677                 if (algorithm == B43_SEC_ALGO_WEP40 ||
 
3678                     algorithm == B43_SEC_ALGO_WEP104) {
 
3679                         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
 
3682                                      b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
 
3684                 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
 
3687                 err = b43_key_clear(dev, key->hw_key_idx);
 
3698                 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
 
3700                        cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
 
3701                        sta ? sta->addr : bcast_addr);
 
3702                 b43_dump_keymemory(dev);
 
3704         write_unlock(&wl->tx_lock);
 
3705         spin_unlock_irq(&wl->irq_lock);
 
3706         mutex_unlock(&wl->mutex);
 
3711 static void b43_op_configure_filter(struct ieee80211_hw *hw,
 
3712                                     unsigned int changed, unsigned int *fflags,
 
3713                                     int mc_count, struct dev_addr_list *mc_list)
 
3715         struct b43_wl *wl = hw_to_b43_wl(hw);
 
3716         struct b43_wldev *dev = wl->current_dev;
 
3717         unsigned long flags;
 
3724         spin_lock_irqsave(&wl->irq_lock, flags);
 
3725         *fflags &= FIF_PROMISC_IN_BSS |
 
3731                   FIF_BCN_PRBRESP_PROMISC;
 
3733         changed &= FIF_PROMISC_IN_BSS |
 
3739                    FIF_BCN_PRBRESP_PROMISC;
 
3741         wl->filter_flags = *fflags;
 
3743         if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
 
3744                 b43_adjust_opmode(dev);
 
3745         spin_unlock_irqrestore(&wl->irq_lock, flags);
 
3748 static int b43_op_config_interface(struct ieee80211_hw *hw,
 
3749                                    struct ieee80211_vif *vif,
 
3750                                    struct ieee80211_if_conf *conf)
 
3752         struct b43_wl *wl = hw_to_b43_wl(hw);
 
3753         struct b43_wldev *dev = wl->current_dev;
 
3754         unsigned long flags;
 
3758         mutex_lock(&wl->mutex);
 
3759         spin_lock_irqsave(&wl->irq_lock, flags);
 
3760         B43_WARN_ON(wl->vif != vif);
 
3762                 memcpy(wl->bssid, conf->bssid, ETH_ALEN);
 
3764                 memset(wl->bssid, 0, ETH_ALEN);
 
3765         if (b43_status(dev) >= B43_STAT_INITIALIZED) {
 
3766                 if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
 
3767                     b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT)) {
 
3768                         B43_WARN_ON(vif->type != wl->if_type);
 
3769                         if (conf->changed & IEEE80211_IFCC_BEACON)
 
3770                                 b43_update_templates(wl);
 
3771                 } else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC)) {
 
3772                         if (conf->changed & IEEE80211_IFCC_BEACON)
 
3773                                 b43_update_templates(wl);
 
3775                 b43_write_mac_bssid_templates(dev);
 
3777         spin_unlock_irqrestore(&wl->irq_lock, flags);
 
3778         mutex_unlock(&wl->mutex);
 
3783 /* Locking: wl->mutex */
 
3784 static void b43_wireless_core_stop(struct b43_wldev *dev)
 
3786         struct b43_wl *wl = dev->wl;
 
3787         unsigned long flags;
 
3789         if (b43_status(dev) < B43_STAT_STARTED)
 
3792         /* Disable and sync interrupts. We must do this before than
 
3793          * setting the status to INITIALIZED, as the interrupt handler
 
3794          * won't care about IRQs then. */
 
3795         spin_lock_irqsave(&wl->irq_lock, flags);
 
3796         dev->irq_savedstate = b43_interrupt_disable(dev, B43_IRQ_ALL);
 
3797         b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* flush */
 
3798         spin_unlock_irqrestore(&wl->irq_lock, flags);
 
3799         b43_synchronize_irq(dev);
 
3801         write_lock_irqsave(&wl->tx_lock, flags);
 
3802         b43_set_status(dev, B43_STAT_INITIALIZED);
 
3803         write_unlock_irqrestore(&wl->tx_lock, flags);
 
3806         mutex_unlock(&wl->mutex);
 
3807         /* Must unlock as it would otherwise deadlock. No races here.
 
3808          * Cancel the possibly running self-rearming periodic work. */
 
3809         cancel_delayed_work_sync(&dev->periodic_work);
 
3810         mutex_lock(&wl->mutex);
 
3812         b43_mac_suspend(dev);
 
3813         free_irq(dev->dev->irq, dev);
 
3814         b43dbg(wl, "Wireless interface stopped\n");
 
3817 /* Locking: wl->mutex */
 
3818 static int b43_wireless_core_start(struct b43_wldev *dev)
 
3822         B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
 
3824         drain_txstatus_queue(dev);
 
3825         err = request_irq(dev->dev->irq, b43_interrupt_handler,
 
3826                           IRQF_SHARED, KBUILD_MODNAME, dev);
 
3828                 b43err(dev->wl, "Cannot request IRQ-%d\n", dev->dev->irq);
 
3832         /* We are ready to run. */
 
3833         b43_set_status(dev, B43_STAT_STARTED);
 
3835         /* Start data flow (TX/RX). */
 
3836         b43_mac_enable(dev);
 
3837         b43_interrupt_enable(dev, dev->irq_savedstate);
 
3839         /* Start maintainance work */
 
3840         b43_periodic_tasks_setup(dev);
 
3842         b43dbg(dev->wl, "Wireless interface started\n");
 
3847 /* Get PHY and RADIO versioning numbers */
 
3848 static int b43_phy_versioning(struct b43_wldev *dev)
 
3850         struct b43_phy *phy = &dev->phy;
 
3858         int unsupported = 0;
 
3860         /* Get PHY versioning */
 
3861         tmp = b43_read16(dev, B43_MMIO_PHY_VER);
 
3862         analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
 
3863         phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
 
3864         phy_rev = (tmp & B43_PHYVER_VERSION);
 
3871                 if (phy_rev != 2 && phy_rev != 4 && phy_rev != 6
 
3879 #ifdef CONFIG_B43_NPHY
 
3885 #ifdef CONFIG_B43_PHY_LP
 
3886         case B43_PHYTYPE_LP:
 
3895                 b43err(dev->wl, "FOUND UNSUPPORTED PHY "
 
3896                        "(Analog %u, Type %u, Revision %u)\n",
 
3897                        analog_type, phy_type, phy_rev);
 
3900         b43dbg(dev->wl, "Found PHY: Analog %u, Type %u, Revision %u\n",
 
3901                analog_type, phy_type, phy_rev);
 
3903         /* Get RADIO versioning */
 
3904         if (dev->dev->bus->chip_id == 0x4317) {
 
3905                 if (dev->dev->bus->chip_rev == 0)
 
3907                 else if (dev->dev->bus->chip_rev == 1)
 
3912                 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
 
3913                 tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
 
3914                 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
 
3915                 tmp |= (u32)b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH) << 16;
 
3917         radio_manuf = (tmp & 0x00000FFF);
 
3918         radio_ver = (tmp & 0x0FFFF000) >> 12;
 
3919         radio_rev = (tmp & 0xF0000000) >> 28;
 
3920         if (radio_manuf != 0x17F /* Broadcom */)
 
3924                 if (radio_ver != 0x2060)
 
3928                 if (radio_manuf != 0x17F)
 
3932                 if ((radio_ver & 0xFFF0) != 0x2050)
 
3936                 if (radio_ver != 0x2050)
 
3940                 if (radio_ver != 0x2055 && radio_ver != 0x2056)
 
3943         case B43_PHYTYPE_LP:
 
3944                 if (radio_ver != 0x2062)
 
3951                 b43err(dev->wl, "FOUND UNSUPPORTED RADIO "
 
3952                        "(Manuf 0x%X, Version 0x%X, Revision %u)\n",
 
3953                        radio_manuf, radio_ver, radio_rev);
 
3956         b43dbg(dev->wl, "Found Radio: Manuf 0x%X, Version 0x%X, Revision %u\n",
 
3957                radio_manuf, radio_ver, radio_rev);
 
3959         phy->radio_manuf = radio_manuf;
 
3960         phy->radio_ver = radio_ver;
 
3961         phy->radio_rev = radio_rev;
 
3963         phy->analog = analog_type;
 
3964         phy->type = phy_type;
 
3970 static void setup_struct_phy_for_init(struct b43_wldev *dev,
 
3971                                       struct b43_phy *phy)
 
3973         phy->hardware_power_control = !!modparam_hwpctl;
 
3974         phy->next_txpwr_check_time = jiffies;
 
3975         /* PHY TX errors counter. */
 
3976         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
 
3979 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
 
3983         /* Assume the radio is enabled. If it's not enabled, the state will
 
3984          * immediately get fixed on the first periodic work run. */
 
3985         dev->radio_hw_enable = 1;
 
3988         memset(&dev->stats, 0, sizeof(dev->stats));
 
3990         setup_struct_phy_for_init(dev, &dev->phy);
 
3992         /* IRQ related flags */
 
3993         dev->irq_reason = 0;
 
3994         memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
 
3995         dev->irq_savedstate = B43_IRQ_MASKTEMPLATE;
 
3996         if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
 
3997                 dev->irq_savedstate &= ~B43_IRQ_PHY_TXERR;
 
3999         dev->mac_suspended = 1;
 
4001         /* Noise calculation context */
 
4002         memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
 
4005 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
 
4007         struct ssb_sprom *sprom = &dev->dev->bus->sprom;
 
4010         if (!modparam_btcoex)
 
4012         if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
 
4014         if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
 
4017         hf = b43_hf_read(dev);
 
4018         if (sprom->boardflags_lo & B43_BFL_BTCMOD)
 
4019                 hf |= B43_HF_BTCOEXALT;
 
4021                 hf |= B43_HF_BTCOEX;
 
4022         b43_hf_write(dev, hf);
 
4025 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
 
4027         if (!modparam_btcoex)
 
4032 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
 
4034 #ifdef CONFIG_SSB_DRIVER_PCICORE
 
4035         struct ssb_bus *bus = dev->dev->bus;
 
4038         if (bus->pcicore.dev &&
 
4039             bus->pcicore.dev->id.coreid == SSB_DEV_PCI &&
 
4040             bus->pcicore.dev->id.revision <= 5) {
 
4041                 /* IMCFGLO timeouts workaround. */
 
4042                 tmp = ssb_read32(dev->dev, SSB_IMCFGLO);
 
4043                 tmp &= ~SSB_IMCFGLO_REQTO;
 
4044                 tmp &= ~SSB_IMCFGLO_SERTO;
 
4045                 switch (bus->bustype) {
 
4046                 case SSB_BUSTYPE_PCI:
 
4047                 case SSB_BUSTYPE_PCMCIA:
 
4050                 case SSB_BUSTYPE_SSB:
 
4054                 ssb_write32(dev->dev, SSB_IMCFGLO, tmp);
 
4056 #endif /* CONFIG_SSB_DRIVER_PCICORE */
 
4059 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
 
4063         /* The time value is in microseconds. */
 
4064         if (dev->phy.type == B43_PHYTYPE_A)
 
4068         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
 
4070         if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
 
4071                 pu_delay = max(pu_delay, (u16)2400);
 
4073         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
 
4076 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
 
4077 static void b43_set_pretbtt(struct b43_wldev *dev)
 
4081         /* The time value is in microseconds. */
 
4082         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC)) {
 
4085                 if (dev->phy.type == B43_PHYTYPE_A)
 
4090         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
 
4091         b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
 
4094 /* Shutdown a wireless core */
 
4095 /* Locking: wl->mutex */
 
4096 static void b43_wireless_core_exit(struct b43_wldev *dev)
 
4100         B43_WARN_ON(b43_status(dev) > B43_STAT_INITIALIZED);
 
4101         if (b43_status(dev) != B43_STAT_INITIALIZED)
 
4103         b43_set_status(dev, B43_STAT_UNINIT);
 
4105         /* Stop the microcode PSM. */
 
4106         macctl = b43_read32(dev, B43_MMIO_MACCTL);
 
4107         macctl &= ~B43_MACCTL_PSM_RUN;
 
4108         macctl |= B43_MACCTL_PSM_JMP0;
 
4109         b43_write32(dev, B43_MMIO_MACCTL, macctl);
 
4111         if (!dev->suspend_in_progress) {
 
4113                 b43_rng_exit(dev->wl);
 
4118         dev->phy.ops->switch_analog(dev, 0);
 
4119         if (dev->wl->current_beacon) {
 
4120                 dev_kfree_skb_any(dev->wl->current_beacon);
 
4121                 dev->wl->current_beacon = NULL;
 
4124         ssb_device_disable(dev->dev, 0);
 
4125         ssb_bus_may_powerdown(dev->dev->bus);
 
4128 /* Initialize a wireless core */
 
4129 static int b43_wireless_core_init(struct b43_wldev *dev)
 
4131         struct b43_wl *wl = dev->wl;
 
4132         struct ssb_bus *bus = dev->dev->bus;
 
4133         struct ssb_sprom *sprom = &bus->sprom;
 
4134         struct b43_phy *phy = &dev->phy;
 
4139         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
 
4141         err = ssb_bus_powerup(bus, 0);
 
4144         if (!ssb_device_is_enabled(dev->dev)) {
 
4145                 tmp = phy->gmode ? B43_TMSLOW_GMODE : 0;
 
4146                 b43_wireless_core_reset(dev, tmp);
 
4149         /* Reset all data structures. */
 
4150         setup_struct_wldev_for_init(dev);
 
4151         phy->ops->prepare_structs(dev);
 
4153         /* Enable IRQ routing to this device. */
 
4154         ssb_pcicore_dev_irqvecs_enable(&bus->pcicore, dev->dev);
 
4156         b43_imcfglo_timeouts_workaround(dev);
 
4157         b43_bluetooth_coext_disable(dev);
 
4158         if (phy->ops->prepare_hardware) {
 
4159                 err = phy->ops->prepare_hardware(dev);
 
4163         err = b43_chip_init(dev);
 
4166         b43_shm_write16(dev, B43_SHM_SHARED,
 
4167                         B43_SHM_SH_WLCOREREV, dev->dev->id.revision);
 
4168         hf = b43_hf_read(dev);
 
4169         if (phy->type == B43_PHYTYPE_G) {
 
4173                 if (sprom->boardflags_lo & B43_BFL_PACTRL)
 
4174                         hf |= B43_HF_OFDMPABOOST;
 
4176         if (phy->radio_ver == 0x2050) {
 
4177                 if (phy->radio_rev == 6)
 
4178                         hf |= B43_HF_4318TSSI;
 
4179                 if (phy->radio_rev < 6)
 
4180                         hf |= B43_HF_VCORECALC;
 
4182         if (sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW)
 
4183                 hf |= B43_HF_DSCRQ; /* Disable slowclock requests from ucode. */
 
4184 #ifdef CONFIG_SSB_DRIVER_PCICORE
 
4185         if ((bus->bustype == SSB_BUSTYPE_PCI) &&
 
4186             (bus->pcicore.dev->id.revision <= 10))
 
4187                 hf |= B43_HF_PCISCW; /* PCI slow clock workaround. */
 
4189         hf &= ~B43_HF_SKCFPUP;
 
4190         b43_hf_write(dev, hf);
 
4192         b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
 
4193                              B43_DEFAULT_LONG_RETRY_LIMIT);
 
4194         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
 
4195         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
 
4197         /* Disable sending probe responses from firmware.
 
4198          * Setting the MaxTime to one usec will always trigger
 
4199          * a timeout, so we never send any probe resp.
 
4200          * A timeout of zero is infinite. */
 
4201         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
 
4203         b43_rate_memory_init(dev);
 
4204         b43_set_phytxctl_defaults(dev);
 
4206         /* Minimum Contention Window */
 
4207         if (phy->type == B43_PHYTYPE_B) {
 
4208                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
 
4210                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
 
4212         /* Maximum Contention Window */
 
4213         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
 
4215         if ((dev->dev->bus->bustype == SSB_BUSTYPE_PCMCIA) || B43_FORCE_PIO) {
 
4216                 dev->__using_pio_transfers = 1;
 
4217                 err = b43_pio_init(dev);
 
4219                 dev->__using_pio_transfers = 0;
 
4220                 err = b43_dma_init(dev);
 
4225         b43_set_synth_pu_delay(dev, 1);
 
4226         b43_bluetooth_coext_enable(dev);
 
4228         ssb_bus_powerup(bus, !(sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW));
 
4229         b43_upload_card_macaddress(dev);
 
4230         b43_security_init(dev);
 
4231         if (!dev->suspend_in_progress)
 
4234         b43_set_status(dev, B43_STAT_INITIALIZED);
 
4236         if (!dev->suspend_in_progress)
 
4244         ssb_bus_may_powerdown(bus);
 
4245         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
 
4249 static int b43_op_add_interface(struct ieee80211_hw *hw,
 
4250                                 struct ieee80211_if_init_conf *conf)
 
4252         struct b43_wl *wl = hw_to_b43_wl(hw);
 
4253         struct b43_wldev *dev;
 
4254         unsigned long flags;
 
4255         int err = -EOPNOTSUPP;
 
4257         /* TODO: allow WDS/AP devices to coexist */
 
4259         if (conf->type != NL80211_IFTYPE_AP &&
 
4260             conf->type != NL80211_IFTYPE_MESH_POINT &&
 
4261             conf->type != NL80211_IFTYPE_STATION &&
 
4262             conf->type != NL80211_IFTYPE_WDS &&
 
4263             conf->type != NL80211_IFTYPE_ADHOC)
 
4266         mutex_lock(&wl->mutex);
 
4268                 goto out_mutex_unlock;
 
4270         b43dbg(wl, "Adding Interface type %d\n", conf->type);
 
4272         dev = wl->current_dev;
 
4274         wl->vif = conf->vif;
 
4275         wl->if_type = conf->type;
 
4276         memcpy(wl->mac_addr, conf->mac_addr, ETH_ALEN);
 
4278         spin_lock_irqsave(&wl->irq_lock, flags);
 
4279         b43_adjust_opmode(dev);
 
4280         b43_set_pretbtt(dev);
 
4281         b43_set_synth_pu_delay(dev, 0);
 
4282         b43_upload_card_macaddress(dev);
 
4283         spin_unlock_irqrestore(&wl->irq_lock, flags);
 
4287         mutex_unlock(&wl->mutex);
 
4292 static void b43_op_remove_interface(struct ieee80211_hw *hw,
 
4293                                     struct ieee80211_if_init_conf *conf)
 
4295         struct b43_wl *wl = hw_to_b43_wl(hw);
 
4296         struct b43_wldev *dev = wl->current_dev;
 
4297         unsigned long flags;
 
4299         b43dbg(wl, "Removing Interface type %d\n", conf->type);
 
4301         mutex_lock(&wl->mutex);
 
4303         B43_WARN_ON(!wl->operating);
 
4304         B43_WARN_ON(wl->vif != conf->vif);
 
4309         spin_lock_irqsave(&wl->irq_lock, flags);
 
4310         b43_adjust_opmode(dev);
 
4311         memset(wl->mac_addr, 0, ETH_ALEN);
 
4312         b43_upload_card_macaddress(dev);
 
4313         spin_unlock_irqrestore(&wl->irq_lock, flags);
 
4315         mutex_unlock(&wl->mutex);
 
4318 static int b43_op_start(struct ieee80211_hw *hw)
 
4320         struct b43_wl *wl = hw_to_b43_wl(hw);
 
4321         struct b43_wldev *dev = wl->current_dev;
 
4324         bool do_rfkill_exit = 0;
 
4326         /* Kill all old instance specific information to make sure
 
4327          * the card won't use it in the short timeframe between start
 
4328          * and mac80211 reconfiguring it. */
 
4329         memset(wl->bssid, 0, ETH_ALEN);
 
4330         memset(wl->mac_addr, 0, ETH_ALEN);
 
4331         wl->filter_flags = 0;
 
4332         wl->radiotap_enabled = 0;
 
4334         wl->beacon0_uploaded = 0;
 
4335         wl->beacon1_uploaded = 0;
 
4336         wl->beacon_templates_virgin = 1;
 
4338         /* First register RFkill.
 
4339          * LEDs that are registered later depend on it. */
 
4340         b43_rfkill_init(dev);
 
4342         mutex_lock(&wl->mutex);
 
4344         if (b43_status(dev) < B43_STAT_INITIALIZED) {
 
4345                 err = b43_wireless_core_init(dev);
 
4348                         goto out_mutex_unlock;
 
4353         if (b43_status(dev) < B43_STAT_STARTED) {
 
4354                 err = b43_wireless_core_start(dev);
 
4357                                 b43_wireless_core_exit(dev);
 
4359                         goto out_mutex_unlock;
 
4364         mutex_unlock(&wl->mutex);
 
4367                 b43_rfkill_exit(dev);
 
4372 static void b43_op_stop(struct ieee80211_hw *hw)
 
4374         struct b43_wl *wl = hw_to_b43_wl(hw);
 
4375         struct b43_wldev *dev = wl->current_dev;
 
4377         b43_rfkill_exit(dev);
 
4378         cancel_work_sync(&(wl->beacon_update_trigger));
 
4380         mutex_lock(&wl->mutex);
 
4381         if (b43_status(dev) >= B43_STAT_STARTED)
 
4382                 b43_wireless_core_stop(dev);
 
4383         b43_wireless_core_exit(dev);
 
4384         mutex_unlock(&wl->mutex);
 
4386         cancel_work_sync(&(wl->txpower_adjust_work));
 
4389 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
 
4390                                  struct ieee80211_sta *sta, bool set)
 
4392         struct b43_wl *wl = hw_to_b43_wl(hw);
 
4393         unsigned long flags;
 
4395         spin_lock_irqsave(&wl->irq_lock, flags);
 
4396         b43_update_templates(wl);
 
4397         spin_unlock_irqrestore(&wl->irq_lock, flags);
 
4402 static void b43_op_sta_notify(struct ieee80211_hw *hw,
 
4403                               struct ieee80211_vif *vif,
 
4404                               enum sta_notify_cmd notify_cmd,
 
4405                               struct ieee80211_sta *sta)
 
4407         struct b43_wl *wl = hw_to_b43_wl(hw);
 
4409         B43_WARN_ON(!vif || wl->vif != vif);
 
4412 static void b43_op_sw_scan_start_notifier(struct ieee80211_hw *hw)
 
4414         struct b43_wl *wl = hw_to_b43_wl(hw);
 
4415         struct b43_wldev *dev;
 
4417         mutex_lock(&wl->mutex);
 
4418         dev = wl->current_dev;
 
4419         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
 
4420                 /* Disable CFP update during scan on other channels. */
 
4421                 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_SKCFPUP);
 
4423         mutex_unlock(&wl->mutex);
 
4426 static void b43_op_sw_scan_complete_notifier(struct ieee80211_hw *hw)
 
4428         struct b43_wl *wl = hw_to_b43_wl(hw);
 
4429         struct b43_wldev *dev;
 
4431         mutex_lock(&wl->mutex);
 
4432         dev = wl->current_dev;
 
4433         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
 
4434                 /* Re-enable CFP update. */
 
4435                 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_SKCFPUP);
 
4437         mutex_unlock(&wl->mutex);
 
4440 static const struct ieee80211_ops b43_hw_ops = {
 
4442         .conf_tx                = b43_op_conf_tx,
 
4443         .add_interface          = b43_op_add_interface,
 
4444         .remove_interface       = b43_op_remove_interface,
 
4445         .config                 = b43_op_config,
 
4446         .bss_info_changed       = b43_op_bss_info_changed,
 
4447         .config_interface       = b43_op_config_interface,
 
4448         .configure_filter       = b43_op_configure_filter,
 
4449         .set_key                = b43_op_set_key,
 
4450         .get_stats              = b43_op_get_stats,
 
4451         .get_tx_stats           = b43_op_get_tx_stats,
 
4452         .get_tsf                = b43_op_get_tsf,
 
4453         .set_tsf                = b43_op_set_tsf,
 
4454         .start                  = b43_op_start,
 
4455         .stop                   = b43_op_stop,
 
4456         .set_tim                = b43_op_beacon_set_tim,
 
4457         .sta_notify             = b43_op_sta_notify,
 
4458         .sw_scan_start          = b43_op_sw_scan_start_notifier,
 
4459         .sw_scan_complete       = b43_op_sw_scan_complete_notifier,
 
4462 /* Hard-reset the chip. Do not call this directly.
 
4463  * Use b43_controller_restart()
 
4465 static void b43_chip_reset(struct work_struct *work)
 
4467         struct b43_wldev *dev =
 
4468             container_of(work, struct b43_wldev, restart_work);
 
4469         struct b43_wl *wl = dev->wl;
 
4473         mutex_lock(&wl->mutex);
 
4475         prev_status = b43_status(dev);
 
4476         /* Bring the device down... */
 
4477         if (prev_status >= B43_STAT_STARTED)
 
4478                 b43_wireless_core_stop(dev);
 
4479         if (prev_status >= B43_STAT_INITIALIZED)
 
4480                 b43_wireless_core_exit(dev);
 
4482         /* ...and up again. */
 
4483         if (prev_status >= B43_STAT_INITIALIZED) {
 
4484                 err = b43_wireless_core_init(dev);
 
4488         if (prev_status >= B43_STAT_STARTED) {
 
4489                 err = b43_wireless_core_start(dev);
 
4491                         b43_wireless_core_exit(dev);
 
4497                 wl->current_dev = NULL; /* Failed to init the dev. */
 
4498         mutex_unlock(&wl->mutex);
 
4500                 b43err(wl, "Controller restart FAILED\n");
 
4502                 b43info(wl, "Controller restarted\n");
 
4505 static int b43_setup_bands(struct b43_wldev *dev,
 
4506                            bool have_2ghz_phy, bool have_5ghz_phy)
 
4508         struct ieee80211_hw *hw = dev->wl->hw;
 
4511                 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &b43_band_2GHz;
 
4512         if (dev->phy.type == B43_PHYTYPE_N) {
 
4514                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_nphy;
 
4517                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
 
4520         dev->phy.supports_2ghz = have_2ghz_phy;
 
4521         dev->phy.supports_5ghz = have_5ghz_phy;
 
4526 static void b43_wireless_core_detach(struct b43_wldev *dev)
 
4528         /* We release firmware that late to not be required to re-request
 
4529          * is all the time when we reinit the core. */
 
4530         b43_release_firmware(dev);
 
4534 static int b43_wireless_core_attach(struct b43_wldev *dev)
 
4536         struct b43_wl *wl = dev->wl;
 
4537         struct ssb_bus *bus = dev->dev->bus;
 
4538         struct pci_dev *pdev = bus->host_pci;
 
4540         bool have_2ghz_phy = 0, have_5ghz_phy = 0;
 
4543         /* Do NOT do any device initialization here.
 
4544          * Do it in wireless_core_init() instead.
 
4545          * This function is for gathering basic information about the HW, only.
 
4546          * Also some structs may be set up here. But most likely you want to have
 
4547          * that in core_init(), too.
 
4550         err = ssb_bus_powerup(bus, 0);
 
4552                 b43err(wl, "Bus powerup failed\n");
 
4555         /* Get the PHY type. */
 
4556         if (dev->dev->id.revision >= 5) {
 
4559                 tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
 
4560                 have_2ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY);
 
4561                 have_5ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_5GHZ_PHY);
 
4565         dev->phy.gmode = have_2ghz_phy;
 
4566         tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
 
4567         b43_wireless_core_reset(dev, tmp);
 
4569         err = b43_phy_versioning(dev);
 
4572         /* Check if this device supports multiband. */
 
4574             (pdev->device != 0x4312 &&
 
4575              pdev->device != 0x4319 && pdev->device != 0x4324)) {
 
4576                 /* No multiband support. */
 
4579                 switch (dev->phy.type) {
 
4585                 case B43_PHYTYPE_LP:
 
4592         if (dev->phy.type == B43_PHYTYPE_A) {
 
4594                 b43err(wl, "IEEE 802.11a devices are unsupported\n");
 
4598         if (1 /* disable A-PHY */) {
 
4599                 /* FIXME: For now we disable the A-PHY on multi-PHY devices. */
 
4600                 if (dev->phy.type != B43_PHYTYPE_N) {
 
4606         err = b43_phy_allocate(dev);
 
4610         dev->phy.gmode = have_2ghz_phy;
 
4611         tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
 
4612         b43_wireless_core_reset(dev, tmp);
 
4614         err = b43_validate_chipaccess(dev);
 
4617         err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
 
4621         /* Now set some default "current_dev" */
 
4622         if (!wl->current_dev)
 
4623                 wl->current_dev = dev;
 
4624         INIT_WORK(&dev->restart_work, b43_chip_reset);
 
4626         dev->phy.ops->switch_analog(dev, 0);
 
4627         ssb_device_disable(dev->dev, 0);
 
4628         ssb_bus_may_powerdown(bus);
 
4636         ssb_bus_may_powerdown(bus);
 
4640 static void b43_one_core_detach(struct ssb_device *dev)
 
4642         struct b43_wldev *wldev;
 
4645         /* Do not cancel ieee80211-workqueue based work here.
 
4646          * See comment in b43_remove(). */
 
4648         wldev = ssb_get_drvdata(dev);
 
4650         b43_debugfs_remove_device(wldev);
 
4651         b43_wireless_core_detach(wldev);
 
4652         list_del(&wldev->list);
 
4654         ssb_set_drvdata(dev, NULL);
 
4658 static int b43_one_core_attach(struct ssb_device *dev, struct b43_wl *wl)
 
4660         struct b43_wldev *wldev;
 
4661         struct pci_dev *pdev;
 
4664         if (!list_empty(&wl->devlist)) {
 
4665                 /* We are not the first core on this chip. */
 
4666                 pdev = dev->bus->host_pci;
 
4667                 /* Only special chips support more than one wireless
 
4668                  * core, although some of the other chips have more than
 
4669                  * one wireless core as well. Check for this and
 
4673                     ((pdev->device != 0x4321) &&
 
4674                      (pdev->device != 0x4313) && (pdev->device != 0x431A))) {
 
4675                         b43dbg(wl, "Ignoring unconnected 802.11 core\n");
 
4680         wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
 
4686         b43_set_status(wldev, B43_STAT_UNINIT);
 
4687         wldev->bad_frames_preempt = modparam_bad_frames_preempt;
 
4688         tasklet_init(&wldev->isr_tasklet,
 
4689                      (void (*)(unsigned long))b43_interrupt_tasklet,
 
4690                      (unsigned long)wldev);
 
4691         INIT_LIST_HEAD(&wldev->list);
 
4693         err = b43_wireless_core_attach(wldev);
 
4695                 goto err_kfree_wldev;
 
4697         list_add(&wldev->list, &wl->devlist);
 
4699         ssb_set_drvdata(dev, wldev);
 
4700         b43_debugfs_add_device(wldev);
 
4710 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice)         ( \
 
4711         (pdev->vendor == PCI_VENDOR_ID_##_vendor) &&                    \
 
4712         (pdev->device == _device) &&                                    \
 
4713         (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) &&       \
 
4714         (pdev->subsystem_device == _subdevice)                          )
 
4716 static void b43_sprom_fixup(struct ssb_bus *bus)
 
4718         struct pci_dev *pdev;
 
4720         /* boardflags workarounds */
 
4721         if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
 
4722             bus->chip_id == 0x4301 && bus->boardinfo.rev == 0x74)
 
4723                 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
 
4724         if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
 
4725             bus->boardinfo.type == 0x4E && bus->boardinfo.rev > 0x40)
 
4726                 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
 
4727         if (bus->bustype == SSB_BUSTYPE_PCI) {
 
4728                 pdev = bus->host_pci;
 
4729                 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
 
4730                     IS_PDEV(pdev, BROADCOM, 0x4320,    DELL, 0x0003) ||
 
4731                     IS_PDEV(pdev, BROADCOM, 0x4320,      HP, 0x12f8) ||
 
4732                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
 
4733                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
 
4734                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
 
4735                     IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
 
4736                         bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
 
4740 static void b43_wireless_exit(struct ssb_device *dev, struct b43_wl *wl)
 
4742         struct ieee80211_hw *hw = wl->hw;
 
4744         ssb_set_devtypedata(dev, NULL);
 
4745         ieee80211_free_hw(hw);
 
4748 static int b43_wireless_init(struct ssb_device *dev)
 
4750         struct ssb_sprom *sprom = &dev->bus->sprom;
 
4751         struct ieee80211_hw *hw;
 
4755         b43_sprom_fixup(dev->bus);
 
4757         hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
 
4759                 b43err(NULL, "Could not allocate ieee80211 device\n");
 
4764         hw->flags = IEEE80211_HW_RX_INCLUDES_FCS |
 
4765                     IEEE80211_HW_SIGNAL_DBM |
 
4766                     IEEE80211_HW_NOISE_DBM;
 
4768         hw->wiphy->interface_modes =
 
4769                 BIT(NL80211_IFTYPE_AP) |
 
4770                 BIT(NL80211_IFTYPE_MESH_POINT) |
 
4771                 BIT(NL80211_IFTYPE_STATION) |
 
4772                 BIT(NL80211_IFTYPE_WDS) |
 
4773                 BIT(NL80211_IFTYPE_ADHOC);
 
4775         hw->queues = b43_modparam_qos ? 4 : 1;
 
4777         SET_IEEE80211_DEV(hw, dev->dev);
 
4778         if (is_valid_ether_addr(sprom->et1mac))
 
4779                 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
 
4781                 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
 
4783         /* Get and initialize struct b43_wl */
 
4784         wl = hw_to_b43_wl(hw);
 
4785         memset(wl, 0, sizeof(*wl));
 
4787         spin_lock_init(&wl->irq_lock);
 
4788         rwlock_init(&wl->tx_lock);
 
4789         spin_lock_init(&wl->leds_lock);
 
4790         spin_lock_init(&wl->shm_lock);
 
4791         mutex_init(&wl->mutex);
 
4792         INIT_LIST_HEAD(&wl->devlist);
 
4793         INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
 
4794         INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
 
4796         ssb_set_devtypedata(dev, wl);
 
4797         b43info(wl, "Broadcom %04X WLAN found (core revision %u)\n",
 
4798                 dev->bus->chip_id, dev->id.revision);
 
4804 static int b43_probe(struct ssb_device *dev, const struct ssb_device_id *id)
 
4810         wl = ssb_get_devtypedata(dev);
 
4812                 /* Probing the first core. Must setup common struct b43_wl */
 
4814                 err = b43_wireless_init(dev);
 
4817                 wl = ssb_get_devtypedata(dev);
 
4820         err = b43_one_core_attach(dev, wl);
 
4822                 goto err_wireless_exit;
 
4825                 err = ieee80211_register_hw(wl->hw);
 
4827                         goto err_one_core_detach;
 
4833       err_one_core_detach:
 
4834         b43_one_core_detach(dev);
 
4837                 b43_wireless_exit(dev, wl);
 
4841 static void b43_remove(struct ssb_device *dev)
 
4843         struct b43_wl *wl = ssb_get_devtypedata(dev);
 
4844         struct b43_wldev *wldev = ssb_get_drvdata(dev);
 
4846         /* We must cancel any work here before unregistering from ieee80211,
 
4847          * as the ieee80211 unreg will destroy the workqueue. */
 
4848         cancel_work_sync(&wldev->restart_work);
 
4851         if (wl->current_dev == wldev)
 
4852                 ieee80211_unregister_hw(wl->hw);
 
4854         b43_one_core_detach(dev);
 
4856         if (list_empty(&wl->devlist)) {
 
4857                 /* Last core on the chip unregistered.
 
4858                  * We can destroy common struct b43_wl.
 
4860                 b43_wireless_exit(dev, wl);
 
4864 /* Perform a hardware reset. This can be called from any context. */
 
4865 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
 
4867         /* Must avoid requeueing, if we are in shutdown. */
 
4868         if (b43_status(dev) < B43_STAT_INITIALIZED)
 
4870         b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
 
4871         queue_work(dev->wl->hw->workqueue, &dev->restart_work);
 
4876 static int b43_suspend(struct ssb_device *dev, pm_message_t state)
 
4878         struct b43_wldev *wldev = ssb_get_drvdata(dev);
 
4879         struct b43_wl *wl = wldev->wl;
 
4881         b43dbg(wl, "Suspending...\n");
 
4883         mutex_lock(&wl->mutex);
 
4884         wldev->suspend_in_progress = true;
 
4885         wldev->suspend_init_status = b43_status(wldev);
 
4886         if (wldev->suspend_init_status >= B43_STAT_STARTED)
 
4887                 b43_wireless_core_stop(wldev);
 
4888         if (wldev->suspend_init_status >= B43_STAT_INITIALIZED)
 
4889                 b43_wireless_core_exit(wldev);
 
4890         mutex_unlock(&wl->mutex);
 
4892         b43dbg(wl, "Device suspended.\n");
 
4897 static int b43_resume(struct ssb_device *dev)
 
4899         struct b43_wldev *wldev = ssb_get_drvdata(dev);
 
4900         struct b43_wl *wl = wldev->wl;
 
4903         b43dbg(wl, "Resuming...\n");
 
4905         mutex_lock(&wl->mutex);
 
4906         if (wldev->suspend_init_status >= B43_STAT_INITIALIZED) {
 
4907                 err = b43_wireless_core_init(wldev);
 
4909                         b43err(wl, "Resume failed at core init\n");
 
4913         if (wldev->suspend_init_status >= B43_STAT_STARTED) {
 
4914                 err = b43_wireless_core_start(wldev);
 
4916                         b43_leds_exit(wldev);
 
4917                         b43_rng_exit(wldev->wl);
 
4918                         b43_wireless_core_exit(wldev);
 
4919                         b43err(wl, "Resume failed at core start\n");
 
4923         b43dbg(wl, "Device resumed.\n");
 
4925         wldev->suspend_in_progress = false;
 
4926         mutex_unlock(&wl->mutex);
 
4930 #else /* CONFIG_PM */
 
4931 # define b43_suspend    NULL
 
4932 # define b43_resume     NULL
 
4933 #endif /* CONFIG_PM */
 
4935 static struct ssb_driver b43_ssb_driver = {
 
4936         .name           = KBUILD_MODNAME,
 
4937         .id_table       = b43_ssb_tbl,
 
4939         .remove         = b43_remove,
 
4940         .suspend        = b43_suspend,
 
4941         .resume         = b43_resume,
 
4944 static void b43_print_driverinfo(void)
 
4946         const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
 
4947                    *feat_leds = "", *feat_rfkill = "";
 
4949 #ifdef CONFIG_B43_PCI_AUTOSELECT
 
4952 #ifdef CONFIG_B43_PCMCIA
 
4955 #ifdef CONFIG_B43_NPHY
 
4958 #ifdef CONFIG_B43_LEDS
 
4961 #ifdef CONFIG_B43_RFKILL
 
4964         printk(KERN_INFO "Broadcom 43xx driver loaded "
 
4965                "[ Features: %s%s%s%s%s, Firmware-ID: "
 
4966                B43_SUPPORTED_FIRMWARE_ID " ]\n",
 
4967                feat_pci, feat_pcmcia, feat_nphy,
 
4968                feat_leds, feat_rfkill);
 
4971 static int __init b43_init(void)
 
4976         err = b43_pcmcia_init();
 
4979         err = ssb_driver_register(&b43_ssb_driver);
 
4981                 goto err_pcmcia_exit;
 
4982         b43_print_driverinfo();
 
4993 static void __exit b43_exit(void)
 
4995         ssb_driver_unregister(&b43_ssb_driver);
 
5000 module_init(b43_init)
 
5001 module_exit(b43_exit)