2  * Linux device driver for RTL8187
 
   4  * Copyright 2007 Michael Wu <flamingice@sourmilk.net>
 
   5  * Copyright 2007 Andrea Merello <andreamrl@tiscali.it>
 
   7  * Based on the r8187 driver, which is:
 
   8  * Copyright 2005 Andrea Merello <andreamrl@tiscali.it>, et al.
 
  10  * The driver was extended to the RTL8187B in 2008 by:
 
  11  *      Herton Ronaldo Krzesinski <herton@mandriva.com.br>
 
  12  *      Hin-Tak Leung <htl10@users.sourceforge.net>
 
  13  *      Larry Finger <Larry.Finger@lwfinger.net>
 
  15  * Magic delays and register offsets below are taken from the original
 
  16  * r8187 driver sources.  Thanks to Realtek for their support!
 
  18  * This program is free software; you can redistribute it and/or modify
 
  19  * it under the terms of the GNU General Public License version 2 as
 
  20  * published by the Free Software Foundation.
 
  23 #include <linux/init.h>
 
  24 #include <linux/usb.h>
 
  25 #include <linux/delay.h>
 
  26 #include <linux/etherdevice.h>
 
  27 #include <linux/eeprom_93cx6.h>
 
  28 #include <net/mac80211.h>
 
  31 #include "rtl8187_rtl8225.h"
 
  33 MODULE_AUTHOR("Michael Wu <flamingice@sourmilk.net>");
 
  34 MODULE_AUTHOR("Andrea Merello <andreamrl@tiscali.it>");
 
  35 MODULE_AUTHOR("Herton Ronaldo Krzesinski <herton@mandriva.com.br>");
 
  36 MODULE_AUTHOR("Hin-Tak Leung <htl10@users.sourceforge.net>");
 
  37 MODULE_AUTHOR("Larry Finger <Larry.Finger@lwfinger.net>");
 
  38 MODULE_DESCRIPTION("RTL8187/RTL8187B USB wireless driver");
 
  39 MODULE_LICENSE("GPL");
 
  41 static struct usb_device_id rtl8187_table[] __devinitdata = {
 
  43         {USB_DEVICE(0x0b05, 0x171d), .driver_info = DEVICE_RTL8187},
 
  45         {USB_DEVICE(0x050d, 0x705e), .driver_info = DEVICE_RTL8187B},
 
  47         {USB_DEVICE(0x0bda, 0x8187), .driver_info = DEVICE_RTL8187},
 
  48         {USB_DEVICE(0x0bda, 0x8189), .driver_info = DEVICE_RTL8187B},
 
  49         {USB_DEVICE(0x0bda, 0x8197), .driver_info = DEVICE_RTL8187B},
 
  50         {USB_DEVICE(0x0bda, 0x8198), .driver_info = DEVICE_RTL8187B},
 
  52         {USB_DEVICE(0x0846, 0x6100), .driver_info = DEVICE_RTL8187},
 
  53         {USB_DEVICE(0x0846, 0x6a00), .driver_info = DEVICE_RTL8187},
 
  54         {USB_DEVICE(0x0846, 0x4260), .driver_info = DEVICE_RTL8187B},
 
  56         {USB_DEVICE(0x03f0, 0xca02), .driver_info = DEVICE_RTL8187},
 
  58         {USB_DEVICE(0x0df6, 0x000d), .driver_info = DEVICE_RTL8187},
 
  59         {USB_DEVICE(0x0df6, 0x0028), .driver_info = DEVICE_RTL8187B},
 
  61         {USB_DEVICE(0x13d1, 0xabe6), .driver_info = DEVICE_RTL8187},
 
  65 MODULE_DEVICE_TABLE(usb, rtl8187_table);
 
  67 static const struct ieee80211_rate rtl818x_rates[] = {
 
  68         { .bitrate = 10, .hw_value = 0, },
 
  69         { .bitrate = 20, .hw_value = 1, },
 
  70         { .bitrate = 55, .hw_value = 2, },
 
  71         { .bitrate = 110, .hw_value = 3, },
 
  72         { .bitrate = 60, .hw_value = 4, },
 
  73         { .bitrate = 90, .hw_value = 5, },
 
  74         { .bitrate = 120, .hw_value = 6, },
 
  75         { .bitrate = 180, .hw_value = 7, },
 
  76         { .bitrate = 240, .hw_value = 8, },
 
  77         { .bitrate = 360, .hw_value = 9, },
 
  78         { .bitrate = 480, .hw_value = 10, },
 
  79         { .bitrate = 540, .hw_value = 11, },
 
  82 static const struct ieee80211_channel rtl818x_channels[] = {
 
  83         { .center_freq = 2412 },
 
  84         { .center_freq = 2417 },
 
  85         { .center_freq = 2422 },
 
  86         { .center_freq = 2427 },
 
  87         { .center_freq = 2432 },
 
  88         { .center_freq = 2437 },
 
  89         { .center_freq = 2442 },
 
  90         { .center_freq = 2447 },
 
  91         { .center_freq = 2452 },
 
  92         { .center_freq = 2457 },
 
  93         { .center_freq = 2462 },
 
  94         { .center_freq = 2467 },
 
  95         { .center_freq = 2472 },
 
  96         { .center_freq = 2484 },
 
  99 static void rtl8187_iowrite_async_cb(struct urb *urb)
 
 104 static void rtl8187_iowrite_async(struct rtl8187_priv *priv, __le16 addr,
 
 107         struct usb_ctrlrequest *dr;
 
 109         struct rtl8187_async_write_data {
 
 111                 struct usb_ctrlrequest dr;
 
 115         buf = kmalloc(sizeof(*buf), GFP_ATOMIC);
 
 119         urb = usb_alloc_urb(0, GFP_ATOMIC);
 
 127         dr->bRequestType = RTL8187_REQT_WRITE;
 
 128         dr->bRequest = RTL8187_REQ_SET_REG;
 
 131         dr->wLength = cpu_to_le16(len);
 
 133         memcpy(buf, data, len);
 
 135         usb_fill_control_urb(urb, priv->udev, usb_sndctrlpipe(priv->udev, 0),
 
 136                              (unsigned char *)dr, buf, len,
 
 137                              rtl8187_iowrite_async_cb, buf);
 
 138         usb_anchor_urb(urb, &priv->anchored);
 
 139         rc = usb_submit_urb(urb, GFP_ATOMIC);
 
 142                 usb_unanchor_urb(urb);
 
 147 static inline void rtl818x_iowrite32_async(struct rtl8187_priv *priv,
 
 148                                            __le32 *addr, u32 val)
 
 150         __le32 buf = cpu_to_le32(val);
 
 152         rtl8187_iowrite_async(priv, cpu_to_le16((unsigned long)addr),
 
 156 void rtl8187_write_phy(struct ieee80211_hw *dev, u8 addr, u32 data)
 
 158         struct rtl8187_priv *priv = dev->priv;
 
 163         rtl818x_iowrite8(priv, &priv->map->PHY[3], (data >> 24) & 0xFF);
 
 164         rtl818x_iowrite8(priv, &priv->map->PHY[2], (data >> 16) & 0xFF);
 
 165         rtl818x_iowrite8(priv, &priv->map->PHY[1], (data >> 8) & 0xFF);
 
 166         rtl818x_iowrite8(priv, &priv->map->PHY[0], data & 0xFF);
 
 169 static void rtl8187_tx_cb(struct urb *urb)
 
 171         struct sk_buff *skb = (struct sk_buff *)urb->context;
 
 172         struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
 
 173         struct ieee80211_hw *hw = info->rate_driver_data[0];
 
 174         struct rtl8187_priv *priv = hw->priv;
 
 176         skb_pull(skb, priv->is_rtl8187b ? sizeof(struct rtl8187b_tx_hdr) :
 
 177                                           sizeof(struct rtl8187_tx_hdr));
 
 178         ieee80211_tx_info_clear_status(info);
 
 180         if (!(urb->status) && !(info->flags & IEEE80211_TX_CTL_NO_ACK)) {
 
 181                 if (priv->is_rtl8187b) {
 
 182                         skb_queue_tail(&priv->b_tx_status.queue, skb);
 
 184                         /* queue is "full", discard last items */
 
 185                         while (skb_queue_len(&priv->b_tx_status.queue) > 5) {
 
 186                                 struct sk_buff *old_skb;
 
 188                                 dev_dbg(&priv->udev->dev,
 
 189                                         "transmit status queue full\n");
 
 191                                 old_skb = skb_dequeue(&priv->b_tx_status.queue);
 
 192                                 ieee80211_tx_status_irqsafe(hw, old_skb);
 
 196                         info->flags |= IEEE80211_TX_STAT_ACK;
 
 199         if (priv->is_rtl8187b)
 
 200                 ieee80211_tx_status_irqsafe(hw, skb);
 
 202                 /* Retry information for the RTI8187 is only available by
 
 203                  * reading a register in the device. We are in interrupt mode
 
 204                  * here, thus queue the skb and finish on a work queue. */
 
 205                 skb_queue_tail(&priv->b_tx_status.queue, skb);
 
 206                 queue_delayed_work(hw->workqueue, &priv->work, 0);
 
 210 static int rtl8187_tx(struct ieee80211_hw *dev, struct sk_buff *skb)
 
 212         struct rtl8187_priv *priv = dev->priv;
 
 213         struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
 
 221         urb = usb_alloc_urb(0, GFP_ATOMIC);
 
 228         flags |= RTL818X_TX_DESC_FLAG_NO_ENC;
 
 230         flags |= ieee80211_get_tx_rate(dev, info)->hw_value << 24;
 
 231         if (ieee80211_has_morefrags(((struct ieee80211_hdr *)skb->data)->frame_control))
 
 232                 flags |= RTL818X_TX_DESC_FLAG_MOREFRAG;
 
 233         if (info->control.rates[0].flags & IEEE80211_TX_RC_USE_RTS_CTS) {
 
 234                 flags |= RTL818X_TX_DESC_FLAG_RTS;
 
 235                 flags |= ieee80211_get_rts_cts_rate(dev, info)->hw_value << 19;
 
 236                 rts_dur = ieee80211_rts_duration(dev, priv->vif,
 
 238         } else if (info->control.rates[0].flags & IEEE80211_TX_RC_USE_CTS_PROTECT) {
 
 239                 flags |= RTL818X_TX_DESC_FLAG_CTS;
 
 240                 flags |= ieee80211_get_rts_cts_rate(dev, info)->hw_value << 19;
 
 243         if (!priv->is_rtl8187b) {
 
 244                 struct rtl8187_tx_hdr *hdr =
 
 245                         (struct rtl8187_tx_hdr *)skb_push(skb, sizeof(*hdr));
 
 246                 hdr->flags = cpu_to_le32(flags);
 
 248                 hdr->rts_duration = rts_dur;
 
 249                 hdr->retry = cpu_to_le32((info->control.rates[0].count - 1) << 8);
 
 254                 /* fc needs to be calculated before skb_push() */
 
 255                 unsigned int epmap[4] = { 6, 7, 5, 4 };
 
 256                 struct ieee80211_hdr *tx_hdr =
 
 257                         (struct ieee80211_hdr *)(skb->data);
 
 258                 u16 fc = le16_to_cpu(tx_hdr->frame_control);
 
 260                 struct rtl8187b_tx_hdr *hdr =
 
 261                         (struct rtl8187b_tx_hdr *)skb_push(skb, sizeof(*hdr));
 
 262                 struct ieee80211_rate *txrate =
 
 263                         ieee80211_get_tx_rate(dev, info);
 
 264                 memset(hdr, 0, sizeof(*hdr));
 
 265                 hdr->flags = cpu_to_le32(flags);
 
 266                 hdr->rts_duration = rts_dur;
 
 267                 hdr->retry = cpu_to_le32((info->control.rates[0].count - 1) << 8);
 
 269                         ieee80211_generic_frame_duration(dev, priv->vif,
 
 273                 if ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT)
 
 276                         ep = epmap[skb_get_queue_mapping(skb)];
 
 279         info->rate_driver_data[0] = dev;
 
 280         info->rate_driver_data[1] = urb;
 
 282         usb_fill_bulk_urb(urb, priv->udev, usb_sndbulkpipe(priv->udev, ep),
 
 283                           buf, skb->len, rtl8187_tx_cb, skb);
 
 284         urb->transfer_flags |= URB_ZERO_PACKET;
 
 285         usb_anchor_urb(urb, &priv->anchored);
 
 286         rc = usb_submit_urb(urb, GFP_ATOMIC);
 
 288                 usb_unanchor_urb(urb);
 
 296 static void rtl8187_rx_cb(struct urb *urb)
 
 298         struct sk_buff *skb = (struct sk_buff *)urb->context;
 
 299         struct rtl8187_rx_info *info = (struct rtl8187_rx_info *)skb->cb;
 
 300         struct ieee80211_hw *dev = info->dev;
 
 301         struct rtl8187_priv *priv = dev->priv;
 
 302         struct ieee80211_rx_status rx_status = { 0 };
 
 308         spin_lock_irqsave(&priv->rx_queue.lock, f);
 
 310                 __skb_unlink(skb, &priv->rx_queue);
 
 312                 spin_unlock_irqrestore(&priv->rx_queue.lock, f);
 
 315         spin_unlock_irqrestore(&priv->rx_queue.lock, f);
 
 316         skb_put(skb, urb->actual_length);
 
 318         if (unlikely(urb->status)) {
 
 319                 dev_kfree_skb_irq(skb);
 
 323         if (!priv->is_rtl8187b) {
 
 324                 struct rtl8187_rx_hdr *hdr =
 
 325                         (typeof(hdr))(skb_tail_pointer(skb) - sizeof(*hdr));
 
 326                 flags = le32_to_cpu(hdr->flags);
 
 327                 /* As with the RTL8187B below, the AGC is used to calculate
 
 328                  * signal strength and quality. In this case, the scaling
 
 329                  * constants are derived from the output of p54usb.
 
 331                 quality = 130 - ((41 * hdr->agc) >> 6);
 
 332                 signal = -4 - ((27 * hdr->agc) >> 6);
 
 333                 rx_status.antenna = (hdr->signal >> 7) & 1;
 
 334                 rx_status.mactime = le64_to_cpu(hdr->mac_time);
 
 336                 struct rtl8187b_rx_hdr *hdr =
 
 337                         (typeof(hdr))(skb_tail_pointer(skb) - sizeof(*hdr));
 
 338                 /* The Realtek datasheet for the RTL8187B shows that the RX
 
 339                  * header contains the following quantities: signal quality,
 
 340                  * RSSI, AGC, the received power in dB, and the measured SNR.
 
 341                  * In testing, none of these quantities show qualitative
 
 342                  * agreement with AP signal strength, except for the AGC,
 
 343                  * which is inversely proportional to the strength of the
 
 344                  * signal. In the following, the quality and signal strength
 
 345                  * are derived from the AGC. The arbitrary scaling constants
 
 346                  * are chosen to make the results close to the values obtained
 
 347                  * for a BCM4312 using b43 as the driver. The noise is ignored
 
 350                 flags = le32_to_cpu(hdr->flags);
 
 351                 quality = 170 - hdr->agc;
 
 352                 signal = 14 - hdr->agc / 2;
 
 353                 rx_status.antenna = (hdr->rssi >> 7) & 1;
 
 354                 rx_status.mactime = le64_to_cpu(hdr->mac_time);
 
 359         rx_status.qual = quality;
 
 360         priv->quality = quality;
 
 361         rx_status.signal = signal;
 
 362         priv->signal = signal;
 
 363         rate = (flags >> 20) & 0xF;
 
 364         skb_trim(skb, flags & 0x0FFF);
 
 365         rx_status.rate_idx = rate;
 
 366         rx_status.freq = dev->conf.channel->center_freq;
 
 367         rx_status.band = dev->conf.channel->band;
 
 368         rx_status.flag |= RX_FLAG_TSFT;
 
 369         if (flags & RTL818X_RX_DESC_FLAG_CRC32_ERR)
 
 370                 rx_status.flag |= RX_FLAG_FAILED_FCS_CRC;
 
 371         ieee80211_rx_irqsafe(dev, skb, &rx_status);
 
 373         skb = dev_alloc_skb(RTL8187_MAX_RX);
 
 374         if (unlikely(!skb)) {
 
 375                 /* TODO check rx queue length and refill *somewhere* */
 
 379         info = (struct rtl8187_rx_info *)skb->cb;
 
 382         urb->transfer_buffer = skb_tail_pointer(skb);
 
 384         skb_queue_tail(&priv->rx_queue, skb);
 
 386         usb_anchor_urb(urb, &priv->anchored);
 
 387         if (usb_submit_urb(urb, GFP_ATOMIC)) {
 
 388                 usb_unanchor_urb(urb);
 
 389                 skb_unlink(skb, &priv->rx_queue);
 
 390                 dev_kfree_skb_irq(skb);
 
 394 static int rtl8187_init_urbs(struct ieee80211_hw *dev)
 
 396         struct rtl8187_priv *priv = dev->priv;
 
 397         struct urb *entry = NULL;
 
 399         struct rtl8187_rx_info *info;
 
 402         while (skb_queue_len(&priv->rx_queue) < 16) {
 
 403                 skb = __dev_alloc_skb(RTL8187_MAX_RX, GFP_KERNEL);
 
 408                 entry = usb_alloc_urb(0, GFP_KERNEL);
 
 413                 usb_fill_bulk_urb(entry, priv->udev,
 
 414                                   usb_rcvbulkpipe(priv->udev,
 
 415                                   priv->is_rtl8187b ? 3 : 1),
 
 416                                   skb_tail_pointer(skb),
 
 417                                   RTL8187_MAX_RX, rtl8187_rx_cb, skb);
 
 418                 info = (struct rtl8187_rx_info *)skb->cb;
 
 421                 skb_queue_tail(&priv->rx_queue, skb);
 
 422                 usb_anchor_urb(entry, &priv->anchored);
 
 423                 ret = usb_submit_urb(entry, GFP_KERNEL);
 
 425                         skb_unlink(skb, &priv->rx_queue);
 
 426                         usb_unanchor_urb(entry);
 
 436         usb_kill_anchored_urbs(&priv->anchored);
 
 440 static void rtl8187b_status_cb(struct urb *urb)
 
 442         struct ieee80211_hw *hw = (struct ieee80211_hw *)urb->context;
 
 443         struct rtl8187_priv *priv = hw->priv;
 
 445         unsigned int cmd_type;
 
 447         if (unlikely(urb->status))
 
 451          * Read from status buffer:
 
 453          * bits [30:31] = cmd type:
 
 454          * - 0 indicates tx beacon interrupt
 
 455          * - 1 indicates tx close descriptor
 
 457          * In the case of tx beacon interrupt:
 
 458          * [0:9] = Last Beacon CW
 
 461          * [32:63] = Last Beacon TSF
 
 463          * If it's tx close descriptor:
 
 464          * [0:7] = Packet Retry Count
 
 465          * [8:14] = RTS Retry Count
 
 467          * [16:27] = Sequence No
 
 471          * [32:47] = unused (reserved?)
 
 472          * [48:63] = MAC Used Time
 
 474         val = le64_to_cpu(priv->b_tx_status.buf);
 
 476         cmd_type = (val >> 30) & 0x3;
 
 478                 unsigned int pkt_rc, seq_no;
 
 481                 struct ieee80211_hdr *ieee80211hdr;
 
 485                 tok = val & (1 << 15);
 
 486                 seq_no = (val >> 16) & 0xFFF;
 
 488                 spin_lock_irqsave(&priv->b_tx_status.queue.lock, flags);
 
 489                 skb_queue_reverse_walk(&priv->b_tx_status.queue, skb) {
 
 490                         ieee80211hdr = (struct ieee80211_hdr *)skb->data;
 
 493                          * While testing, it was discovered that the seq_no
 
 494                          * doesn't actually contains the sequence number.
 
 495                          * Instead of returning just the 12 bits of sequence
 
 496                          * number, hardware is returning entire sequence control
 
 497                          * (fragment number plus sequence number) in a 12 bit
 
 498                          * only field overflowing after some time. As a
 
 499                          * workaround, just consider the lower bits, and expect
 
 500                          * it's unlikely we wrongly ack some sent data
 
 502                         if ((le16_to_cpu(ieee80211hdr->seq_ctrl)
 
 506                 if (skb != (struct sk_buff *) &priv->b_tx_status.queue) {
 
 507                         struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
 
 509                         __skb_unlink(skb, &priv->b_tx_status.queue);
 
 511                                 info->flags |= IEEE80211_TX_STAT_ACK;
 
 512                         info->status.rates[0].count = pkt_rc + 1;
 
 514                         ieee80211_tx_status_irqsafe(hw, skb);
 
 516                 spin_unlock_irqrestore(&priv->b_tx_status.queue.lock, flags);
 
 519         usb_anchor_urb(urb, &priv->anchored);
 
 520         if (usb_submit_urb(urb, GFP_ATOMIC))
 
 521                 usb_unanchor_urb(urb);
 
 524 static int rtl8187b_init_status_urb(struct ieee80211_hw *dev)
 
 526         struct rtl8187_priv *priv = dev->priv;
 
 530         entry = usb_alloc_urb(0, GFP_KERNEL);
 
 534         usb_fill_bulk_urb(entry, priv->udev, usb_rcvbulkpipe(priv->udev, 9),
 
 535                           &priv->b_tx_status.buf, sizeof(priv->b_tx_status.buf),
 
 536                           rtl8187b_status_cb, dev);
 
 538         usb_anchor_urb(entry, &priv->anchored);
 
 539         ret = usb_submit_urb(entry, GFP_KERNEL);
 
 541                 usb_unanchor_urb(entry);
 
 547 static int rtl8187_cmd_reset(struct ieee80211_hw *dev)
 
 549         struct rtl8187_priv *priv = dev->priv;
 
 553         reg = rtl818x_ioread8(priv, &priv->map->CMD);
 
 555         reg |= RTL818X_CMD_RESET;
 
 556         rtl818x_iowrite8(priv, &priv->map->CMD, reg);
 
 561                 if (!(rtl818x_ioread8(priv, &priv->map->CMD) &
 
 567                 printk(KERN_ERR "%s: Reset timeout!\n", wiphy_name(dev->wiphy));
 
 571         /* reload registers from eeprom */
 
 572         rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, RTL818X_EEPROM_CMD_LOAD);
 
 577                 if (!(rtl818x_ioread8(priv, &priv->map->EEPROM_CMD) &
 
 578                       RTL818X_EEPROM_CMD_CONFIG))
 
 583                 printk(KERN_ERR "%s: eeprom reset timeout!\n",
 
 584                        wiphy_name(dev->wiphy));
 
 591 static int rtl8187_init_hw(struct ieee80211_hw *dev)
 
 593         struct rtl8187_priv *priv = dev->priv;
 
 598         rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD,
 
 599                          RTL818X_EEPROM_CMD_CONFIG);
 
 600         reg = rtl818x_ioread8(priv, &priv->map->CONFIG3);
 
 601         rtl818x_iowrite8(priv, &priv->map->CONFIG3, reg |
 
 602                          RTL818X_CONFIG3_ANAPARAM_WRITE);
 
 603         rtl818x_iowrite32(priv, &priv->map->ANAPARAM,
 
 604                           RTL8187_RTL8225_ANAPARAM_ON);
 
 605         rtl818x_iowrite32(priv, &priv->map->ANAPARAM2,
 
 606                           RTL8187_RTL8225_ANAPARAM2_ON);
 
 607         rtl818x_iowrite8(priv, &priv->map->CONFIG3, reg &
 
 608                          ~RTL818X_CONFIG3_ANAPARAM_WRITE);
 
 609         rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD,
 
 610                          RTL818X_EEPROM_CMD_NORMAL);
 
 612         rtl818x_iowrite16(priv, &priv->map->INT_MASK, 0);
 
 615         rtl818x_iowrite8(priv, (u8 *)0xFE18, 0x10);
 
 616         rtl818x_iowrite8(priv, (u8 *)0xFE18, 0x11);
 
 617         rtl818x_iowrite8(priv, (u8 *)0xFE18, 0x00);
 
 620         res = rtl8187_cmd_reset(dev);
 
 624         rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, RTL818X_EEPROM_CMD_CONFIG);
 
 625         reg = rtl818x_ioread8(priv, &priv->map->CONFIG3);
 
 626         rtl818x_iowrite8(priv, &priv->map->CONFIG3,
 
 627                         reg | RTL818X_CONFIG3_ANAPARAM_WRITE);
 
 628         rtl818x_iowrite32(priv, &priv->map->ANAPARAM,
 
 629                           RTL8187_RTL8225_ANAPARAM_ON);
 
 630         rtl818x_iowrite32(priv, &priv->map->ANAPARAM2,
 
 631                           RTL8187_RTL8225_ANAPARAM2_ON);
 
 632         rtl818x_iowrite8(priv, &priv->map->CONFIG3,
 
 633                         reg & ~RTL818X_CONFIG3_ANAPARAM_WRITE);
 
 634         rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, RTL818X_EEPROM_CMD_NORMAL);
 
 637         rtl818x_iowrite16(priv, &priv->map->RFPinsSelect, 0);
 
 638         rtl818x_iowrite8(priv, &priv->map->GPIO, 0);
 
 640         rtl818x_iowrite16(priv, &priv->map->RFPinsSelect, (4 << 8));
 
 641         rtl818x_iowrite8(priv, &priv->map->GPIO, 1);
 
 642         rtl818x_iowrite8(priv, &priv->map->GP_ENABLE, 0);
 
 644         rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, RTL818X_EEPROM_CMD_CONFIG);
 
 646         rtl818x_iowrite16(priv, (__le16 *)0xFFF4, 0xFFFF);
 
 647         reg = rtl818x_ioread8(priv, &priv->map->CONFIG1);
 
 650         rtl818x_iowrite8(priv, &priv->map->CONFIG1, reg);
 
 652         rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, RTL818X_EEPROM_CMD_NORMAL);
 
 654         rtl818x_iowrite32(priv, &priv->map->INT_TIMEOUT, 0);
 
 655         rtl818x_iowrite8(priv, &priv->map->WPA_CONF, 0);
 
 656         rtl818x_iowrite8(priv, &priv->map->RATE_FALLBACK, 0);
 
 658         // TODO: set RESP_RATE and BRSR properly
 
 659         rtl818x_iowrite8(priv, &priv->map->RESP_RATE, (8 << 4) | 0);
 
 660         rtl818x_iowrite16(priv, &priv->map->BRSR, 0x01F3);
 
 663         rtl818x_iowrite16(priv, &priv->map->RFPinsSelect, 0);
 
 664         rtl818x_iowrite8(priv, &priv->map->GPIO, 0);
 
 665         reg = rtl818x_ioread8(priv, (u8 *)0xFE53);
 
 666         rtl818x_iowrite8(priv, (u8 *)0xFE53, reg | (1 << 7));
 
 667         rtl818x_iowrite16(priv, &priv->map->RFPinsSelect, (4 << 8));
 
 668         rtl818x_iowrite8(priv, &priv->map->GPIO, 0x20);
 
 669         rtl818x_iowrite8(priv, &priv->map->GP_ENABLE, 0);
 
 670         rtl818x_iowrite16(priv, &priv->map->RFPinsOutput, 0x80);
 
 671         rtl818x_iowrite16(priv, &priv->map->RFPinsSelect, 0x80);
 
 672         rtl818x_iowrite16(priv, &priv->map->RFPinsEnable, 0x80);
 
 675         rtl818x_iowrite32(priv, &priv->map->RF_TIMING, 0x000a8008);
 
 676         rtl818x_iowrite16(priv, &priv->map->BRSR, 0xFFFF);
 
 677         rtl818x_iowrite32(priv, &priv->map->RF_PARA, 0x00100044);
 
 678         rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD,
 
 679                          RTL818X_EEPROM_CMD_CONFIG);
 
 680         rtl818x_iowrite8(priv, &priv->map->CONFIG3, 0x44);
 
 681         rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD,
 
 682                          RTL818X_EEPROM_CMD_NORMAL);
 
 683         rtl818x_iowrite16(priv, &priv->map->RFPinsEnable, 0x1FF7);
 
 688         rtl818x_iowrite16(priv, &priv->map->BRSR, 0x01F3);
 
 689         reg = rtl818x_ioread8(priv, &priv->map->PGSELECT) & ~1;
 
 690         rtl818x_iowrite8(priv, &priv->map->PGSELECT, reg | 1);
 
 691         rtl818x_iowrite16(priv, (__le16 *)0xFFFE, 0x10);
 
 692         rtl818x_iowrite8(priv, &priv->map->TALLY_SEL, 0x80);
 
 693         rtl818x_iowrite8(priv, (u8 *)0xFFFF, 0x60);
 
 694         rtl818x_iowrite8(priv, &priv->map->PGSELECT, reg);
 
 699 static const u8 rtl8187b_reg_table[][3] = {
 
 700         {0xF0, 0x32, 0}, {0xF1, 0x32, 0}, {0xF2, 0x00, 0}, {0xF3, 0x00, 0},
 
 701         {0xF4, 0x32, 0}, {0xF5, 0x43, 0}, {0xF6, 0x00, 0}, {0xF7, 0x00, 0},
 
 702         {0xF8, 0x46, 0}, {0xF9, 0xA4, 0}, {0xFA, 0x00, 0}, {0xFB, 0x00, 0},
 
 703         {0xFC, 0x96, 0}, {0xFD, 0xA4, 0}, {0xFE, 0x00, 0}, {0xFF, 0x00, 0},
 
 705         {0x58, 0x4B, 1}, {0x59, 0x00, 1}, {0x5A, 0x4B, 1}, {0x5B, 0x00, 1},
 
 706         {0x60, 0x4B, 1}, {0x61, 0x09, 1}, {0x62, 0x4B, 1}, {0x63, 0x09, 1},
 
 707         {0xCE, 0x0F, 1}, {0xCF, 0x00, 1}, {0xE0, 0xFF, 1}, {0xE1, 0x0F, 1},
 
 708         {0xE2, 0x00, 1}, {0xF0, 0x4E, 1}, {0xF1, 0x01, 1}, {0xF2, 0x02, 1},
 
 709         {0xF3, 0x03, 1}, {0xF4, 0x04, 1}, {0xF5, 0x05, 1}, {0xF6, 0x06, 1},
 
 710         {0xF7, 0x07, 1}, {0xF8, 0x08, 1},
 
 712         {0x4E, 0x00, 2}, {0x0C, 0x04, 2}, {0x21, 0x61, 2}, {0x22, 0x68, 2},
 
 713         {0x23, 0x6F, 2}, {0x24, 0x76, 2}, {0x25, 0x7D, 2}, {0x26, 0x84, 2},
 
 714         {0x27, 0x8D, 2}, {0x4D, 0x08, 2}, {0x50, 0x05, 2}, {0x51, 0xF5, 2},
 
 715         {0x52, 0x04, 2}, {0x53, 0xA0, 2}, {0x54, 0x1F, 2}, {0x55, 0x23, 2},
 
 716         {0x56, 0x45, 2}, {0x57, 0x67, 2}, {0x58, 0x08, 2}, {0x59, 0x08, 2},
 
 717         {0x5A, 0x08, 2}, {0x5B, 0x08, 2}, {0x60, 0x08, 2}, {0x61, 0x08, 2},
 
 718         {0x62, 0x08, 2}, {0x63, 0x08, 2}, {0x64, 0xCF, 2}, {0x72, 0x56, 2},
 
 721         {0x34, 0xF0, 0}, {0x35, 0x0F, 0}, {0x5B, 0x40, 0}, {0x84, 0x88, 0},
 
 722         {0x85, 0x24, 0}, {0x88, 0x54, 0}, {0x8B, 0xB8, 0}, {0x8C, 0x07, 0},
 
 723         {0x8D, 0x00, 0}, {0x94, 0x1B, 0}, {0x95, 0x12, 0}, {0x96, 0x00, 0},
 
 724         {0x97, 0x06, 0}, {0x9D, 0x1A, 0}, {0x9F, 0x10, 0}, {0xB4, 0x22, 0},
 
 725         {0xBE, 0x80, 0}, {0xDB, 0x00, 0}, {0xEE, 0x00, 0}, {0x91, 0x03, 0},
 
 727         {0x4C, 0x00, 2}, {0x9F, 0x00, 3}, {0x8C, 0x01, 0}, {0x8D, 0x10, 0},
 
 728         {0x8E, 0x08, 0}, {0x8F, 0x00, 0}
 
 731 static int rtl8187b_init_hw(struct ieee80211_hw *dev)
 
 733         struct rtl8187_priv *priv = dev->priv;
 
 737         rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD,
 
 738                          RTL818X_EEPROM_CMD_CONFIG);
 
 740         reg = rtl818x_ioread8(priv, &priv->map->CONFIG3);
 
 741         reg |= RTL818X_CONFIG3_ANAPARAM_WRITE | RTL818X_CONFIG3_GNT_SELECT;
 
 742         rtl818x_iowrite8(priv, &priv->map->CONFIG3, reg);
 
 743         rtl818x_iowrite32(priv, &priv->map->ANAPARAM2,
 
 744                           RTL8187B_RTL8225_ANAPARAM2_ON);
 
 745         rtl818x_iowrite32(priv, &priv->map->ANAPARAM,
 
 746                           RTL8187B_RTL8225_ANAPARAM_ON);
 
 747         rtl818x_iowrite8(priv, &priv->map->ANAPARAM3,
 
 748                          RTL8187B_RTL8225_ANAPARAM3_ON);
 
 750         rtl818x_iowrite8(priv, (u8 *)0xFF61, 0x10);
 
 751         reg = rtl818x_ioread8(priv, (u8 *)0xFF62);
 
 752         rtl818x_iowrite8(priv, (u8 *)0xFF62, reg & ~(1 << 5));
 
 753         rtl818x_iowrite8(priv, (u8 *)0xFF62, reg | (1 << 5));
 
 755         reg = rtl818x_ioread8(priv, &priv->map->CONFIG3);
 
 756         reg &= ~RTL818X_CONFIG3_ANAPARAM_WRITE;
 
 757         rtl818x_iowrite8(priv, &priv->map->CONFIG3, reg);
 
 759         rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD,
 
 760                          RTL818X_EEPROM_CMD_NORMAL);
 
 762         res = rtl8187_cmd_reset(dev);
 
 766         rtl818x_iowrite16(priv, (__le16 *)0xFF2D, 0x0FFF);
 
 767         reg = rtl818x_ioread8(priv, &priv->map->CW_CONF);
 
 768         reg |= RTL818X_CW_CONF_PERPACKET_RETRY_SHIFT;
 
 769         rtl818x_iowrite8(priv, &priv->map->CW_CONF, reg);
 
 770         reg = rtl818x_ioread8(priv, &priv->map->TX_AGC_CTL);
 
 771         reg |= RTL818X_TX_AGC_CTL_PERPACKET_GAIN_SHIFT |
 
 772                RTL818X_TX_AGC_CTL_PERPACKET_ANTSEL_SHIFT;
 
 773         rtl818x_iowrite8(priv, &priv->map->TX_AGC_CTL, reg);
 
 775         rtl818x_iowrite16_idx(priv, (__le16 *)0xFFE0, 0x0FFF, 1);
 
 777         rtl818x_iowrite16(priv, &priv->map->BEACON_INTERVAL, 100);
 
 778         rtl818x_iowrite16(priv, &priv->map->ATIM_WND, 2);
 
 779         rtl818x_iowrite16_idx(priv, (__le16 *)0xFFD4, 0xFFFF, 1);
 
 781         rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD,
 
 782                          RTL818X_EEPROM_CMD_CONFIG);
 
 783         reg = rtl818x_ioread8(priv, &priv->map->CONFIG1);
 
 784         rtl818x_iowrite8(priv, &priv->map->CONFIG1, (reg & 0x3F) | 0x80);
 
 785         rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD,
 
 786                          RTL818X_EEPROM_CMD_NORMAL);
 
 788         rtl818x_iowrite8(priv, &priv->map->WPA_CONF, 0);
 
 789         for (i = 0; i < ARRAY_SIZE(rtl8187b_reg_table); i++) {
 
 790                 rtl818x_iowrite8_idx(priv,
 
 792                                      (rtl8187b_reg_table[i][0] | 0xFF00),
 
 793                                      rtl8187b_reg_table[i][1],
 
 794                                      rtl8187b_reg_table[i][2]);
 
 797         rtl818x_iowrite16(priv, &priv->map->TID_AC_MAP, 0xFA50);
 
 798         rtl818x_iowrite16(priv, &priv->map->INT_MIG, 0);
 
 800         rtl818x_iowrite32_idx(priv, (__le32 *)0xFFF0, 0, 1);
 
 801         rtl818x_iowrite32_idx(priv, (__le32 *)0xFFF4, 0, 1);
 
 802         rtl818x_iowrite8_idx(priv, (u8 *)0xFFF8, 0, 1);
 
 804         rtl818x_iowrite32(priv, &priv->map->RF_TIMING, 0x00004001);
 
 806         rtl818x_iowrite16_idx(priv, (__le16 *)0xFF72, 0x569A, 2);
 
 808         rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD,
 
 809                          RTL818X_EEPROM_CMD_CONFIG);
 
 810         reg = rtl818x_ioread8(priv, &priv->map->CONFIG3);
 
 811         reg |= RTL818X_CONFIG3_ANAPARAM_WRITE;
 
 812         rtl818x_iowrite8(priv, &priv->map->CONFIG3, reg);
 
 813         rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD,
 
 814                          RTL818X_EEPROM_CMD_NORMAL);
 
 816         rtl818x_iowrite16(priv, &priv->map->RFPinsOutput, 0x0480);
 
 817         rtl818x_iowrite16(priv, &priv->map->RFPinsSelect, 0x2488);
 
 818         rtl818x_iowrite16(priv, &priv->map->RFPinsEnable, 0x1FFF);
 
 823         reg = RTL818X_CMD_TX_ENABLE | RTL818X_CMD_RX_ENABLE;
 
 824         rtl818x_iowrite8(priv, &priv->map->CMD, reg);
 
 825         rtl818x_iowrite16(priv, &priv->map->INT_MASK, 0xFFFF);
 
 827         rtl818x_iowrite8(priv, (u8 *)0xFE41, 0xF4);
 
 828         rtl818x_iowrite8(priv, (u8 *)0xFE40, 0x00);
 
 829         rtl818x_iowrite8(priv, (u8 *)0xFE42, 0x00);
 
 830         rtl818x_iowrite8(priv, (u8 *)0xFE42, 0x01);
 
 831         rtl818x_iowrite8(priv, (u8 *)0xFE40, 0x0F);
 
 832         rtl818x_iowrite8(priv, (u8 *)0xFE42, 0x00);
 
 833         rtl818x_iowrite8(priv, (u8 *)0xFE42, 0x01);
 
 835         reg = rtl818x_ioread8(priv, (u8 *)0xFFDB);
 
 836         rtl818x_iowrite8(priv, (u8 *)0xFFDB, reg | (1 << 2));
 
 837         rtl818x_iowrite16_idx(priv, (__le16 *)0xFF72, 0x59FA, 3);
 
 838         rtl818x_iowrite16_idx(priv, (__le16 *)0xFF74, 0x59D2, 3);
 
 839         rtl818x_iowrite16_idx(priv, (__le16 *)0xFF76, 0x59D2, 3);
 
 840         rtl818x_iowrite16_idx(priv, (__le16 *)0xFF78, 0x19FA, 3);
 
 841         rtl818x_iowrite16_idx(priv, (__le16 *)0xFF7A, 0x19FA, 3);
 
 842         rtl818x_iowrite16_idx(priv, (__le16 *)0xFF7C, 0x00D0, 3);
 
 843         rtl818x_iowrite8(priv, (u8 *)0xFF61, 0);
 
 844         rtl818x_iowrite8_idx(priv, (u8 *)0xFF80, 0x0F, 1);
 
 845         rtl818x_iowrite8_idx(priv, (u8 *)0xFF83, 0x03, 1);
 
 846         rtl818x_iowrite8(priv, (u8 *)0xFFDA, 0x10);
 
 847         rtl818x_iowrite8_idx(priv, (u8 *)0xFF4D, 0x08, 2);
 
 849         rtl818x_iowrite32(priv, &priv->map->HSSI_PARA, 0x0600321B);
 
 851         rtl818x_iowrite16_idx(priv, (__le16 *)0xFFEC, 0x0800, 1);
 
 853         priv->slot_time = 0x9;
 
 854         priv->aifsn[0] = 2; /* AIFSN[AC_VO] */
 
 855         priv->aifsn[1] = 2; /* AIFSN[AC_VI] */
 
 856         priv->aifsn[2] = 7; /* AIFSN[AC_BK] */
 
 857         priv->aifsn[3] = 3; /* AIFSN[AC_BE] */
 
 858         rtl818x_iowrite8(priv, &priv->map->ACM_CONTROL, 0);
 
 863 static void rtl8187_work(struct work_struct *work)
 
 865         /* The RTL8187 returns the retry count through register 0xFFFA. In
 
 866          * addition, it appears to be a cumulative retry count, not the
 
 867          * value for the current TX packet. When multiple TX entries are
 
 868          * queued, the retry count will be valid for the last one in the queue.
 
 869          * The "error" should not matter for purposes of rate setting. */
 
 870         struct rtl8187_priv *priv = container_of(work, struct rtl8187_priv,
 
 872         struct ieee80211_tx_info *info;
 
 873         struct ieee80211_hw *dev = priv->dev;
 
 877         mutex_lock(&priv->conf_mutex);
 
 878         tmp = rtl818x_ioread16(priv, (__le16 *)0xFFFA);
 
 879         while (skb_queue_len(&priv->b_tx_status.queue) > 0) {
 
 880                 struct sk_buff *old_skb;
 
 882                 old_skb = skb_dequeue(&priv->b_tx_status.queue);
 
 883                 info = IEEE80211_SKB_CB(old_skb);
 
 884                 info->status.rates[0].count = tmp - retry + 1;
 
 885                 ieee80211_tx_status_irqsafe(dev, old_skb);
 
 888         mutex_unlock(&priv->conf_mutex);
 
 891 static int rtl8187_start(struct ieee80211_hw *dev)
 
 893         struct rtl8187_priv *priv = dev->priv;
 
 897         ret = (!priv->is_rtl8187b) ? rtl8187_init_hw(dev) :
 
 898                                      rtl8187b_init_hw(dev);
 
 902         mutex_lock(&priv->conf_mutex);
 
 904         init_usb_anchor(&priv->anchored);
 
 907         if (priv->is_rtl8187b) {
 
 908                 reg = RTL818X_RX_CONF_MGMT |
 
 909                       RTL818X_RX_CONF_DATA |
 
 910                       RTL818X_RX_CONF_BROADCAST |
 
 911                       RTL818X_RX_CONF_NICMAC |
 
 912                       RTL818X_RX_CONF_BSSID |
 
 913                       (7 << 13 /* RX FIFO threshold NONE */) |
 
 914                       (7 << 10 /* MAX RX DMA */) |
 
 915                       RTL818X_RX_CONF_RX_AUTORESETPHY |
 
 916                       RTL818X_RX_CONF_ONLYERLPKT |
 
 917                       RTL818X_RX_CONF_MULTICAST;
 
 919                 rtl818x_iowrite32(priv, &priv->map->RX_CONF, reg);
 
 921                 rtl818x_iowrite32(priv, &priv->map->TX_CONF,
 
 922                                   RTL818X_TX_CONF_HW_SEQNUM |
 
 923                                   RTL818X_TX_CONF_DISREQQSIZE |
 
 924                                   (7 << 8  /* short retry limit */) |
 
 925                                   (7 << 0  /* long retry limit */) |
 
 926                                   (7 << 21 /* MAX TX DMA */));
 
 927                 rtl8187_init_urbs(dev);
 
 928                 rtl8187b_init_status_urb(dev);
 
 929                 mutex_unlock(&priv->conf_mutex);
 
 933         rtl818x_iowrite16(priv, &priv->map->INT_MASK, 0xFFFF);
 
 935         rtl818x_iowrite32(priv, &priv->map->MAR[0], ~0);
 
 936         rtl818x_iowrite32(priv, &priv->map->MAR[1], ~0);
 
 938         rtl8187_init_urbs(dev);
 
 940         reg = RTL818X_RX_CONF_ONLYERLPKT |
 
 941               RTL818X_RX_CONF_RX_AUTORESETPHY |
 
 942               RTL818X_RX_CONF_BSSID |
 
 943               RTL818X_RX_CONF_MGMT |
 
 944               RTL818X_RX_CONF_DATA |
 
 945               (7 << 13 /* RX FIFO threshold NONE */) |
 
 946               (7 << 10 /* MAX RX DMA */) |
 
 947               RTL818X_RX_CONF_BROADCAST |
 
 948               RTL818X_RX_CONF_NICMAC;
 
 951         rtl818x_iowrite32(priv, &priv->map->RX_CONF, reg);
 
 953         reg = rtl818x_ioread8(priv, &priv->map->CW_CONF);
 
 954         reg &= ~RTL818X_CW_CONF_PERPACKET_CW_SHIFT;
 
 955         reg |= RTL818X_CW_CONF_PERPACKET_RETRY_SHIFT;
 
 956         rtl818x_iowrite8(priv, &priv->map->CW_CONF, reg);
 
 958         reg = rtl818x_ioread8(priv, &priv->map->TX_AGC_CTL);
 
 959         reg &= ~RTL818X_TX_AGC_CTL_PERPACKET_GAIN_SHIFT;
 
 960         reg &= ~RTL818X_TX_AGC_CTL_PERPACKET_ANTSEL_SHIFT;
 
 961         reg &= ~RTL818X_TX_AGC_CTL_FEEDBACK_ANT;
 
 962         rtl818x_iowrite8(priv, &priv->map->TX_AGC_CTL, reg);
 
 964         reg  = RTL818X_TX_CONF_CW_MIN |
 
 965                (7 << 21 /* MAX TX DMA */) |
 
 966                RTL818X_TX_CONF_NO_ICV;
 
 967         rtl818x_iowrite32(priv, &priv->map->TX_CONF, reg);
 
 969         reg = rtl818x_ioread8(priv, &priv->map->CMD);
 
 970         reg |= RTL818X_CMD_TX_ENABLE;
 
 971         reg |= RTL818X_CMD_RX_ENABLE;
 
 972         rtl818x_iowrite8(priv, &priv->map->CMD, reg);
 
 973         INIT_DELAYED_WORK(&priv->work, rtl8187_work);
 
 974         mutex_unlock(&priv->conf_mutex);
 
 979 static void rtl8187_stop(struct ieee80211_hw *dev)
 
 981         struct rtl8187_priv *priv = dev->priv;
 
 985         mutex_lock(&priv->conf_mutex);
 
 986         rtl818x_iowrite16(priv, &priv->map->INT_MASK, 0);
 
 988         reg = rtl818x_ioread8(priv, &priv->map->CMD);
 
 989         reg &= ~RTL818X_CMD_TX_ENABLE;
 
 990         reg &= ~RTL818X_CMD_RX_ENABLE;
 
 991         rtl818x_iowrite8(priv, &priv->map->CMD, reg);
 
 995         rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, RTL818X_EEPROM_CMD_CONFIG);
 
 996         reg = rtl818x_ioread8(priv, &priv->map->CONFIG4);
 
 997         rtl818x_iowrite8(priv, &priv->map->CONFIG4, reg | RTL818X_CONFIG4_VCOOFF);
 
 998         rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, RTL818X_EEPROM_CMD_NORMAL);
 
1000         while ((skb = skb_dequeue(&priv->b_tx_status.queue)))
 
1001                 dev_kfree_skb_any(skb);
 
1003         usb_kill_anchored_urbs(&priv->anchored);
 
1004         if (!priv->is_rtl8187b)
 
1005                 cancel_delayed_work_sync(&priv->work);
 
1006         mutex_unlock(&priv->conf_mutex);
 
1009 static int rtl8187_add_interface(struct ieee80211_hw *dev,
 
1010                                  struct ieee80211_if_init_conf *conf)
 
1012         struct rtl8187_priv *priv = dev->priv;
 
1014         int ret = -EOPNOTSUPP;
 
1016         mutex_lock(&priv->conf_mutex);
 
1017         if (priv->mode != NL80211_IFTYPE_MONITOR)
 
1020         switch (conf->type) {
 
1021         case NL80211_IFTYPE_STATION:
 
1022                 priv->mode = conf->type;
 
1029         priv->vif = conf->vif;
 
1031         rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, RTL818X_EEPROM_CMD_CONFIG);
 
1032         for (i = 0; i < ETH_ALEN; i++)
 
1033                 rtl818x_iowrite8(priv, &priv->map->MAC[i],
 
1034                                  ((u8 *)conf->mac_addr)[i]);
 
1035         rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, RTL818X_EEPROM_CMD_NORMAL);
 
1038         mutex_unlock(&priv->conf_mutex);
 
1042 static void rtl8187_remove_interface(struct ieee80211_hw *dev,
 
1043                                      struct ieee80211_if_init_conf *conf)
 
1045         struct rtl8187_priv *priv = dev->priv;
 
1046         mutex_lock(&priv->conf_mutex);
 
1047         priv->mode = NL80211_IFTYPE_MONITOR;
 
1049         mutex_unlock(&priv->conf_mutex);
 
1052 static int rtl8187_config(struct ieee80211_hw *dev, u32 changed)
 
1054         struct rtl8187_priv *priv = dev->priv;
 
1055         struct ieee80211_conf *conf = &dev->conf;
 
1058         mutex_lock(&priv->conf_mutex);
 
1059         reg = rtl818x_ioread32(priv, &priv->map->TX_CONF);
 
1060         /* Enable TX loopback on MAC level to avoid TX during channel
 
1061          * changes, as this has be seen to causes problems and the
 
1062          * card will stop work until next reset
 
1064         rtl818x_iowrite32(priv, &priv->map->TX_CONF,
 
1065                           reg | RTL818X_TX_CONF_LOOPBACK_MAC);
 
1066         priv->rf->set_chan(dev, conf);
 
1068         rtl818x_iowrite32(priv, &priv->map->TX_CONF, reg);
 
1070         rtl818x_iowrite16(priv, &priv->map->ATIM_WND, 2);
 
1071         rtl818x_iowrite16(priv, &priv->map->ATIMTR_INTERVAL, 100);
 
1072         rtl818x_iowrite16(priv, &priv->map->BEACON_INTERVAL, 100);
 
1073         rtl818x_iowrite16(priv, &priv->map->BEACON_INTERVAL_TIME, 100);
 
1074         mutex_unlock(&priv->conf_mutex);
 
1078 static int rtl8187_config_interface(struct ieee80211_hw *dev,
 
1079                                     struct ieee80211_vif *vif,
 
1080                                     struct ieee80211_if_conf *conf)
 
1082         struct rtl8187_priv *priv = dev->priv;
 
1086         mutex_lock(&priv->conf_mutex);
 
1087         for (i = 0; i < ETH_ALEN; i++)
 
1088                 rtl818x_iowrite8(priv, &priv->map->BSSID[i], conf->bssid[i]);
 
1090         if (is_valid_ether_addr(conf->bssid)) {
 
1091                 reg = RTL818X_MSR_INFRA;
 
1092                 if (priv->is_rtl8187b)
 
1093                         reg |= RTL818X_MSR_ENEDCA;
 
1094                 rtl818x_iowrite8(priv, &priv->map->MSR, reg);
 
1096                 reg = RTL818X_MSR_NO_LINK;
 
1097                 rtl818x_iowrite8(priv, &priv->map->MSR, reg);
 
1100         mutex_unlock(&priv->conf_mutex);
 
1105  * With 8187B, AC_*_PARAM clashes with FEMR definition in struct rtl818x_csr for
 
1106  * example. Thus we have to use raw values for AC_*_PARAM register addresses.
 
1108 static __le32 *rtl8187b_ac_addr[4] = {
 
1109         (__le32 *) 0xFFF0, /* AC_VO */
 
1110         (__le32 *) 0xFFF4, /* AC_VI */
 
1111         (__le32 *) 0xFFFC, /* AC_BK */
 
1112         (__le32 *) 0xFFF8, /* AC_BE */
 
1115 #define SIFS_TIME 0xa
 
1117 static void rtl8187_conf_erp(struct rtl8187_priv *priv, bool use_short_slot,
 
1118                              bool use_short_preamble)
 
1120         if (priv->is_rtl8187b) {
 
1125                 if (use_short_slot) {
 
1126                         priv->slot_time = 0x9;
 
1130                         priv->slot_time = 0x14;
 
1134                 rtl818x_iowrite8(priv, &priv->map->SIFS, 0x22);
 
1135                 rtl818x_iowrite8(priv, &priv->map->SLOT, priv->slot_time);
 
1136                 rtl818x_iowrite8(priv, &priv->map->DIFS, difs);
 
1139                  * BRSR+1 on 8187B is in fact EIFS register
 
1140                  * Value in units of 4 us
 
1142                 rtl818x_iowrite8(priv, (u8 *)&priv->map->BRSR + 1, eifs);
 
1145                  * For 8187B, CARRIER_SENSE_COUNTER is in fact ack timeout
 
1146                  * register. In units of 4 us like eifs register
 
1147                  * ack_timeout = ack duration + plcp + difs + preamble
 
1149                 ack_timeout = 112 + 48 + difs;
 
1150                 if (use_short_preamble)
 
1154                 rtl818x_iowrite8(priv, &priv->map->CARRIER_SENSE_COUNTER,
 
1155                                  DIV_ROUND_UP(ack_timeout, 4));
 
1157                 for (queue = 0; queue < 4; queue++)
 
1158                         rtl818x_iowrite8(priv, (u8 *) rtl8187b_ac_addr[queue],
 
1159                                          priv->aifsn[queue] * priv->slot_time +
 
1162                 rtl818x_iowrite8(priv, &priv->map->SIFS, 0x22);
 
1163                 if (use_short_slot) {
 
1164                         rtl818x_iowrite8(priv, &priv->map->SLOT, 0x9);
 
1165                         rtl818x_iowrite8(priv, &priv->map->DIFS, 0x14);
 
1166                         rtl818x_iowrite8(priv, &priv->map->EIFS, 91 - 0x14);
 
1168                         rtl818x_iowrite8(priv, &priv->map->SLOT, 0x14);
 
1169                         rtl818x_iowrite8(priv, &priv->map->DIFS, 0x24);
 
1170                         rtl818x_iowrite8(priv, &priv->map->EIFS, 91 - 0x24);
 
1175 static void rtl8187_bss_info_changed(struct ieee80211_hw *dev,
 
1176                                      struct ieee80211_vif *vif,
 
1177                                      struct ieee80211_bss_conf *info,
 
1180         struct rtl8187_priv *priv = dev->priv;
 
1182         if (changed & (BSS_CHANGED_ERP_SLOT | BSS_CHANGED_ERP_PREAMBLE))
 
1183                 rtl8187_conf_erp(priv, info->use_short_slot,
 
1184                                  info->use_short_preamble);
 
1187 static void rtl8187_configure_filter(struct ieee80211_hw *dev,
 
1188                                      unsigned int changed_flags,
 
1189                                      unsigned int *total_flags,
 
1190                                      int mc_count, struct dev_addr_list *mclist)
 
1192         struct rtl8187_priv *priv = dev->priv;
 
1194         if (changed_flags & FIF_FCSFAIL)
 
1195                 priv->rx_conf ^= RTL818X_RX_CONF_FCS;
 
1196         if (changed_flags & FIF_CONTROL)
 
1197                 priv->rx_conf ^= RTL818X_RX_CONF_CTRL;
 
1198         if (changed_flags & FIF_OTHER_BSS)
 
1199                 priv->rx_conf ^= RTL818X_RX_CONF_MONITOR;
 
1200         if (*total_flags & FIF_ALLMULTI || mc_count > 0)
 
1201                 priv->rx_conf |= RTL818X_RX_CONF_MULTICAST;
 
1203                 priv->rx_conf &= ~RTL818X_RX_CONF_MULTICAST;
 
1207         if (priv->rx_conf & RTL818X_RX_CONF_FCS)
 
1208                 *total_flags |= FIF_FCSFAIL;
 
1209         if (priv->rx_conf & RTL818X_RX_CONF_CTRL)
 
1210                 *total_flags |= FIF_CONTROL;
 
1211         if (priv->rx_conf & RTL818X_RX_CONF_MONITOR)
 
1212                 *total_flags |= FIF_OTHER_BSS;
 
1213         if (priv->rx_conf & RTL818X_RX_CONF_MULTICAST)
 
1214                 *total_flags |= FIF_ALLMULTI;
 
1216         rtl818x_iowrite32_async(priv, &priv->map->RX_CONF, priv->rx_conf);
 
1219 static int rtl8187_conf_tx(struct ieee80211_hw *dev, u16 queue,
 
1220                            const struct ieee80211_tx_queue_params *params)
 
1222         struct rtl8187_priv *priv = dev->priv;
 
1228         cw_min = fls(params->cw_min);
 
1229         cw_max = fls(params->cw_max);
 
1231         if (priv->is_rtl8187b) {
 
1232                 priv->aifsn[queue] = params->aifs;
 
1235                  * This is the structure of AC_*_PARAM registers in 8187B:
 
1236                  * - TXOP limit field, bit offset = 16
 
1237                  * - ECWmax, bit offset = 12
 
1238                  * - ECWmin, bit offset = 8
 
1239                  * - AIFS, bit offset = 0
 
1241                 rtl818x_iowrite32(priv, rtl8187b_ac_addr[queue],
 
1242                                   (params->txop << 16) | (cw_max << 12) |
 
1243                                   (cw_min << 8) | (params->aifs *
 
1244                                   priv->slot_time + SIFS_TIME));
 
1249                 rtl818x_iowrite8(priv, &priv->map->CW_VAL,
 
1250                                  cw_min | (cw_max << 4));
 
1255 static const struct ieee80211_ops rtl8187_ops = {
 
1257         .start                  = rtl8187_start,
 
1258         .stop                   = rtl8187_stop,
 
1259         .add_interface          = rtl8187_add_interface,
 
1260         .remove_interface       = rtl8187_remove_interface,
 
1261         .config                 = rtl8187_config,
 
1262         .config_interface       = rtl8187_config_interface,
 
1263         .bss_info_changed       = rtl8187_bss_info_changed,
 
1264         .configure_filter       = rtl8187_configure_filter,
 
1265         .conf_tx                = rtl8187_conf_tx
 
1268 static void rtl8187_eeprom_register_read(struct eeprom_93cx6 *eeprom)
 
1270         struct ieee80211_hw *dev = eeprom->data;
 
1271         struct rtl8187_priv *priv = dev->priv;
 
1272         u8 reg = rtl818x_ioread8(priv, &priv->map->EEPROM_CMD);
 
1274         eeprom->reg_data_in = reg & RTL818X_EEPROM_CMD_WRITE;
 
1275         eeprom->reg_data_out = reg & RTL818X_EEPROM_CMD_READ;
 
1276         eeprom->reg_data_clock = reg & RTL818X_EEPROM_CMD_CK;
 
1277         eeprom->reg_chip_select = reg & RTL818X_EEPROM_CMD_CS;
 
1280 static void rtl8187_eeprom_register_write(struct eeprom_93cx6 *eeprom)
 
1282         struct ieee80211_hw *dev = eeprom->data;
 
1283         struct rtl8187_priv *priv = dev->priv;
 
1284         u8 reg = RTL818X_EEPROM_CMD_PROGRAM;
 
1286         if (eeprom->reg_data_in)
 
1287                 reg |= RTL818X_EEPROM_CMD_WRITE;
 
1288         if (eeprom->reg_data_out)
 
1289                 reg |= RTL818X_EEPROM_CMD_READ;
 
1290         if (eeprom->reg_data_clock)
 
1291                 reg |= RTL818X_EEPROM_CMD_CK;
 
1292         if (eeprom->reg_chip_select)
 
1293                 reg |= RTL818X_EEPROM_CMD_CS;
 
1295         rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, reg);
 
1299 static int __devinit rtl8187_probe(struct usb_interface *intf,
 
1300                                    const struct usb_device_id *id)
 
1302         struct usb_device *udev = interface_to_usbdev(intf);
 
1303         struct ieee80211_hw *dev;
 
1304         struct rtl8187_priv *priv;
 
1305         struct eeprom_93cx6 eeprom;
 
1306         struct ieee80211_channel *channel;
 
1307         const char *chip_name;
 
1311         dev = ieee80211_alloc_hw(sizeof(*priv), &rtl8187_ops);
 
1313                 printk(KERN_ERR "rtl8187: ieee80211 alloc failed\n");
 
1318         priv->is_rtl8187b = (id->driver_info == DEVICE_RTL8187B);
 
1320         SET_IEEE80211_DEV(dev, &intf->dev);
 
1321         usb_set_intfdata(intf, dev);
 
1326         skb_queue_head_init(&priv->rx_queue);
 
1328         BUILD_BUG_ON(sizeof(priv->channels) != sizeof(rtl818x_channels));
 
1329         BUILD_BUG_ON(sizeof(priv->rates) != sizeof(rtl818x_rates));
 
1331         memcpy(priv->channels, rtl818x_channels, sizeof(rtl818x_channels));
 
1332         memcpy(priv->rates, rtl818x_rates, sizeof(rtl818x_rates));
 
1333         priv->map = (struct rtl818x_csr *)0xFF00;
 
1335         priv->band.band = IEEE80211_BAND_2GHZ;
 
1336         priv->band.channels = priv->channels;
 
1337         priv->band.n_channels = ARRAY_SIZE(rtl818x_channels);
 
1338         priv->band.bitrates = priv->rates;
 
1339         priv->band.n_bitrates = ARRAY_SIZE(rtl818x_rates);
 
1340         dev->wiphy->bands[IEEE80211_BAND_2GHZ] = &priv->band;
 
1343         priv->mode = NL80211_IFTYPE_MONITOR;
 
1344         dev->flags = IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING |
 
1345                      IEEE80211_HW_SIGNAL_DBM |
 
1346                      IEEE80211_HW_RX_INCLUDES_FCS;
 
1349         eeprom.register_read = rtl8187_eeprom_register_read;
 
1350         eeprom.register_write = rtl8187_eeprom_register_write;
 
1351         if (rtl818x_ioread32(priv, &priv->map->RX_CONF) & (1 << 6))
 
1352                 eeprom.width = PCI_EEPROM_WIDTH_93C66;
 
1354                 eeprom.width = PCI_EEPROM_WIDTH_93C46;
 
1356         rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, RTL818X_EEPROM_CMD_CONFIG);
 
1359         eeprom_93cx6_multiread(&eeprom, RTL8187_EEPROM_MAC_ADDR,
 
1360                                (__le16 __force *)dev->wiphy->perm_addr, 3);
 
1361         if (!is_valid_ether_addr(dev->wiphy->perm_addr)) {
 
1362                 printk(KERN_WARNING "rtl8187: Invalid hwaddr! Using randomly "
 
1363                        "generated MAC address\n");
 
1364                 random_ether_addr(dev->wiphy->perm_addr);
 
1367         channel = priv->channels;
 
1368         for (i = 0; i < 3; i++) {
 
1369                 eeprom_93cx6_read(&eeprom, RTL8187_EEPROM_TXPWR_CHAN_1 + i,
 
1371                 (*channel++).hw_value = txpwr & 0xFF;
 
1372                 (*channel++).hw_value = txpwr >> 8;
 
1374         for (i = 0; i < 2; i++) {
 
1375                 eeprom_93cx6_read(&eeprom, RTL8187_EEPROM_TXPWR_CHAN_4 + i,
 
1377                 (*channel++).hw_value = txpwr & 0xFF;
 
1378                 (*channel++).hw_value = txpwr >> 8;
 
1381         eeprom_93cx6_read(&eeprom, RTL8187_EEPROM_TXPWR_BASE,
 
1384         reg = rtl818x_ioread8(priv, &priv->map->PGSELECT) & ~1;
 
1385         rtl818x_iowrite8(priv, &priv->map->PGSELECT, reg | 1);
 
1386         /* 0 means asic B-cut, we should use SW 3 wire
 
1387          * bit-by-bit banging for radio. 1 means we can use
 
1388          * USB specific request to write radio registers */
 
1389         priv->asic_rev = rtl818x_ioread8(priv, (u8 *)0xFFFE) & 0x3;
 
1390         rtl818x_iowrite8(priv, &priv->map->PGSELECT, reg);
 
1391         rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, RTL818X_EEPROM_CMD_NORMAL);
 
1393         if (!priv->is_rtl8187b) {
 
1395                 reg32 = rtl818x_ioread32(priv, &priv->map->TX_CONF);
 
1396                 reg32 &= RTL818X_TX_CONF_HWVER_MASK;
 
1398                 case RTL818X_TX_CONF_R8187vD_B:
 
1399                         /* Some RTL8187B devices have a USB ID of 0x8187
 
1400                          * detect them here */
 
1401                         chip_name = "RTL8187BvB(early)";
 
1402                         priv->is_rtl8187b = 1;
 
1403                         priv->hw_rev = RTL8187BvB;
 
1405                 case RTL818X_TX_CONF_R8187vD:
 
1406                         chip_name = "RTL8187vD";
 
1409                         chip_name = "RTL8187vB (default)";
 
1413                  * Force USB request to write radio registers for 8187B, Realtek
 
1414                  * only uses it in their sources
 
1416                 /*if (priv->asic_rev == 0) {
 
1417                         printk(KERN_WARNING "rtl8187: Forcing use of USB "
 
1418                                "requests to write to radio registers\n");
 
1421                 switch (rtl818x_ioread8(priv, (u8 *)0xFFE1)) {
 
1422                 case RTL818X_R8187B_B:
 
1423                         chip_name = "RTL8187BvB";
 
1424                         priv->hw_rev = RTL8187BvB;
 
1426                 case RTL818X_R8187B_D:
 
1427                         chip_name = "RTL8187BvD";
 
1428                         priv->hw_rev = RTL8187BvD;
 
1430                 case RTL818X_R8187B_E:
 
1431                         chip_name = "RTL8187BvE";
 
1432                         priv->hw_rev = RTL8187BvE;
 
1435                         chip_name = "RTL8187BvB (default)";
 
1436                         priv->hw_rev = RTL8187BvB;
 
1440         if (!priv->is_rtl8187b) {
 
1441                 for (i = 0; i < 2; i++) {
 
1442                         eeprom_93cx6_read(&eeprom,
 
1443                                           RTL8187_EEPROM_TXPWR_CHAN_6 + i,
 
1445                         (*channel++).hw_value = txpwr & 0xFF;
 
1446                         (*channel++).hw_value = txpwr >> 8;
 
1449                 eeprom_93cx6_read(&eeprom, RTL8187_EEPROM_TXPWR_CHAN_6,
 
1451                 (*channel++).hw_value = txpwr & 0xFF;
 
1453                 eeprom_93cx6_read(&eeprom, 0x0A, &txpwr);
 
1454                 (*channel++).hw_value = txpwr & 0xFF;
 
1456                 eeprom_93cx6_read(&eeprom, 0x1C, &txpwr);
 
1457                 (*channel++).hw_value = txpwr & 0xFF;
 
1458                 (*channel++).hw_value = txpwr >> 8;
 
1461         if (priv->is_rtl8187b)
 
1462                 printk(KERN_WARNING "rtl8187: 8187B chip detected.\n");
 
1465          * XXX: Once this driver supports anything that requires
 
1466          *      beacons it must implement IEEE80211_TX_CTL_ASSIGN_SEQ.
 
1468         dev->wiphy->interface_modes = BIT(NL80211_IFTYPE_STATION);
 
1470         if ((id->driver_info == DEVICE_RTL8187) && priv->is_rtl8187b)
 
1471                 printk(KERN_INFO "rtl8187: inconsistency between id with OEM"
 
1474         priv->rf = rtl8187_detect_rf(dev);
 
1475         dev->extra_tx_headroom = (!priv->is_rtl8187b) ?
 
1476                                   sizeof(struct rtl8187_tx_hdr) :
 
1477                                   sizeof(struct rtl8187b_tx_hdr);
 
1478         if (!priv->is_rtl8187b)
 
1483         err = ieee80211_register_hw(dev);
 
1485                 printk(KERN_ERR "rtl8187: Cannot register device\n");
 
1488         mutex_init(&priv->conf_mutex);
 
1489         skb_queue_head_init(&priv->b_tx_status.queue);
 
1491         printk(KERN_INFO "%s: hwaddr %pM, %s V%d + %s\n",
 
1492                wiphy_name(dev->wiphy), dev->wiphy->perm_addr,
 
1493                chip_name, priv->asic_rev, priv->rf->name);
 
1498         ieee80211_free_hw(dev);
 
1499         usb_set_intfdata(intf, NULL);
 
1504 static void __devexit rtl8187_disconnect(struct usb_interface *intf)
 
1506         struct ieee80211_hw *dev = usb_get_intfdata(intf);
 
1507         struct rtl8187_priv *priv;
 
1512         ieee80211_unregister_hw(dev);
 
1515         usb_reset_device(priv->udev);
 
1516         usb_put_dev(interface_to_usbdev(intf));
 
1517         ieee80211_free_hw(dev);
 
1520 static struct usb_driver rtl8187_driver = {
 
1521         .name           = KBUILD_MODNAME,
 
1522         .id_table       = rtl8187_table,
 
1523         .probe          = rtl8187_probe,
 
1524         .disconnect     = __devexit_p(rtl8187_disconnect),
 
1527 static int __init rtl8187_init(void)
 
1529         return usb_register(&rtl8187_driver);
 
1532 static void __exit rtl8187_exit(void)
 
1534         usb_deregister(&rtl8187_driver);
 
1537 module_init(rtl8187_init);
 
1538 module_exit(rtl8187_exit);