[PATCH] zd1201: avoid null ptr access of skb->dev
[linux-2.6] / drivers / net / wireless / prism54 / islpci_dev.c
1 /*
2  *  Copyright (C) 2002 Intersil Americas Inc.
3  *  Copyright (C) 2003 Herbert Valerio Riedel <hvr@gnu.org>
4  *  Copyright (C) 2003 Luis R. Rodriguez <mcgrof@ruslug.rutgers.edu>
5  *
6  *  This program is free software; you can redistribute it and/or modify
7  *  it under the terms of the GNU General Public License as published by
8  *  the Free Software Foundation; either version 2 of the License
9  *
10  *  This program is distributed in the hope that it will be useful,
11  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
12  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13  *  GNU General Public License for more details.
14  *
15  *  You should have received a copy of the GNU General Public License
16  *  along with this program; if not, write to the Free Software
17  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
18  *
19  */
20
21 #include <linux/module.h>
22
23 #include <linux/netdevice.h>
24 #include <linux/ethtool.h>
25 #include <linux/pci.h>
26 #include <linux/etherdevice.h>
27 #include <linux/delay.h>
28 #include <linux/if_arp.h>
29
30 #include <asm/io.h>
31
32 #include "prismcompat.h"
33 #include "isl_38xx.h"
34 #include "isl_ioctl.h"
35 #include "islpci_dev.h"
36 #include "islpci_mgt.h"
37 #include "islpci_eth.h"
38 #include "oid_mgt.h"
39
40 #define ISL3877_IMAGE_FILE      "isl3877"
41 #define ISL3886_IMAGE_FILE      "isl3886"
42 #define ISL3890_IMAGE_FILE      "isl3890"
43
44 static int prism54_bring_down(islpci_private *);
45 static int islpci_alloc_memory(islpci_private *);
46 static struct net_device_stats *islpci_statistics(struct net_device *);
47
48 /* Temporary dummy MAC address to use until firmware is loaded.
49  * The idea there is that some tools (such as nameif) may query
50  * the MAC address before the netdev is 'open'. By using a valid
51  * OUI prefix, they can process the netdev properly.
52  * Of course, this is not the final/real MAC address. It doesn't
53  * matter, as you are suppose to be able to change it anytime via
54  * ndev->set_mac_address. Jean II */
55 static const unsigned char      dummy_mac[6] = { 0x00, 0x30, 0xB4, 0x00, 0x00, 0x00 };
56
57 static int
58 isl_upload_firmware(islpci_private *priv)
59 {
60         u32 reg, rc;
61         void __iomem *device_base = priv->device_base;
62
63         /* clear the RAMBoot and the Reset bit */
64         reg = readl(device_base + ISL38XX_CTRL_STAT_REG);
65         reg &= ~ISL38XX_CTRL_STAT_RESET;
66         reg &= ~ISL38XX_CTRL_STAT_RAMBOOT;
67         writel(reg, device_base + ISL38XX_CTRL_STAT_REG);
68         wmb();
69         udelay(ISL38XX_WRITEIO_DELAY);
70
71         /* set the Reset bit without reading the register ! */
72         reg |= ISL38XX_CTRL_STAT_RESET;
73         writel(reg, device_base + ISL38XX_CTRL_STAT_REG);
74         wmb();
75         udelay(ISL38XX_WRITEIO_DELAY);
76
77         /* clear the Reset bit */
78         reg &= ~ISL38XX_CTRL_STAT_RESET;
79         writel(reg, device_base + ISL38XX_CTRL_STAT_REG);
80         wmb();
81
82         /* wait a while for the device to reboot */
83         mdelay(50);
84
85         {
86                 const struct firmware *fw_entry = NULL;
87                 long fw_len;
88                 const u32 *fw_ptr;
89
90                 rc = request_firmware(&fw_entry, priv->firmware, PRISM_FW_PDEV);
91                 if (rc) {
92                         printk(KERN_ERR
93                                "%s: request_firmware() failed for '%s'\n",
94                                "prism54", priv->firmware);
95                         return rc;
96                 }
97                 /* prepare the Direct Memory Base register */
98                 reg = ISL38XX_DEV_FIRMWARE_ADDRES;
99
100                 fw_ptr = (u32 *) fw_entry->data;
101                 fw_len = fw_entry->size;
102
103                 if (fw_len % 4) {
104                         printk(KERN_ERR
105                                "%s: firmware '%s' size is not multiple of 32bit, aborting!\n",
106                                "prism54", priv->firmware);
107                         release_firmware(fw_entry);
108                         return -EILSEQ; /* Illegal byte sequence  */;
109                 }
110
111                 while (fw_len > 0) {
112                         long _fw_len =
113                             (fw_len >
114                              ISL38XX_MEMORY_WINDOW_SIZE) ?
115                             ISL38XX_MEMORY_WINDOW_SIZE : fw_len;
116                         u32 __iomem *dev_fw_ptr = device_base + ISL38XX_DIRECT_MEM_WIN;
117
118                         /* set the card's base address for writing the data */
119                         isl38xx_w32_flush(device_base, reg,
120                                           ISL38XX_DIR_MEM_BASE_REG);
121                         wmb();  /* be paranoid */
122
123                         /* increment the write address for next iteration */
124                         reg += _fw_len;
125                         fw_len -= _fw_len;
126
127                         /* write the data to the Direct Memory Window 32bit-wise */
128                         /* memcpy_toio() doesn't guarantee 32bit writes :-| */
129                         while (_fw_len > 0) {
130                                 /* use non-swapping writel() */
131                                 __raw_writel(*fw_ptr, dev_fw_ptr);
132                                 fw_ptr++, dev_fw_ptr++;
133                                 _fw_len -= 4;
134                         }
135
136                         /* flush PCI posting */
137                         (void) readl(device_base + ISL38XX_PCI_POSTING_FLUSH);
138                         wmb();  /* be paranoid again */
139
140                         BUG_ON(_fw_len != 0);
141                 }
142
143                 BUG_ON(fw_len != 0);
144
145                 /* Firmware version is at offset 40 (also for "newmac") */
146                 printk(KERN_DEBUG "%s: firmware version: %.8s\n",
147                        priv->ndev->name, fw_entry->data + 40);
148
149                 release_firmware(fw_entry);
150         }
151
152         /* now reset the device
153          * clear the Reset & ClkRun bit, set the RAMBoot bit */
154         reg = readl(device_base + ISL38XX_CTRL_STAT_REG);
155         reg &= ~ISL38XX_CTRL_STAT_CLKRUN;
156         reg &= ~ISL38XX_CTRL_STAT_RESET;
157         reg |= ISL38XX_CTRL_STAT_RAMBOOT;
158         isl38xx_w32_flush(device_base, reg, ISL38XX_CTRL_STAT_REG);
159         wmb();
160         udelay(ISL38XX_WRITEIO_DELAY);
161
162         /* set the reset bit latches the host override and RAMBoot bits
163          * into the device for operation when the reset bit is reset */
164         reg |= ISL38XX_CTRL_STAT_RESET;
165         writel(reg, device_base + ISL38XX_CTRL_STAT_REG);
166         /* don't do flush PCI posting here! */
167         wmb();
168         udelay(ISL38XX_WRITEIO_DELAY);
169
170         /* clear the reset bit should start the whole circus */
171         reg &= ~ISL38XX_CTRL_STAT_RESET;
172         writel(reg, device_base + ISL38XX_CTRL_STAT_REG);
173         /* don't do flush PCI posting here! */
174         wmb();
175         udelay(ISL38XX_WRITEIO_DELAY);
176
177         return 0;
178 }
179
180 /******************************************************************************
181     Device Interrupt Handler
182 ******************************************************************************/
183
184 irqreturn_t
185 islpci_interrupt(int irq, void *config)
186 {
187         u32 reg;
188         islpci_private *priv = config;
189         struct net_device *ndev = priv->ndev;
190         void __iomem *device = priv->device_base;
191         int powerstate = ISL38XX_PSM_POWERSAVE_STATE;
192
193         /* lock the interrupt handler */
194         spin_lock(&priv->slock);
195
196         /* received an interrupt request on a shared IRQ line
197          * first check whether the device is in sleep mode */
198         reg = readl(device + ISL38XX_CTRL_STAT_REG);
199         if (reg & ISL38XX_CTRL_STAT_SLEEPMODE)
200                 /* device is in sleep mode, IRQ was generated by someone else */
201         {
202 #if VERBOSE > SHOW_ERROR_MESSAGES
203                 DEBUG(SHOW_TRACING, "Assuming someone else called the IRQ\n");
204 #endif
205                 spin_unlock(&priv->slock);
206                 return IRQ_NONE;
207         }
208
209
210         /* check whether there is any source of interrupt on the device */
211         reg = readl(device + ISL38XX_INT_IDENT_REG);
212
213         /* also check the contents of the Interrupt Enable Register, because this
214          * will filter out interrupt sources from other devices on the same irq ! */
215         reg &= readl(device + ISL38XX_INT_EN_REG);
216         reg &= ISL38XX_INT_SOURCES;
217
218         if (reg != 0) {
219                 if (islpci_get_state(priv) != PRV_STATE_SLEEP)
220                         powerstate = ISL38XX_PSM_ACTIVE_STATE;
221
222                 /* reset the request bits in the Identification register */
223                 isl38xx_w32_flush(device, reg, ISL38XX_INT_ACK_REG);
224
225 #if VERBOSE > SHOW_ERROR_MESSAGES
226                 DEBUG(SHOW_FUNCTION_CALLS,
227                       "IRQ: Identification register 0x%p 0x%x \n", device, reg);
228 #endif
229
230                 /* check for each bit in the register separately */
231                 if (reg & ISL38XX_INT_IDENT_UPDATE) {
232 #if VERBOSE > SHOW_ERROR_MESSAGES
233                         /* Queue has been updated */
234                         DEBUG(SHOW_TRACING, "IRQ: Update flag \n");
235
236                         DEBUG(SHOW_QUEUE_INDEXES,
237                               "CB drv Qs: [%i][%i][%i][%i][%i][%i]\n",
238                               le32_to_cpu(priv->control_block->
239                                           driver_curr_frag[0]),
240                               le32_to_cpu(priv->control_block->
241                                           driver_curr_frag[1]),
242                               le32_to_cpu(priv->control_block->
243                                           driver_curr_frag[2]),
244                               le32_to_cpu(priv->control_block->
245                                           driver_curr_frag[3]),
246                               le32_to_cpu(priv->control_block->
247                                           driver_curr_frag[4]),
248                               le32_to_cpu(priv->control_block->
249                                           driver_curr_frag[5])
250                             );
251
252                         DEBUG(SHOW_QUEUE_INDEXES,
253                               "CB dev Qs: [%i][%i][%i][%i][%i][%i]\n",
254                               le32_to_cpu(priv->control_block->
255                                           device_curr_frag[0]),
256                               le32_to_cpu(priv->control_block->
257                                           device_curr_frag[1]),
258                               le32_to_cpu(priv->control_block->
259                                           device_curr_frag[2]),
260                               le32_to_cpu(priv->control_block->
261                                           device_curr_frag[3]),
262                               le32_to_cpu(priv->control_block->
263                                           device_curr_frag[4]),
264                               le32_to_cpu(priv->control_block->
265                                           device_curr_frag[5])
266                             );
267 #endif
268
269                         /* cleanup the data low transmit queue */
270                         islpci_eth_cleanup_transmit(priv, priv->control_block);
271
272                         /* device is in active state, update the
273                          * powerstate flag if necessary */
274                         powerstate = ISL38XX_PSM_ACTIVE_STATE;
275
276                         /* check all three queues in priority order
277                          * call the PIMFOR receive function until the
278                          * queue is empty */
279                         if (isl38xx_in_queue(priv->control_block,
280                                                 ISL38XX_CB_RX_MGMTQ) != 0) {
281 #if VERBOSE > SHOW_ERROR_MESSAGES
282                                 DEBUG(SHOW_TRACING,
283                                       "Received frame in Management Queue\n");
284 #endif
285                                 islpci_mgt_receive(ndev);
286
287                                 islpci_mgt_cleanup_transmit(ndev);
288
289                                 /* Refill slots in receive queue */
290                                 islpci_mgmt_rx_fill(ndev);
291
292                                 /* no need to trigger the device, next
293                                    islpci_mgt_transaction does it */
294                         }
295
296                         while (isl38xx_in_queue(priv->control_block,
297                                                 ISL38XX_CB_RX_DATA_LQ) != 0) {
298 #if VERBOSE > SHOW_ERROR_MESSAGES
299                                 DEBUG(SHOW_TRACING,
300                                       "Received frame in Data Low Queue \n");
301 #endif
302                                 islpci_eth_receive(priv);
303                         }
304
305                         /* check whether the data transmit queues were full */
306                         if (priv->data_low_tx_full) {
307                                 /* check whether the transmit is not full anymore */
308                                 if (ISL38XX_CB_TX_QSIZE -
309                                     isl38xx_in_queue(priv->control_block,
310                                                      ISL38XX_CB_TX_DATA_LQ) >=
311                                     ISL38XX_MIN_QTHRESHOLD) {
312                                         /* nope, the driver is ready for more network frames */
313                                         netif_wake_queue(priv->ndev);
314
315                                         /* reset the full flag */
316                                         priv->data_low_tx_full = 0;
317                                 }
318                         }
319                 }
320
321                 if (reg & ISL38XX_INT_IDENT_INIT) {
322                         /* Device has been initialized */
323 #if VERBOSE > SHOW_ERROR_MESSAGES
324                         DEBUG(SHOW_TRACING,
325                               "IRQ: Init flag, device initialized \n");
326 #endif
327                         wake_up(&priv->reset_done);
328                 }
329
330                 if (reg & ISL38XX_INT_IDENT_SLEEP) {
331                         /* Device intends to move to powersave state */
332 #if VERBOSE > SHOW_ERROR_MESSAGES
333                         DEBUG(SHOW_TRACING, "IRQ: Sleep flag \n");
334 #endif
335                         isl38xx_handle_sleep_request(priv->control_block,
336                                                      &powerstate,
337                                                      priv->device_base);
338                 }
339
340                 if (reg & ISL38XX_INT_IDENT_WAKEUP) {
341                         /* Device has been woken up to active state */
342 #if VERBOSE > SHOW_ERROR_MESSAGES
343                         DEBUG(SHOW_TRACING, "IRQ: Wakeup flag \n");
344 #endif
345
346                         isl38xx_handle_wakeup(priv->control_block,
347                                               &powerstate, priv->device_base);
348                 }
349         } else {
350 #if VERBOSE > SHOW_ERROR_MESSAGES
351                 DEBUG(SHOW_TRACING, "Assuming someone else called the IRQ\n");
352 #endif
353                 spin_unlock(&priv->slock);
354                 return IRQ_NONE;
355         }
356
357         /* sleep -> ready */
358         if (islpci_get_state(priv) == PRV_STATE_SLEEP
359             && powerstate == ISL38XX_PSM_ACTIVE_STATE)
360                 islpci_set_state(priv, PRV_STATE_READY);
361
362         /* !sleep -> sleep */
363         if (islpci_get_state(priv) != PRV_STATE_SLEEP
364             && powerstate == ISL38XX_PSM_POWERSAVE_STATE)
365                 islpci_set_state(priv, PRV_STATE_SLEEP);
366
367         /* unlock the interrupt handler */
368         spin_unlock(&priv->slock);
369
370         return IRQ_HANDLED;
371 }
372
373 /******************************************************************************
374     Network Interface Control & Statistical functions
375 ******************************************************************************/
376 static int
377 islpci_open(struct net_device *ndev)
378 {
379         u32 rc;
380         islpci_private *priv = netdev_priv(ndev);
381
382         /* reset data structures, upload firmware and reset device */
383         rc = islpci_reset(priv,1);
384         if (rc) {
385                 prism54_bring_down(priv);
386                 return rc; /* Returns informative message */
387         }
388
389         netif_start_queue(ndev);
390 /*      netif_mark_up( ndev ); */
391
392         return 0;
393 }
394
395 static int
396 islpci_close(struct net_device *ndev)
397 {
398         islpci_private *priv = netdev_priv(ndev);
399
400         printk(KERN_DEBUG "%s: islpci_close ()\n", ndev->name);
401
402         netif_stop_queue(ndev);
403
404         return prism54_bring_down(priv);
405 }
406
407 static int
408 prism54_bring_down(islpci_private *priv)
409 {
410         void __iomem *device_base = priv->device_base;
411         u32 reg;
412         /* we are going to shutdown the device */
413         islpci_set_state(priv, PRV_STATE_PREBOOT);
414
415         /* disable all device interrupts in case they weren't */
416         isl38xx_disable_interrupts(priv->device_base);
417
418         /* For safety reasons, we may want to ensure that no DMA transfer is
419          * currently in progress by emptying the TX and RX queues. */
420
421         /* wait until interrupts have finished executing on other CPUs */
422         synchronize_irq(priv->pdev->irq);
423
424         reg = readl(device_base + ISL38XX_CTRL_STAT_REG);
425         reg &= ~(ISL38XX_CTRL_STAT_RESET | ISL38XX_CTRL_STAT_RAMBOOT);
426         writel(reg, device_base + ISL38XX_CTRL_STAT_REG);
427         wmb();
428         udelay(ISL38XX_WRITEIO_DELAY);
429
430         reg |= ISL38XX_CTRL_STAT_RESET;
431         writel(reg, device_base + ISL38XX_CTRL_STAT_REG);
432         wmb();
433         udelay(ISL38XX_WRITEIO_DELAY);
434
435         /* clear the Reset bit */
436         reg &= ~ISL38XX_CTRL_STAT_RESET;
437         writel(reg, device_base + ISL38XX_CTRL_STAT_REG);
438         wmb();
439
440         /* wait a while for the device to reset */
441         schedule_timeout_uninterruptible(msecs_to_jiffies(50));
442
443         return 0;
444 }
445
446 static int
447 islpci_upload_fw(islpci_private *priv)
448 {
449         islpci_state_t old_state;
450         u32 rc;
451
452         old_state = islpci_set_state(priv, PRV_STATE_BOOT);
453
454         printk(KERN_DEBUG "%s: uploading firmware...\n", priv->ndev->name);
455
456         rc = isl_upload_firmware(priv);
457         if (rc) {
458                 /* error uploading the firmware */
459                 printk(KERN_ERR "%s: could not upload firmware ('%s')\n",
460                        priv->ndev->name, priv->firmware);
461
462                 islpci_set_state(priv, old_state);
463                 return rc;
464         }
465
466         printk(KERN_DEBUG "%s: firmware upload complete\n",
467                priv->ndev->name);
468
469         islpci_set_state(priv, PRV_STATE_POSTBOOT);
470
471         return 0;
472 }
473
474 static int
475 islpci_reset_if(islpci_private *priv)
476 {
477         long remaining;
478         int result = -ETIME;
479         int count;
480
481         DEFINE_WAIT(wait);
482         prepare_to_wait(&priv->reset_done, &wait, TASK_UNINTERRUPTIBLE);
483
484         /* now the last step is to reset the interface */
485         isl38xx_interface_reset(priv->device_base, priv->device_host_address);
486         islpci_set_state(priv, PRV_STATE_PREINIT);
487
488         for(count = 0; count < 2 && result; count++) {
489                 /* The software reset acknowledge needs about 220 msec here.
490                  * Be conservative and wait for up to one second. */
491
492                 remaining = schedule_timeout_uninterruptible(HZ);
493
494                 if(remaining > 0) {
495                         result = 0;
496                         break;
497                 }
498
499                 /* If we're here it's because our IRQ hasn't yet gone through.
500                  * Retry a bit more...
501                  */
502                 printk(KERN_ERR "%s: no 'reset complete' IRQ seen - retrying\n",
503                         priv->ndev->name);
504         }
505
506         finish_wait(&priv->reset_done, &wait);
507
508         if (result) {
509                 printk(KERN_ERR "%s: interface reset failure\n", priv->ndev->name);
510                 return result;
511         }
512
513         islpci_set_state(priv, PRV_STATE_INIT);
514
515         /* Now that the device is 100% up, let's allow
516          * for the other interrupts --
517          * NOTE: this is not *yet* true since we've only allowed the
518          * INIT interrupt on the IRQ line. We can perhaps poll
519          * the IRQ line until we know for sure the reset went through */
520         isl38xx_enable_common_interrupts(priv->device_base);
521
522         down_write(&priv->mib_sem);
523         result = mgt_commit(priv);
524         if (result) {
525                 printk(KERN_ERR "%s: interface reset failure\n", priv->ndev->name);
526                 up_write(&priv->mib_sem);
527                 return result;
528         }
529         up_write(&priv->mib_sem);
530
531         islpci_set_state(priv, PRV_STATE_READY);
532
533         printk(KERN_DEBUG "%s: interface reset complete\n", priv->ndev->name);
534         return 0;
535 }
536
537 int
538 islpci_reset(islpci_private *priv, int reload_firmware)
539 {
540         isl38xx_control_block *cb =    /* volatile not needed */
541                 (isl38xx_control_block *) priv->control_block;
542         unsigned counter;
543         int rc;
544
545         if (reload_firmware)
546                 islpci_set_state(priv, PRV_STATE_PREBOOT);
547         else
548                 islpci_set_state(priv, PRV_STATE_POSTBOOT);
549
550         printk(KERN_DEBUG "%s: resetting device...\n", priv->ndev->name);
551
552         /* disable all device interrupts in case they weren't */
553         isl38xx_disable_interrupts(priv->device_base);
554
555         /* flush all management queues */
556         priv->index_mgmt_tx = 0;
557         priv->index_mgmt_rx = 0;
558
559         /* clear the indexes in the frame pointer */
560         for (counter = 0; counter < ISL38XX_CB_QCOUNT; counter++) {
561                 cb->driver_curr_frag[counter] = cpu_to_le32(0);
562                 cb->device_curr_frag[counter] = cpu_to_le32(0);
563         }
564
565         /* reset the mgmt receive queue */
566         for (counter = 0; counter < ISL38XX_CB_MGMT_QSIZE; counter++) {
567                 isl38xx_fragment *frag = &cb->rx_data_mgmt[counter];
568                 frag->size = cpu_to_le16(MGMT_FRAME_SIZE);
569                 frag->flags = 0;
570                 frag->address = cpu_to_le32(priv->mgmt_rx[counter].pci_addr);
571         }
572
573         for (counter = 0; counter < ISL38XX_CB_RX_QSIZE; counter++) {
574                 cb->rx_data_low[counter].address =
575                     cpu_to_le32((u32) priv->pci_map_rx_address[counter]);
576         }
577
578         /* since the receive queues are filled with empty fragments, now we can
579          * set the corresponding indexes in the Control Block */
580         priv->control_block->driver_curr_frag[ISL38XX_CB_RX_DATA_LQ] =
581             cpu_to_le32(ISL38XX_CB_RX_QSIZE);
582         priv->control_block->driver_curr_frag[ISL38XX_CB_RX_MGMTQ] =
583             cpu_to_le32(ISL38XX_CB_MGMT_QSIZE);
584
585         /* reset the remaining real index registers and full flags */
586         priv->free_data_rx = 0;
587         priv->free_data_tx = 0;
588         priv->data_low_tx_full = 0;
589
590         if (reload_firmware) { /* Should we load the firmware ? */
591         /* now that the data structures are cleaned up, upload
592          * firmware and reset interface */
593                 rc = islpci_upload_fw(priv);
594                 if (rc) {
595                         printk(KERN_ERR "%s: islpci_reset: failure\n",
596                                 priv->ndev->name);
597                         return rc;
598                 }
599         }
600
601         /* finally reset interface */
602         rc = islpci_reset_if(priv);
603         if (rc)
604                 printk(KERN_ERR "prism54: Your card/socket may be faulty, or IRQ line too busy :(\n");
605         return rc;
606 }
607
608 static struct net_device_stats *
609 islpci_statistics(struct net_device *ndev)
610 {
611         islpci_private *priv = netdev_priv(ndev);
612
613 #if VERBOSE > SHOW_ERROR_MESSAGES
614         DEBUG(SHOW_FUNCTION_CALLS, "islpci_statistics\n");
615 #endif
616
617         return &priv->statistics;
618 }
619
620 /******************************************************************************
621     Network device configuration functions
622 ******************************************************************************/
623 static int
624 islpci_alloc_memory(islpci_private *priv)
625 {
626         int counter;
627
628 #if VERBOSE > SHOW_ERROR_MESSAGES
629         printk(KERN_DEBUG "islpci_alloc_memory\n");
630 #endif
631
632         /* remap the PCI device base address to accessable */
633         if (!(priv->device_base =
634               ioremap(pci_resource_start(priv->pdev, 0),
635                       ISL38XX_PCI_MEM_SIZE))) {
636                 /* error in remapping the PCI device memory address range */
637                 printk(KERN_ERR "PCI memory remapping failed \n");
638                 return -1;
639         }
640
641         /* memory layout for consistent DMA region:
642          *
643          * Area 1: Control Block for the device interface
644          * Area 2: Power Save Mode Buffer for temporary frame storage. Be aware that
645          *         the number of supported stations in the AP determines the minimal
646          *         size of the buffer !
647          */
648
649         /* perform the allocation */
650         priv->driver_mem_address = pci_alloc_consistent(priv->pdev,
651                                                         HOST_MEM_BLOCK,
652                                                         &priv->
653                                                         device_host_address);
654
655         if (!priv->driver_mem_address) {
656                 /* error allocating the block of PCI memory */
657                 printk(KERN_ERR "%s: could not allocate DMA memory, aborting!",
658                        "prism54");
659                 return -1;
660         }
661
662         /* assign the Control Block to the first address of the allocated area */
663         priv->control_block =
664             (isl38xx_control_block *) priv->driver_mem_address;
665
666         /* set the Power Save Buffer pointer directly behind the CB */
667         priv->device_psm_buffer =
668                 priv->device_host_address + CONTROL_BLOCK_SIZE;
669
670         /* make sure all buffer pointers are initialized */
671         for (counter = 0; counter < ISL38XX_CB_QCOUNT; counter++) {
672                 priv->control_block->driver_curr_frag[counter] = cpu_to_le32(0);
673                 priv->control_block->device_curr_frag[counter] = cpu_to_le32(0);
674         }
675
676         priv->index_mgmt_rx = 0;
677         memset(priv->mgmt_rx, 0, sizeof(priv->mgmt_rx));
678         memset(priv->mgmt_tx, 0, sizeof(priv->mgmt_tx));
679
680         /* allocate rx queue for management frames */
681         if (islpci_mgmt_rx_fill(priv->ndev) < 0)
682                 goto out_free;
683
684         /* now get the data rx skb's */
685         memset(priv->data_low_rx, 0, sizeof (priv->data_low_rx));
686         memset(priv->pci_map_rx_address, 0, sizeof (priv->pci_map_rx_address));
687
688         for (counter = 0; counter < ISL38XX_CB_RX_QSIZE; counter++) {
689                 struct sk_buff *skb;
690
691                 /* allocate an sk_buff for received data frames storage
692                  * each frame on receive size consists of 1 fragment
693                  * include any required allignment operations */
694                 if (!(skb = dev_alloc_skb(MAX_FRAGMENT_SIZE_RX + 2))) {
695                         /* error allocating an sk_buff structure elements */
696                         printk(KERN_ERR "Error allocating skb.\n");
697                         skb = NULL;
698                         goto out_free;
699                 }
700                 skb_reserve(skb, (4 - (long) skb->data) & 0x03);
701                 /* add the new allocated sk_buff to the buffer array */
702                 priv->data_low_rx[counter] = skb;
703
704                 /* map the allocated skb data area to pci */
705                 priv->pci_map_rx_address[counter] =
706                     pci_map_single(priv->pdev, (void *) skb->data,
707                                    MAX_FRAGMENT_SIZE_RX + 2,
708                                    PCI_DMA_FROMDEVICE);
709                 if (!priv->pci_map_rx_address[counter]) {
710                         /* error mapping the buffer to device
711                            accessable memory address */
712                         printk(KERN_ERR "failed to map skb DMA'able\n");
713                         goto out_free;
714                 }
715         }
716
717         prism54_acl_init(&priv->acl);
718         prism54_wpa_bss_ie_init(priv);
719         if (mgt_init(priv))
720                 goto out_free;
721
722         return 0;
723  out_free:
724         islpci_free_memory(priv);
725         return -1;
726 }
727
728 int
729 islpci_free_memory(islpci_private *priv)
730 {
731         int counter;
732
733         if (priv->device_base)
734                 iounmap(priv->device_base);
735         priv->device_base = NULL;
736
737         /* free consistent DMA area... */
738         if (priv->driver_mem_address)
739                 pci_free_consistent(priv->pdev, HOST_MEM_BLOCK,
740                                     priv->driver_mem_address,
741                                     priv->device_host_address);
742
743         /* clear some dangling pointers */
744         priv->driver_mem_address = NULL;
745         priv->device_host_address = 0;
746         priv->device_psm_buffer = 0;
747         priv->control_block = NULL;
748
749         /* clean up mgmt rx buffers */
750         for (counter = 0; counter < ISL38XX_CB_MGMT_QSIZE; counter++) {
751                 struct islpci_membuf *buf = &priv->mgmt_rx[counter];
752                 if (buf->pci_addr)
753                         pci_unmap_single(priv->pdev, buf->pci_addr,
754                                          buf->size, PCI_DMA_FROMDEVICE);
755                 buf->pci_addr = 0;
756                 kfree(buf->mem);
757                 buf->size = 0;
758                 buf->mem = NULL;
759         }
760
761         /* clean up data rx buffers */
762         for (counter = 0; counter < ISL38XX_CB_RX_QSIZE; counter++) {
763                 if (priv->pci_map_rx_address[counter])
764                         pci_unmap_single(priv->pdev,
765                                          priv->pci_map_rx_address[counter],
766                                          MAX_FRAGMENT_SIZE_RX + 2,
767                                          PCI_DMA_FROMDEVICE);
768                 priv->pci_map_rx_address[counter] = 0;
769
770                 if (priv->data_low_rx[counter])
771                         dev_kfree_skb(priv->data_low_rx[counter]);
772                 priv->data_low_rx[counter] = NULL;
773         }
774
775         /* Free the acces control list and the WPA list */
776         prism54_acl_clean(&priv->acl);
777         prism54_wpa_bss_ie_clean(priv);
778         mgt_clean(priv);
779
780         return 0;
781 }
782
783 #if 0
784 static void
785 islpci_set_multicast_list(struct net_device *dev)
786 {
787         /* put device into promisc mode and let network layer handle it */
788 }
789 #endif
790
791 static void islpci_ethtool_get_drvinfo(struct net_device *dev,
792                                        struct ethtool_drvinfo *info)
793 {
794         strcpy(info->driver, DRV_NAME);
795         strcpy(info->version, DRV_VERSION);
796 }
797
798 static struct ethtool_ops islpci_ethtool_ops = {
799         .get_drvinfo = islpci_ethtool_get_drvinfo,
800 };
801
802 struct net_device *
803 islpci_setup(struct pci_dev *pdev)
804 {
805         islpci_private *priv;
806         struct net_device *ndev = alloc_etherdev(sizeof (islpci_private));
807
808         if (!ndev)
809                 return ndev;
810
811         pci_set_drvdata(pdev, ndev);
812 #if defined(SET_NETDEV_DEV)
813         SET_NETDEV_DEV(ndev, &pdev->dev);
814 #endif
815
816         /* setup the structure members */
817         ndev->base_addr = pci_resource_start(pdev, 0);
818         ndev->irq = pdev->irq;
819
820         /* initialize the function pointers */
821         ndev->open = &islpci_open;
822         ndev->stop = &islpci_close;
823         ndev->get_stats = &islpci_statistics;
824         ndev->do_ioctl = &prism54_ioctl;
825         ndev->wireless_handlers =
826             (struct iw_handler_def *) &prism54_handler_def;
827         ndev->ethtool_ops = &islpci_ethtool_ops;
828
829         ndev->hard_start_xmit = &islpci_eth_transmit;
830         /* ndev->set_multicast_list = &islpci_set_multicast_list; */
831         ndev->addr_len = ETH_ALEN;
832         ndev->set_mac_address = &prism54_set_mac_address;
833         /* Get a non-zero dummy MAC address for nameif. Jean II */
834         memcpy(ndev->dev_addr, dummy_mac, 6);
835
836 #ifdef HAVE_TX_TIMEOUT
837         ndev->watchdog_timeo = ISLPCI_TX_TIMEOUT;
838         ndev->tx_timeout = &islpci_eth_tx_timeout;
839 #endif
840
841         /* allocate a private device structure to the network device  */
842         priv = netdev_priv(ndev);
843         priv->ndev = ndev;
844         priv->pdev = pdev;
845         priv->monitor_type = ARPHRD_IEEE80211;
846         priv->ndev->type = (priv->iw_mode == IW_MODE_MONITOR) ?
847                 priv->monitor_type : ARPHRD_ETHER;
848
849         /* Add pointers to enable iwspy support. */
850         priv->wireless_data.spy_data = &priv->spy_data;
851         ndev->wireless_data = &priv->wireless_data;
852
853         /* save the start and end address of the PCI memory area */
854         ndev->mem_start = (unsigned long) priv->device_base;
855         ndev->mem_end = ndev->mem_start + ISL38XX_PCI_MEM_SIZE;
856
857 #if VERBOSE > SHOW_ERROR_MESSAGES
858         DEBUG(SHOW_TRACING, "PCI Memory remapped to 0x%p\n", priv->device_base);
859 #endif
860
861         init_waitqueue_head(&priv->reset_done);
862
863         /* init the queue read locks, process wait counter */
864         sema_init(&priv->mgmt_sem, 1);
865         priv->mgmt_received = NULL;
866         init_waitqueue_head(&priv->mgmt_wqueue);
867         sema_init(&priv->stats_sem, 1);
868         spin_lock_init(&priv->slock);
869
870         /* init state machine with off#1 state */
871         priv->state = PRV_STATE_OFF;
872         priv->state_off = 1;
873
874         /* initialize workqueue's */
875         INIT_WORK(&priv->stats_work, prism54_update_stats);
876         priv->stats_timestamp = 0;
877
878         INIT_WORK(&priv->reset_task, islpci_do_reset_and_wake);
879         priv->reset_task_pending = 0;
880
881         /* allocate various memory areas */
882         if (islpci_alloc_memory(priv))
883                 goto do_free_netdev;
884
885         /* select the firmware file depending on the device id */
886         switch (pdev->device) {
887         case 0x3877:
888                 strcpy(priv->firmware, ISL3877_IMAGE_FILE);
889                 break;
890
891         case 0x3886:
892                 strcpy(priv->firmware, ISL3886_IMAGE_FILE);
893                 break;
894
895         default:
896                 strcpy(priv->firmware, ISL3890_IMAGE_FILE);
897                 break;
898         }
899
900         if (register_netdev(ndev)) {
901                 DEBUG(SHOW_ERROR_MESSAGES,
902                       "ERROR: register_netdev() failed \n");
903                 goto do_islpci_free_memory;
904         }
905
906         return ndev;
907
908       do_islpci_free_memory:
909         islpci_free_memory(priv);
910       do_free_netdev:
911         pci_set_drvdata(pdev, NULL);
912         free_netdev(ndev);
913         priv = NULL;
914         return NULL;
915 }
916
917 islpci_state_t
918 islpci_set_state(islpci_private *priv, islpci_state_t new_state)
919 {
920         islpci_state_t old_state;
921
922         /* lock */
923         old_state = priv->state;
924
925         /* this means either a race condition or some serious error in
926          * the driver code */
927         switch (new_state) {
928         case PRV_STATE_OFF:
929                 priv->state_off++;
930         default:
931                 priv->state = new_state;
932                 break;
933
934         case PRV_STATE_PREBOOT:
935                 /* there are actually many off-states, enumerated by
936                  * state_off */
937                 if (old_state == PRV_STATE_OFF)
938                         priv->state_off--;
939
940                 /* only if hw_unavailable is zero now it means we either
941                  * were in off#1 state, or came here from
942                  * somewhere else */
943                 if (!priv->state_off)
944                         priv->state = new_state;
945                 break;
946         };
947 #if 0
948         printk(KERN_DEBUG "%s: state transition %d -> %d (off#%d)\n",
949                priv->ndev->name, old_state, new_state, priv->state_off);
950 #endif
951
952         /* invariants */
953         BUG_ON(priv->state_off < 0);
954         BUG_ON(priv->state_off && (priv->state != PRV_STATE_OFF));
955         BUG_ON(!priv->state_off && (priv->state == PRV_STATE_OFF));
956
957         /* unlock */
958         return old_state;
959 }