3 Broadcom B43 wireless driver
5 Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6 Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7 Copyright (c) 2005, 2006 Michael Buesch <mb@bu3sch.de>
8 Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9 Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
11 Some parts of the code in this file are derived from the ipw2200
12 driver Copyright(c) 2003 - 2004 Intel Corporation.
14 This program is free software; you can redistribute it and/or modify
15 it under the terms of the GNU General Public License as published by
16 the Free Software Foundation; either version 2 of the License, or
17 (at your option) any later version.
19 This program is distributed in the hope that it will be useful,
20 but WITHOUT ANY WARRANTY; without even the implied warranty of
21 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 GNU General Public License for more details.
24 You should have received a copy of the GNU General Public License
25 along with this program; see the file COPYING. If not, write to
26 the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
27 Boston, MA 02110-1301, USA.
31 #include <linux/delay.h>
32 #include <linux/init.h>
33 #include <linux/moduleparam.h>
34 #include <linux/if_arp.h>
35 #include <linux/etherdevice.h>
36 #include <linux/version.h>
37 #include <linux/firmware.h>
38 #include <linux/wireless.h>
39 #include <linux/workqueue.h>
40 #include <linux/skbuff.h>
42 #include <linux/dma-mapping.h>
43 #include <asm/unaligned.h>
57 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
58 MODULE_AUTHOR("Martin Langer");
59 MODULE_AUTHOR("Stefano Brivio");
60 MODULE_AUTHOR("Michael Buesch");
61 MODULE_LICENSE("GPL");
63 MODULE_FIRMWARE(B43_SUPPORTED_FIRMWARE_ID);
66 static int modparam_bad_frames_preempt;
67 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
68 MODULE_PARM_DESC(bad_frames_preempt,
69 "enable(1) / disable(0) Bad Frames Preemption");
71 static char modparam_fwpostfix[16];
72 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
73 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
75 static int modparam_hwpctl;
76 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
77 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
79 static int modparam_nohwcrypt;
80 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
81 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
83 int b43_modparam_qos = 1;
84 module_param_named(qos, b43_modparam_qos, int, 0444);
85 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
87 static int modparam_btcoex = 1;
88 module_param_named(btcoex, modparam_btcoex, int, 0444);
89 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistance (default on)");
92 static const struct ssb_device_id b43_ssb_tbl[] = {
93 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
94 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
95 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
96 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
97 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
98 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
99 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
103 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
105 /* Channel and ratetables are shared for all devices.
106 * They can't be const, because ieee80211 puts some precalculated
107 * data in there. This data is the same for all devices, so we don't
108 * get concurrency issues */
109 #define RATETAB_ENT(_rateid, _flags) \
111 .bitrate = B43_RATE_TO_BASE100KBPS(_rateid), \
112 .hw_value = (_rateid), \
117 * NOTE: When changing this, sync with xmit.c's
118 * b43_plcp_get_bitrate_idx_* functions!
120 static struct ieee80211_rate __b43_ratetable[] = {
121 RATETAB_ENT(B43_CCK_RATE_1MB, 0),
122 RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
123 RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
124 RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
125 RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
126 RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
127 RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
128 RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
129 RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
130 RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
131 RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
132 RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
135 #define b43_a_ratetable (__b43_ratetable + 4)
136 #define b43_a_ratetable_size 8
137 #define b43_b_ratetable (__b43_ratetable + 0)
138 #define b43_b_ratetable_size 4
139 #define b43_g_ratetable (__b43_ratetable + 0)
140 #define b43_g_ratetable_size 12
142 #define CHAN4G(_channel, _freq, _flags) { \
143 .band = IEEE80211_BAND_2GHZ, \
144 .center_freq = (_freq), \
145 .hw_value = (_channel), \
147 .max_antenna_gain = 0, \
150 static struct ieee80211_channel b43_2ghz_chantable[] = {
168 #define CHAN5G(_channel, _flags) { \
169 .band = IEEE80211_BAND_5GHZ, \
170 .center_freq = 5000 + (5 * (_channel)), \
171 .hw_value = (_channel), \
173 .max_antenna_gain = 0, \
176 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
177 CHAN5G(32, 0), CHAN5G(34, 0),
178 CHAN5G(36, 0), CHAN5G(38, 0),
179 CHAN5G(40, 0), CHAN5G(42, 0),
180 CHAN5G(44, 0), CHAN5G(46, 0),
181 CHAN5G(48, 0), CHAN5G(50, 0),
182 CHAN5G(52, 0), CHAN5G(54, 0),
183 CHAN5G(56, 0), CHAN5G(58, 0),
184 CHAN5G(60, 0), CHAN5G(62, 0),
185 CHAN5G(64, 0), CHAN5G(66, 0),
186 CHAN5G(68, 0), CHAN5G(70, 0),
187 CHAN5G(72, 0), CHAN5G(74, 0),
188 CHAN5G(76, 0), CHAN5G(78, 0),
189 CHAN5G(80, 0), CHAN5G(82, 0),
190 CHAN5G(84, 0), CHAN5G(86, 0),
191 CHAN5G(88, 0), CHAN5G(90, 0),
192 CHAN5G(92, 0), CHAN5G(94, 0),
193 CHAN5G(96, 0), CHAN5G(98, 0),
194 CHAN5G(100, 0), CHAN5G(102, 0),
195 CHAN5G(104, 0), CHAN5G(106, 0),
196 CHAN5G(108, 0), CHAN5G(110, 0),
197 CHAN5G(112, 0), CHAN5G(114, 0),
198 CHAN5G(116, 0), CHAN5G(118, 0),
199 CHAN5G(120, 0), CHAN5G(122, 0),
200 CHAN5G(124, 0), CHAN5G(126, 0),
201 CHAN5G(128, 0), CHAN5G(130, 0),
202 CHAN5G(132, 0), CHAN5G(134, 0),
203 CHAN5G(136, 0), CHAN5G(138, 0),
204 CHAN5G(140, 0), CHAN5G(142, 0),
205 CHAN5G(144, 0), CHAN5G(145, 0),
206 CHAN5G(146, 0), CHAN5G(147, 0),
207 CHAN5G(148, 0), CHAN5G(149, 0),
208 CHAN5G(150, 0), CHAN5G(151, 0),
209 CHAN5G(152, 0), CHAN5G(153, 0),
210 CHAN5G(154, 0), CHAN5G(155, 0),
211 CHAN5G(156, 0), CHAN5G(157, 0),
212 CHAN5G(158, 0), CHAN5G(159, 0),
213 CHAN5G(160, 0), CHAN5G(161, 0),
214 CHAN5G(162, 0), CHAN5G(163, 0),
215 CHAN5G(164, 0), CHAN5G(165, 0),
216 CHAN5G(166, 0), CHAN5G(168, 0),
217 CHAN5G(170, 0), CHAN5G(172, 0),
218 CHAN5G(174, 0), CHAN5G(176, 0),
219 CHAN5G(178, 0), CHAN5G(180, 0),
220 CHAN5G(182, 0), CHAN5G(184, 0),
221 CHAN5G(186, 0), CHAN5G(188, 0),
222 CHAN5G(190, 0), CHAN5G(192, 0),
223 CHAN5G(194, 0), CHAN5G(196, 0),
224 CHAN5G(198, 0), CHAN5G(200, 0),
225 CHAN5G(202, 0), CHAN5G(204, 0),
226 CHAN5G(206, 0), CHAN5G(208, 0),
227 CHAN5G(210, 0), CHAN5G(212, 0),
228 CHAN5G(214, 0), CHAN5G(216, 0),
229 CHAN5G(218, 0), CHAN5G(220, 0),
230 CHAN5G(222, 0), CHAN5G(224, 0),
231 CHAN5G(226, 0), CHAN5G(228, 0),
234 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
235 CHAN5G(34, 0), CHAN5G(36, 0),
236 CHAN5G(38, 0), CHAN5G(40, 0),
237 CHAN5G(42, 0), CHAN5G(44, 0),
238 CHAN5G(46, 0), CHAN5G(48, 0),
239 CHAN5G(52, 0), CHAN5G(56, 0),
240 CHAN5G(60, 0), CHAN5G(64, 0),
241 CHAN5G(100, 0), CHAN5G(104, 0),
242 CHAN5G(108, 0), CHAN5G(112, 0),
243 CHAN5G(116, 0), CHAN5G(120, 0),
244 CHAN5G(124, 0), CHAN5G(128, 0),
245 CHAN5G(132, 0), CHAN5G(136, 0),
246 CHAN5G(140, 0), CHAN5G(149, 0),
247 CHAN5G(153, 0), CHAN5G(157, 0),
248 CHAN5G(161, 0), CHAN5G(165, 0),
249 CHAN5G(184, 0), CHAN5G(188, 0),
250 CHAN5G(192, 0), CHAN5G(196, 0),
251 CHAN5G(200, 0), CHAN5G(204, 0),
252 CHAN5G(208, 0), CHAN5G(212, 0),
257 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
258 .band = IEEE80211_BAND_5GHZ,
259 .channels = b43_5ghz_nphy_chantable,
260 .n_channels = ARRAY_SIZE(b43_5ghz_nphy_chantable),
261 .bitrates = b43_a_ratetable,
262 .n_bitrates = b43_a_ratetable_size,
265 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
266 .band = IEEE80211_BAND_5GHZ,
267 .channels = b43_5ghz_aphy_chantable,
268 .n_channels = ARRAY_SIZE(b43_5ghz_aphy_chantable),
269 .bitrates = b43_a_ratetable,
270 .n_bitrates = b43_a_ratetable_size,
273 static struct ieee80211_supported_band b43_band_2GHz = {
274 .band = IEEE80211_BAND_2GHZ,
275 .channels = b43_2ghz_chantable,
276 .n_channels = ARRAY_SIZE(b43_2ghz_chantable),
277 .bitrates = b43_g_ratetable,
278 .n_bitrates = b43_g_ratetable_size,
281 static void b43_wireless_core_exit(struct b43_wldev *dev);
282 static int b43_wireless_core_init(struct b43_wldev *dev);
283 static void b43_wireless_core_stop(struct b43_wldev *dev);
284 static int b43_wireless_core_start(struct b43_wldev *dev);
286 static int b43_ratelimit(struct b43_wl *wl)
288 if (!wl || !wl->current_dev)
290 if (b43_status(wl->current_dev) < B43_STAT_STARTED)
292 /* We are up and running.
293 * Ratelimit the messages to avoid DoS over the net. */
294 return net_ratelimit();
297 void b43info(struct b43_wl *wl, const char *fmt, ...)
301 if (!b43_ratelimit(wl))
304 printk(KERN_INFO "b43-%s: ",
305 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
310 void b43err(struct b43_wl *wl, const char *fmt, ...)
314 if (!b43_ratelimit(wl))
317 printk(KERN_ERR "b43-%s ERROR: ",
318 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
323 void b43warn(struct b43_wl *wl, const char *fmt, ...)
327 if (!b43_ratelimit(wl))
330 printk(KERN_WARNING "b43-%s warning: ",
331 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
337 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
342 printk(KERN_DEBUG "b43-%s debug: ",
343 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
349 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
353 B43_WARN_ON(offset % 4 != 0);
355 macctl = b43_read32(dev, B43_MMIO_MACCTL);
356 if (macctl & B43_MACCTL_BE)
359 b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
361 b43_write32(dev, B43_MMIO_RAM_DATA, val);
364 static inline void b43_shm_control_word(struct b43_wldev *dev,
365 u16 routing, u16 offset)
369 /* "offset" is the WORD offset. */
373 b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
376 u32 __b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
380 if (routing == B43_SHM_SHARED) {
381 B43_WARN_ON(offset & 0x0001);
382 if (offset & 0x0003) {
383 /* Unaligned access */
384 b43_shm_control_word(dev, routing, offset >> 2);
385 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
387 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
388 ret |= b43_read16(dev, B43_MMIO_SHM_DATA);
394 b43_shm_control_word(dev, routing, offset);
395 ret = b43_read32(dev, B43_MMIO_SHM_DATA);
400 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
402 struct b43_wl *wl = dev->wl;
406 spin_lock_irqsave(&wl->shm_lock, flags);
407 ret = __b43_shm_read32(dev, routing, offset);
408 spin_unlock_irqrestore(&wl->shm_lock, flags);
413 u16 __b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
417 if (routing == B43_SHM_SHARED) {
418 B43_WARN_ON(offset & 0x0001);
419 if (offset & 0x0003) {
420 /* Unaligned access */
421 b43_shm_control_word(dev, routing, offset >> 2);
422 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
428 b43_shm_control_word(dev, routing, offset);
429 ret = b43_read16(dev, B43_MMIO_SHM_DATA);
434 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
436 struct b43_wl *wl = dev->wl;
440 spin_lock_irqsave(&wl->shm_lock, flags);
441 ret = __b43_shm_read16(dev, routing, offset);
442 spin_unlock_irqrestore(&wl->shm_lock, flags);
447 void __b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
449 if (routing == B43_SHM_SHARED) {
450 B43_WARN_ON(offset & 0x0001);
451 if (offset & 0x0003) {
452 /* Unaligned access */
453 b43_shm_control_word(dev, routing, offset >> 2);
454 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
455 (value >> 16) & 0xffff);
456 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
457 b43_write16(dev, B43_MMIO_SHM_DATA, value & 0xffff);
462 b43_shm_control_word(dev, routing, offset);
463 b43_write32(dev, B43_MMIO_SHM_DATA, value);
466 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
468 struct b43_wl *wl = dev->wl;
471 spin_lock_irqsave(&wl->shm_lock, flags);
472 __b43_shm_write32(dev, routing, offset, value);
473 spin_unlock_irqrestore(&wl->shm_lock, flags);
476 void __b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
478 if (routing == B43_SHM_SHARED) {
479 B43_WARN_ON(offset & 0x0001);
480 if (offset & 0x0003) {
481 /* Unaligned access */
482 b43_shm_control_word(dev, routing, offset >> 2);
483 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
488 b43_shm_control_word(dev, routing, offset);
489 b43_write16(dev, B43_MMIO_SHM_DATA, value);
492 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
494 struct b43_wl *wl = dev->wl;
497 spin_lock_irqsave(&wl->shm_lock, flags);
498 __b43_shm_write16(dev, routing, offset, value);
499 spin_unlock_irqrestore(&wl->shm_lock, flags);
503 u64 b43_hf_read(struct b43_wldev * dev)
507 ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI);
509 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI);
511 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO);
516 /* Write HostFlags */
517 void b43_hf_write(struct b43_wldev *dev, u64 value)
521 lo = (value & 0x00000000FFFFULL);
522 mi = (value & 0x0000FFFF0000ULL) >> 16;
523 hi = (value & 0xFFFF00000000ULL) >> 32;
524 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO, lo);
525 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI, mi);
526 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI, hi);
529 void b43_tsf_read(struct b43_wldev *dev, u64 * tsf)
531 /* We need to be careful. As we read the TSF from multiple
532 * registers, we should take care of register overflows.
533 * In theory, the whole tsf read process should be atomic.
534 * We try to be atomic here, by restaring the read process,
535 * if any of the high registers changed (overflew).
537 if (dev->dev->id.revision >= 3) {
538 u32 low, high, high2;
541 high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
542 low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
543 high2 = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
544 } while (unlikely(high != high2));
552 u16 test1, test2, test3;
555 v3 = b43_read16(dev, B43_MMIO_TSF_3);
556 v2 = b43_read16(dev, B43_MMIO_TSF_2);
557 v1 = b43_read16(dev, B43_MMIO_TSF_1);
558 v0 = b43_read16(dev, B43_MMIO_TSF_0);
560 test3 = b43_read16(dev, B43_MMIO_TSF_3);
561 test2 = b43_read16(dev, B43_MMIO_TSF_2);
562 test1 = b43_read16(dev, B43_MMIO_TSF_1);
563 } while (v3 != test3 || v2 != test2 || v1 != test1);
577 static void b43_time_lock(struct b43_wldev *dev)
581 macctl = b43_read32(dev, B43_MMIO_MACCTL);
582 macctl |= B43_MACCTL_TBTTHOLD;
583 b43_write32(dev, B43_MMIO_MACCTL, macctl);
584 /* Commit the write */
585 b43_read32(dev, B43_MMIO_MACCTL);
588 static void b43_time_unlock(struct b43_wldev *dev)
592 macctl = b43_read32(dev, B43_MMIO_MACCTL);
593 macctl &= ~B43_MACCTL_TBTTHOLD;
594 b43_write32(dev, B43_MMIO_MACCTL, macctl);
595 /* Commit the write */
596 b43_read32(dev, B43_MMIO_MACCTL);
599 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
601 /* Be careful with the in-progress timer.
602 * First zero out the low register, so we have a full
603 * register-overflow duration to complete the operation.
605 if (dev->dev->id.revision >= 3) {
606 u32 lo = (tsf & 0x00000000FFFFFFFFULL);
607 u32 hi = (tsf & 0xFFFFFFFF00000000ULL) >> 32;
609 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, 0);
611 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, hi);
613 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, lo);
615 u16 v0 = (tsf & 0x000000000000FFFFULL);
616 u16 v1 = (tsf & 0x00000000FFFF0000ULL) >> 16;
617 u16 v2 = (tsf & 0x0000FFFF00000000ULL) >> 32;
618 u16 v3 = (tsf & 0xFFFF000000000000ULL) >> 48;
620 b43_write16(dev, B43_MMIO_TSF_0, 0);
622 b43_write16(dev, B43_MMIO_TSF_3, v3);
624 b43_write16(dev, B43_MMIO_TSF_2, v2);
626 b43_write16(dev, B43_MMIO_TSF_1, v1);
628 b43_write16(dev, B43_MMIO_TSF_0, v0);
632 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
635 b43_tsf_write_locked(dev, tsf);
636 b43_time_unlock(dev);
640 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 * mac)
642 static const u8 zero_addr[ETH_ALEN] = { 0 };
649 b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
653 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
656 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
659 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
662 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
666 u8 mac_bssid[ETH_ALEN * 2];
670 bssid = dev->wl->bssid;
671 mac = dev->wl->mac_addr;
673 b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
675 memcpy(mac_bssid, mac, ETH_ALEN);
676 memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
678 /* Write our MAC address and BSSID to template ram */
679 for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
680 tmp = (u32) (mac_bssid[i + 0]);
681 tmp |= (u32) (mac_bssid[i + 1]) << 8;
682 tmp |= (u32) (mac_bssid[i + 2]) << 16;
683 tmp |= (u32) (mac_bssid[i + 3]) << 24;
684 b43_ram_write(dev, 0x20 + i, tmp);
688 static void b43_upload_card_macaddress(struct b43_wldev *dev)
690 b43_write_mac_bssid_templates(dev);
691 b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
694 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
696 /* slot_time is in usec. */
697 if (dev->phy.type != B43_PHYTYPE_G)
699 b43_write16(dev, 0x684, 510 + slot_time);
700 b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
703 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
705 b43_set_slot_time(dev, 9);
709 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
711 b43_set_slot_time(dev, 20);
715 /* Enable a Generic IRQ. "mask" is the mask of which IRQs to enable.
716 * Returns the _previously_ enabled IRQ mask.
718 static inline u32 b43_interrupt_enable(struct b43_wldev *dev, u32 mask)
722 old_mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
723 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, old_mask | mask);
728 /* Disable a Generic IRQ. "mask" is the mask of which IRQs to disable.
729 * Returns the _previously_ enabled IRQ mask.
731 static inline u32 b43_interrupt_disable(struct b43_wldev *dev, u32 mask)
735 old_mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
736 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, old_mask & ~mask);
741 /* Synchronize IRQ top- and bottom-half.
742 * IRQs must be masked before calling this.
743 * This must not be called with the irq_lock held.
745 static void b43_synchronize_irq(struct b43_wldev *dev)
747 synchronize_irq(dev->dev->irq);
748 tasklet_kill(&dev->isr_tasklet);
751 /* DummyTransmission function, as documented on
752 * http://bcm-specs.sipsolutions.net/DummyTransmission
754 void b43_dummy_transmission(struct b43_wldev *dev)
756 struct b43_wl *wl = dev->wl;
757 struct b43_phy *phy = &dev->phy;
758 unsigned int i, max_loop;
771 buffer[0] = 0x000201CC;
776 buffer[0] = 0x000B846E;
783 spin_lock_irq(&wl->irq_lock);
784 write_lock(&wl->tx_lock);
786 for (i = 0; i < 5; i++)
787 b43_ram_write(dev, i * 4, buffer[i]);
790 b43_read32(dev, B43_MMIO_MACCTL);
792 b43_write16(dev, 0x0568, 0x0000);
793 b43_write16(dev, 0x07C0, 0x0000);
794 value = ((phy->type == B43_PHYTYPE_A) ? 1 : 0);
795 b43_write16(dev, 0x050C, value);
796 b43_write16(dev, 0x0508, 0x0000);
797 b43_write16(dev, 0x050A, 0x0000);
798 b43_write16(dev, 0x054C, 0x0000);
799 b43_write16(dev, 0x056A, 0x0014);
800 b43_write16(dev, 0x0568, 0x0826);
801 b43_write16(dev, 0x0500, 0x0000);
802 b43_write16(dev, 0x0502, 0x0030);
804 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
805 b43_radio_write16(dev, 0x0051, 0x0017);
806 for (i = 0x00; i < max_loop; i++) {
807 value = b43_read16(dev, 0x050E);
812 for (i = 0x00; i < 0x0A; i++) {
813 value = b43_read16(dev, 0x050E);
818 for (i = 0x00; i < 0x0A; i++) {
819 value = b43_read16(dev, 0x0690);
820 if (!(value & 0x0100))
824 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
825 b43_radio_write16(dev, 0x0051, 0x0037);
827 write_unlock(&wl->tx_lock);
828 spin_unlock_irq(&wl->irq_lock);
831 static void key_write(struct b43_wldev *dev,
832 u8 index, u8 algorithm, const u8 * key)
839 /* Key index/algo block */
840 kidx = b43_kidx_to_fw(dev, index);
841 value = ((kidx << 4) | algorithm);
842 b43_shm_write16(dev, B43_SHM_SHARED,
843 B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
845 /* Write the key to the Key Table Pointer offset */
846 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
847 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
849 value |= (u16) (key[i + 1]) << 8;
850 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
854 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 * addr)
856 u32 addrtmp[2] = { 0, 0, };
857 u8 per_sta_keys_start = 8;
859 if (b43_new_kidx_api(dev))
860 per_sta_keys_start = 4;
862 B43_WARN_ON(index < per_sta_keys_start);
863 /* We have two default TX keys and possibly two default RX keys.
864 * Physical mac 0 is mapped to physical key 4 or 8, depending
865 * on the firmware version.
866 * So we must adjust the index here.
868 index -= per_sta_keys_start;
871 addrtmp[0] = addr[0];
872 addrtmp[0] |= ((u32) (addr[1]) << 8);
873 addrtmp[0] |= ((u32) (addr[2]) << 16);
874 addrtmp[0] |= ((u32) (addr[3]) << 24);
875 addrtmp[1] = addr[4];
876 addrtmp[1] |= ((u32) (addr[5]) << 8);
879 if (dev->dev->id.revision >= 5) {
880 /* Receive match transmitter address mechanism */
881 b43_shm_write32(dev, B43_SHM_RCMTA,
882 (index * 2) + 0, addrtmp[0]);
883 b43_shm_write16(dev, B43_SHM_RCMTA,
884 (index * 2) + 1, addrtmp[1]);
886 /* RXE (Receive Engine) and
887 * PSM (Programmable State Machine) mechanism
890 /* TODO write to RCM 16, 19, 22 and 25 */
892 b43_shm_write32(dev, B43_SHM_SHARED,
893 B43_SHM_SH_PSM + (index * 6) + 0,
895 b43_shm_write16(dev, B43_SHM_SHARED,
896 B43_SHM_SH_PSM + (index * 6) + 4,
902 static void do_key_write(struct b43_wldev *dev,
903 u8 index, u8 algorithm,
904 const u8 * key, size_t key_len, const u8 * mac_addr)
906 u8 buf[B43_SEC_KEYSIZE] = { 0, };
907 u8 per_sta_keys_start = 8;
909 if (b43_new_kidx_api(dev))
910 per_sta_keys_start = 4;
912 B43_WARN_ON(index >= dev->max_nr_keys);
913 B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
915 if (index >= per_sta_keys_start)
916 keymac_write(dev, index, NULL); /* First zero out mac. */
918 memcpy(buf, key, key_len);
919 key_write(dev, index, algorithm, buf);
920 if (index >= per_sta_keys_start)
921 keymac_write(dev, index, mac_addr);
923 dev->key[index].algorithm = algorithm;
926 static int b43_key_write(struct b43_wldev *dev,
927 int index, u8 algorithm,
928 const u8 * key, size_t key_len,
930 struct ieee80211_key_conf *keyconf)
935 if (key_len > B43_SEC_KEYSIZE)
937 for (i = 0; i < dev->max_nr_keys; i++) {
938 /* Check that we don't already have this key. */
939 B43_WARN_ON(dev->key[i].keyconf == keyconf);
942 /* Either pairwise key or address is 00:00:00:00:00:00
943 * for transmit-only keys. Search the index. */
944 if (b43_new_kidx_api(dev))
948 for (i = sta_keys_start; i < dev->max_nr_keys; i++) {
949 if (!dev->key[i].keyconf) {
956 b43err(dev->wl, "Out of hardware key memory\n");
960 B43_WARN_ON(index > 3);
962 do_key_write(dev, index, algorithm, key, key_len, mac_addr);
963 if ((index <= 3) && !b43_new_kidx_api(dev)) {
965 B43_WARN_ON(mac_addr);
966 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
968 keyconf->hw_key_idx = index;
969 dev->key[index].keyconf = keyconf;
974 static int b43_key_clear(struct b43_wldev *dev, int index)
976 if (B43_WARN_ON((index < 0) || (index >= dev->max_nr_keys)))
978 do_key_write(dev, index, B43_SEC_ALGO_NONE,
979 NULL, B43_SEC_KEYSIZE, NULL);
980 if ((index <= 3) && !b43_new_kidx_api(dev)) {
981 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
982 NULL, B43_SEC_KEYSIZE, NULL);
984 dev->key[index].keyconf = NULL;
989 static void b43_clear_keys(struct b43_wldev *dev)
993 for (i = 0; i < dev->max_nr_keys; i++)
994 b43_key_clear(dev, i);
997 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1005 B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1006 (ps_flags & B43_PS_DISABLED));
1007 B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1009 if (ps_flags & B43_PS_ENABLED) {
1011 } else if (ps_flags & B43_PS_DISABLED) {
1014 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1015 // and thus is not an AP and we are associated, set bit 25
1017 if (ps_flags & B43_PS_AWAKE) {
1019 } else if (ps_flags & B43_PS_ASLEEP) {
1022 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1023 // or we are associated, or FIXME, or the latest PS-Poll packet sent was
1024 // successful, set bit26
1027 /* FIXME: For now we force awake-on and hwps-off */
1031 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1033 macctl |= B43_MACCTL_HWPS;
1035 macctl &= ~B43_MACCTL_HWPS;
1037 macctl |= B43_MACCTL_AWAKE;
1039 macctl &= ~B43_MACCTL_AWAKE;
1040 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1042 b43_read32(dev, B43_MMIO_MACCTL);
1043 if (awake && dev->dev->id.revision >= 5) {
1044 /* Wait for the microcode to wake up. */
1045 for (i = 0; i < 100; i++) {
1046 ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1047 B43_SHM_SH_UCODESTAT);
1048 if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1055 /* Turn the Analog ON/OFF */
1056 static void b43_switch_analog(struct b43_wldev *dev, int on)
1058 switch (dev->phy.type) {
1061 b43_write16(dev, B43_MMIO_PHY0, on ? 0 : 0xF4);
1064 b43_phy_write(dev, B43_NPHY_AFECTL_OVER,
1072 void b43_wireless_core_reset(struct b43_wldev *dev, u32 flags)
1077 flags |= B43_TMSLOW_PHYCLKEN;
1078 flags |= B43_TMSLOW_PHYRESET;
1079 ssb_device_enable(dev->dev, flags);
1080 msleep(2); /* Wait for the PLL to turn on. */
1082 /* Now take the PHY out of Reset again */
1083 tmslow = ssb_read32(dev->dev, SSB_TMSLOW);
1084 tmslow |= SSB_TMSLOW_FGC;
1085 tmslow &= ~B43_TMSLOW_PHYRESET;
1086 ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1087 ssb_read32(dev->dev, SSB_TMSLOW); /* flush */
1089 tmslow &= ~SSB_TMSLOW_FGC;
1090 ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1091 ssb_read32(dev->dev, SSB_TMSLOW); /* flush */
1094 /* Turn Analog ON */
1095 b43_switch_analog(dev, 1);
1097 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1098 macctl &= ~B43_MACCTL_GMODE;
1099 if (flags & B43_TMSLOW_GMODE)
1100 macctl |= B43_MACCTL_GMODE;
1101 macctl |= B43_MACCTL_IHR_ENABLED;
1102 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1105 static void handle_irq_transmit_status(struct b43_wldev *dev)
1109 struct b43_txstatus stat;
1112 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1113 if (!(v0 & 0x00000001))
1115 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1117 stat.cookie = (v0 >> 16);
1118 stat.seq = (v1 & 0x0000FFFF);
1119 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1120 tmp = (v0 & 0x0000FFFF);
1121 stat.frame_count = ((tmp & 0xF000) >> 12);
1122 stat.rts_count = ((tmp & 0x0F00) >> 8);
1123 stat.supp_reason = ((tmp & 0x001C) >> 2);
1124 stat.pm_indicated = !!(tmp & 0x0080);
1125 stat.intermediate = !!(tmp & 0x0040);
1126 stat.for_ampdu = !!(tmp & 0x0020);
1127 stat.acked = !!(tmp & 0x0002);
1129 b43_handle_txstatus(dev, &stat);
1133 static void drain_txstatus_queue(struct b43_wldev *dev)
1137 if (dev->dev->id.revision < 5)
1139 /* Read all entries from the microcode TXstatus FIFO
1140 * and throw them away.
1143 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1144 if (!(dummy & 0x00000001))
1146 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1150 static u32 b43_jssi_read(struct b43_wldev *dev)
1154 val = b43_shm_read16(dev, B43_SHM_SHARED, 0x08A);
1156 val |= b43_shm_read16(dev, B43_SHM_SHARED, 0x088);
1161 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1163 b43_shm_write16(dev, B43_SHM_SHARED, 0x088, (jssi & 0x0000FFFF));
1164 b43_shm_write16(dev, B43_SHM_SHARED, 0x08A, (jssi & 0xFFFF0000) >> 16);
1167 static void b43_generate_noise_sample(struct b43_wldev *dev)
1169 b43_jssi_write(dev, 0x7F7F7F7F);
1170 b43_write32(dev, B43_MMIO_MACCMD,
1171 b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1174 static void b43_calculate_link_quality(struct b43_wldev *dev)
1176 /* Top half of Link Quality calculation. */
1178 if (dev->noisecalc.calculation_running)
1180 dev->noisecalc.calculation_running = 1;
1181 dev->noisecalc.nr_samples = 0;
1183 b43_generate_noise_sample(dev);
1186 static void handle_irq_noise(struct b43_wldev *dev)
1188 struct b43_phy *phy = &dev->phy;
1194 /* Bottom half of Link Quality calculation. */
1196 /* Possible race condition: It might be possible that the user
1197 * changed to a different channel in the meantime since we
1198 * started the calculation. We ignore that fact, since it's
1199 * not really that much of a problem. The background noise is
1200 * an estimation only anyway. Slightly wrong results will get damped
1201 * by the averaging of the 8 sample rounds. Additionally the
1202 * value is shortlived. So it will be replaced by the next noise
1203 * calculation round soon. */
1205 B43_WARN_ON(!dev->noisecalc.calculation_running);
1206 *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1207 if (noise[0] == 0x7F || noise[1] == 0x7F ||
1208 noise[2] == 0x7F || noise[3] == 0x7F)
1211 /* Get the noise samples. */
1212 B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1213 i = dev->noisecalc.nr_samples;
1214 noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1215 noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1216 noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1217 noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1218 dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1219 dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1220 dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1221 dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1222 dev->noisecalc.nr_samples++;
1223 if (dev->noisecalc.nr_samples == 8) {
1224 /* Calculate the Link Quality by the noise samples. */
1226 for (i = 0; i < 8; i++) {
1227 for (j = 0; j < 4; j++)
1228 average += dev->noisecalc.samples[i][j];
1234 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1235 tmp = (tmp / 128) & 0x1F;
1245 dev->stats.link_noise = average;
1246 dev->noisecalc.calculation_running = 0;
1250 b43_generate_noise_sample(dev);
1253 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1255 if (b43_is_mode(dev->wl, IEEE80211_IF_TYPE_AP)) {
1258 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1259 b43_power_saving_ctl_bits(dev, 0);
1261 if (b43_is_mode(dev->wl, IEEE80211_IF_TYPE_IBSS))
1265 static void handle_irq_atim_end(struct b43_wldev *dev)
1267 if (dev->dfq_valid) {
1268 b43_write32(dev, B43_MMIO_MACCMD,
1269 b43_read32(dev, B43_MMIO_MACCMD)
1270 | B43_MACCMD_DFQ_VALID);
1275 static void handle_irq_pmq(struct b43_wldev *dev)
1282 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1283 if (!(tmp & 0x00000008))
1286 /* 16bit write is odd, but correct. */
1287 b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1290 static void b43_write_template_common(struct b43_wldev *dev,
1291 const u8 * data, u16 size,
1293 u16 shm_size_offset, u8 rate)
1296 struct b43_plcp_hdr4 plcp;
1299 b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1300 b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1301 ram_offset += sizeof(u32);
1302 /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1303 * So leave the first two bytes of the next write blank.
1305 tmp = (u32) (data[0]) << 16;
1306 tmp |= (u32) (data[1]) << 24;
1307 b43_ram_write(dev, ram_offset, tmp);
1308 ram_offset += sizeof(u32);
1309 for (i = 2; i < size; i += sizeof(u32)) {
1310 tmp = (u32) (data[i + 0]);
1312 tmp |= (u32) (data[i + 1]) << 8;
1314 tmp |= (u32) (data[i + 2]) << 16;
1316 tmp |= (u32) (data[i + 3]) << 24;
1317 b43_ram_write(dev, ram_offset + i - 2, tmp);
1319 b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1320 size + sizeof(struct b43_plcp_hdr6));
1323 /* Check if the use of the antenna that ieee80211 told us to
1324 * use is possible. This will fall back to DEFAULT.
1325 * "antenna_nr" is the antenna identifier we got from ieee80211. */
1326 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1331 if (antenna_nr == 0) {
1332 /* Zero means "use default antenna". That's always OK. */
1336 /* Get the mask of available antennas. */
1338 antenna_mask = dev->dev->bus->sprom.ant_available_bg;
1340 antenna_mask = dev->dev->bus->sprom.ant_available_a;
1342 if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1343 /* This antenna is not available. Fall back to default. */
1350 static int b43_antenna_from_ieee80211(struct b43_wldev *dev, u8 antenna)
1352 antenna = b43_ieee80211_antenna_sanitize(dev, antenna);
1354 case 0: /* default/diversity */
1355 return B43_ANTENNA_DEFAULT;
1356 case 1: /* Antenna 0 */
1357 return B43_ANTENNA0;
1358 case 2: /* Antenna 1 */
1359 return B43_ANTENNA1;
1360 case 3: /* Antenna 2 */
1361 return B43_ANTENNA2;
1362 case 4: /* Antenna 3 */
1363 return B43_ANTENNA3;
1365 return B43_ANTENNA_DEFAULT;
1369 /* Convert a b43 antenna number value to the PHY TX control value. */
1370 static u16 b43_antenna_to_phyctl(int antenna)
1374 return B43_TXH_PHY_ANT0;
1376 return B43_TXH_PHY_ANT1;
1378 return B43_TXH_PHY_ANT2;
1380 return B43_TXH_PHY_ANT3;
1381 case B43_ANTENNA_AUTO:
1382 return B43_TXH_PHY_ANT01AUTO;
1388 static void b43_write_beacon_template(struct b43_wldev *dev,
1390 u16 shm_size_offset)
1392 unsigned int i, len, variable_len;
1393 const struct ieee80211_mgmt *bcn;
1399 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1401 bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1402 len = min((size_t) dev->wl->current_beacon->len,
1403 0x200 - sizeof(struct b43_plcp_hdr6));
1404 rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1406 b43_write_template_common(dev, (const u8 *)bcn,
1407 len, ram_offset, shm_size_offset, rate);
1409 /* Write the PHY TX control parameters. */
1410 antenna = b43_antenna_from_ieee80211(dev, info->antenna_sel_tx);
1411 antenna = b43_antenna_to_phyctl(antenna);
1412 ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1413 /* We can't send beacons with short preamble. Would get PHY errors. */
1414 ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1415 ctl &= ~B43_TXH_PHY_ANT;
1416 ctl &= ~B43_TXH_PHY_ENC;
1418 if (b43_is_cck_rate(rate))
1419 ctl |= B43_TXH_PHY_ENC_CCK;
1421 ctl |= B43_TXH_PHY_ENC_OFDM;
1422 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1424 /* Find the position of the TIM and the DTIM_period value
1425 * and write them to SHM. */
1426 ie = bcn->u.beacon.variable;
1427 variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1428 for (i = 0; i < variable_len - 2; ) {
1429 uint8_t ie_id, ie_len;
1436 /* This is the TIM Information Element */
1438 /* Check whether the ie_len is in the beacon data range. */
1439 if (variable_len < ie_len + 2 + i)
1441 /* A valid TIM is at least 4 bytes long. */
1446 tim_position = sizeof(struct b43_plcp_hdr6);
1447 tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1450 dtim_period = ie[i + 3];
1452 b43_shm_write16(dev, B43_SHM_SHARED,
1453 B43_SHM_SH_TIMBPOS, tim_position);
1454 b43_shm_write16(dev, B43_SHM_SHARED,
1455 B43_SHM_SH_DTIMPER, dtim_period);
1462 * If ucode wants to modify TIM do it behind the beacon, this
1463 * will happen, for example, when doing mesh networking.
1465 b43_shm_write16(dev, B43_SHM_SHARED,
1467 len + sizeof(struct b43_plcp_hdr6));
1468 b43_shm_write16(dev, B43_SHM_SHARED,
1469 B43_SHM_SH_DTIMPER, 0);
1471 b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1474 static void b43_write_probe_resp_plcp(struct b43_wldev *dev,
1475 u16 shm_offset, u16 size,
1476 struct ieee80211_rate *rate)
1478 struct b43_plcp_hdr4 plcp;
1483 b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate->hw_value);
1484 dur = ieee80211_generic_frame_duration(dev->wl->hw,
1487 /* Write PLCP in two parts and timing for packet transfer */
1488 tmp = le32_to_cpu(plcp.data);
1489 b43_shm_write16(dev, B43_SHM_SHARED, shm_offset, tmp & 0xFFFF);
1490 b43_shm_write16(dev, B43_SHM_SHARED, shm_offset + 2, tmp >> 16);
1491 b43_shm_write16(dev, B43_SHM_SHARED, shm_offset + 6, le16_to_cpu(dur));
1494 /* Instead of using custom probe response template, this function
1495 * just patches custom beacon template by:
1496 * 1) Changing packet type
1497 * 2) Patching duration field
1500 static const u8 * b43_generate_probe_resp(struct b43_wldev *dev,
1502 struct ieee80211_rate *rate)
1506 u16 src_size, elem_size, src_pos, dest_pos;
1508 struct ieee80211_hdr *hdr;
1511 src_size = dev->wl->current_beacon->len;
1512 src_data = (const u8 *)dev->wl->current_beacon->data;
1514 /* Get the start offset of the variable IEs in the packet. */
1515 ie_start = offsetof(struct ieee80211_mgmt, u.probe_resp.variable);
1516 B43_WARN_ON(ie_start != offsetof(struct ieee80211_mgmt, u.beacon.variable));
1518 if (B43_WARN_ON(src_size < ie_start))
1521 dest_data = kmalloc(src_size, GFP_ATOMIC);
1522 if (unlikely(!dest_data))
1525 /* Copy the static data and all Information Elements, except the TIM. */
1526 memcpy(dest_data, src_data, ie_start);
1528 dest_pos = ie_start;
1529 for ( ; src_pos < src_size - 2; src_pos += elem_size) {
1530 elem_size = src_data[src_pos + 1] + 2;
1531 if (src_data[src_pos] == 5) {
1532 /* This is the TIM. */
1535 memcpy(dest_data + dest_pos, src_data + src_pos,
1537 dest_pos += elem_size;
1539 *dest_size = dest_pos;
1540 hdr = (struct ieee80211_hdr *)dest_data;
1542 /* Set the frame control. */
1543 hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
1544 IEEE80211_STYPE_PROBE_RESP);
1545 dur = ieee80211_generic_frame_duration(dev->wl->hw,
1546 dev->wl->vif, *dest_size,
1548 hdr->duration_id = dur;
1553 static void b43_write_probe_resp_template(struct b43_wldev *dev,
1555 u16 shm_size_offset,
1556 struct ieee80211_rate *rate)
1558 const u8 *probe_resp_data;
1561 size = dev->wl->current_beacon->len;
1562 probe_resp_data = b43_generate_probe_resp(dev, &size, rate);
1563 if (unlikely(!probe_resp_data))
1566 /* Looks like PLCP headers plus packet timings are stored for
1567 * all possible basic rates
1569 b43_write_probe_resp_plcp(dev, 0x31A, size, &b43_b_ratetable[0]);
1570 b43_write_probe_resp_plcp(dev, 0x32C, size, &b43_b_ratetable[1]);
1571 b43_write_probe_resp_plcp(dev, 0x33E, size, &b43_b_ratetable[2]);
1572 b43_write_probe_resp_plcp(dev, 0x350, size, &b43_b_ratetable[3]);
1574 size = min((size_t) size, 0x200 - sizeof(struct b43_plcp_hdr6));
1575 b43_write_template_common(dev, probe_resp_data,
1576 size, ram_offset, shm_size_offset,
1578 kfree(probe_resp_data);
1581 static void b43_upload_beacon0(struct b43_wldev *dev)
1583 struct b43_wl *wl = dev->wl;
1585 if (wl->beacon0_uploaded)
1587 b43_write_beacon_template(dev, 0x68, 0x18);
1588 /* FIXME: Probe resp upload doesn't really belong here,
1589 * but we don't use that feature anyway. */
1590 b43_write_probe_resp_template(dev, 0x268, 0x4A,
1591 &__b43_ratetable[3]);
1592 wl->beacon0_uploaded = 1;
1595 static void b43_upload_beacon1(struct b43_wldev *dev)
1597 struct b43_wl *wl = dev->wl;
1599 if (wl->beacon1_uploaded)
1601 b43_write_beacon_template(dev, 0x468, 0x1A);
1602 wl->beacon1_uploaded = 1;
1605 static void handle_irq_beacon(struct b43_wldev *dev)
1607 struct b43_wl *wl = dev->wl;
1608 u32 cmd, beacon0_valid, beacon1_valid;
1610 if (!b43_is_mode(wl, IEEE80211_IF_TYPE_AP) &&
1611 !b43_is_mode(wl, IEEE80211_IF_TYPE_MESH_POINT))
1614 /* This is the bottom half of the asynchronous beacon update. */
1616 /* Ignore interrupt in the future. */
1617 dev->irq_savedstate &= ~B43_IRQ_BEACON;
1619 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1620 beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1621 beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1623 /* Schedule interrupt manually, if busy. */
1624 if (beacon0_valid && beacon1_valid) {
1625 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1626 dev->irq_savedstate |= B43_IRQ_BEACON;
1630 if (unlikely(wl->beacon_templates_virgin)) {
1631 /* We never uploaded a beacon before.
1632 * Upload both templates now, but only mark one valid. */
1633 wl->beacon_templates_virgin = 0;
1634 b43_upload_beacon0(dev);
1635 b43_upload_beacon1(dev);
1636 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1637 cmd |= B43_MACCMD_BEACON0_VALID;
1638 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1640 if (!beacon0_valid) {
1641 b43_upload_beacon0(dev);
1642 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1643 cmd |= B43_MACCMD_BEACON0_VALID;
1644 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1645 } else if (!beacon1_valid) {
1646 b43_upload_beacon1(dev);
1647 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1648 cmd |= B43_MACCMD_BEACON1_VALID;
1649 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1654 static void b43_beacon_update_trigger_work(struct work_struct *work)
1656 struct b43_wl *wl = container_of(work, struct b43_wl,
1657 beacon_update_trigger);
1658 struct b43_wldev *dev;
1660 mutex_lock(&wl->mutex);
1661 dev = wl->current_dev;
1662 if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1663 spin_lock_irq(&wl->irq_lock);
1664 /* update beacon right away or defer to irq */
1665 dev->irq_savedstate = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
1666 handle_irq_beacon(dev);
1667 /* The handler might have updated the IRQ mask. */
1668 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK,
1669 dev->irq_savedstate);
1671 spin_unlock_irq(&wl->irq_lock);
1673 mutex_unlock(&wl->mutex);
1676 /* Asynchronously update the packet templates in template RAM.
1677 * Locking: Requires wl->irq_lock to be locked. */
1678 static void b43_update_templates(struct b43_wl *wl)
1680 struct sk_buff *beacon;
1682 /* This is the top half of the ansynchronous beacon update.
1683 * The bottom half is the beacon IRQ.
1684 * Beacon update must be asynchronous to avoid sending an
1685 * invalid beacon. This can happen for example, if the firmware
1686 * transmits a beacon while we are updating it. */
1688 /* We could modify the existing beacon and set the aid bit in
1689 * the TIM field, but that would probably require resizing and
1690 * moving of data within the beacon template.
1691 * Simply request a new beacon and let mac80211 do the hard work. */
1692 beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1693 if (unlikely(!beacon))
1696 if (wl->current_beacon)
1697 dev_kfree_skb_any(wl->current_beacon);
1698 wl->current_beacon = beacon;
1699 wl->beacon0_uploaded = 0;
1700 wl->beacon1_uploaded = 0;
1701 queue_work(wl->hw->workqueue, &wl->beacon_update_trigger);
1704 static void b43_set_ssid(struct b43_wldev *dev, const u8 * ssid, u8 ssid_len)
1709 len = min((u16) ssid_len, (u16) 0x100);
1710 for (i = 0; i < len; i += sizeof(u32)) {
1711 tmp = (u32) (ssid[i + 0]);
1713 tmp |= (u32) (ssid[i + 1]) << 8;
1715 tmp |= (u32) (ssid[i + 2]) << 16;
1717 tmp |= (u32) (ssid[i + 3]) << 24;
1718 b43_shm_write32(dev, B43_SHM_SHARED, 0x380 + i, tmp);
1720 b43_shm_write16(dev, B43_SHM_SHARED, 0x48, len);
1723 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1726 if (dev->dev->id.revision >= 3) {
1727 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1728 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1730 b43_write16(dev, 0x606, (beacon_int >> 6));
1731 b43_write16(dev, 0x610, beacon_int);
1733 b43_time_unlock(dev);
1734 b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1737 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1741 /* Read the register that contains the reason code for the panic. */
1742 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1743 b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1747 b43dbg(dev->wl, "The panic reason is unknown.\n");
1749 case B43_FWPANIC_DIE:
1750 /* Do not restart the controller or firmware.
1751 * The device is nonfunctional from now on.
1752 * Restarting would result in this panic to trigger again,
1753 * so we avoid that recursion. */
1755 case B43_FWPANIC_RESTART:
1756 b43_controller_restart(dev, "Microcode panic");
1761 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1763 unsigned int i, cnt;
1764 u16 reason, marker_id, marker_line;
1767 /* The proprietary firmware doesn't have this IRQ. */
1768 if (!dev->fw.opensource)
1771 /* Read the register that contains the reason code for this IRQ. */
1772 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1775 case B43_DEBUGIRQ_PANIC:
1776 b43_handle_firmware_panic(dev);
1778 case B43_DEBUGIRQ_DUMP_SHM:
1780 break; /* Only with driver debugging enabled. */
1781 buf = kmalloc(4096, GFP_ATOMIC);
1783 b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1786 for (i = 0; i < 4096; i += 2) {
1787 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1788 buf[i / 2] = cpu_to_le16(tmp);
1790 b43info(dev->wl, "Shared memory dump:\n");
1791 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1792 16, 2, buf, 4096, 1);
1795 case B43_DEBUGIRQ_DUMP_REGS:
1797 break; /* Only with driver debugging enabled. */
1798 b43info(dev->wl, "Microcode register dump:\n");
1799 for (i = 0, cnt = 0; i < 64; i++) {
1800 u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1803 printk("r%02u: 0x%04X ", i, tmp);
1812 case B43_DEBUGIRQ_MARKER:
1814 break; /* Only with driver debugging enabled. */
1815 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1817 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1818 B43_MARKER_LINE_REG);
1819 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1820 "at line number %u\n",
1821 marker_id, marker_line);
1824 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1828 /* Acknowledge the debug-IRQ, so the firmware can continue. */
1829 b43_shm_write16(dev, B43_SHM_SCRATCH,
1830 B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1833 /* Interrupt handler bottom-half */
1834 static void b43_interrupt_tasklet(struct b43_wldev *dev)
1837 u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1838 u32 merged_dma_reason = 0;
1840 unsigned long flags;
1842 spin_lock_irqsave(&dev->wl->irq_lock, flags);
1844 B43_WARN_ON(b43_status(dev) != B43_STAT_STARTED);
1846 reason = dev->irq_reason;
1847 for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1848 dma_reason[i] = dev->dma_reason[i];
1849 merged_dma_reason |= dma_reason[i];
1852 if (unlikely(reason & B43_IRQ_MAC_TXERR))
1853 b43err(dev->wl, "MAC transmission error\n");
1855 if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1856 b43err(dev->wl, "PHY transmission error\n");
1858 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1859 atomic_set(&dev->phy.txerr_cnt,
1860 B43_PHY_TX_BADNESS_LIMIT);
1861 b43err(dev->wl, "Too many PHY TX errors, "
1862 "restarting the controller\n");
1863 b43_controller_restart(dev, "PHY TX errors");
1867 if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK |
1868 B43_DMAIRQ_NONFATALMASK))) {
1869 if (merged_dma_reason & B43_DMAIRQ_FATALMASK) {
1870 b43err(dev->wl, "Fatal DMA error: "
1871 "0x%08X, 0x%08X, 0x%08X, "
1872 "0x%08X, 0x%08X, 0x%08X\n",
1873 dma_reason[0], dma_reason[1],
1874 dma_reason[2], dma_reason[3],
1875 dma_reason[4], dma_reason[5]);
1876 b43_controller_restart(dev, "DMA error");
1878 spin_unlock_irqrestore(&dev->wl->irq_lock, flags);
1881 if (merged_dma_reason & B43_DMAIRQ_NONFATALMASK) {
1882 b43err(dev->wl, "DMA error: "
1883 "0x%08X, 0x%08X, 0x%08X, "
1884 "0x%08X, 0x%08X, 0x%08X\n",
1885 dma_reason[0], dma_reason[1],
1886 dma_reason[2], dma_reason[3],
1887 dma_reason[4], dma_reason[5]);
1891 if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1892 handle_irq_ucode_debug(dev);
1893 if (reason & B43_IRQ_TBTT_INDI)
1894 handle_irq_tbtt_indication(dev);
1895 if (reason & B43_IRQ_ATIM_END)
1896 handle_irq_atim_end(dev);
1897 if (reason & B43_IRQ_BEACON)
1898 handle_irq_beacon(dev);
1899 if (reason & B43_IRQ_PMQ)
1900 handle_irq_pmq(dev);
1901 if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1903 if (reason & B43_IRQ_NOISESAMPLE_OK)
1904 handle_irq_noise(dev);
1906 /* Check the DMA reason registers for received data. */
1907 if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
1908 if (b43_using_pio_transfers(dev))
1909 b43_pio_rx(dev->pio.rx_queue);
1911 b43_dma_rx(dev->dma.rx_ring);
1913 B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1914 B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
1915 B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
1916 B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1917 B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1919 if (reason & B43_IRQ_TX_OK)
1920 handle_irq_transmit_status(dev);
1922 b43_interrupt_enable(dev, dev->irq_savedstate);
1924 spin_unlock_irqrestore(&dev->wl->irq_lock, flags);
1927 static void b43_interrupt_ack(struct b43_wldev *dev, u32 reason)
1929 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
1931 b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
1932 b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
1933 b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
1934 b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
1935 b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
1936 b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
1939 /* Interrupt handler top-half */
1940 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
1942 irqreturn_t ret = IRQ_NONE;
1943 struct b43_wldev *dev = dev_id;
1949 spin_lock(&dev->wl->irq_lock);
1951 if (b43_status(dev) < B43_STAT_STARTED)
1953 reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1954 if (reason == 0xffffffff) /* shared IRQ */
1957 reason &= b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
1961 dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
1963 dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
1965 dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
1967 dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
1969 dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
1971 dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
1974 b43_interrupt_ack(dev, reason);
1975 /* disable all IRQs. They are enabled again in the bottom half. */
1976 dev->irq_savedstate = b43_interrupt_disable(dev, B43_IRQ_ALL);
1977 /* save the reason code and call our bottom half. */
1978 dev->irq_reason = reason;
1979 tasklet_schedule(&dev->isr_tasklet);
1982 spin_unlock(&dev->wl->irq_lock);
1987 static void do_release_fw(struct b43_firmware_file *fw)
1989 release_firmware(fw->data);
1991 fw->filename = NULL;
1994 static void b43_release_firmware(struct b43_wldev *dev)
1996 do_release_fw(&dev->fw.ucode);
1997 do_release_fw(&dev->fw.pcm);
1998 do_release_fw(&dev->fw.initvals);
1999 do_release_fw(&dev->fw.initvals_band);
2002 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
2006 text = "You must go to "
2007 "http://linuxwireless.org/en/users/Drivers/b43#devicefirmware "
2008 "and download the latest firmware (version 4).\n";
2015 static int do_request_fw(struct b43_wldev *dev,
2017 struct b43_firmware_file *fw,
2020 char path[sizeof(modparam_fwpostfix) + 32];
2021 const struct firmware *blob;
2022 struct b43_fw_header *hdr;
2027 /* Don't fetch anything. Free possibly cached firmware. */
2032 if (strcmp(fw->filename, name) == 0)
2033 return 0; /* Already have this fw. */
2034 /* Free the cached firmware first. */
2038 snprintf(path, ARRAY_SIZE(path),
2040 modparam_fwpostfix, name);
2041 err = request_firmware(&blob, path, dev->dev->dev);
2042 if (err == -ENOENT) {
2044 b43err(dev->wl, "Firmware file \"%s\" not found\n",
2049 b43err(dev->wl, "Firmware file \"%s\" request failed (err=%d)\n",
2053 if (blob->size < sizeof(struct b43_fw_header))
2055 hdr = (struct b43_fw_header *)(blob->data);
2056 switch (hdr->type) {
2057 case B43_FW_TYPE_UCODE:
2058 case B43_FW_TYPE_PCM:
2059 size = be32_to_cpu(hdr->size);
2060 if (size != blob->size - sizeof(struct b43_fw_header))
2063 case B43_FW_TYPE_IV:
2072 fw->filename = name;
2077 b43err(dev->wl, "Firmware file \"%s\" format error.\n", path);
2078 release_firmware(blob);
2083 static int b43_request_firmware(struct b43_wldev *dev)
2085 struct b43_firmware *fw = &dev->fw;
2086 const u8 rev = dev->dev->id.revision;
2087 const char *filename;
2092 tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
2093 if ((rev >= 5) && (rev <= 10))
2094 filename = "ucode5";
2095 else if ((rev >= 11) && (rev <= 12))
2096 filename = "ucode11";
2098 filename = "ucode13";
2101 err = do_request_fw(dev, filename, &fw->ucode, 0);
2106 if ((rev >= 5) && (rev <= 10))
2112 fw->pcm_request_failed = 0;
2113 err = do_request_fw(dev, filename, &fw->pcm, 1);
2114 if (err == -ENOENT) {
2115 /* We did not find a PCM file? Not fatal, but
2116 * core rev <= 10 must do without hwcrypto then. */
2117 fw->pcm_request_failed = 1;
2122 switch (dev->phy.type) {
2124 if ((rev >= 5) && (rev <= 10)) {
2125 if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2126 filename = "a0g1initvals5";
2128 filename = "a0g0initvals5";
2130 goto err_no_initvals;
2133 if ((rev >= 5) && (rev <= 10))
2134 filename = "b0g0initvals5";
2136 filename = "b0g0initvals13";
2138 goto err_no_initvals;
2141 if ((rev >= 11) && (rev <= 12))
2142 filename = "n0initvals11";
2144 goto err_no_initvals;
2147 goto err_no_initvals;
2149 err = do_request_fw(dev, filename, &fw->initvals, 0);
2153 /* Get bandswitch initvals */
2154 switch (dev->phy.type) {
2156 if ((rev >= 5) && (rev <= 10)) {
2157 if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2158 filename = "a0g1bsinitvals5";
2160 filename = "a0g0bsinitvals5";
2161 } else if (rev >= 11)
2164 goto err_no_initvals;
2167 if ((rev >= 5) && (rev <= 10))
2168 filename = "b0g0bsinitvals5";
2172 goto err_no_initvals;
2175 if ((rev >= 11) && (rev <= 12))
2176 filename = "n0bsinitvals11";
2178 goto err_no_initvals;
2181 goto err_no_initvals;
2183 err = do_request_fw(dev, filename, &fw->initvals_band, 0);
2190 b43_print_fw_helptext(dev->wl, 1);
2195 b43err(dev->wl, "No microcode available for core rev %u\n", rev);
2200 b43err(dev->wl, "No PCM available for core rev %u\n", rev);
2205 b43err(dev->wl, "No Initial Values firmware file for PHY %u, "
2206 "core rev %u\n", dev->phy.type, rev);
2210 b43_release_firmware(dev);
2214 static int b43_upload_microcode(struct b43_wldev *dev)
2216 const size_t hdr_len = sizeof(struct b43_fw_header);
2218 unsigned int i, len;
2219 u16 fwrev, fwpatch, fwdate, fwtime;
2223 /* Jump the microcode PSM to offset 0 */
2224 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2225 B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2226 macctl |= B43_MACCTL_PSM_JMP0;
2227 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2228 /* Zero out all microcode PSM registers and shared memory. */
2229 for (i = 0; i < 64; i++)
2230 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2231 for (i = 0; i < 4096; i += 2)
2232 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2234 /* Upload Microcode. */
2235 data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2236 len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2237 b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2238 for (i = 0; i < len; i++) {
2239 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2243 if (dev->fw.pcm.data) {
2244 /* Upload PCM data. */
2245 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2246 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2247 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2248 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2249 /* No need for autoinc bit in SHM_HW */
2250 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2251 for (i = 0; i < len; i++) {
2252 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2257 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2259 /* Start the microcode PSM */
2260 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2261 macctl &= ~B43_MACCTL_PSM_JMP0;
2262 macctl |= B43_MACCTL_PSM_RUN;
2263 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2265 /* Wait for the microcode to load and respond */
2268 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2269 if (tmp == B43_IRQ_MAC_SUSPENDED)
2273 b43err(dev->wl, "Microcode not responding\n");
2274 b43_print_fw_helptext(dev->wl, 1);
2278 msleep_interruptible(50);
2279 if (signal_pending(current)) {
2284 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON); /* dummy read */
2286 /* Get and check the revisions. */
2287 fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2288 fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2289 fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2290 fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2292 if (fwrev <= 0x128) {
2293 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2294 "binary drivers older than version 4.x is unsupported. "
2295 "You must upgrade your firmware files.\n");
2296 b43_print_fw_helptext(dev->wl, 1);
2300 dev->fw.rev = fwrev;
2301 dev->fw.patch = fwpatch;
2302 dev->fw.opensource = (fwdate == 0xFFFF);
2304 if (dev->fw.opensource) {
2305 /* Patchlevel info is encoded in the "time" field. */
2306 dev->fw.patch = fwtime;
2307 b43info(dev->wl, "Loading OpenSource firmware version %u.%u%s\n",
2308 dev->fw.rev, dev->fw.patch,
2309 dev->fw.pcm_request_failed ? " (Hardware crypto not supported)" : "");
2311 b43info(dev->wl, "Loading firmware version %u.%u "
2312 "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2314 (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2315 (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2316 if (dev->fw.pcm_request_failed) {
2317 b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2318 "Hardware accelerated cryptography is disabled.\n");
2319 b43_print_fw_helptext(dev->wl, 0);
2323 if (b43_is_old_txhdr_format(dev)) {
2324 b43warn(dev->wl, "You are using an old firmware image. "
2325 "Support for old firmware will be removed in July 2008.\n");
2326 b43_print_fw_helptext(dev->wl, 0);
2332 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2333 macctl &= ~B43_MACCTL_PSM_RUN;
2334 macctl |= B43_MACCTL_PSM_JMP0;
2335 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2340 static int b43_write_initvals(struct b43_wldev *dev,
2341 const struct b43_iv *ivals,
2345 const struct b43_iv *iv;
2350 BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2352 for (i = 0; i < count; i++) {
2353 if (array_size < sizeof(iv->offset_size))
2355 array_size -= sizeof(iv->offset_size);
2356 offset = be16_to_cpu(iv->offset_size);
2357 bit32 = !!(offset & B43_IV_32BIT);
2358 offset &= B43_IV_OFFSET_MASK;
2359 if (offset >= 0x1000)
2364 if (array_size < sizeof(iv->data.d32))
2366 array_size -= sizeof(iv->data.d32);
2368 value = get_unaligned_be32(&iv->data.d32);
2369 b43_write32(dev, offset, value);
2371 iv = (const struct b43_iv *)((const uint8_t *)iv +
2377 if (array_size < sizeof(iv->data.d16))
2379 array_size -= sizeof(iv->data.d16);
2381 value = be16_to_cpu(iv->data.d16);
2382 b43_write16(dev, offset, value);
2384 iv = (const struct b43_iv *)((const uint8_t *)iv +
2395 b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2396 b43_print_fw_helptext(dev->wl, 1);
2401 static int b43_upload_initvals(struct b43_wldev *dev)
2403 const size_t hdr_len = sizeof(struct b43_fw_header);
2404 const struct b43_fw_header *hdr;
2405 struct b43_firmware *fw = &dev->fw;
2406 const struct b43_iv *ivals;
2410 hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2411 ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2412 count = be32_to_cpu(hdr->size);
2413 err = b43_write_initvals(dev, ivals, count,
2414 fw->initvals.data->size - hdr_len);
2417 if (fw->initvals_band.data) {
2418 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2419 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2420 count = be32_to_cpu(hdr->size);
2421 err = b43_write_initvals(dev, ivals, count,
2422 fw->initvals_band.data->size - hdr_len);
2431 /* Initialize the GPIOs
2432 * http://bcm-specs.sipsolutions.net/GPIO
2434 static int b43_gpio_init(struct b43_wldev *dev)
2436 struct ssb_bus *bus = dev->dev->bus;
2437 struct ssb_device *gpiodev, *pcidev = NULL;
2440 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2441 & ~B43_MACCTL_GPOUTSMSK);
2443 b43_write16(dev, B43_MMIO_GPIO_MASK, b43_read16(dev, B43_MMIO_GPIO_MASK)
2448 if (dev->dev->bus->chip_id == 0x4301) {
2452 if (0 /* FIXME: conditional unknown */ ) {
2453 b43_write16(dev, B43_MMIO_GPIO_MASK,
2454 b43_read16(dev, B43_MMIO_GPIO_MASK)
2459 if (dev->dev->bus->sprom.boardflags_lo & B43_BFL_PACTRL) {
2460 b43_write16(dev, B43_MMIO_GPIO_MASK,
2461 b43_read16(dev, B43_MMIO_GPIO_MASK)
2466 if (dev->dev->id.revision >= 2)
2467 mask |= 0x0010; /* FIXME: This is redundant. */
2469 #ifdef CONFIG_SSB_DRIVER_PCICORE
2470 pcidev = bus->pcicore.dev;
2472 gpiodev = bus->chipco.dev ? : pcidev;
2475 ssb_write32(gpiodev, B43_GPIO_CONTROL,
2476 (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2482 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2483 static void b43_gpio_cleanup(struct b43_wldev *dev)
2485 struct ssb_bus *bus = dev->dev->bus;
2486 struct ssb_device *gpiodev, *pcidev = NULL;
2488 #ifdef CONFIG_SSB_DRIVER_PCICORE
2489 pcidev = bus->pcicore.dev;
2491 gpiodev = bus->chipco.dev ? : pcidev;
2494 ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2497 /* http://bcm-specs.sipsolutions.net/EnableMac */
2498 void b43_mac_enable(struct b43_wldev *dev)
2500 if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2503 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2504 B43_SHM_SH_UCODESTAT);
2505 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2506 (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2507 b43err(dev->wl, "b43_mac_enable(): The firmware "
2508 "should be suspended, but current state is %u\n",
2513 dev->mac_suspended--;
2514 B43_WARN_ON(dev->mac_suspended < 0);
2515 if (dev->mac_suspended == 0) {
2516 b43_write32(dev, B43_MMIO_MACCTL,
2517 b43_read32(dev, B43_MMIO_MACCTL)
2518 | B43_MACCTL_ENABLED);
2519 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2520 B43_IRQ_MAC_SUSPENDED);
2522 b43_read32(dev, B43_MMIO_MACCTL);
2523 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2524 b43_power_saving_ctl_bits(dev, 0);
2528 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2529 void b43_mac_suspend(struct b43_wldev *dev)
2535 B43_WARN_ON(dev->mac_suspended < 0);
2537 if (dev->mac_suspended == 0) {
2538 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2539 b43_write32(dev, B43_MMIO_MACCTL,
2540 b43_read32(dev, B43_MMIO_MACCTL)
2541 & ~B43_MACCTL_ENABLED);
2542 /* force pci to flush the write */
2543 b43_read32(dev, B43_MMIO_MACCTL);
2544 for (i = 35; i; i--) {
2545 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2546 if (tmp & B43_IRQ_MAC_SUSPENDED)
2550 /* Hm, it seems this will take some time. Use msleep(). */
2551 for (i = 40; i; i--) {
2552 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2553 if (tmp & B43_IRQ_MAC_SUSPENDED)
2557 b43err(dev->wl, "MAC suspend failed\n");
2560 dev->mac_suspended++;
2563 static void b43_adjust_opmode(struct b43_wldev *dev)
2565 struct b43_wl *wl = dev->wl;
2569 ctl = b43_read32(dev, B43_MMIO_MACCTL);
2570 /* Reset status to STA infrastructure mode. */
2571 ctl &= ~B43_MACCTL_AP;
2572 ctl &= ~B43_MACCTL_KEEP_CTL;
2573 ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2574 ctl &= ~B43_MACCTL_KEEP_BAD;
2575 ctl &= ~B43_MACCTL_PROMISC;
2576 ctl &= ~B43_MACCTL_BEACPROMISC;
2577 ctl |= B43_MACCTL_INFRA;
2579 if (b43_is_mode(wl, IEEE80211_IF_TYPE_AP) ||
2580 b43_is_mode(wl, IEEE80211_IF_TYPE_MESH_POINT))
2581 ctl |= B43_MACCTL_AP;
2582 else if (b43_is_mode(wl, IEEE80211_IF_TYPE_IBSS))
2583 ctl &= ~B43_MACCTL_INFRA;
2585 if (wl->filter_flags & FIF_CONTROL)
2586 ctl |= B43_MACCTL_KEEP_CTL;
2587 if (wl->filter_flags & FIF_FCSFAIL)
2588 ctl |= B43_MACCTL_KEEP_BAD;
2589 if (wl->filter_flags & FIF_PLCPFAIL)
2590 ctl |= B43_MACCTL_KEEP_BADPLCP;
2591 if (wl->filter_flags & FIF_PROMISC_IN_BSS)
2592 ctl |= B43_MACCTL_PROMISC;
2593 if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2594 ctl |= B43_MACCTL_BEACPROMISC;
2596 /* Workaround: On old hardware the HW-MAC-address-filter
2597 * doesn't work properly, so always run promisc in filter
2598 * it in software. */
2599 if (dev->dev->id.revision <= 4)
2600 ctl |= B43_MACCTL_PROMISC;
2602 b43_write32(dev, B43_MMIO_MACCTL, ctl);
2605 if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2606 if (dev->dev->bus->chip_id == 0x4306 &&
2607 dev->dev->bus->chip_rev == 3)
2612 b43_write16(dev, 0x612, cfp_pretbtt);
2615 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
2621 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
2624 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
2626 b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
2627 b43_shm_read16(dev, B43_SHM_SHARED, offset));
2630 static void b43_rate_memory_init(struct b43_wldev *dev)
2632 switch (dev->phy.type) {
2636 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
2637 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
2638 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
2639 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
2640 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
2641 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
2642 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
2643 if (dev->phy.type == B43_PHYTYPE_A)
2647 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
2648 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
2649 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
2650 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
2657 /* Set the default values for the PHY TX Control Words. */
2658 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
2662 ctl |= B43_TXH_PHY_ENC_CCK;
2663 ctl |= B43_TXH_PHY_ANT01AUTO;
2664 ctl |= B43_TXH_PHY_TXPWR;
2666 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
2667 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
2668 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
2671 /* Set the TX-Antenna for management frames sent by firmware. */
2672 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
2677 ant = b43_antenna_to_phyctl(antenna);
2680 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
2681 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2682 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
2683 /* For Probe Resposes */
2684 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
2685 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2686 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
2689 /* This is the opposite of b43_chip_init() */
2690 static void b43_chip_exit(struct b43_wldev *dev)
2692 b43_radio_turn_off(dev, 1);
2693 b43_gpio_cleanup(dev);
2694 b43_lo_g_cleanup(dev);
2695 /* firmware is released later */
2698 /* Initialize the chip
2699 * http://bcm-specs.sipsolutions.net/ChipInit
2701 static int b43_chip_init(struct b43_wldev *dev)
2703 struct b43_phy *phy = &dev->phy;
2705 u32 value32, macctl;
2708 /* Initialize the MAC control */
2709 macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
2711 macctl |= B43_MACCTL_GMODE;
2712 macctl |= B43_MACCTL_INFRA;
2713 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2715 err = b43_request_firmware(dev);
2718 err = b43_upload_microcode(dev);
2720 goto out; /* firmware is released later */
2722 err = b43_gpio_init(dev);
2724 goto out; /* firmware is released later */
2726 err = b43_upload_initvals(dev);
2728 goto err_gpio_clean;
2729 b43_radio_turn_on(dev);
2731 b43_write16(dev, 0x03E6, 0x0000);
2732 err = b43_phy_init(dev);
2736 /* Select initial Interference Mitigation. */
2737 tmp = phy->interfmode;
2738 phy->interfmode = B43_INTERFMODE_NONE;
2739 b43_radio_set_interference_mitigation(dev, tmp);
2741 b43_set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
2742 b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
2744 if (phy->type == B43_PHYTYPE_B) {
2745 value16 = b43_read16(dev, 0x005E);
2747 b43_write16(dev, 0x005E, value16);
2749 b43_write32(dev, 0x0100, 0x01000000);
2750 if (dev->dev->id.revision < 5)
2751 b43_write32(dev, 0x010C, 0x01000000);
2753 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2754 & ~B43_MACCTL_INFRA);
2755 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2756 | B43_MACCTL_INFRA);
2758 /* Probe Response Timeout value */
2759 /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
2760 b43_shm_write16(dev, B43_SHM_SHARED, 0x0074, 0x0000);
2762 /* Initially set the wireless operation mode. */
2763 b43_adjust_opmode(dev);
2765 if (dev->dev->id.revision < 3) {
2766 b43_write16(dev, 0x060E, 0x0000);
2767 b43_write16(dev, 0x0610, 0x8000);
2768 b43_write16(dev, 0x0604, 0x0000);
2769 b43_write16(dev, 0x0606, 0x0200);
2771 b43_write32(dev, 0x0188, 0x80000000);
2772 b43_write32(dev, 0x018C, 0x02000000);
2774 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
2775 b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001DC00);
2776 b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
2777 b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
2778 b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
2779 b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
2780 b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
2782 value32 = ssb_read32(dev->dev, SSB_TMSLOW);
2783 value32 |= 0x00100000;
2784 ssb_write32(dev->dev, SSB_TMSLOW, value32);
2786 b43_write16(dev, B43_MMIO_POWERUP_DELAY,
2787 dev->dev->bus->chipco.fast_pwrup_delay);
2790 b43dbg(dev->wl, "Chip initialized\n");
2795 b43_radio_turn_off(dev, 1);
2797 b43_gpio_cleanup(dev);
2801 static void b43_periodic_every60sec(struct b43_wldev *dev)
2803 struct b43_phy *phy = &dev->phy;
2805 if (phy->type != B43_PHYTYPE_G)
2807 if (dev->dev->bus->sprom.boardflags_lo & B43_BFL_RSSI) {
2808 b43_mac_suspend(dev);
2809 b43_calc_nrssi_slope(dev);
2810 if ((phy->radio_ver == 0x2050) && (phy->radio_rev == 8)) {
2811 u8 old_chan = phy->channel;
2813 /* VCO Calibration */
2815 b43_radio_selectchannel(dev, 1, 0);
2817 b43_radio_selectchannel(dev, 13, 0);
2818 b43_radio_selectchannel(dev, old_chan, 0);
2820 b43_mac_enable(dev);
2824 static void b43_periodic_every30sec(struct b43_wldev *dev)
2826 /* Update device statistics. */
2827 b43_calculate_link_quality(dev);
2830 static void b43_periodic_every15sec(struct b43_wldev *dev)
2832 struct b43_phy *phy = &dev->phy;
2835 if (dev->fw.opensource) {
2836 /* Check if the firmware is still alive.
2837 * It will reset the watchdog counter to 0 in its idle loop. */
2838 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
2839 if (unlikely(wdr)) {
2840 b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
2841 b43_controller_restart(dev, "Firmware watchdog");
2844 b43_shm_write16(dev, B43_SHM_SCRATCH,
2845 B43_WATCHDOG_REG, 1);
2849 if (phy->type == B43_PHYTYPE_G) {
2850 //TODO: update_aci_moving_average
2851 if (phy->aci_enable && phy->aci_wlan_automatic) {
2852 b43_mac_suspend(dev);
2853 if (!phy->aci_enable && 1 /*TODO: not scanning? */ ) {
2854 if (0 /*TODO: bunch of conditions */ ) {
2855 b43_radio_set_interference_mitigation
2856 (dev, B43_INTERFMODE_MANUALWLAN);
2858 } else if (1 /*TODO*/) {
2860 if ((aci_average > 1000) && !(b43_radio_aci_scan(dev))) {
2861 b43_radio_set_interference_mitigation(dev,
2862 B43_INTERFMODE_NONE);
2866 b43_mac_enable(dev);
2867 } else if (phy->interfmode == B43_INTERFMODE_NONWLAN &&
2869 //TODO: implement rev1 workaround
2872 b43_phy_xmitpower(dev); //FIXME: unless scanning?
2873 b43_lo_g_maintanance_work(dev);
2874 //TODO for APHY (temperature?)
2876 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
2880 static void do_periodic_work(struct b43_wldev *dev)
2884 state = dev->periodic_state;
2886 b43_periodic_every60sec(dev);
2888 b43_periodic_every30sec(dev);
2889 b43_periodic_every15sec(dev);
2892 /* Periodic work locking policy:
2893 * The whole periodic work handler is protected by
2894 * wl->mutex. If another lock is needed somewhere in the
2895 * pwork callchain, it's aquired in-place, where it's needed.
2897 static void b43_periodic_work_handler(struct work_struct *work)
2899 struct b43_wldev *dev = container_of(work, struct b43_wldev,
2900 periodic_work.work);
2901 struct b43_wl *wl = dev->wl;
2902 unsigned long delay;
2904 mutex_lock(&wl->mutex);
2906 if (unlikely(b43_status(dev) != B43_STAT_STARTED))
2908 if (b43_debug(dev, B43_DBG_PWORK_STOP))
2911 do_periodic_work(dev);
2913 dev->periodic_state++;
2915 if (b43_debug(dev, B43_DBG_PWORK_FAST))
2916 delay = msecs_to_jiffies(50);
2918 delay = round_jiffies_relative(HZ * 15);
2919 queue_delayed_work(wl->hw->workqueue, &dev->periodic_work, delay);
2921 mutex_unlock(&wl->mutex);
2924 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
2926 struct delayed_work *work = &dev->periodic_work;
2928 dev->periodic_state = 0;
2929 INIT_DELAYED_WORK(work, b43_periodic_work_handler);
2930 queue_delayed_work(dev->wl->hw->workqueue, work, 0);
2933 /* Check if communication with the device works correctly. */
2934 static int b43_validate_chipaccess(struct b43_wldev *dev)
2938 backup = b43_shm_read32(dev, B43_SHM_SHARED, 0);
2940 /* Check for read/write and endianness problems. */
2941 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
2942 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
2944 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
2945 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
2948 b43_shm_write32(dev, B43_SHM_SHARED, 0, backup);
2950 if ((dev->dev->id.revision >= 3) && (dev->dev->id.revision <= 10)) {
2951 /* The 32bit register shadows the two 16bit registers
2952 * with update sideeffects. Validate this. */
2953 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
2954 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
2955 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
2957 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
2960 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
2962 v = b43_read32(dev, B43_MMIO_MACCTL);
2963 v |= B43_MACCTL_GMODE;
2964 if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
2969 b43err(dev->wl, "Failed to validate the chipaccess\n");
2973 static void b43_security_init(struct b43_wldev *dev)
2975 dev->max_nr_keys = (dev->dev->id.revision >= 5) ? 58 : 20;
2976 B43_WARN_ON(dev->max_nr_keys > ARRAY_SIZE(dev->key));
2977 dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
2978 /* KTP is a word address, but we address SHM bytewise.
2979 * So multiply by two.
2982 if (dev->dev->id.revision >= 5) {
2983 /* Number of RCMTA address slots */
2984 b43_write16(dev, B43_MMIO_RCMTA_COUNT, dev->max_nr_keys - 8);
2986 b43_clear_keys(dev);
2989 static int b43_rng_read(struct hwrng *rng, u32 * data)
2991 struct b43_wl *wl = (struct b43_wl *)rng->priv;
2992 unsigned long flags;
2994 /* Don't take wl->mutex here, as it could deadlock with
2995 * hwrng internal locking. It's not needed to take
2996 * wl->mutex here, anyway. */
2998 spin_lock_irqsave(&wl->irq_lock, flags);
2999 *data = b43_read16(wl->current_dev, B43_MMIO_RNG);
3000 spin_unlock_irqrestore(&wl->irq_lock, flags);
3002 return (sizeof(u16));
3005 static void b43_rng_exit(struct b43_wl *wl)
3007 if (wl->rng_initialized)
3008 hwrng_unregister(&wl->rng);
3011 static int b43_rng_init(struct b43_wl *wl)
3015 snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3016 "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3017 wl->rng.name = wl->rng_name;
3018 wl->rng.data_read = b43_rng_read;
3019 wl->rng.priv = (unsigned long)wl;
3020 wl->rng_initialized = 1;
3021 err = hwrng_register(&wl->rng);
3023 wl->rng_initialized = 0;
3024 b43err(wl, "Failed to register the random "
3025 "number generator (%d)\n", err);
3031 static int b43_op_tx(struct ieee80211_hw *hw,
3032 struct sk_buff *skb)
3034 struct b43_wl *wl = hw_to_b43_wl(hw);
3035 struct b43_wldev *dev = wl->current_dev;
3036 unsigned long flags;
3039 if (unlikely(skb->len < 2 + 2 + 6)) {
3040 /* Too short, this can't be a valid frame. */
3043 B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3047 /* Transmissions on seperate queues can run concurrently. */
3048 read_lock_irqsave(&wl->tx_lock, flags);
3051 if (likely(b43_status(dev) >= B43_STAT_STARTED)) {
3052 if (b43_using_pio_transfers(dev))
3053 err = b43_pio_tx(dev, skb);
3055 err = b43_dma_tx(dev, skb);
3058 read_unlock_irqrestore(&wl->tx_lock, flags);
3062 return NETDEV_TX_OK;
3065 /* We can not transmit this packet. Drop it. */
3066 dev_kfree_skb_any(skb);
3067 return NETDEV_TX_OK;
3070 /* Locking: wl->irq_lock */
3071 static void b43_qos_params_upload(struct b43_wldev *dev,
3072 const struct ieee80211_tx_queue_params *p,
3075 u16 params[B43_NR_QOSPARAMS];
3079 bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3081 memset(¶ms, 0, sizeof(params));
3083 params[B43_QOSPARAM_TXOP] = p->txop * 32;
3084 params[B43_QOSPARAM_CWMIN] = p->cw_min;
3085 params[B43_QOSPARAM_CWMAX] = p->cw_max;
3086 params[B43_QOSPARAM_CWCUR] = p->cw_min;
3087 params[B43_QOSPARAM_AIFS] = p->aifs;
3088 params[B43_QOSPARAM_BSLOTS] = bslots;
3089 params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3091 for (i = 0; i < ARRAY_SIZE(params); i++) {
3092 if (i == B43_QOSPARAM_STATUS) {
3093 tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3094 shm_offset + (i * 2));
3095 /* Mark the parameters as updated. */
3097 b43_shm_write16(dev, B43_SHM_SHARED,
3098 shm_offset + (i * 2),
3101 b43_shm_write16(dev, B43_SHM_SHARED,
3102 shm_offset + (i * 2),
3108 /* Update the QOS parameters in hardware. */
3109 static void b43_qos_update(struct b43_wldev *dev)
3111 struct b43_wl *wl = dev->wl;
3112 struct b43_qos_params *params;
3113 unsigned long flags;
3116 /* Mapping of mac80211 queues to b43 SHM offsets. */
3117 static const u16 qos_shm_offsets[] = {
3118 [0] = B43_QOS_VOICE,
3119 [1] = B43_QOS_VIDEO,
3120 [2] = B43_QOS_BESTEFFORT,
3121 [3] = B43_QOS_BACKGROUND,
3123 BUILD_BUG_ON(ARRAY_SIZE(qos_shm_offsets) != ARRAY_SIZE(wl->qos_params));
3125 b43_mac_suspend(dev);
3126 spin_lock_irqsave(&wl->irq_lock, flags);
3128 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3129 params = &(wl->qos_params[i]);
3130 if (params->need_hw_update) {
3131 b43_qos_params_upload(dev, &(params->p),
3132 qos_shm_offsets[i]);
3133 params->need_hw_update = 0;
3137 spin_unlock_irqrestore(&wl->irq_lock, flags);
3138 b43_mac_enable(dev);
3141 static void b43_qos_clear(struct b43_wl *wl)
3143 struct b43_qos_params *params;
3146 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3147 params = &(wl->qos_params[i]);
3149 memset(&(params->p), 0, sizeof(params->p));
3150 params->p.aifs = -1;
3151 params->need_hw_update = 1;
3155 /* Initialize the core's QOS capabilities */
3156 static void b43_qos_init(struct b43_wldev *dev)
3158 struct b43_wl *wl = dev->wl;
3161 /* Upload the current QOS parameters. */
3162 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++)
3163 wl->qos_params[i].need_hw_update = 1;
3164 b43_qos_update(dev);
3166 /* Enable QOS support. */
3167 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3168 b43_write16(dev, B43_MMIO_IFSCTL,
3169 b43_read16(dev, B43_MMIO_IFSCTL)
3170 | B43_MMIO_IFSCTL_USE_EDCF);
3173 static void b43_qos_update_work(struct work_struct *work)
3175 struct b43_wl *wl = container_of(work, struct b43_wl, qos_update_work);
3176 struct b43_wldev *dev;
3178 mutex_lock(&wl->mutex);
3179 dev = wl->current_dev;
3180 if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED)))
3181 b43_qos_update(dev);
3182 mutex_unlock(&wl->mutex);
3185 static int b43_op_conf_tx(struct ieee80211_hw *hw, u16 _queue,
3186 const struct ieee80211_tx_queue_params *params)
3188 struct b43_wl *wl = hw_to_b43_wl(hw);
3189 unsigned long flags;
3190 unsigned int queue = (unsigned int)_queue;
3191 struct b43_qos_params *p;
3193 if (queue >= ARRAY_SIZE(wl->qos_params)) {
3194 /* Queue not available or don't support setting
3195 * params on this queue. Return success to not
3196 * confuse mac80211. */
3200 spin_lock_irqsave(&wl->irq_lock, flags);
3201 p = &(wl->qos_params[queue]);
3202 memcpy(&(p->p), params, sizeof(p->p));
3203 p->need_hw_update = 1;
3204 spin_unlock_irqrestore(&wl->irq_lock, flags);
3206 queue_work(hw->workqueue, &wl->qos_update_work);
3211 static int b43_op_get_tx_stats(struct ieee80211_hw *hw,
3212 struct ieee80211_tx_queue_stats *stats)
3214 struct b43_wl *wl = hw_to_b43_wl(hw);
3215 struct b43_wldev *dev = wl->current_dev;
3216 unsigned long flags;
3221 spin_lock_irqsave(&wl->irq_lock, flags);
3222 if (likely(b43_status(dev) >= B43_STAT_STARTED)) {
3223 if (b43_using_pio_transfers(dev))
3224 b43_pio_get_tx_stats(dev, stats);
3226 b43_dma_get_tx_stats(dev, stats);
3229 spin_unlock_irqrestore(&wl->irq_lock, flags);
3234 static int b43_op_get_stats(struct ieee80211_hw *hw,
3235 struct ieee80211_low_level_stats *stats)
3237 struct b43_wl *wl = hw_to_b43_wl(hw);
3238 unsigned long flags;
3240 spin_lock_irqsave(&wl->irq_lock, flags);
3241 memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3242 spin_unlock_irqrestore(&wl->irq_lock, flags);
3247 static void b43_put_phy_into_reset(struct b43_wldev *dev)
3249 struct ssb_device *sdev = dev->dev;
3252 tmslow = ssb_read32(sdev, SSB_TMSLOW);
3253 tmslow &= ~B43_TMSLOW_GMODE;
3254 tmslow |= B43_TMSLOW_PHYRESET;
3255 tmslow |= SSB_TMSLOW_FGC;
3256 ssb_write32(sdev, SSB_TMSLOW, tmslow);
3259 tmslow = ssb_read32(sdev, SSB_TMSLOW);
3260 tmslow &= ~SSB_TMSLOW_FGC;
3261 tmslow |= B43_TMSLOW_PHYRESET;
3262 ssb_write32(sdev, SSB_TMSLOW, tmslow);
3266 static const char * band_to_string(enum ieee80211_band band)
3269 case IEEE80211_BAND_5GHZ:
3271 case IEEE80211_BAND_2GHZ:
3280 /* Expects wl->mutex locked */
3281 static int b43_switch_band(struct b43_wl *wl, struct ieee80211_channel *chan)
3283 struct b43_wldev *up_dev = NULL;
3284 struct b43_wldev *down_dev;
3285 struct b43_wldev *d;
3290 /* Find a device and PHY which supports the band. */
3291 list_for_each_entry(d, &wl->devlist, list) {
3292 switch (chan->band) {
3293 case IEEE80211_BAND_5GHZ:
3294 if (d->phy.supports_5ghz) {
3299 case IEEE80211_BAND_2GHZ:
3300 if (d->phy.supports_2ghz) {
3313 b43err(wl, "Could not find a device for %s-GHz band operation\n",
3314 band_to_string(chan->band));
3317 if ((up_dev == wl->current_dev) &&
3318 (!!wl->current_dev->phy.gmode == !!gmode)) {
3319 /* This device is already running. */
3322 b43dbg(wl, "Switching to %s-GHz band\n",
3323 band_to_string(chan->band));
3324 down_dev = wl->current_dev;
3326 prev_status = b43_status(down_dev);
3327 /* Shutdown the currently running core. */
3328 if (prev_status >= B43_STAT_STARTED)
3329 b43_wireless_core_stop(down_dev);
3330 if (prev_status >= B43_STAT_INITIALIZED)
3331 b43_wireless_core_exit(down_dev);
3333 if (down_dev != up_dev) {
3334 /* We switch to a different core, so we put PHY into
3335 * RESET on the old core. */
3336 b43_put_phy_into_reset(down_dev);
3339 /* Now start the new core. */
3340 up_dev->phy.gmode = gmode;
3341 if (prev_status >= B43_STAT_INITIALIZED) {
3342 err = b43_wireless_core_init(up_dev);
3344 b43err(wl, "Fatal: Could not initialize device for "
3345 "selected %s-GHz band\n",
3346 band_to_string(chan->band));
3350 if (prev_status >= B43_STAT_STARTED) {
3351 err = b43_wireless_core_start(up_dev);
3353 b43err(wl, "Fatal: Coult not start device for "
3354 "selected %s-GHz band\n",
3355 band_to_string(chan->band));
3356 b43_wireless_core_exit(up_dev);
3360 B43_WARN_ON(b43_status(up_dev) != prev_status);
3362 wl->current_dev = up_dev;
3366 /* Whoops, failed to init the new core. No core is operating now. */
3367 wl->current_dev = NULL;
3371 static int b43_op_config(struct ieee80211_hw *hw, struct ieee80211_conf *conf)
3373 struct b43_wl *wl = hw_to_b43_wl(hw);
3374 struct b43_wldev *dev;
3375 struct b43_phy *phy;
3376 unsigned long flags;
3381 mutex_lock(&wl->mutex);
3383 /* Switch the band (if necessary). This might change the active core. */
3384 err = b43_switch_band(wl, conf->channel);
3386 goto out_unlock_mutex;
3387 dev = wl->current_dev;
3390 /* Disable IRQs while reconfiguring the device.
3391 * This makes it possible to drop the spinlock throughout
3392 * the reconfiguration process. */
3393 spin_lock_irqsave(&wl->irq_lock, flags);
3394 if (b43_status(dev) < B43_STAT_STARTED) {
3395 spin_unlock_irqrestore(&wl->irq_lock, flags);
3396 goto out_unlock_mutex;
3398 savedirqs = b43_interrupt_disable(dev, B43_IRQ_ALL);
3399 spin_unlock_irqrestore(&wl->irq_lock, flags);
3400 b43_synchronize_irq(dev);
3402 /* Switch to the requested channel.
3403 * The firmware takes care of races with the TX handler. */
3404 if (conf->channel->hw_value != phy->channel)
3405 b43_radio_selectchannel(dev, conf->channel->hw_value, 0);
3407 /* Enable/Disable ShortSlot timing. */
3408 if ((!!(conf->flags & IEEE80211_CONF_SHORT_SLOT_TIME)) !=
3410 B43_WARN_ON(phy->type != B43_PHYTYPE_G);
3411 if (conf->flags & IEEE80211_CONF_SHORT_SLOT_TIME)
3412 b43_short_slot_timing_enable(dev);
3414 b43_short_slot_timing_disable(dev);
3417 dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_RADIOTAP);
3419 /* Adjust the desired TX power level. */
3420 if (conf->power_level != 0) {
3421 if (conf->power_level != phy->power_level) {
3422 phy->power_level = conf->power_level;
3423 b43_phy_xmitpower(dev);
3427 /* Antennas for RX and management frame TX. */
3428 antenna = b43_antenna_from_ieee80211(dev, conf->antenna_sel_tx);
3429 b43_mgmtframe_txantenna(dev, antenna);
3430 antenna = b43_antenna_from_ieee80211(dev, conf->antenna_sel_rx);
3431 b43_set_rx_antenna(dev, antenna);
3433 /* Update templates for AP/mesh mode. */
3434 if (b43_is_mode(wl, IEEE80211_IF_TYPE_AP) ||
3435 b43_is_mode(wl, IEEE80211_IF_TYPE_MESH_POINT))
3436 b43_set_beacon_int(dev, conf->beacon_int);
3438 if (!!conf->radio_enabled != phy->radio_on) {
3439 if (conf->radio_enabled) {
3440 b43_radio_turn_on(dev);
3441 b43info(dev->wl, "Radio turned on by software\n");
3442 if (!dev->radio_hw_enable) {
3443 b43info(dev->wl, "The hardware RF-kill button "
3444 "still turns the radio physically off. "
3445 "Press the button to turn it on.\n");
3448 b43_radio_turn_off(dev, 0);
3449 b43info(dev->wl, "Radio turned off by software\n");
3453 spin_lock_irqsave(&wl->irq_lock, flags);
3454 b43_interrupt_enable(dev, savedirqs);
3456 spin_unlock_irqrestore(&wl->irq_lock, flags);
3458 mutex_unlock(&wl->mutex);
3463 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
3464 const u8 *local_addr, const u8 *addr,
3465 struct ieee80211_key_conf *key)
3467 struct b43_wl *wl = hw_to_b43_wl(hw);
3468 struct b43_wldev *dev;
3469 unsigned long flags;
3473 DECLARE_MAC_BUF(mac);
3475 if (modparam_nohwcrypt)
3476 return -ENOSPC; /* User disabled HW-crypto */
3478 mutex_lock(&wl->mutex);
3479 spin_lock_irqsave(&wl->irq_lock, flags);
3481 dev = wl->current_dev;
3483 if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
3486 if (dev->fw.pcm_request_failed) {
3487 /* We don't have firmware for the crypto engine.
3488 * Must use software-crypto. */
3496 if (key->keylen == 5)
3497 algorithm = B43_SEC_ALGO_WEP40;
3499 algorithm = B43_SEC_ALGO_WEP104;
3502 algorithm = B43_SEC_ALGO_TKIP;
3505 algorithm = B43_SEC_ALGO_AES;
3511 index = (u8) (key->keyidx);
3517 if (algorithm == B43_SEC_ALGO_TKIP) {
3518 /* FIXME: No TKIP hardware encryption for now. */
3523 if (is_broadcast_ether_addr(addr)) {
3524 /* addr is FF:FF:FF:FF:FF:FF for default keys */
3525 err = b43_key_write(dev, index, algorithm,
3526 key->key, key->keylen, NULL, key);
3529 * either pairwise key or address is 00:00:00:00:00:00
3530 * for transmit-only keys
3532 err = b43_key_write(dev, -1, algorithm,
3533 key->key, key->keylen, addr, key);
3538 if (algorithm == B43_SEC_ALGO_WEP40 ||
3539 algorithm == B43_SEC_ALGO_WEP104) {
3540 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
3543 b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
3545 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
3548 err = b43_key_clear(dev, key->hw_key_idx);
3557 spin_unlock_irqrestore(&wl->irq_lock, flags);
3558 mutex_unlock(&wl->mutex);
3560 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
3562 cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
3563 print_mac(mac, addr));
3568 static void b43_op_configure_filter(struct ieee80211_hw *hw,
3569 unsigned int changed, unsigned int *fflags,
3570 int mc_count, struct dev_addr_list *mc_list)
3572 struct b43_wl *wl = hw_to_b43_wl(hw);
3573 struct b43_wldev *dev = wl->current_dev;
3574 unsigned long flags;
3581 spin_lock_irqsave(&wl->irq_lock, flags);
3582 *fflags &= FIF_PROMISC_IN_BSS |
3588 FIF_BCN_PRBRESP_PROMISC;
3590 changed &= FIF_PROMISC_IN_BSS |
3596 FIF_BCN_PRBRESP_PROMISC;
3598 wl->filter_flags = *fflags;
3600 if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
3601 b43_adjust_opmode(dev);
3602 spin_unlock_irqrestore(&wl->irq_lock, flags);
3605 static int b43_op_config_interface(struct ieee80211_hw *hw,
3606 struct ieee80211_vif *vif,
3607 struct ieee80211_if_conf *conf)
3609 struct b43_wl *wl = hw_to_b43_wl(hw);
3610 struct b43_wldev *dev = wl->current_dev;
3611 unsigned long flags;
3615 mutex_lock(&wl->mutex);
3616 spin_lock_irqsave(&wl->irq_lock, flags);
3617 B43_WARN_ON(wl->vif != vif);
3619 memcpy(wl->bssid, conf->bssid, ETH_ALEN);
3621 memset(wl->bssid, 0, ETH_ALEN);
3622 if (b43_status(dev) >= B43_STAT_INITIALIZED) {
3623 if (b43_is_mode(wl, IEEE80211_IF_TYPE_AP) ||
3624 b43_is_mode(wl, IEEE80211_IF_TYPE_MESH_POINT)) {
3625 B43_WARN_ON(vif->type != wl->if_type);
3626 if (conf->changed & IEEE80211_IFCC_SSID)
3627 b43_set_ssid(dev, conf->ssid, conf->ssid_len);
3628 if (conf->changed & IEEE80211_IFCC_BEACON)
3629 b43_update_templates(wl);
3630 } else if (b43_is_mode(wl, IEEE80211_IF_TYPE_IBSS)) {
3631 if (conf->changed & IEEE80211_IFCC_BEACON)
3632 b43_update_templates(wl);
3634 b43_write_mac_bssid_templates(dev);
3636 spin_unlock_irqrestore(&wl->irq_lock, flags);
3637 mutex_unlock(&wl->mutex);
3642 /* Locking: wl->mutex */
3643 static void b43_wireless_core_stop(struct b43_wldev *dev)
3645 struct b43_wl *wl = dev->wl;
3646 unsigned long flags;
3648 if (b43_status(dev) < B43_STAT_STARTED)
3651 /* Disable and sync interrupts. We must do this before than
3652 * setting the status to INITIALIZED, as the interrupt handler
3653 * won't care about IRQs then. */
3654 spin_lock_irqsave(&wl->irq_lock, flags);
3655 dev->irq_savedstate = b43_interrupt_disable(dev, B43_IRQ_ALL);
3656 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* flush */
3657 spin_unlock_irqrestore(&wl->irq_lock, flags);
3658 b43_synchronize_irq(dev);
3660 write_lock_irqsave(&wl->tx_lock, flags);
3661 b43_set_status(dev, B43_STAT_INITIALIZED);
3662 write_unlock_irqrestore(&wl->tx_lock, flags);
3665 mutex_unlock(&wl->mutex);
3666 /* Must unlock as it would otherwise deadlock. No races here.
3667 * Cancel the possibly running self-rearming periodic work. */
3668 cancel_delayed_work_sync(&dev->periodic_work);
3669 mutex_lock(&wl->mutex);
3671 b43_mac_suspend(dev);
3672 free_irq(dev->dev->irq, dev);
3673 b43dbg(wl, "Wireless interface stopped\n");
3676 /* Locking: wl->mutex */
3677 static int b43_wireless_core_start(struct b43_wldev *dev)
3681 B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
3683 drain_txstatus_queue(dev);
3684 err = request_irq(dev->dev->irq, b43_interrupt_handler,
3685 IRQF_SHARED, KBUILD_MODNAME, dev);
3687 b43err(dev->wl, "Cannot request IRQ-%d\n", dev->dev->irq);
3691 /* We are ready to run. */
3692 b43_set_status(dev, B43_STAT_STARTED);
3694 /* Start data flow (TX/RX). */
3695 b43_mac_enable(dev);
3696 b43_interrupt_enable(dev, dev->irq_savedstate);
3698 /* Start maintainance work */
3699 b43_periodic_tasks_setup(dev);
3701 b43dbg(dev->wl, "Wireless interface started\n");
3706 /* Get PHY and RADIO versioning numbers */
3707 static int b43_phy_versioning(struct b43_wldev *dev)
3709 struct b43_phy *phy = &dev->phy;
3717 int unsupported = 0;
3719 /* Get PHY versioning */
3720 tmp = b43_read16(dev, B43_MMIO_PHY_VER);
3721 analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
3722 phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
3723 phy_rev = (tmp & B43_PHYVER_VERSION);
3730 if (phy_rev != 2 && phy_rev != 4 && phy_rev != 6
3738 #ifdef CONFIG_B43_NPHY
3748 b43err(dev->wl, "FOUND UNSUPPORTED PHY "
3749 "(Analog %u, Type %u, Revision %u)\n",
3750 analog_type, phy_type, phy_rev);
3753 b43dbg(dev->wl, "Found PHY: Analog %u, Type %u, Revision %u\n",
3754 analog_type, phy_type, phy_rev);
3756 /* Get RADIO versioning */
3757 if (dev->dev->bus->chip_id == 0x4317) {
3758 if (dev->dev->bus->chip_rev == 0)
3760 else if (dev->dev->bus->chip_rev == 1)
3765 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
3766 tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
3767 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
3768 tmp |= (u32)b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH) << 16;
3770 radio_manuf = (tmp & 0x00000FFF);
3771 radio_ver = (tmp & 0x0FFFF000) >> 12;
3772 radio_rev = (tmp & 0xF0000000) >> 28;
3773 if (radio_manuf != 0x17F /* Broadcom */)
3777 if (radio_ver != 0x2060)
3781 if (radio_manuf != 0x17F)
3785 if ((radio_ver & 0xFFF0) != 0x2050)
3789 if (radio_ver != 0x2050)
3793 if (radio_ver != 0x2055)
3800 b43err(dev->wl, "FOUND UNSUPPORTED RADIO "
3801 "(Manuf 0x%X, Version 0x%X, Revision %u)\n",
3802 radio_manuf, radio_ver, radio_rev);
3805 b43dbg(dev->wl, "Found Radio: Manuf 0x%X, Version 0x%X, Revision %u\n",
3806 radio_manuf, radio_ver, radio_rev);
3808 phy->radio_manuf = radio_manuf;
3809 phy->radio_ver = radio_ver;
3810 phy->radio_rev = radio_rev;
3812 phy->analog = analog_type;
3813 phy->type = phy_type;
3819 static void setup_struct_phy_for_init(struct b43_wldev *dev,
3820 struct b43_phy *phy)
3822 struct b43_txpower_lo_control *lo;
3825 memset(phy->minlowsig, 0xFF, sizeof(phy->minlowsig));
3826 memset(phy->minlowsigpos, 0, sizeof(phy->minlowsigpos));
3828 phy->aci_enable = 0;
3829 phy->aci_wlan_automatic = 0;
3830 phy->aci_hw_rssi = 0;
3832 phy->radio_off_context.valid = 0;
3834 lo = phy->lo_control;
3836 memset(lo, 0, sizeof(*(phy->lo_control)));
3838 INIT_LIST_HEAD(&lo->calib_list);
3840 phy->max_lb_gain = 0;
3841 phy->trsw_rx_gain = 0;
3842 phy->txpwr_offset = 0;
3845 phy->nrssislope = 0;
3846 for (i = 0; i < ARRAY_SIZE(phy->nrssi); i++)
3847 phy->nrssi[i] = -1000;
3848 for (i = 0; i < ARRAY_SIZE(phy->nrssi_lt); i++)
3849 phy->nrssi_lt[i] = i;
3851 phy->lofcal = 0xFFFF;
3852 phy->initval = 0xFFFF;
3854 phy->interfmode = B43_INTERFMODE_NONE;
3855 phy->channel = 0xFF;
3857 phy->hardware_power_control = !!modparam_hwpctl;
3859 /* PHY TX errors counter. */
3860 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3862 /* OFDM-table address caching. */
3863 phy->ofdmtab_addr_direction = B43_OFDMTAB_DIRECTION_UNKNOWN;
3866 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
3870 /* Assume the radio is enabled. If it's not enabled, the state will
3871 * immediately get fixed on the first periodic work run. */
3872 dev->radio_hw_enable = 1;
3875 memset(&dev->stats, 0, sizeof(dev->stats));
3877 setup_struct_phy_for_init(dev, &dev->phy);
3879 /* IRQ related flags */
3880 dev->irq_reason = 0;
3881 memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
3882 dev->irq_savedstate = B43_IRQ_MASKTEMPLATE;
3884 dev->mac_suspended = 1;
3886 /* Noise calculation context */
3887 memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
3890 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
3892 struct ssb_sprom *sprom = &dev->dev->bus->sprom;
3895 if (!modparam_btcoex)
3897 if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
3899 if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
3902 hf = b43_hf_read(dev);
3903 if (sprom->boardflags_lo & B43_BFL_BTCMOD)
3904 hf |= B43_HF_BTCOEXALT;
3906 hf |= B43_HF_BTCOEX;
3907 b43_hf_write(dev, hf);
3910 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
3912 if (!modparam_btcoex)
3917 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
3919 #ifdef CONFIG_SSB_DRIVER_PCICORE
3920 struct ssb_bus *bus = dev->dev->bus;
3923 if (bus->pcicore.dev &&
3924 bus->pcicore.dev->id.coreid == SSB_DEV_PCI &&
3925 bus->pcicore.dev->id.revision <= 5) {
3926 /* IMCFGLO timeouts workaround. */
3927 tmp = ssb_read32(dev->dev, SSB_IMCFGLO);
3928 tmp &= ~SSB_IMCFGLO_REQTO;
3929 tmp &= ~SSB_IMCFGLO_SERTO;
3930 switch (bus->bustype) {
3931 case SSB_BUSTYPE_PCI:
3932 case SSB_BUSTYPE_PCMCIA:
3935 case SSB_BUSTYPE_SSB:
3939 ssb_write32(dev->dev, SSB_IMCFGLO, tmp);
3941 #endif /* CONFIG_SSB_DRIVER_PCICORE */
3944 /* Write the short and long frame retry limit values. */
3945 static void b43_set_retry_limits(struct b43_wldev *dev,
3946 unsigned int short_retry,
3947 unsigned int long_retry)
3949 /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3950 * the chip-internal counter. */
3951 short_retry = min(short_retry, (unsigned int)0xF);
3952 long_retry = min(long_retry, (unsigned int)0xF);
3954 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3956 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3960 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
3964 /* The time value is in microseconds. */
3965 if (dev->phy.type == B43_PHYTYPE_A)
3969 if (b43_is_mode(dev->wl, IEEE80211_IF_TYPE_IBSS) || idle)
3971 if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
3972 pu_delay = max(pu_delay, (u16)2400);
3974 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
3977 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
3978 static void b43_set_pretbtt(struct b43_wldev *dev)
3982 /* The time value is in microseconds. */
3983 if (b43_is_mode(dev->wl, IEEE80211_IF_TYPE_IBSS)) {
3986 if (dev->phy.type == B43_PHYTYPE_A)
3991 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
3992 b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
3995 /* Shutdown a wireless core */
3996 /* Locking: wl->mutex */
3997 static void b43_wireless_core_exit(struct b43_wldev *dev)
3999 struct b43_phy *phy = &dev->phy;
4002 B43_WARN_ON(b43_status(dev) > B43_STAT_INITIALIZED);
4003 if (b43_status(dev) != B43_STAT_INITIALIZED)
4005 b43_set_status(dev, B43_STAT_UNINIT);
4007 /* Stop the microcode PSM. */
4008 macctl = b43_read32(dev, B43_MMIO_MACCTL);
4009 macctl &= ~B43_MACCTL_PSM_RUN;
4010 macctl |= B43_MACCTL_PSM_JMP0;
4011 b43_write32(dev, B43_MMIO_MACCTL, macctl);
4013 if (!dev->suspend_in_progress) {
4015 b43_rng_exit(dev->wl);
4020 b43_radio_turn_off(dev, 1);
4021 b43_switch_analog(dev, 0);
4022 if (phy->dyn_tssi_tbl)
4023 kfree(phy->tssi2dbm);
4024 kfree(phy->lo_control);
4025 phy->lo_control = NULL;
4026 if (dev->wl->current_beacon) {
4027 dev_kfree_skb_any(dev->wl->current_beacon);
4028 dev->wl->current_beacon = NULL;
4031 ssb_device_disable(dev->dev, 0);
4032 ssb_bus_may_powerdown(dev->dev->bus);
4035 /* Initialize a wireless core */
4036 static int b43_wireless_core_init(struct b43_wldev *dev)
4038 struct b43_wl *wl = dev->wl;
4039 struct ssb_bus *bus = dev->dev->bus;
4040 struct ssb_sprom *sprom = &bus->sprom;
4041 struct b43_phy *phy = &dev->phy;
4046 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4048 err = ssb_bus_powerup(bus, 0);
4051 if (!ssb_device_is_enabled(dev->dev)) {
4052 tmp = phy->gmode ? B43_TMSLOW_GMODE : 0;
4053 b43_wireless_core_reset(dev, tmp);
4056 if ((phy->type == B43_PHYTYPE_B) || (phy->type == B43_PHYTYPE_G)) {
4058 kzalloc(sizeof(*(phy->lo_control)), GFP_KERNEL);
4059 if (!phy->lo_control) {
4064 setup_struct_wldev_for_init(dev);
4066 err = b43_phy_init_tssi2dbm_table(dev);
4068 goto err_kfree_lo_control;
4070 /* Enable IRQ routing to this device. */
4071 ssb_pcicore_dev_irqvecs_enable(&bus->pcicore, dev->dev);
4073 b43_imcfglo_timeouts_workaround(dev);
4074 b43_bluetooth_coext_disable(dev);
4075 b43_phy_early_init(dev);
4076 err = b43_chip_init(dev);
4078 goto err_kfree_tssitbl;
4079 b43_shm_write16(dev, B43_SHM_SHARED,
4080 B43_SHM_SH_WLCOREREV, dev->dev->id.revision);
4081 hf = b43_hf_read(dev);
4082 if (phy->type == B43_PHYTYPE_G) {
4086 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4087 hf |= B43_HF_OFDMPABOOST;
4088 } else if (phy->type == B43_PHYTYPE_B) {
4090 if (phy->rev >= 2 && phy->radio_ver == 0x2050)
4093 b43_hf_write(dev, hf);
4095 b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4096 B43_DEFAULT_LONG_RETRY_LIMIT);
4097 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4098 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4100 /* Disable sending probe responses from firmware.
4101 * Setting the MaxTime to one usec will always trigger
4102 * a timeout, so we never send any probe resp.
4103 * A timeout of zero is infinite. */
4104 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4106 b43_rate_memory_init(dev);
4107 b43_set_phytxctl_defaults(dev);
4109 /* Minimum Contention Window */
4110 if (phy->type == B43_PHYTYPE_B) {
4111 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4113 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4115 /* Maximum Contention Window */
4116 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4118 if ((dev->dev->bus->bustype == SSB_BUSTYPE_PCMCIA) || B43_FORCE_PIO) {
4119 dev->__using_pio_transfers = 1;
4120 err = b43_pio_init(dev);
4122 dev->__using_pio_transfers = 0;
4123 err = b43_dma_init(dev);
4128 b43_set_synth_pu_delay(dev, 1);
4129 b43_bluetooth_coext_enable(dev);
4131 ssb_bus_powerup(bus, 1); /* Enable dynamic PCTL */
4132 b43_upload_card_macaddress(dev);
4133 b43_security_init(dev);
4134 if (!dev->suspend_in_progress)
4137 b43_set_status(dev, B43_STAT_INITIALIZED);
4139 if (!dev->suspend_in_progress)
4147 if (phy->dyn_tssi_tbl)
4148 kfree(phy->tssi2dbm);
4149 err_kfree_lo_control:
4150 kfree(phy->lo_control);
4151 phy->lo_control = NULL;
4153 ssb_bus_may_powerdown(bus);
4154 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4158 static int b43_op_add_interface(struct ieee80211_hw *hw,
4159 struct ieee80211_if_init_conf *conf)
4161 struct b43_wl *wl = hw_to_b43_wl(hw);
4162 struct b43_wldev *dev;
4163 unsigned long flags;
4164 int err = -EOPNOTSUPP;
4166 /* TODO: allow WDS/AP devices to coexist */
4168 if (conf->type != IEEE80211_IF_TYPE_AP &&
4169 conf->type != IEEE80211_IF_TYPE_MESH_POINT &&
4170 conf->type != IEEE80211_IF_TYPE_STA &&
4171 conf->type != IEEE80211_IF_TYPE_WDS &&
4172 conf->type != IEEE80211_IF_TYPE_IBSS)
4175 mutex_lock(&wl->mutex);
4177 goto out_mutex_unlock;
4179 b43dbg(wl, "Adding Interface type %d\n", conf->type);
4181 dev = wl->current_dev;
4183 wl->vif = conf->vif;
4184 wl->if_type = conf->type;
4185 memcpy(wl->mac_addr, conf->mac_addr, ETH_ALEN);
4187 spin_lock_irqsave(&wl->irq_lock, flags);
4188 b43_adjust_opmode(dev);
4189 b43_set_pretbtt(dev);
4190 b43_set_synth_pu_delay(dev, 0);
4191 b43_upload_card_macaddress(dev);
4192 spin_unlock_irqrestore(&wl->irq_lock, flags);
4196 mutex_unlock(&wl->mutex);
4201 static void b43_op_remove_interface(struct ieee80211_hw *hw,
4202 struct ieee80211_if_init_conf *conf)
4204 struct b43_wl *wl = hw_to_b43_wl(hw);
4205 struct b43_wldev *dev = wl->current_dev;
4206 unsigned long flags;
4208 b43dbg(wl, "Removing Interface type %d\n", conf->type);
4210 mutex_lock(&wl->mutex);
4212 B43_WARN_ON(!wl->operating);
4213 B43_WARN_ON(wl->vif != conf->vif);
4218 spin_lock_irqsave(&wl->irq_lock, flags);
4219 b43_adjust_opmode(dev);
4220 memset(wl->mac_addr, 0, ETH_ALEN);
4221 b43_upload_card_macaddress(dev);
4222 spin_unlock_irqrestore(&wl->irq_lock, flags);
4224 mutex_unlock(&wl->mutex);
4227 static int b43_op_start(struct ieee80211_hw *hw)
4229 struct b43_wl *wl = hw_to_b43_wl(hw);
4230 struct b43_wldev *dev = wl->current_dev;
4233 bool do_rfkill_exit = 0;
4235 /* Kill all old instance specific information to make sure
4236 * the card won't use it in the short timeframe between start
4237 * and mac80211 reconfiguring it. */
4238 memset(wl->bssid, 0, ETH_ALEN);
4239 memset(wl->mac_addr, 0, ETH_ALEN);
4240 wl->filter_flags = 0;
4241 wl->radiotap_enabled = 0;
4243 wl->beacon0_uploaded = 0;
4244 wl->beacon1_uploaded = 0;
4245 wl->beacon_templates_virgin = 1;
4247 /* First register RFkill.
4248 * LEDs that are registered later depend on it. */
4249 b43_rfkill_init(dev);
4251 mutex_lock(&wl->mutex);
4253 if (b43_status(dev) < B43_STAT_INITIALIZED) {
4254 err = b43_wireless_core_init(dev);
4257 goto out_mutex_unlock;
4262 if (b43_status(dev) < B43_STAT_STARTED) {
4263 err = b43_wireless_core_start(dev);
4266 b43_wireless_core_exit(dev);
4268 goto out_mutex_unlock;
4273 mutex_unlock(&wl->mutex);
4276 b43_rfkill_exit(dev);
4281 static void b43_op_stop(struct ieee80211_hw *hw)
4283 struct b43_wl *wl = hw_to_b43_wl(hw);
4284 struct b43_wldev *dev = wl->current_dev;
4286 b43_rfkill_exit(dev);
4287 cancel_work_sync(&(wl->qos_update_work));
4288 cancel_work_sync(&(wl->beacon_update_trigger));
4290 mutex_lock(&wl->mutex);
4291 if (b43_status(dev) >= B43_STAT_STARTED)
4292 b43_wireless_core_stop(dev);
4293 b43_wireless_core_exit(dev);
4294 mutex_unlock(&wl->mutex);
4297 static int b43_op_set_retry_limit(struct ieee80211_hw *hw,
4298 u32 short_retry_limit, u32 long_retry_limit)
4300 struct b43_wl *wl = hw_to_b43_wl(hw);
4301 struct b43_wldev *dev;
4304 mutex_lock(&wl->mutex);
4305 dev = wl->current_dev;
4306 if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED))) {
4310 b43_set_retry_limits(dev, short_retry_limit, long_retry_limit);
4312 mutex_unlock(&wl->mutex);
4317 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw, int aid, int set)
4319 struct b43_wl *wl = hw_to_b43_wl(hw);
4320 unsigned long flags;
4322 spin_lock_irqsave(&wl->irq_lock, flags);
4323 b43_update_templates(wl);
4324 spin_unlock_irqrestore(&wl->irq_lock, flags);
4329 static void b43_op_sta_notify(struct ieee80211_hw *hw,
4330 struct ieee80211_vif *vif,
4331 enum sta_notify_cmd notify_cmd,
4334 struct b43_wl *wl = hw_to_b43_wl(hw);
4336 B43_WARN_ON(!vif || wl->vif != vif);
4339 static const struct ieee80211_ops b43_hw_ops = {
4341 .conf_tx = b43_op_conf_tx,
4342 .add_interface = b43_op_add_interface,
4343 .remove_interface = b43_op_remove_interface,
4344 .config = b43_op_config,
4345 .config_interface = b43_op_config_interface,
4346 .configure_filter = b43_op_configure_filter,
4347 .set_key = b43_op_set_key,
4348 .get_stats = b43_op_get_stats,
4349 .get_tx_stats = b43_op_get_tx_stats,
4350 .start = b43_op_start,
4351 .stop = b43_op_stop,
4352 .set_retry_limit = b43_op_set_retry_limit,
4353 .set_tim = b43_op_beacon_set_tim,
4354 .sta_notify = b43_op_sta_notify,
4357 /* Hard-reset the chip. Do not call this directly.
4358 * Use b43_controller_restart()
4360 static void b43_chip_reset(struct work_struct *work)
4362 struct b43_wldev *dev =
4363 container_of(work, struct b43_wldev, restart_work);
4364 struct b43_wl *wl = dev->wl;
4368 mutex_lock(&wl->mutex);
4370 prev_status = b43_status(dev);
4371 /* Bring the device down... */
4372 if (prev_status >= B43_STAT_STARTED)
4373 b43_wireless_core_stop(dev);
4374 if (prev_status >= B43_STAT_INITIALIZED)
4375 b43_wireless_core_exit(dev);
4377 /* ...and up again. */
4378 if (prev_status >= B43_STAT_INITIALIZED) {
4379 err = b43_wireless_core_init(dev);
4383 if (prev_status >= B43_STAT_STARTED) {
4384 err = b43_wireless_core_start(dev);
4386 b43_wireless_core_exit(dev);
4392 wl->current_dev = NULL; /* Failed to init the dev. */
4393 mutex_unlock(&wl->mutex);
4395 b43err(wl, "Controller restart FAILED\n");
4397 b43info(wl, "Controller restarted\n");
4400 static int b43_setup_bands(struct b43_wldev *dev,
4401 bool have_2ghz_phy, bool have_5ghz_phy)
4403 struct ieee80211_hw *hw = dev->wl->hw;
4406 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &b43_band_2GHz;
4407 if (dev->phy.type == B43_PHYTYPE_N) {
4409 hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_nphy;
4412 hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
4415 dev->phy.supports_2ghz = have_2ghz_phy;
4416 dev->phy.supports_5ghz = have_5ghz_phy;
4421 static void b43_wireless_core_detach(struct b43_wldev *dev)
4423 /* We release firmware that late to not be required to re-request
4424 * is all the time when we reinit the core. */
4425 b43_release_firmware(dev);
4428 static int b43_wireless_core_attach(struct b43_wldev *dev)
4430 struct b43_wl *wl = dev->wl;
4431 struct ssb_bus *bus = dev->dev->bus;
4432 struct pci_dev *pdev = bus->host_pci;
4434 bool have_2ghz_phy = 0, have_5ghz_phy = 0;
4437 /* Do NOT do any device initialization here.
4438 * Do it in wireless_core_init() instead.
4439 * This function is for gathering basic information about the HW, only.
4440 * Also some structs may be set up here. But most likely you want to have
4441 * that in core_init(), too.
4444 err = ssb_bus_powerup(bus, 0);
4446 b43err(wl, "Bus powerup failed\n");
4449 /* Get the PHY type. */
4450 if (dev->dev->id.revision >= 5) {
4453 tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
4454 have_2ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY);
4455 have_5ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_5GHZ_PHY);
4459 dev->phy.gmode = have_2ghz_phy;
4460 tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4461 b43_wireless_core_reset(dev, tmp);
4463 err = b43_phy_versioning(dev);
4466 /* Check if this device supports multiband. */
4468 (pdev->device != 0x4312 &&
4469 pdev->device != 0x4319 && pdev->device != 0x4324)) {
4470 /* No multiband support. */
4473 switch (dev->phy.type) {
4485 if (dev->phy.type == B43_PHYTYPE_A) {
4487 b43err(wl, "IEEE 802.11a devices are unsupported\n");
4491 if (1 /* disable A-PHY */) {
4492 /* FIXME: For now we disable the A-PHY on multi-PHY devices. */
4493 if (dev->phy.type != B43_PHYTYPE_N) {
4499 dev->phy.gmode = have_2ghz_phy;
4500 tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4501 b43_wireless_core_reset(dev, tmp);
4503 err = b43_validate_chipaccess(dev);
4506 err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
4510 /* Now set some default "current_dev" */
4511 if (!wl->current_dev)
4512 wl->current_dev = dev;
4513 INIT_WORK(&dev->restart_work, b43_chip_reset);
4515 b43_radio_turn_off(dev, 1);
4516 b43_switch_analog(dev, 0);
4517 ssb_device_disable(dev->dev, 0);
4518 ssb_bus_may_powerdown(bus);
4524 ssb_bus_may_powerdown(bus);
4528 static void b43_one_core_detach(struct ssb_device *dev)
4530 struct b43_wldev *wldev;
4533 /* Do not cancel ieee80211-workqueue based work here.
4534 * See comment in b43_remove(). */
4536 wldev = ssb_get_drvdata(dev);
4538 b43_debugfs_remove_device(wldev);
4539 b43_wireless_core_detach(wldev);
4540 list_del(&wldev->list);
4542 ssb_set_drvdata(dev, NULL);
4546 static int b43_one_core_attach(struct ssb_device *dev, struct b43_wl *wl)
4548 struct b43_wldev *wldev;
4549 struct pci_dev *pdev;
4552 if (!list_empty(&wl->devlist)) {
4553 /* We are not the first core on this chip. */
4554 pdev = dev->bus->host_pci;
4555 /* Only special chips support more than one wireless
4556 * core, although some of the other chips have more than
4557 * one wireless core as well. Check for this and
4561 ((pdev->device != 0x4321) &&
4562 (pdev->device != 0x4313) && (pdev->device != 0x431A))) {
4563 b43dbg(wl, "Ignoring unconnected 802.11 core\n");
4568 wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
4574 b43_set_status(wldev, B43_STAT_UNINIT);
4575 wldev->bad_frames_preempt = modparam_bad_frames_preempt;
4576 tasklet_init(&wldev->isr_tasklet,
4577 (void (*)(unsigned long))b43_interrupt_tasklet,
4578 (unsigned long)wldev);
4579 INIT_LIST_HEAD(&wldev->list);
4581 err = b43_wireless_core_attach(wldev);
4583 goto err_kfree_wldev;
4585 list_add(&wldev->list, &wl->devlist);
4587 ssb_set_drvdata(dev, wldev);
4588 b43_debugfs_add_device(wldev);
4598 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice) ( \
4599 (pdev->vendor == PCI_VENDOR_ID_##_vendor) && \
4600 (pdev->device == _device) && \
4601 (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) && \
4602 (pdev->subsystem_device == _subdevice) )
4604 static void b43_sprom_fixup(struct ssb_bus *bus)
4606 struct pci_dev *pdev;
4608 /* boardflags workarounds */
4609 if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
4610 bus->chip_id == 0x4301 && bus->boardinfo.rev == 0x74)
4611 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
4612 if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
4613 bus->boardinfo.type == 0x4E && bus->boardinfo.rev > 0x40)
4614 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
4615 if (bus->bustype == SSB_BUSTYPE_PCI) {
4616 pdev = bus->host_pci;
4617 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
4618 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
4619 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013))
4620 bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
4624 static void b43_wireless_exit(struct ssb_device *dev, struct b43_wl *wl)
4626 struct ieee80211_hw *hw = wl->hw;
4628 ssb_set_devtypedata(dev, NULL);
4629 ieee80211_free_hw(hw);
4632 static int b43_wireless_init(struct ssb_device *dev)
4634 struct ssb_sprom *sprom = &dev->bus->sprom;
4635 struct ieee80211_hw *hw;
4639 b43_sprom_fixup(dev->bus);
4641 hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
4643 b43err(NULL, "Could not allocate ieee80211 device\n");
4648 hw->flags = IEEE80211_HW_HOST_GEN_BEACON_TEMPLATE |
4649 IEEE80211_HW_RX_INCLUDES_FCS |
4650 IEEE80211_HW_SIGNAL_DBM |
4651 IEEE80211_HW_NOISE_DBM;
4653 hw->queues = b43_modparam_qos ? 4 : 1;
4654 SET_IEEE80211_DEV(hw, dev->dev);
4655 if (is_valid_ether_addr(sprom->et1mac))
4656 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
4658 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
4660 /* Get and initialize struct b43_wl */
4661 wl = hw_to_b43_wl(hw);
4662 memset(wl, 0, sizeof(*wl));
4664 spin_lock_init(&wl->irq_lock);
4665 rwlock_init(&wl->tx_lock);
4666 spin_lock_init(&wl->leds_lock);
4667 spin_lock_init(&wl->shm_lock);
4668 mutex_init(&wl->mutex);
4669 INIT_LIST_HEAD(&wl->devlist);
4670 INIT_WORK(&wl->qos_update_work, b43_qos_update_work);
4671 INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
4673 ssb_set_devtypedata(dev, wl);
4674 b43info(wl, "Broadcom %04X WLAN found\n", dev->bus->chip_id);
4680 static int b43_probe(struct ssb_device *dev, const struct ssb_device_id *id)
4686 wl = ssb_get_devtypedata(dev);
4688 /* Probing the first core. Must setup common struct b43_wl */
4690 err = b43_wireless_init(dev);
4693 wl = ssb_get_devtypedata(dev);
4696 err = b43_one_core_attach(dev, wl);
4698 goto err_wireless_exit;
4701 err = ieee80211_register_hw(wl->hw);
4703 goto err_one_core_detach;
4709 err_one_core_detach:
4710 b43_one_core_detach(dev);
4713 b43_wireless_exit(dev, wl);
4717 static void b43_remove(struct ssb_device *dev)
4719 struct b43_wl *wl = ssb_get_devtypedata(dev);
4720 struct b43_wldev *wldev = ssb_get_drvdata(dev);
4722 /* We must cancel any work here before unregistering from ieee80211,
4723 * as the ieee80211 unreg will destroy the workqueue. */
4724 cancel_work_sync(&wldev->restart_work);
4727 if (wl->current_dev == wldev)
4728 ieee80211_unregister_hw(wl->hw);
4730 b43_one_core_detach(dev);
4732 if (list_empty(&wl->devlist)) {
4733 /* Last core on the chip unregistered.
4734 * We can destroy common struct b43_wl.
4736 b43_wireless_exit(dev, wl);
4740 /* Perform a hardware reset. This can be called from any context. */
4741 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
4743 /* Must avoid requeueing, if we are in shutdown. */
4744 if (b43_status(dev) < B43_STAT_INITIALIZED)
4746 b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
4747 queue_work(dev->wl->hw->workqueue, &dev->restart_work);
4752 static int b43_suspend(struct ssb_device *dev, pm_message_t state)
4754 struct b43_wldev *wldev = ssb_get_drvdata(dev);
4755 struct b43_wl *wl = wldev->wl;
4757 b43dbg(wl, "Suspending...\n");
4759 mutex_lock(&wl->mutex);
4760 wldev->suspend_in_progress = true;
4761 wldev->suspend_init_status = b43_status(wldev);
4762 if (wldev->suspend_init_status >= B43_STAT_STARTED)
4763 b43_wireless_core_stop(wldev);
4764 if (wldev->suspend_init_status >= B43_STAT_INITIALIZED)
4765 b43_wireless_core_exit(wldev);
4766 mutex_unlock(&wl->mutex);
4768 b43dbg(wl, "Device suspended.\n");
4773 static int b43_resume(struct ssb_device *dev)
4775 struct b43_wldev *wldev = ssb_get_drvdata(dev);
4776 struct b43_wl *wl = wldev->wl;
4779 b43dbg(wl, "Resuming...\n");
4781 mutex_lock(&wl->mutex);
4782 if (wldev->suspend_init_status >= B43_STAT_INITIALIZED) {
4783 err = b43_wireless_core_init(wldev);
4785 b43err(wl, "Resume failed at core init\n");
4789 if (wldev->suspend_init_status >= B43_STAT_STARTED) {
4790 err = b43_wireless_core_start(wldev);
4792 b43_leds_exit(wldev);
4793 b43_rng_exit(wldev->wl);
4794 b43_wireless_core_exit(wldev);
4795 b43err(wl, "Resume failed at core start\n");
4799 b43dbg(wl, "Device resumed.\n");
4801 wldev->suspend_in_progress = false;
4802 mutex_unlock(&wl->mutex);
4806 #else /* CONFIG_PM */
4807 # define b43_suspend NULL
4808 # define b43_resume NULL
4809 #endif /* CONFIG_PM */
4811 static struct ssb_driver b43_ssb_driver = {
4812 .name = KBUILD_MODNAME,
4813 .id_table = b43_ssb_tbl,
4815 .remove = b43_remove,
4816 .suspend = b43_suspend,
4817 .resume = b43_resume,
4820 static void b43_print_driverinfo(void)
4822 const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
4823 *feat_leds = "", *feat_rfkill = "";
4825 #ifdef CONFIG_B43_PCI_AUTOSELECT
4828 #ifdef CONFIG_B43_PCMCIA
4831 #ifdef CONFIG_B43_NPHY
4834 #ifdef CONFIG_B43_LEDS
4837 #ifdef CONFIG_B43_RFKILL
4840 printk(KERN_INFO "Broadcom 43xx driver loaded "
4841 "[ Features: %s%s%s%s%s, Firmware-ID: "
4842 B43_SUPPORTED_FIRMWARE_ID " ]\n",
4843 feat_pci, feat_pcmcia, feat_nphy,
4844 feat_leds, feat_rfkill);
4847 static int __init b43_init(void)
4852 err = b43_pcmcia_init();
4855 err = ssb_driver_register(&b43_ssb_driver);
4857 goto err_pcmcia_exit;
4858 b43_print_driverinfo();
4869 static void __exit b43_exit(void)
4871 ssb_driver_unregister(&b43_ssb_driver);
4876 module_init(b43_init)
4877 module_exit(b43_exit)
projects / linux-2.6 / blob