3 Broadcom B43 wireless driver
5 Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6 Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7 Copyright (c) 2005, 2006 Michael Buesch <mb@bu3sch.de>
8 Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9 Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
11 Some parts of the code in this file are derived from the ipw2200
12 driver Copyright(c) 2003 - 2004 Intel Corporation.
14 This program is free software; you can redistribute it and/or modify
15 it under the terms of the GNU General Public License as published by
16 the Free Software Foundation; either version 2 of the License, or
17 (at your option) any later version.
19 This program is distributed in the hope that it will be useful,
20 but WITHOUT ANY WARRANTY; without even the implied warranty of
21 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 GNU General Public License for more details.
24 You should have received a copy of the GNU General Public License
25 along with this program; see the file COPYING. If not, write to
26 the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
27 Boston, MA 02110-1301, USA.
31 #include <linux/delay.h>
32 #include <linux/init.h>
33 #include <linux/moduleparam.h>
34 #include <linux/if_arp.h>
35 #include <linux/etherdevice.h>
36 #include <linux/firmware.h>
37 #include <linux/wireless.h>
38 #include <linux/workqueue.h>
39 #include <linux/skbuff.h>
41 #include <linux/dma-mapping.h>
42 #include <asm/unaligned.h>
47 #include "phy_common.h"
57 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
58 MODULE_AUTHOR("Martin Langer");
59 MODULE_AUTHOR("Stefano Brivio");
60 MODULE_AUTHOR("Michael Buesch");
61 MODULE_LICENSE("GPL");
63 MODULE_FIRMWARE(B43_SUPPORTED_FIRMWARE_ID);
66 static int modparam_bad_frames_preempt;
67 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
68 MODULE_PARM_DESC(bad_frames_preempt,
69 "enable(1) / disable(0) Bad Frames Preemption");
71 static char modparam_fwpostfix[16];
72 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
73 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
75 static int modparam_hwpctl;
76 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
77 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
79 static int modparam_nohwcrypt;
80 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
81 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
83 int b43_modparam_qos = 1;
84 module_param_named(qos, b43_modparam_qos, int, 0444);
85 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
87 static int modparam_btcoex = 1;
88 module_param_named(btcoex, modparam_btcoex, int, 0444);
89 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistance (default on)");
92 static const struct ssb_device_id b43_ssb_tbl[] = {
93 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
94 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
95 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
96 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
97 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
98 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
99 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
100 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
104 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
106 /* Channel and ratetables are shared for all devices.
107 * They can't be const, because ieee80211 puts some precalculated
108 * data in there. This data is the same for all devices, so we don't
109 * get concurrency issues */
110 #define RATETAB_ENT(_rateid, _flags) \
112 .bitrate = B43_RATE_TO_BASE100KBPS(_rateid), \
113 .hw_value = (_rateid), \
118 * NOTE: When changing this, sync with xmit.c's
119 * b43_plcp_get_bitrate_idx_* functions!
121 static struct ieee80211_rate __b43_ratetable[] = {
122 RATETAB_ENT(B43_CCK_RATE_1MB, 0),
123 RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
124 RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
125 RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
126 RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
127 RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
128 RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
129 RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
130 RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
131 RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
132 RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
133 RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
136 #define b43_a_ratetable (__b43_ratetable + 4)
137 #define b43_a_ratetable_size 8
138 #define b43_b_ratetable (__b43_ratetable + 0)
139 #define b43_b_ratetable_size 4
140 #define b43_g_ratetable (__b43_ratetable + 0)
141 #define b43_g_ratetable_size 12
143 #define CHAN4G(_channel, _freq, _flags) { \
144 .band = IEEE80211_BAND_2GHZ, \
145 .center_freq = (_freq), \
146 .hw_value = (_channel), \
148 .max_antenna_gain = 0, \
151 static struct ieee80211_channel b43_2ghz_chantable[] = {
169 #define CHAN5G(_channel, _flags) { \
170 .band = IEEE80211_BAND_5GHZ, \
171 .center_freq = 5000 + (5 * (_channel)), \
172 .hw_value = (_channel), \
174 .max_antenna_gain = 0, \
177 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
178 CHAN5G(32, 0), CHAN5G(34, 0),
179 CHAN5G(36, 0), CHAN5G(38, 0),
180 CHAN5G(40, 0), CHAN5G(42, 0),
181 CHAN5G(44, 0), CHAN5G(46, 0),
182 CHAN5G(48, 0), CHAN5G(50, 0),
183 CHAN5G(52, 0), CHAN5G(54, 0),
184 CHAN5G(56, 0), CHAN5G(58, 0),
185 CHAN5G(60, 0), CHAN5G(62, 0),
186 CHAN5G(64, 0), CHAN5G(66, 0),
187 CHAN5G(68, 0), CHAN5G(70, 0),
188 CHAN5G(72, 0), CHAN5G(74, 0),
189 CHAN5G(76, 0), CHAN5G(78, 0),
190 CHAN5G(80, 0), CHAN5G(82, 0),
191 CHAN5G(84, 0), CHAN5G(86, 0),
192 CHAN5G(88, 0), CHAN5G(90, 0),
193 CHAN5G(92, 0), CHAN5G(94, 0),
194 CHAN5G(96, 0), CHAN5G(98, 0),
195 CHAN5G(100, 0), CHAN5G(102, 0),
196 CHAN5G(104, 0), CHAN5G(106, 0),
197 CHAN5G(108, 0), CHAN5G(110, 0),
198 CHAN5G(112, 0), CHAN5G(114, 0),
199 CHAN5G(116, 0), CHAN5G(118, 0),
200 CHAN5G(120, 0), CHAN5G(122, 0),
201 CHAN5G(124, 0), CHAN5G(126, 0),
202 CHAN5G(128, 0), CHAN5G(130, 0),
203 CHAN5G(132, 0), CHAN5G(134, 0),
204 CHAN5G(136, 0), CHAN5G(138, 0),
205 CHAN5G(140, 0), CHAN5G(142, 0),
206 CHAN5G(144, 0), CHAN5G(145, 0),
207 CHAN5G(146, 0), CHAN5G(147, 0),
208 CHAN5G(148, 0), CHAN5G(149, 0),
209 CHAN5G(150, 0), CHAN5G(151, 0),
210 CHAN5G(152, 0), CHAN5G(153, 0),
211 CHAN5G(154, 0), CHAN5G(155, 0),
212 CHAN5G(156, 0), CHAN5G(157, 0),
213 CHAN5G(158, 0), CHAN5G(159, 0),
214 CHAN5G(160, 0), CHAN5G(161, 0),
215 CHAN5G(162, 0), CHAN5G(163, 0),
216 CHAN5G(164, 0), CHAN5G(165, 0),
217 CHAN5G(166, 0), CHAN5G(168, 0),
218 CHAN5G(170, 0), CHAN5G(172, 0),
219 CHAN5G(174, 0), CHAN5G(176, 0),
220 CHAN5G(178, 0), CHAN5G(180, 0),
221 CHAN5G(182, 0), CHAN5G(184, 0),
222 CHAN5G(186, 0), CHAN5G(188, 0),
223 CHAN5G(190, 0), CHAN5G(192, 0),
224 CHAN5G(194, 0), CHAN5G(196, 0),
225 CHAN5G(198, 0), CHAN5G(200, 0),
226 CHAN5G(202, 0), CHAN5G(204, 0),
227 CHAN5G(206, 0), CHAN5G(208, 0),
228 CHAN5G(210, 0), CHAN5G(212, 0),
229 CHAN5G(214, 0), CHAN5G(216, 0),
230 CHAN5G(218, 0), CHAN5G(220, 0),
231 CHAN5G(222, 0), CHAN5G(224, 0),
232 CHAN5G(226, 0), CHAN5G(228, 0),
235 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
236 CHAN5G(34, 0), CHAN5G(36, 0),
237 CHAN5G(38, 0), CHAN5G(40, 0),
238 CHAN5G(42, 0), CHAN5G(44, 0),
239 CHAN5G(46, 0), CHAN5G(48, 0),
240 CHAN5G(52, 0), CHAN5G(56, 0),
241 CHAN5G(60, 0), CHAN5G(64, 0),
242 CHAN5G(100, 0), CHAN5G(104, 0),
243 CHAN5G(108, 0), CHAN5G(112, 0),
244 CHAN5G(116, 0), CHAN5G(120, 0),
245 CHAN5G(124, 0), CHAN5G(128, 0),
246 CHAN5G(132, 0), CHAN5G(136, 0),
247 CHAN5G(140, 0), CHAN5G(149, 0),
248 CHAN5G(153, 0), CHAN5G(157, 0),
249 CHAN5G(161, 0), CHAN5G(165, 0),
250 CHAN5G(184, 0), CHAN5G(188, 0),
251 CHAN5G(192, 0), CHAN5G(196, 0),
252 CHAN5G(200, 0), CHAN5G(204, 0),
253 CHAN5G(208, 0), CHAN5G(212, 0),
258 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
259 .band = IEEE80211_BAND_5GHZ,
260 .channels = b43_5ghz_nphy_chantable,
261 .n_channels = ARRAY_SIZE(b43_5ghz_nphy_chantable),
262 .bitrates = b43_a_ratetable,
263 .n_bitrates = b43_a_ratetable_size,
266 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
267 .band = IEEE80211_BAND_5GHZ,
268 .channels = b43_5ghz_aphy_chantable,
269 .n_channels = ARRAY_SIZE(b43_5ghz_aphy_chantable),
270 .bitrates = b43_a_ratetable,
271 .n_bitrates = b43_a_ratetable_size,
274 static struct ieee80211_supported_band b43_band_2GHz = {
275 .band = IEEE80211_BAND_2GHZ,
276 .channels = b43_2ghz_chantable,
277 .n_channels = ARRAY_SIZE(b43_2ghz_chantable),
278 .bitrates = b43_g_ratetable,
279 .n_bitrates = b43_g_ratetable_size,
282 static void b43_wireless_core_exit(struct b43_wldev *dev);
283 static int b43_wireless_core_init(struct b43_wldev *dev);
284 static void b43_wireless_core_stop(struct b43_wldev *dev);
285 static int b43_wireless_core_start(struct b43_wldev *dev);
287 static int b43_ratelimit(struct b43_wl *wl)
289 if (!wl || !wl->current_dev)
291 if (b43_status(wl->current_dev) < B43_STAT_STARTED)
293 /* We are up and running.
294 * Ratelimit the messages to avoid DoS over the net. */
295 return net_ratelimit();
298 void b43info(struct b43_wl *wl, const char *fmt, ...)
302 if (!b43_ratelimit(wl))
305 printk(KERN_INFO "b43-%s: ",
306 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
311 void b43err(struct b43_wl *wl, const char *fmt, ...)
315 if (!b43_ratelimit(wl))
318 printk(KERN_ERR "b43-%s ERROR: ",
319 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
324 void b43warn(struct b43_wl *wl, const char *fmt, ...)
328 if (!b43_ratelimit(wl))
331 printk(KERN_WARNING "b43-%s warning: ",
332 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
338 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
343 printk(KERN_DEBUG "b43-%s debug: ",
344 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
350 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
354 B43_WARN_ON(offset % 4 != 0);
356 macctl = b43_read32(dev, B43_MMIO_MACCTL);
357 if (macctl & B43_MACCTL_BE)
360 b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
362 b43_write32(dev, B43_MMIO_RAM_DATA, val);
365 static inline void b43_shm_control_word(struct b43_wldev *dev,
366 u16 routing, u16 offset)
370 /* "offset" is the WORD offset. */
374 b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
377 u32 __b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
381 if (routing == B43_SHM_SHARED) {
382 B43_WARN_ON(offset & 0x0001);
383 if (offset & 0x0003) {
384 /* Unaligned access */
385 b43_shm_control_word(dev, routing, offset >> 2);
386 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
388 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
389 ret |= b43_read16(dev, B43_MMIO_SHM_DATA);
395 b43_shm_control_word(dev, routing, offset);
396 ret = b43_read32(dev, B43_MMIO_SHM_DATA);
401 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
403 struct b43_wl *wl = dev->wl;
407 spin_lock_irqsave(&wl->shm_lock, flags);
408 ret = __b43_shm_read32(dev, routing, offset);
409 spin_unlock_irqrestore(&wl->shm_lock, flags);
414 u16 __b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
418 if (routing == B43_SHM_SHARED) {
419 B43_WARN_ON(offset & 0x0001);
420 if (offset & 0x0003) {
421 /* Unaligned access */
422 b43_shm_control_word(dev, routing, offset >> 2);
423 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
429 b43_shm_control_word(dev, routing, offset);
430 ret = b43_read16(dev, B43_MMIO_SHM_DATA);
435 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
437 struct b43_wl *wl = dev->wl;
441 spin_lock_irqsave(&wl->shm_lock, flags);
442 ret = __b43_shm_read16(dev, routing, offset);
443 spin_unlock_irqrestore(&wl->shm_lock, flags);
448 void __b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
450 if (routing == B43_SHM_SHARED) {
451 B43_WARN_ON(offset & 0x0001);
452 if (offset & 0x0003) {
453 /* Unaligned access */
454 b43_shm_control_word(dev, routing, offset >> 2);
455 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
456 (value >> 16) & 0xffff);
457 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
458 b43_write16(dev, B43_MMIO_SHM_DATA, value & 0xffff);
463 b43_shm_control_word(dev, routing, offset);
464 b43_write32(dev, B43_MMIO_SHM_DATA, value);
467 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
469 struct b43_wl *wl = dev->wl;
472 spin_lock_irqsave(&wl->shm_lock, flags);
473 __b43_shm_write32(dev, routing, offset, value);
474 spin_unlock_irqrestore(&wl->shm_lock, flags);
477 void __b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
479 if (routing == B43_SHM_SHARED) {
480 B43_WARN_ON(offset & 0x0001);
481 if (offset & 0x0003) {
482 /* Unaligned access */
483 b43_shm_control_word(dev, routing, offset >> 2);
484 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
489 b43_shm_control_word(dev, routing, offset);
490 b43_write16(dev, B43_MMIO_SHM_DATA, value);
493 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
495 struct b43_wl *wl = dev->wl;
498 spin_lock_irqsave(&wl->shm_lock, flags);
499 __b43_shm_write16(dev, routing, offset, value);
500 spin_unlock_irqrestore(&wl->shm_lock, flags);
504 u64 b43_hf_read(struct b43_wldev * dev)
508 ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI);
510 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI);
512 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO);
517 /* Write HostFlags */
518 void b43_hf_write(struct b43_wldev *dev, u64 value)
522 lo = (value & 0x00000000FFFFULL);
523 mi = (value & 0x0000FFFF0000ULL) >> 16;
524 hi = (value & 0xFFFF00000000ULL) >> 32;
525 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO, lo);
526 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI, mi);
527 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI, hi);
530 void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
534 B43_WARN_ON(dev->dev->id.revision < 3);
536 /* The hardware guarantees us an atomic read, if we
537 * read the low register first. */
538 low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
539 high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
546 static void b43_time_lock(struct b43_wldev *dev)
550 macctl = b43_read32(dev, B43_MMIO_MACCTL);
551 macctl |= B43_MACCTL_TBTTHOLD;
552 b43_write32(dev, B43_MMIO_MACCTL, macctl);
553 /* Commit the write */
554 b43_read32(dev, B43_MMIO_MACCTL);
557 static void b43_time_unlock(struct b43_wldev *dev)
561 macctl = b43_read32(dev, B43_MMIO_MACCTL);
562 macctl &= ~B43_MACCTL_TBTTHOLD;
563 b43_write32(dev, B43_MMIO_MACCTL, macctl);
564 /* Commit the write */
565 b43_read32(dev, B43_MMIO_MACCTL);
568 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
572 B43_WARN_ON(dev->dev->id.revision < 3);
576 /* The hardware guarantees us an atomic write, if we
577 * write the low register first. */
578 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
580 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
584 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
587 b43_tsf_write_locked(dev, tsf);
588 b43_time_unlock(dev);
592 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 * mac)
594 static const u8 zero_addr[ETH_ALEN] = { 0 };
601 b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
605 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
608 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
611 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
614 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
618 u8 mac_bssid[ETH_ALEN * 2];
622 bssid = dev->wl->bssid;
623 mac = dev->wl->mac_addr;
625 b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
627 memcpy(mac_bssid, mac, ETH_ALEN);
628 memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
630 /* Write our MAC address and BSSID to template ram */
631 for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
632 tmp = (u32) (mac_bssid[i + 0]);
633 tmp |= (u32) (mac_bssid[i + 1]) << 8;
634 tmp |= (u32) (mac_bssid[i + 2]) << 16;
635 tmp |= (u32) (mac_bssid[i + 3]) << 24;
636 b43_ram_write(dev, 0x20 + i, tmp);
640 static void b43_upload_card_macaddress(struct b43_wldev *dev)
642 b43_write_mac_bssid_templates(dev);
643 b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
646 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
648 /* slot_time is in usec. */
649 if (dev->phy.type != B43_PHYTYPE_G)
651 b43_write16(dev, 0x684, 510 + slot_time);
652 b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
655 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
657 b43_set_slot_time(dev, 9);
660 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
662 b43_set_slot_time(dev, 20);
665 /* Enable a Generic IRQ. "mask" is the mask of which IRQs to enable.
666 * Returns the _previously_ enabled IRQ mask.
668 static inline u32 b43_interrupt_enable(struct b43_wldev *dev, u32 mask)
672 old_mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
673 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, old_mask | mask);
678 /* Disable a Generic IRQ. "mask" is the mask of which IRQs to disable.
679 * Returns the _previously_ enabled IRQ mask.
681 static inline u32 b43_interrupt_disable(struct b43_wldev *dev, u32 mask)
685 old_mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
686 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, old_mask & ~mask);
691 /* Synchronize IRQ top- and bottom-half.
692 * IRQs must be masked before calling this.
693 * This must not be called with the irq_lock held.
695 static void b43_synchronize_irq(struct b43_wldev *dev)
697 synchronize_irq(dev->dev->irq);
698 tasklet_kill(&dev->isr_tasklet);
701 /* DummyTransmission function, as documented on
702 * http://bcm-specs.sipsolutions.net/DummyTransmission
704 void b43_dummy_transmission(struct b43_wldev *dev)
706 struct b43_wl *wl = dev->wl;
707 struct b43_phy *phy = &dev->phy;
708 unsigned int i, max_loop;
721 buffer[0] = 0x000201CC;
726 buffer[0] = 0x000B846E;
733 spin_lock_irq(&wl->irq_lock);
734 write_lock(&wl->tx_lock);
736 for (i = 0; i < 5; i++)
737 b43_ram_write(dev, i * 4, buffer[i]);
740 b43_read32(dev, B43_MMIO_MACCTL);
742 b43_write16(dev, 0x0568, 0x0000);
743 b43_write16(dev, 0x07C0, 0x0000);
744 value = ((phy->type == B43_PHYTYPE_A) ? 1 : 0);
745 b43_write16(dev, 0x050C, value);
746 b43_write16(dev, 0x0508, 0x0000);
747 b43_write16(dev, 0x050A, 0x0000);
748 b43_write16(dev, 0x054C, 0x0000);
749 b43_write16(dev, 0x056A, 0x0014);
750 b43_write16(dev, 0x0568, 0x0826);
751 b43_write16(dev, 0x0500, 0x0000);
752 b43_write16(dev, 0x0502, 0x0030);
754 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
755 b43_radio_write16(dev, 0x0051, 0x0017);
756 for (i = 0x00; i < max_loop; i++) {
757 value = b43_read16(dev, 0x050E);
762 for (i = 0x00; i < 0x0A; i++) {
763 value = b43_read16(dev, 0x050E);
768 for (i = 0x00; i < 0x19; i++) {
769 value = b43_read16(dev, 0x0690);
770 if (!(value & 0x0100))
774 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
775 b43_radio_write16(dev, 0x0051, 0x0037);
777 write_unlock(&wl->tx_lock);
778 spin_unlock_irq(&wl->irq_lock);
781 static void key_write(struct b43_wldev *dev,
782 u8 index, u8 algorithm, const u8 * key)
789 /* Key index/algo block */
790 kidx = b43_kidx_to_fw(dev, index);
791 value = ((kidx << 4) | algorithm);
792 b43_shm_write16(dev, B43_SHM_SHARED,
793 B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
795 /* Write the key to the Key Table Pointer offset */
796 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
797 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
799 value |= (u16) (key[i + 1]) << 8;
800 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
804 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 * addr)
806 u32 addrtmp[2] = { 0, 0, };
807 u8 per_sta_keys_start = 8;
809 if (b43_new_kidx_api(dev))
810 per_sta_keys_start = 4;
812 B43_WARN_ON(index < per_sta_keys_start);
813 /* We have two default TX keys and possibly two default RX keys.
814 * Physical mac 0 is mapped to physical key 4 or 8, depending
815 * on the firmware version.
816 * So we must adjust the index here.
818 index -= per_sta_keys_start;
821 addrtmp[0] = addr[0];
822 addrtmp[0] |= ((u32) (addr[1]) << 8);
823 addrtmp[0] |= ((u32) (addr[2]) << 16);
824 addrtmp[0] |= ((u32) (addr[3]) << 24);
825 addrtmp[1] = addr[4];
826 addrtmp[1] |= ((u32) (addr[5]) << 8);
829 if (dev->dev->id.revision >= 5) {
830 /* Receive match transmitter address mechanism */
831 b43_shm_write32(dev, B43_SHM_RCMTA,
832 (index * 2) + 0, addrtmp[0]);
833 b43_shm_write16(dev, B43_SHM_RCMTA,
834 (index * 2) + 1, addrtmp[1]);
836 /* RXE (Receive Engine) and
837 * PSM (Programmable State Machine) mechanism
840 /* TODO write to RCM 16, 19, 22 and 25 */
842 b43_shm_write32(dev, B43_SHM_SHARED,
843 B43_SHM_SH_PSM + (index * 6) + 0,
845 b43_shm_write16(dev, B43_SHM_SHARED,
846 B43_SHM_SH_PSM + (index * 6) + 4,
852 static void do_key_write(struct b43_wldev *dev,
853 u8 index, u8 algorithm,
854 const u8 * key, size_t key_len, const u8 * mac_addr)
856 u8 buf[B43_SEC_KEYSIZE] = { 0, };
857 u8 per_sta_keys_start = 8;
859 if (b43_new_kidx_api(dev))
860 per_sta_keys_start = 4;
862 B43_WARN_ON(index >= dev->max_nr_keys);
863 B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
865 if (index >= per_sta_keys_start)
866 keymac_write(dev, index, NULL); /* First zero out mac. */
868 memcpy(buf, key, key_len);
869 key_write(dev, index, algorithm, buf);
870 if (index >= per_sta_keys_start)
871 keymac_write(dev, index, mac_addr);
873 dev->key[index].algorithm = algorithm;
876 static int b43_key_write(struct b43_wldev *dev,
877 int index, u8 algorithm,
878 const u8 * key, size_t key_len,
880 struct ieee80211_key_conf *keyconf)
885 if (key_len > B43_SEC_KEYSIZE)
887 for (i = 0; i < dev->max_nr_keys; i++) {
888 /* Check that we don't already have this key. */
889 B43_WARN_ON(dev->key[i].keyconf == keyconf);
892 /* Pairwise key. Get an empty slot for the key. */
893 if (b43_new_kidx_api(dev))
897 for (i = sta_keys_start; i < dev->max_nr_keys; i++) {
898 if (!dev->key[i].keyconf) {
905 b43warn(dev->wl, "Out of hardware key memory\n");
909 B43_WARN_ON(index > 3);
911 do_key_write(dev, index, algorithm, key, key_len, mac_addr);
912 if ((index <= 3) && !b43_new_kidx_api(dev)) {
914 B43_WARN_ON(mac_addr);
915 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
917 keyconf->hw_key_idx = index;
918 dev->key[index].keyconf = keyconf;
923 static int b43_key_clear(struct b43_wldev *dev, int index)
925 if (B43_WARN_ON((index < 0) || (index >= dev->max_nr_keys)))
927 do_key_write(dev, index, B43_SEC_ALGO_NONE,
928 NULL, B43_SEC_KEYSIZE, NULL);
929 if ((index <= 3) && !b43_new_kidx_api(dev)) {
930 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
931 NULL, B43_SEC_KEYSIZE, NULL);
933 dev->key[index].keyconf = NULL;
938 static void b43_clear_keys(struct b43_wldev *dev)
942 for (i = 0; i < dev->max_nr_keys; i++)
943 b43_key_clear(dev, i);
946 static void b43_dump_keymemory(struct b43_wldev *dev)
948 unsigned int i, index, offset;
949 DECLARE_MAC_BUF(macbuf);
957 if (!b43_debug(dev, B43_DBG_KEYS))
960 hf = b43_hf_read(dev);
961 b43dbg(dev->wl, "Hardware key memory dump: USEDEFKEYS=%u\n",
962 !!(hf & B43_HF_USEDEFKEYS));
963 for (index = 0; index < dev->max_nr_keys; index++) {
964 key = &(dev->key[index]);
965 printk(KERN_DEBUG "Key slot %02u: %s",
966 index, (key->keyconf == NULL) ? " " : "*");
967 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
968 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
969 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
970 printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
973 algo = b43_shm_read16(dev, B43_SHM_SHARED,
974 B43_SHM_SH_KEYIDXBLOCK + (index * 2));
975 printk(" Algo: %04X/%02X", algo, key->algorithm);
978 rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
979 ((index - 4) * 2) + 0);
980 rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
981 ((index - 4) * 2) + 1);
982 *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
983 *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
985 print_mac(macbuf, mac));
987 printk(" DEFAULT KEY");
992 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1000 B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1001 (ps_flags & B43_PS_DISABLED));
1002 B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1004 if (ps_flags & B43_PS_ENABLED) {
1006 } else if (ps_flags & B43_PS_DISABLED) {
1009 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1010 // and thus is not an AP and we are associated, set bit 25
1012 if (ps_flags & B43_PS_AWAKE) {
1014 } else if (ps_flags & B43_PS_ASLEEP) {
1017 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1018 // or we are associated, or FIXME, or the latest PS-Poll packet sent was
1019 // successful, set bit26
1022 /* FIXME: For now we force awake-on and hwps-off */
1026 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1028 macctl |= B43_MACCTL_HWPS;
1030 macctl &= ~B43_MACCTL_HWPS;
1032 macctl |= B43_MACCTL_AWAKE;
1034 macctl &= ~B43_MACCTL_AWAKE;
1035 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1037 b43_read32(dev, B43_MMIO_MACCTL);
1038 if (awake && dev->dev->id.revision >= 5) {
1039 /* Wait for the microcode to wake up. */
1040 for (i = 0; i < 100; i++) {
1041 ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1042 B43_SHM_SH_UCODESTAT);
1043 if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1050 void b43_wireless_core_reset(struct b43_wldev *dev, u32 flags)
1055 flags |= B43_TMSLOW_PHYCLKEN;
1056 flags |= B43_TMSLOW_PHYRESET;
1057 ssb_device_enable(dev->dev, flags);
1058 msleep(2); /* Wait for the PLL to turn on. */
1060 /* Now take the PHY out of Reset again */
1061 tmslow = ssb_read32(dev->dev, SSB_TMSLOW);
1062 tmslow |= SSB_TMSLOW_FGC;
1063 tmslow &= ~B43_TMSLOW_PHYRESET;
1064 ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1065 ssb_read32(dev->dev, SSB_TMSLOW); /* flush */
1067 tmslow &= ~SSB_TMSLOW_FGC;
1068 ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1069 ssb_read32(dev->dev, SSB_TMSLOW); /* flush */
1072 /* Turn Analog ON, but only if we already know the PHY-type.
1073 * This protects against very early setup where we don't know the
1074 * PHY-type, yet. wireless_core_reset will be called once again later,
1075 * when we know the PHY-type. */
1077 dev->phy.ops->switch_analog(dev, 1);
1079 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1080 macctl &= ~B43_MACCTL_GMODE;
1081 if (flags & B43_TMSLOW_GMODE)
1082 macctl |= B43_MACCTL_GMODE;
1083 macctl |= B43_MACCTL_IHR_ENABLED;
1084 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1087 static void handle_irq_transmit_status(struct b43_wldev *dev)
1091 struct b43_txstatus stat;
1094 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1095 if (!(v0 & 0x00000001))
1097 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1099 stat.cookie = (v0 >> 16);
1100 stat.seq = (v1 & 0x0000FFFF);
1101 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1102 tmp = (v0 & 0x0000FFFF);
1103 stat.frame_count = ((tmp & 0xF000) >> 12);
1104 stat.rts_count = ((tmp & 0x0F00) >> 8);
1105 stat.supp_reason = ((tmp & 0x001C) >> 2);
1106 stat.pm_indicated = !!(tmp & 0x0080);
1107 stat.intermediate = !!(tmp & 0x0040);
1108 stat.for_ampdu = !!(tmp & 0x0020);
1109 stat.acked = !!(tmp & 0x0002);
1111 b43_handle_txstatus(dev, &stat);
1115 static void drain_txstatus_queue(struct b43_wldev *dev)
1119 if (dev->dev->id.revision < 5)
1121 /* Read all entries from the microcode TXstatus FIFO
1122 * and throw them away.
1125 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1126 if (!(dummy & 0x00000001))
1128 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1132 static u32 b43_jssi_read(struct b43_wldev *dev)
1136 val = b43_shm_read16(dev, B43_SHM_SHARED, 0x08A);
1138 val |= b43_shm_read16(dev, B43_SHM_SHARED, 0x088);
1143 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1145 b43_shm_write16(dev, B43_SHM_SHARED, 0x088, (jssi & 0x0000FFFF));
1146 b43_shm_write16(dev, B43_SHM_SHARED, 0x08A, (jssi & 0xFFFF0000) >> 16);
1149 static void b43_generate_noise_sample(struct b43_wldev *dev)
1151 b43_jssi_write(dev, 0x7F7F7F7F);
1152 b43_write32(dev, B43_MMIO_MACCMD,
1153 b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1156 static void b43_calculate_link_quality(struct b43_wldev *dev)
1158 /* Top half of Link Quality calculation. */
1160 if (dev->phy.type != B43_PHYTYPE_G)
1162 if (dev->noisecalc.calculation_running)
1164 dev->noisecalc.calculation_running = 1;
1165 dev->noisecalc.nr_samples = 0;
1167 b43_generate_noise_sample(dev);
1170 static void handle_irq_noise(struct b43_wldev *dev)
1172 struct b43_phy_g *phy = dev->phy.g;
1178 /* Bottom half of Link Quality calculation. */
1180 if (dev->phy.type != B43_PHYTYPE_G)
1183 /* Possible race condition: It might be possible that the user
1184 * changed to a different channel in the meantime since we
1185 * started the calculation. We ignore that fact, since it's
1186 * not really that much of a problem. The background noise is
1187 * an estimation only anyway. Slightly wrong results will get damped
1188 * by the averaging of the 8 sample rounds. Additionally the
1189 * value is shortlived. So it will be replaced by the next noise
1190 * calculation round soon. */
1192 B43_WARN_ON(!dev->noisecalc.calculation_running);
1193 *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1194 if (noise[0] == 0x7F || noise[1] == 0x7F ||
1195 noise[2] == 0x7F || noise[3] == 0x7F)
1198 /* Get the noise samples. */
1199 B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1200 i = dev->noisecalc.nr_samples;
1201 noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1202 noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1203 noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1204 noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1205 dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1206 dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1207 dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1208 dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1209 dev->noisecalc.nr_samples++;
1210 if (dev->noisecalc.nr_samples == 8) {
1211 /* Calculate the Link Quality by the noise samples. */
1213 for (i = 0; i < 8; i++) {
1214 for (j = 0; j < 4; j++)
1215 average += dev->noisecalc.samples[i][j];
1221 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1222 tmp = (tmp / 128) & 0x1F;
1232 dev->stats.link_noise = average;
1233 dev->noisecalc.calculation_running = 0;
1237 b43_generate_noise_sample(dev);
1240 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1242 if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1245 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1246 b43_power_saving_ctl_bits(dev, 0);
1248 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1252 static void handle_irq_atim_end(struct b43_wldev *dev)
1254 if (dev->dfq_valid) {
1255 b43_write32(dev, B43_MMIO_MACCMD,
1256 b43_read32(dev, B43_MMIO_MACCMD)
1257 | B43_MACCMD_DFQ_VALID);
1262 static void handle_irq_pmq(struct b43_wldev *dev)
1269 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1270 if (!(tmp & 0x00000008))
1273 /* 16bit write is odd, but correct. */
1274 b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1277 static void b43_write_template_common(struct b43_wldev *dev,
1278 const u8 * data, u16 size,
1280 u16 shm_size_offset, u8 rate)
1283 struct b43_plcp_hdr4 plcp;
1286 b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1287 b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1288 ram_offset += sizeof(u32);
1289 /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1290 * So leave the first two bytes of the next write blank.
1292 tmp = (u32) (data[0]) << 16;
1293 tmp |= (u32) (data[1]) << 24;
1294 b43_ram_write(dev, ram_offset, tmp);
1295 ram_offset += sizeof(u32);
1296 for (i = 2; i < size; i += sizeof(u32)) {
1297 tmp = (u32) (data[i + 0]);
1299 tmp |= (u32) (data[i + 1]) << 8;
1301 tmp |= (u32) (data[i + 2]) << 16;
1303 tmp |= (u32) (data[i + 3]) << 24;
1304 b43_ram_write(dev, ram_offset + i - 2, tmp);
1306 b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1307 size + sizeof(struct b43_plcp_hdr6));
1310 /* Check if the use of the antenna that ieee80211 told us to
1311 * use is possible. This will fall back to DEFAULT.
1312 * "antenna_nr" is the antenna identifier we got from ieee80211. */
1313 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1318 if (antenna_nr == 0) {
1319 /* Zero means "use default antenna". That's always OK. */
1323 /* Get the mask of available antennas. */
1325 antenna_mask = dev->dev->bus->sprom.ant_available_bg;
1327 antenna_mask = dev->dev->bus->sprom.ant_available_a;
1329 if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1330 /* This antenna is not available. Fall back to default. */
1337 /* Convert a b43 antenna number value to the PHY TX control value. */
1338 static u16 b43_antenna_to_phyctl(int antenna)
1342 return B43_TXH_PHY_ANT0;
1344 return B43_TXH_PHY_ANT1;
1346 return B43_TXH_PHY_ANT2;
1348 return B43_TXH_PHY_ANT3;
1349 case B43_ANTENNA_AUTO:
1350 return B43_TXH_PHY_ANT01AUTO;
1356 static void b43_write_beacon_template(struct b43_wldev *dev,
1358 u16 shm_size_offset)
1360 unsigned int i, len, variable_len;
1361 const struct ieee80211_mgmt *bcn;
1367 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1369 bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1370 len = min((size_t) dev->wl->current_beacon->len,
1371 0x200 - sizeof(struct b43_plcp_hdr6));
1372 rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1374 b43_write_template_common(dev, (const u8 *)bcn,
1375 len, ram_offset, shm_size_offset, rate);
1377 /* Write the PHY TX control parameters. */
1378 antenna = B43_ANTENNA_DEFAULT;
1379 antenna = b43_antenna_to_phyctl(antenna);
1380 ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1381 /* We can't send beacons with short preamble. Would get PHY errors. */
1382 ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1383 ctl &= ~B43_TXH_PHY_ANT;
1384 ctl &= ~B43_TXH_PHY_ENC;
1386 if (b43_is_cck_rate(rate))
1387 ctl |= B43_TXH_PHY_ENC_CCK;
1389 ctl |= B43_TXH_PHY_ENC_OFDM;
1390 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1392 /* Find the position of the TIM and the DTIM_period value
1393 * and write them to SHM. */
1394 ie = bcn->u.beacon.variable;
1395 variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1396 for (i = 0; i < variable_len - 2; ) {
1397 uint8_t ie_id, ie_len;
1404 /* This is the TIM Information Element */
1406 /* Check whether the ie_len is in the beacon data range. */
1407 if (variable_len < ie_len + 2 + i)
1409 /* A valid TIM is at least 4 bytes long. */
1414 tim_position = sizeof(struct b43_plcp_hdr6);
1415 tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1418 dtim_period = ie[i + 3];
1420 b43_shm_write16(dev, B43_SHM_SHARED,
1421 B43_SHM_SH_TIMBPOS, tim_position);
1422 b43_shm_write16(dev, B43_SHM_SHARED,
1423 B43_SHM_SH_DTIMPER, dtim_period);
1430 * If ucode wants to modify TIM do it behind the beacon, this
1431 * will happen, for example, when doing mesh networking.
1433 b43_shm_write16(dev, B43_SHM_SHARED,
1435 len + sizeof(struct b43_plcp_hdr6));
1436 b43_shm_write16(dev, B43_SHM_SHARED,
1437 B43_SHM_SH_DTIMPER, 0);
1439 b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1442 static void b43_write_probe_resp_plcp(struct b43_wldev *dev,
1443 u16 shm_offset, u16 size,
1444 struct ieee80211_rate *rate)
1446 struct b43_plcp_hdr4 plcp;
1451 b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate->hw_value);
1452 dur = ieee80211_generic_frame_duration(dev->wl->hw,
1455 /* Write PLCP in two parts and timing for packet transfer */
1456 tmp = le32_to_cpu(plcp.data);
1457 b43_shm_write16(dev, B43_SHM_SHARED, shm_offset, tmp & 0xFFFF);
1458 b43_shm_write16(dev, B43_SHM_SHARED, shm_offset + 2, tmp >> 16);
1459 b43_shm_write16(dev, B43_SHM_SHARED, shm_offset + 6, le16_to_cpu(dur));
1462 /* Instead of using custom probe response template, this function
1463 * just patches custom beacon template by:
1464 * 1) Changing packet type
1465 * 2) Patching duration field
1468 static const u8 * b43_generate_probe_resp(struct b43_wldev *dev,
1470 struct ieee80211_rate *rate)
1474 u16 src_size, elem_size, src_pos, dest_pos;
1476 struct ieee80211_hdr *hdr;
1479 src_size = dev->wl->current_beacon->len;
1480 src_data = (const u8 *)dev->wl->current_beacon->data;
1482 /* Get the start offset of the variable IEs in the packet. */
1483 ie_start = offsetof(struct ieee80211_mgmt, u.probe_resp.variable);
1484 B43_WARN_ON(ie_start != offsetof(struct ieee80211_mgmt, u.beacon.variable));
1486 if (B43_WARN_ON(src_size < ie_start))
1489 dest_data = kmalloc(src_size, GFP_ATOMIC);
1490 if (unlikely(!dest_data))
1493 /* Copy the static data and all Information Elements, except the TIM. */
1494 memcpy(dest_data, src_data, ie_start);
1496 dest_pos = ie_start;
1497 for ( ; src_pos < src_size - 2; src_pos += elem_size) {
1498 elem_size = src_data[src_pos + 1] + 2;
1499 if (src_data[src_pos] == 5) {
1500 /* This is the TIM. */
1503 memcpy(dest_data + dest_pos, src_data + src_pos,
1505 dest_pos += elem_size;
1507 *dest_size = dest_pos;
1508 hdr = (struct ieee80211_hdr *)dest_data;
1510 /* Set the frame control. */
1511 hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
1512 IEEE80211_STYPE_PROBE_RESP);
1513 dur = ieee80211_generic_frame_duration(dev->wl->hw,
1514 dev->wl->vif, *dest_size,
1516 hdr->duration_id = dur;
1521 static void b43_write_probe_resp_template(struct b43_wldev *dev,
1523 u16 shm_size_offset,
1524 struct ieee80211_rate *rate)
1526 const u8 *probe_resp_data;
1529 size = dev->wl->current_beacon->len;
1530 probe_resp_data = b43_generate_probe_resp(dev, &size, rate);
1531 if (unlikely(!probe_resp_data))
1534 /* Looks like PLCP headers plus packet timings are stored for
1535 * all possible basic rates
1537 b43_write_probe_resp_plcp(dev, 0x31A, size, &b43_b_ratetable[0]);
1538 b43_write_probe_resp_plcp(dev, 0x32C, size, &b43_b_ratetable[1]);
1539 b43_write_probe_resp_plcp(dev, 0x33E, size, &b43_b_ratetable[2]);
1540 b43_write_probe_resp_plcp(dev, 0x350, size, &b43_b_ratetable[3]);
1542 size = min((size_t) size, 0x200 - sizeof(struct b43_plcp_hdr6));
1543 b43_write_template_common(dev, probe_resp_data,
1544 size, ram_offset, shm_size_offset,
1546 kfree(probe_resp_data);
1549 static void b43_upload_beacon0(struct b43_wldev *dev)
1551 struct b43_wl *wl = dev->wl;
1553 if (wl->beacon0_uploaded)
1555 b43_write_beacon_template(dev, 0x68, 0x18);
1556 /* FIXME: Probe resp upload doesn't really belong here,
1557 * but we don't use that feature anyway. */
1558 b43_write_probe_resp_template(dev, 0x268, 0x4A,
1559 &__b43_ratetable[3]);
1560 wl->beacon0_uploaded = 1;
1563 static void b43_upload_beacon1(struct b43_wldev *dev)
1565 struct b43_wl *wl = dev->wl;
1567 if (wl->beacon1_uploaded)
1569 b43_write_beacon_template(dev, 0x468, 0x1A);
1570 wl->beacon1_uploaded = 1;
1573 static void handle_irq_beacon(struct b43_wldev *dev)
1575 struct b43_wl *wl = dev->wl;
1576 u32 cmd, beacon0_valid, beacon1_valid;
1578 if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1579 !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
1582 /* This is the bottom half of the asynchronous beacon update. */
1584 /* Ignore interrupt in the future. */
1585 dev->irq_savedstate &= ~B43_IRQ_BEACON;
1587 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1588 beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1589 beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1591 /* Schedule interrupt manually, if busy. */
1592 if (beacon0_valid && beacon1_valid) {
1593 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1594 dev->irq_savedstate |= B43_IRQ_BEACON;
1598 if (unlikely(wl->beacon_templates_virgin)) {
1599 /* We never uploaded a beacon before.
1600 * Upload both templates now, but only mark one valid. */
1601 wl->beacon_templates_virgin = 0;
1602 b43_upload_beacon0(dev);
1603 b43_upload_beacon1(dev);
1604 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1605 cmd |= B43_MACCMD_BEACON0_VALID;
1606 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1608 if (!beacon0_valid) {
1609 b43_upload_beacon0(dev);
1610 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1611 cmd |= B43_MACCMD_BEACON0_VALID;
1612 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1613 } else if (!beacon1_valid) {
1614 b43_upload_beacon1(dev);
1615 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1616 cmd |= B43_MACCMD_BEACON1_VALID;
1617 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1622 static void b43_beacon_update_trigger_work(struct work_struct *work)
1624 struct b43_wl *wl = container_of(work, struct b43_wl,
1625 beacon_update_trigger);
1626 struct b43_wldev *dev;
1628 mutex_lock(&wl->mutex);
1629 dev = wl->current_dev;
1630 if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1631 spin_lock_irq(&wl->irq_lock);
1632 /* update beacon right away or defer to irq */
1633 dev->irq_savedstate = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
1634 handle_irq_beacon(dev);
1635 /* The handler might have updated the IRQ mask. */
1636 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK,
1637 dev->irq_savedstate);
1639 spin_unlock_irq(&wl->irq_lock);
1641 mutex_unlock(&wl->mutex);
1644 /* Asynchronously update the packet templates in template RAM.
1645 * Locking: Requires wl->irq_lock to be locked. */
1646 static void b43_update_templates(struct b43_wl *wl)
1648 struct sk_buff *beacon;
1650 /* This is the top half of the ansynchronous beacon update.
1651 * The bottom half is the beacon IRQ.
1652 * Beacon update must be asynchronous to avoid sending an
1653 * invalid beacon. This can happen for example, if the firmware
1654 * transmits a beacon while we are updating it. */
1656 /* We could modify the existing beacon and set the aid bit in
1657 * the TIM field, but that would probably require resizing and
1658 * moving of data within the beacon template.
1659 * Simply request a new beacon and let mac80211 do the hard work. */
1660 beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1661 if (unlikely(!beacon))
1664 if (wl->current_beacon)
1665 dev_kfree_skb_any(wl->current_beacon);
1666 wl->current_beacon = beacon;
1667 wl->beacon0_uploaded = 0;
1668 wl->beacon1_uploaded = 0;
1669 queue_work(wl->hw->workqueue, &wl->beacon_update_trigger);
1672 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1675 if (dev->dev->id.revision >= 3) {
1676 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1677 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1679 b43_write16(dev, 0x606, (beacon_int >> 6));
1680 b43_write16(dev, 0x610, beacon_int);
1682 b43_time_unlock(dev);
1683 b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1686 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1690 /* Read the register that contains the reason code for the panic. */
1691 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1692 b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1696 b43dbg(dev->wl, "The panic reason is unknown.\n");
1698 case B43_FWPANIC_DIE:
1699 /* Do not restart the controller or firmware.
1700 * The device is nonfunctional from now on.
1701 * Restarting would result in this panic to trigger again,
1702 * so we avoid that recursion. */
1704 case B43_FWPANIC_RESTART:
1705 b43_controller_restart(dev, "Microcode panic");
1710 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1712 unsigned int i, cnt;
1713 u16 reason, marker_id, marker_line;
1716 /* The proprietary firmware doesn't have this IRQ. */
1717 if (!dev->fw.opensource)
1720 /* Read the register that contains the reason code for this IRQ. */
1721 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1724 case B43_DEBUGIRQ_PANIC:
1725 b43_handle_firmware_panic(dev);
1727 case B43_DEBUGIRQ_DUMP_SHM:
1729 break; /* Only with driver debugging enabled. */
1730 buf = kmalloc(4096, GFP_ATOMIC);
1732 b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1735 for (i = 0; i < 4096; i += 2) {
1736 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1737 buf[i / 2] = cpu_to_le16(tmp);
1739 b43info(dev->wl, "Shared memory dump:\n");
1740 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1741 16, 2, buf, 4096, 1);
1744 case B43_DEBUGIRQ_DUMP_REGS:
1746 break; /* Only with driver debugging enabled. */
1747 b43info(dev->wl, "Microcode register dump:\n");
1748 for (i = 0, cnt = 0; i < 64; i++) {
1749 u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1752 printk("r%02u: 0x%04X ", i, tmp);
1761 case B43_DEBUGIRQ_MARKER:
1763 break; /* Only with driver debugging enabled. */
1764 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1766 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1767 B43_MARKER_LINE_REG);
1768 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1769 "at line number %u\n",
1770 marker_id, marker_line);
1773 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1777 /* Acknowledge the debug-IRQ, so the firmware can continue. */
1778 b43_shm_write16(dev, B43_SHM_SCRATCH,
1779 B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1782 /* Interrupt handler bottom-half */
1783 static void b43_interrupt_tasklet(struct b43_wldev *dev)
1786 u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1787 u32 merged_dma_reason = 0;
1789 unsigned long flags;
1791 spin_lock_irqsave(&dev->wl->irq_lock, flags);
1793 B43_WARN_ON(b43_status(dev) != B43_STAT_STARTED);
1795 reason = dev->irq_reason;
1796 for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1797 dma_reason[i] = dev->dma_reason[i];
1798 merged_dma_reason |= dma_reason[i];
1801 if (unlikely(reason & B43_IRQ_MAC_TXERR))
1802 b43err(dev->wl, "MAC transmission error\n");
1804 if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1805 b43err(dev->wl, "PHY transmission error\n");
1807 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1808 atomic_set(&dev->phy.txerr_cnt,
1809 B43_PHY_TX_BADNESS_LIMIT);
1810 b43err(dev->wl, "Too many PHY TX errors, "
1811 "restarting the controller\n");
1812 b43_controller_restart(dev, "PHY TX errors");
1816 if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK |
1817 B43_DMAIRQ_NONFATALMASK))) {
1818 if (merged_dma_reason & B43_DMAIRQ_FATALMASK) {
1819 b43err(dev->wl, "Fatal DMA error: "
1820 "0x%08X, 0x%08X, 0x%08X, "
1821 "0x%08X, 0x%08X, 0x%08X\n",
1822 dma_reason[0], dma_reason[1],
1823 dma_reason[2], dma_reason[3],
1824 dma_reason[4], dma_reason[5]);
1825 b43_controller_restart(dev, "DMA error");
1827 spin_unlock_irqrestore(&dev->wl->irq_lock, flags);
1830 if (merged_dma_reason & B43_DMAIRQ_NONFATALMASK) {
1831 b43err(dev->wl, "DMA error: "
1832 "0x%08X, 0x%08X, 0x%08X, "
1833 "0x%08X, 0x%08X, 0x%08X\n",
1834 dma_reason[0], dma_reason[1],
1835 dma_reason[2], dma_reason[3],
1836 dma_reason[4], dma_reason[5]);
1840 if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1841 handle_irq_ucode_debug(dev);
1842 if (reason & B43_IRQ_TBTT_INDI)
1843 handle_irq_tbtt_indication(dev);
1844 if (reason & B43_IRQ_ATIM_END)
1845 handle_irq_atim_end(dev);
1846 if (reason & B43_IRQ_BEACON)
1847 handle_irq_beacon(dev);
1848 if (reason & B43_IRQ_PMQ)
1849 handle_irq_pmq(dev);
1850 if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1852 if (reason & B43_IRQ_NOISESAMPLE_OK)
1853 handle_irq_noise(dev);
1855 /* Check the DMA reason registers for received data. */
1856 if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
1857 if (b43_using_pio_transfers(dev))
1858 b43_pio_rx(dev->pio.rx_queue);
1860 b43_dma_rx(dev->dma.rx_ring);
1862 B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1863 B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
1864 B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
1865 B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1866 B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1868 if (reason & B43_IRQ_TX_OK)
1869 handle_irq_transmit_status(dev);
1871 b43_interrupt_enable(dev, dev->irq_savedstate);
1873 spin_unlock_irqrestore(&dev->wl->irq_lock, flags);
1876 static void b43_interrupt_ack(struct b43_wldev *dev, u32 reason)
1878 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
1880 b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
1881 b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
1882 b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
1883 b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
1884 b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
1885 b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
1888 /* Interrupt handler top-half */
1889 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
1891 irqreturn_t ret = IRQ_NONE;
1892 struct b43_wldev *dev = dev_id;
1898 spin_lock(&dev->wl->irq_lock);
1900 if (b43_status(dev) < B43_STAT_STARTED)
1902 reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1903 if (reason == 0xffffffff) /* shared IRQ */
1906 reason &= b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
1910 dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
1912 dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
1914 dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
1916 dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
1918 dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
1920 dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
1923 b43_interrupt_ack(dev, reason);
1924 /* disable all IRQs. They are enabled again in the bottom half. */
1925 dev->irq_savedstate = b43_interrupt_disable(dev, B43_IRQ_ALL);
1926 /* save the reason code and call our bottom half. */
1927 dev->irq_reason = reason;
1928 tasklet_schedule(&dev->isr_tasklet);
1931 spin_unlock(&dev->wl->irq_lock);
1936 static void do_release_fw(struct b43_firmware_file *fw)
1938 release_firmware(fw->data);
1940 fw->filename = NULL;
1943 static void b43_release_firmware(struct b43_wldev *dev)
1945 do_release_fw(&dev->fw.ucode);
1946 do_release_fw(&dev->fw.pcm);
1947 do_release_fw(&dev->fw.initvals);
1948 do_release_fw(&dev->fw.initvals_band);
1951 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
1955 text = "You must go to "
1956 "http://linuxwireless.org/en/users/Drivers/b43#devicefirmware "
1957 "and download the latest firmware (version 4).\n";
1964 static int do_request_fw(struct b43_wldev *dev,
1966 struct b43_firmware_file *fw,
1969 char path[sizeof(modparam_fwpostfix) + 32];
1970 const struct firmware *blob;
1971 struct b43_fw_header *hdr;
1976 /* Don't fetch anything. Free possibly cached firmware. */
1981 if (strcmp(fw->filename, name) == 0)
1982 return 0; /* Already have this fw. */
1983 /* Free the cached firmware first. */
1987 snprintf(path, ARRAY_SIZE(path),
1989 modparam_fwpostfix, name);
1990 err = request_firmware(&blob, path, dev->dev->dev);
1991 if (err == -ENOENT) {
1993 b43err(dev->wl, "Firmware file \"%s\" not found\n",
1998 b43err(dev->wl, "Firmware file \"%s\" request failed (err=%d)\n",
2002 if (blob->size < sizeof(struct b43_fw_header))
2004 hdr = (struct b43_fw_header *)(blob->data);
2005 switch (hdr->type) {
2006 case B43_FW_TYPE_UCODE:
2007 case B43_FW_TYPE_PCM:
2008 size = be32_to_cpu(hdr->size);
2009 if (size != blob->size - sizeof(struct b43_fw_header))
2012 case B43_FW_TYPE_IV:
2021 fw->filename = name;
2026 b43err(dev->wl, "Firmware file \"%s\" format error.\n", path);
2027 release_firmware(blob);
2032 static int b43_request_firmware(struct b43_wldev *dev)
2034 struct b43_firmware *fw = &dev->fw;
2035 const u8 rev = dev->dev->id.revision;
2036 const char *filename;
2041 tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
2042 if ((rev >= 5) && (rev <= 10))
2043 filename = "ucode5";
2044 else if ((rev >= 11) && (rev <= 12))
2045 filename = "ucode11";
2047 filename = "ucode13";
2050 err = do_request_fw(dev, filename, &fw->ucode, 0);
2055 if ((rev >= 5) && (rev <= 10))
2061 fw->pcm_request_failed = 0;
2062 err = do_request_fw(dev, filename, &fw->pcm, 1);
2063 if (err == -ENOENT) {
2064 /* We did not find a PCM file? Not fatal, but
2065 * core rev <= 10 must do without hwcrypto then. */
2066 fw->pcm_request_failed = 1;
2071 switch (dev->phy.type) {
2073 if ((rev >= 5) && (rev <= 10)) {
2074 if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2075 filename = "a0g1initvals5";
2077 filename = "a0g0initvals5";
2079 goto err_no_initvals;
2082 if ((rev >= 5) && (rev <= 10))
2083 filename = "b0g0initvals5";
2085 filename = "b0g0initvals13";
2087 goto err_no_initvals;
2090 if ((rev >= 11) && (rev <= 12))
2091 filename = "n0initvals11";
2093 goto err_no_initvals;
2096 goto err_no_initvals;
2098 err = do_request_fw(dev, filename, &fw->initvals, 0);
2102 /* Get bandswitch initvals */
2103 switch (dev->phy.type) {
2105 if ((rev >= 5) && (rev <= 10)) {
2106 if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2107 filename = "a0g1bsinitvals5";
2109 filename = "a0g0bsinitvals5";
2110 } else if (rev >= 11)
2113 goto err_no_initvals;
2116 if ((rev >= 5) && (rev <= 10))
2117 filename = "b0g0bsinitvals5";
2121 goto err_no_initvals;
2124 if ((rev >= 11) && (rev <= 12))
2125 filename = "n0bsinitvals11";
2127 goto err_no_initvals;
2130 goto err_no_initvals;
2132 err = do_request_fw(dev, filename, &fw->initvals_band, 0);
2139 b43_print_fw_helptext(dev->wl, 1);
2144 b43err(dev->wl, "No microcode available for core rev %u\n", rev);
2149 b43err(dev->wl, "No PCM available for core rev %u\n", rev);
2154 b43err(dev->wl, "No Initial Values firmware file for PHY %u, "
2155 "core rev %u\n", dev->phy.type, rev);
2159 b43_release_firmware(dev);
2163 static int b43_upload_microcode(struct b43_wldev *dev)
2165 const size_t hdr_len = sizeof(struct b43_fw_header);
2167 unsigned int i, len;
2168 u16 fwrev, fwpatch, fwdate, fwtime;
2172 /* Jump the microcode PSM to offset 0 */
2173 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2174 B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2175 macctl |= B43_MACCTL_PSM_JMP0;
2176 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2177 /* Zero out all microcode PSM registers and shared memory. */
2178 for (i = 0; i < 64; i++)
2179 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2180 for (i = 0; i < 4096; i += 2)
2181 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2183 /* Upload Microcode. */
2184 data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2185 len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2186 b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2187 for (i = 0; i < len; i++) {
2188 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2192 if (dev->fw.pcm.data) {
2193 /* Upload PCM data. */
2194 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2195 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2196 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2197 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2198 /* No need for autoinc bit in SHM_HW */
2199 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2200 for (i = 0; i < len; i++) {
2201 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2206 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2208 /* Start the microcode PSM */
2209 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2210 macctl &= ~B43_MACCTL_PSM_JMP0;
2211 macctl |= B43_MACCTL_PSM_RUN;
2212 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2214 /* Wait for the microcode to load and respond */
2217 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2218 if (tmp == B43_IRQ_MAC_SUSPENDED)
2222 b43err(dev->wl, "Microcode not responding\n");
2223 b43_print_fw_helptext(dev->wl, 1);
2227 msleep_interruptible(50);
2228 if (signal_pending(current)) {
2233 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON); /* dummy read */
2235 /* Get and check the revisions. */
2236 fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2237 fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2238 fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2239 fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2241 if (fwrev <= 0x128) {
2242 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2243 "binary drivers older than version 4.x is unsupported. "
2244 "You must upgrade your firmware files.\n");
2245 b43_print_fw_helptext(dev->wl, 1);
2249 dev->fw.rev = fwrev;
2250 dev->fw.patch = fwpatch;
2251 dev->fw.opensource = (fwdate == 0xFFFF);
2253 if (dev->fw.opensource) {
2254 /* Patchlevel info is encoded in the "time" field. */
2255 dev->fw.patch = fwtime;
2256 b43info(dev->wl, "Loading OpenSource firmware version %u.%u%s\n",
2257 dev->fw.rev, dev->fw.patch,
2258 dev->fw.pcm_request_failed ? " (Hardware crypto not supported)" : "");
2260 b43info(dev->wl, "Loading firmware version %u.%u "
2261 "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2263 (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2264 (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2265 if (dev->fw.pcm_request_failed) {
2266 b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2267 "Hardware accelerated cryptography is disabled.\n");
2268 b43_print_fw_helptext(dev->wl, 0);
2272 if (b43_is_old_txhdr_format(dev)) {
2273 b43warn(dev->wl, "You are using an old firmware image. "
2274 "Support for old firmware will be removed in July 2008.\n");
2275 b43_print_fw_helptext(dev->wl, 0);
2281 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2282 macctl &= ~B43_MACCTL_PSM_RUN;
2283 macctl |= B43_MACCTL_PSM_JMP0;
2284 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2289 static int b43_write_initvals(struct b43_wldev *dev,
2290 const struct b43_iv *ivals,
2294 const struct b43_iv *iv;
2299 BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2301 for (i = 0; i < count; i++) {
2302 if (array_size < sizeof(iv->offset_size))
2304 array_size -= sizeof(iv->offset_size);
2305 offset = be16_to_cpu(iv->offset_size);
2306 bit32 = !!(offset & B43_IV_32BIT);
2307 offset &= B43_IV_OFFSET_MASK;
2308 if (offset >= 0x1000)
2313 if (array_size < sizeof(iv->data.d32))
2315 array_size -= sizeof(iv->data.d32);
2317 value = get_unaligned_be32(&iv->data.d32);
2318 b43_write32(dev, offset, value);
2320 iv = (const struct b43_iv *)((const uint8_t *)iv +
2326 if (array_size < sizeof(iv->data.d16))
2328 array_size -= sizeof(iv->data.d16);
2330 value = be16_to_cpu(iv->data.d16);
2331 b43_write16(dev, offset, value);
2333 iv = (const struct b43_iv *)((const uint8_t *)iv +
2344 b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2345 b43_print_fw_helptext(dev->wl, 1);
2350 static int b43_upload_initvals(struct b43_wldev *dev)
2352 const size_t hdr_len = sizeof(struct b43_fw_header);
2353 const struct b43_fw_header *hdr;
2354 struct b43_firmware *fw = &dev->fw;
2355 const struct b43_iv *ivals;
2359 hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2360 ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2361 count = be32_to_cpu(hdr->size);
2362 err = b43_write_initvals(dev, ivals, count,
2363 fw->initvals.data->size - hdr_len);
2366 if (fw->initvals_band.data) {
2367 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2368 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2369 count = be32_to_cpu(hdr->size);
2370 err = b43_write_initvals(dev, ivals, count,
2371 fw->initvals_band.data->size - hdr_len);
2380 /* Initialize the GPIOs
2381 * http://bcm-specs.sipsolutions.net/GPIO
2383 static int b43_gpio_init(struct b43_wldev *dev)
2385 struct ssb_bus *bus = dev->dev->bus;
2386 struct ssb_device *gpiodev, *pcidev = NULL;
2389 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2390 & ~B43_MACCTL_GPOUTSMSK);
2392 b43_write16(dev, B43_MMIO_GPIO_MASK, b43_read16(dev, B43_MMIO_GPIO_MASK)
2397 if (dev->dev->bus->chip_id == 0x4301) {
2401 if (0 /* FIXME: conditional unknown */ ) {
2402 b43_write16(dev, B43_MMIO_GPIO_MASK,
2403 b43_read16(dev, B43_MMIO_GPIO_MASK)
2408 if (dev->dev->bus->sprom.boardflags_lo & B43_BFL_PACTRL) {
2409 b43_write16(dev, B43_MMIO_GPIO_MASK,
2410 b43_read16(dev, B43_MMIO_GPIO_MASK)
2415 if (dev->dev->id.revision >= 2)
2416 mask |= 0x0010; /* FIXME: This is redundant. */
2418 #ifdef CONFIG_SSB_DRIVER_PCICORE
2419 pcidev = bus->pcicore.dev;
2421 gpiodev = bus->chipco.dev ? : pcidev;
2424 ssb_write32(gpiodev, B43_GPIO_CONTROL,
2425 (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2431 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2432 static void b43_gpio_cleanup(struct b43_wldev *dev)
2434 struct ssb_bus *bus = dev->dev->bus;
2435 struct ssb_device *gpiodev, *pcidev = NULL;
2437 #ifdef CONFIG_SSB_DRIVER_PCICORE
2438 pcidev = bus->pcicore.dev;
2440 gpiodev = bus->chipco.dev ? : pcidev;
2443 ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2446 /* http://bcm-specs.sipsolutions.net/EnableMac */
2447 void b43_mac_enable(struct b43_wldev *dev)
2449 if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2452 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2453 B43_SHM_SH_UCODESTAT);
2454 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2455 (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2456 b43err(dev->wl, "b43_mac_enable(): The firmware "
2457 "should be suspended, but current state is %u\n",
2462 dev->mac_suspended--;
2463 B43_WARN_ON(dev->mac_suspended < 0);
2464 if (dev->mac_suspended == 0) {
2465 b43_write32(dev, B43_MMIO_MACCTL,
2466 b43_read32(dev, B43_MMIO_MACCTL)
2467 | B43_MACCTL_ENABLED);
2468 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2469 B43_IRQ_MAC_SUSPENDED);
2471 b43_read32(dev, B43_MMIO_MACCTL);
2472 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2473 b43_power_saving_ctl_bits(dev, 0);
2477 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2478 void b43_mac_suspend(struct b43_wldev *dev)
2484 B43_WARN_ON(dev->mac_suspended < 0);
2486 if (dev->mac_suspended == 0) {
2487 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2488 b43_write32(dev, B43_MMIO_MACCTL,
2489 b43_read32(dev, B43_MMIO_MACCTL)
2490 & ~B43_MACCTL_ENABLED);
2491 /* force pci to flush the write */
2492 b43_read32(dev, B43_MMIO_MACCTL);
2493 for (i = 35; i; i--) {
2494 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2495 if (tmp & B43_IRQ_MAC_SUSPENDED)
2499 /* Hm, it seems this will take some time. Use msleep(). */
2500 for (i = 40; i; i--) {
2501 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2502 if (tmp & B43_IRQ_MAC_SUSPENDED)
2506 b43err(dev->wl, "MAC suspend failed\n");
2509 dev->mac_suspended++;
2512 static void b43_adjust_opmode(struct b43_wldev *dev)
2514 struct b43_wl *wl = dev->wl;
2518 ctl = b43_read32(dev, B43_MMIO_MACCTL);
2519 /* Reset status to STA infrastructure mode. */
2520 ctl &= ~B43_MACCTL_AP;
2521 ctl &= ~B43_MACCTL_KEEP_CTL;
2522 ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2523 ctl &= ~B43_MACCTL_KEEP_BAD;
2524 ctl &= ~B43_MACCTL_PROMISC;
2525 ctl &= ~B43_MACCTL_BEACPROMISC;
2526 ctl |= B43_MACCTL_INFRA;
2528 if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
2529 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
2530 ctl |= B43_MACCTL_AP;
2531 else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
2532 ctl &= ~B43_MACCTL_INFRA;
2534 if (wl->filter_flags & FIF_CONTROL)
2535 ctl |= B43_MACCTL_KEEP_CTL;
2536 if (wl->filter_flags & FIF_FCSFAIL)
2537 ctl |= B43_MACCTL_KEEP_BAD;
2538 if (wl->filter_flags & FIF_PLCPFAIL)
2539 ctl |= B43_MACCTL_KEEP_BADPLCP;
2540 if (wl->filter_flags & FIF_PROMISC_IN_BSS)
2541 ctl |= B43_MACCTL_PROMISC;
2542 if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2543 ctl |= B43_MACCTL_BEACPROMISC;
2545 /* Workaround: On old hardware the HW-MAC-address-filter
2546 * doesn't work properly, so always run promisc in filter
2547 * it in software. */
2548 if (dev->dev->id.revision <= 4)
2549 ctl |= B43_MACCTL_PROMISC;
2551 b43_write32(dev, B43_MMIO_MACCTL, ctl);
2554 if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2555 if (dev->dev->bus->chip_id == 0x4306 &&
2556 dev->dev->bus->chip_rev == 3)
2561 b43_write16(dev, 0x612, cfp_pretbtt);
2564 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
2570 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
2573 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
2575 b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
2576 b43_shm_read16(dev, B43_SHM_SHARED, offset));
2579 static void b43_rate_memory_init(struct b43_wldev *dev)
2581 switch (dev->phy.type) {
2585 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
2586 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
2587 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
2588 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
2589 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
2590 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
2591 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
2592 if (dev->phy.type == B43_PHYTYPE_A)
2596 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
2597 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
2598 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
2599 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
2606 /* Set the default values for the PHY TX Control Words. */
2607 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
2611 ctl |= B43_TXH_PHY_ENC_CCK;
2612 ctl |= B43_TXH_PHY_ANT01AUTO;
2613 ctl |= B43_TXH_PHY_TXPWR;
2615 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
2616 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
2617 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
2620 /* Set the TX-Antenna for management frames sent by firmware. */
2621 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
2626 ant = b43_antenna_to_phyctl(antenna);
2629 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
2630 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2631 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
2632 /* For Probe Resposes */
2633 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
2634 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2635 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
2638 /* This is the opposite of b43_chip_init() */
2639 static void b43_chip_exit(struct b43_wldev *dev)
2642 b43_gpio_cleanup(dev);
2643 /* firmware is released later */
2646 /* Initialize the chip
2647 * http://bcm-specs.sipsolutions.net/ChipInit
2649 static int b43_chip_init(struct b43_wldev *dev)
2651 struct b43_phy *phy = &dev->phy;
2653 u32 value32, macctl;
2656 /* Initialize the MAC control */
2657 macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
2659 macctl |= B43_MACCTL_GMODE;
2660 macctl |= B43_MACCTL_INFRA;
2661 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2663 err = b43_request_firmware(dev);
2666 err = b43_upload_microcode(dev);
2668 goto out; /* firmware is released later */
2670 err = b43_gpio_init(dev);
2672 goto out; /* firmware is released later */
2674 err = b43_upload_initvals(dev);
2676 goto err_gpio_clean;
2678 /* Turn the Analog on and initialize the PHY. */
2679 phy->ops->switch_analog(dev, 1);
2680 err = b43_phy_init(dev);
2682 goto err_gpio_clean;
2684 /* Disable Interference Mitigation. */
2685 if (phy->ops->interf_mitigation)
2686 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
2688 /* Select the antennae */
2689 if (phy->ops->set_rx_antenna)
2690 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
2691 b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
2693 if (phy->type == B43_PHYTYPE_B) {
2694 value16 = b43_read16(dev, 0x005E);
2696 b43_write16(dev, 0x005E, value16);
2698 b43_write32(dev, 0x0100, 0x01000000);
2699 if (dev->dev->id.revision < 5)
2700 b43_write32(dev, 0x010C, 0x01000000);
2702 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2703 & ~B43_MACCTL_INFRA);
2704 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2705 | B43_MACCTL_INFRA);
2707 /* Probe Response Timeout value */
2708 /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
2709 b43_shm_write16(dev, B43_SHM_SHARED, 0x0074, 0x0000);
2711 /* Initially set the wireless operation mode. */
2712 b43_adjust_opmode(dev);
2714 if (dev->dev->id.revision < 3) {
2715 b43_write16(dev, 0x060E, 0x0000);
2716 b43_write16(dev, 0x0610, 0x8000);
2717 b43_write16(dev, 0x0604, 0x0000);
2718 b43_write16(dev, 0x0606, 0x0200);
2720 b43_write32(dev, 0x0188, 0x80000000);
2721 b43_write32(dev, 0x018C, 0x02000000);
2723 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
2724 b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001DC00);
2725 b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
2726 b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
2727 b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
2728 b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
2729 b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
2731 value32 = ssb_read32(dev->dev, SSB_TMSLOW);
2732 value32 |= 0x00100000;
2733 ssb_write32(dev->dev, SSB_TMSLOW, value32);
2735 b43_write16(dev, B43_MMIO_POWERUP_DELAY,
2736 dev->dev->bus->chipco.fast_pwrup_delay);
2739 b43dbg(dev->wl, "Chip initialized\n");
2744 b43_gpio_cleanup(dev);
2748 static void b43_periodic_every60sec(struct b43_wldev *dev)
2750 const struct b43_phy_operations *ops = dev->phy.ops;
2752 if (ops->pwork_60sec)
2753 ops->pwork_60sec(dev);
2755 /* Force check the TX power emission now. */
2756 b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
2759 static void b43_periodic_every30sec(struct b43_wldev *dev)
2761 /* Update device statistics. */
2762 b43_calculate_link_quality(dev);
2765 static void b43_periodic_every15sec(struct b43_wldev *dev)
2767 struct b43_phy *phy = &dev->phy;
2770 if (dev->fw.opensource) {
2771 /* Check if the firmware is still alive.
2772 * It will reset the watchdog counter to 0 in its idle loop. */
2773 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
2774 if (unlikely(wdr)) {
2775 b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
2776 b43_controller_restart(dev, "Firmware watchdog");
2779 b43_shm_write16(dev, B43_SHM_SCRATCH,
2780 B43_WATCHDOG_REG, 1);
2784 if (phy->ops->pwork_15sec)
2785 phy->ops->pwork_15sec(dev);
2787 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
2791 static void do_periodic_work(struct b43_wldev *dev)
2795 state = dev->periodic_state;
2797 b43_periodic_every60sec(dev);
2799 b43_periodic_every30sec(dev);
2800 b43_periodic_every15sec(dev);
2803 /* Periodic work locking policy:
2804 * The whole periodic work handler is protected by
2805 * wl->mutex. If another lock is needed somewhere in the
2806 * pwork callchain, it's aquired in-place, where it's needed.
2808 static void b43_periodic_work_handler(struct work_struct *work)
2810 struct b43_wldev *dev = container_of(work, struct b43_wldev,
2811 periodic_work.work);
2812 struct b43_wl *wl = dev->wl;
2813 unsigned long delay;
2815 mutex_lock(&wl->mutex);
2817 if (unlikely(b43_status(dev) != B43_STAT_STARTED))
2819 if (b43_debug(dev, B43_DBG_PWORK_STOP))
2822 do_periodic_work(dev);
2824 dev->periodic_state++;
2826 if (b43_debug(dev, B43_DBG_PWORK_FAST))
2827 delay = msecs_to_jiffies(50);
2829 delay = round_jiffies_relative(HZ * 15);
2830 queue_delayed_work(wl->hw->workqueue, &dev->periodic_work, delay);
2832 mutex_unlock(&wl->mutex);
2835 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
2837 struct delayed_work *work = &dev->periodic_work;
2839 dev->periodic_state = 0;
2840 INIT_DELAYED_WORK(work, b43_periodic_work_handler);
2841 queue_delayed_work(dev->wl->hw->workqueue, work, 0);
2844 /* Check if communication with the device works correctly. */
2845 static int b43_validate_chipaccess(struct b43_wldev *dev)
2849 backup = b43_shm_read32(dev, B43_SHM_SHARED, 0);
2851 /* Check for read/write and endianness problems. */
2852 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
2853 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
2855 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
2856 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
2859 b43_shm_write32(dev, B43_SHM_SHARED, 0, backup);
2861 if ((dev->dev->id.revision >= 3) && (dev->dev->id.revision <= 10)) {
2862 /* The 32bit register shadows the two 16bit registers
2863 * with update sideeffects. Validate this. */
2864 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
2865 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
2866 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
2868 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
2871 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
2873 v = b43_read32(dev, B43_MMIO_MACCTL);
2874 v |= B43_MACCTL_GMODE;
2875 if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
2880 b43err(dev->wl, "Failed to validate the chipaccess\n");
2884 static void b43_security_init(struct b43_wldev *dev)
2886 dev->max_nr_keys = (dev->dev->id.revision >= 5) ? 58 : 20;
2887 B43_WARN_ON(dev->max_nr_keys > ARRAY_SIZE(dev->key));
2888 dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
2889 /* KTP is a word address, but we address SHM bytewise.
2890 * So multiply by two.
2893 if (dev->dev->id.revision >= 5) {
2894 /* Number of RCMTA address slots */
2895 b43_write16(dev, B43_MMIO_RCMTA_COUNT, dev->max_nr_keys - 8);
2897 b43_clear_keys(dev);
2900 static int b43_rng_read(struct hwrng *rng, u32 * data)
2902 struct b43_wl *wl = (struct b43_wl *)rng->priv;
2903 unsigned long flags;
2905 /* Don't take wl->mutex here, as it could deadlock with
2906 * hwrng internal locking. It's not needed to take
2907 * wl->mutex here, anyway. */
2909 spin_lock_irqsave(&wl->irq_lock, flags);
2910 *data = b43_read16(wl->current_dev, B43_MMIO_RNG);
2911 spin_unlock_irqrestore(&wl->irq_lock, flags);
2913 return (sizeof(u16));
2916 static void b43_rng_exit(struct b43_wl *wl)
2918 if (wl->rng_initialized)
2919 hwrng_unregister(&wl->rng);
2922 static int b43_rng_init(struct b43_wl *wl)
2926 snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
2927 "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
2928 wl->rng.name = wl->rng_name;
2929 wl->rng.data_read = b43_rng_read;
2930 wl->rng.priv = (unsigned long)wl;
2931 wl->rng_initialized = 1;
2932 err = hwrng_register(&wl->rng);
2934 wl->rng_initialized = 0;
2935 b43err(wl, "Failed to register the random "
2936 "number generator (%d)\n", err);
2942 static int b43_op_tx(struct ieee80211_hw *hw,
2943 struct sk_buff *skb)
2945 struct b43_wl *wl = hw_to_b43_wl(hw);
2946 struct b43_wldev *dev = wl->current_dev;
2947 unsigned long flags;
2950 if (unlikely(skb->len < 2 + 2 + 6)) {
2951 /* Too short, this can't be a valid frame. */
2954 B43_WARN_ON(skb_shinfo(skb)->nr_frags);
2958 /* Transmissions on seperate queues can run concurrently. */
2959 read_lock_irqsave(&wl->tx_lock, flags);
2962 if (likely(b43_status(dev) >= B43_STAT_STARTED)) {
2963 if (b43_using_pio_transfers(dev))
2964 err = b43_pio_tx(dev, skb);
2966 err = b43_dma_tx(dev, skb);
2969 read_unlock_irqrestore(&wl->tx_lock, flags);
2973 return NETDEV_TX_OK;
2976 /* We can not transmit this packet. Drop it. */
2977 dev_kfree_skb_any(skb);
2978 return NETDEV_TX_OK;
2981 /* Locking: wl->irq_lock */
2982 static void b43_qos_params_upload(struct b43_wldev *dev,
2983 const struct ieee80211_tx_queue_params *p,
2986 u16 params[B43_NR_QOSPARAMS];
2990 bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
2992 memset(¶ms, 0, sizeof(params));
2994 params[B43_QOSPARAM_TXOP] = p->txop * 32;
2995 params[B43_QOSPARAM_CWMIN] = p->cw_min;
2996 params[B43_QOSPARAM_CWMAX] = p->cw_max;
2997 params[B43_QOSPARAM_CWCUR] = p->cw_min;
2998 params[B43_QOSPARAM_AIFS] = p->aifs;
2999 params[B43_QOSPARAM_BSLOTS] = bslots;
3000 params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3002 for (i = 0; i < ARRAY_SIZE(params); i++) {
3003 if (i == B43_QOSPARAM_STATUS) {
3004 tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3005 shm_offset + (i * 2));
3006 /* Mark the parameters as updated. */
3008 b43_shm_write16(dev, B43_SHM_SHARED,
3009 shm_offset + (i * 2),
3012 b43_shm_write16(dev, B43_SHM_SHARED,
3013 shm_offset + (i * 2),
3019 /* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3020 static const u16 b43_qos_shm_offsets[] = {
3021 /* [mac80211-queue-nr] = SHM_OFFSET, */
3022 [0] = B43_QOS_VOICE,
3023 [1] = B43_QOS_VIDEO,
3024 [2] = B43_QOS_BESTEFFORT,
3025 [3] = B43_QOS_BACKGROUND,
3028 /* Update all QOS parameters in hardware. */
3029 static void b43_qos_upload_all(struct b43_wldev *dev)
3031 struct b43_wl *wl = dev->wl;
3032 struct b43_qos_params *params;
3035 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3036 ARRAY_SIZE(wl->qos_params));
3038 b43_mac_suspend(dev);
3039 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3040 params = &(wl->qos_params[i]);
3041 b43_qos_params_upload(dev, &(params->p),
3042 b43_qos_shm_offsets[i]);
3044 b43_mac_enable(dev);
3047 static void b43_qos_clear(struct b43_wl *wl)
3049 struct b43_qos_params *params;
3052 /* Initialize QoS parameters to sane defaults. */
3054 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3055 ARRAY_SIZE(wl->qos_params));
3057 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3058 params = &(wl->qos_params[i]);
3060 switch (b43_qos_shm_offsets[i]) {
3064 params->p.cw_min = 0x0001;
3065 params->p.cw_max = 0x0001;
3070 params->p.cw_min = 0x0001;
3071 params->p.cw_max = 0x0001;
3073 case B43_QOS_BESTEFFORT:
3076 params->p.cw_min = 0x0001;
3077 params->p.cw_max = 0x03FF;
3079 case B43_QOS_BACKGROUND:
3082 params->p.cw_min = 0x0001;
3083 params->p.cw_max = 0x03FF;
3091 /* Initialize the core's QOS capabilities */
3092 static void b43_qos_init(struct b43_wldev *dev)
3094 /* Upload the current QOS parameters. */
3095 b43_qos_upload_all(dev);
3097 /* Enable QOS support. */
3098 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3099 b43_write16(dev, B43_MMIO_IFSCTL,
3100 b43_read16(dev, B43_MMIO_IFSCTL)
3101 | B43_MMIO_IFSCTL_USE_EDCF);
3104 static int b43_op_conf_tx(struct ieee80211_hw *hw, u16 _queue,
3105 const struct ieee80211_tx_queue_params *params)
3107 struct b43_wl *wl = hw_to_b43_wl(hw);
3108 struct b43_wldev *dev;
3109 unsigned int queue = (unsigned int)_queue;
3112 if (queue >= ARRAY_SIZE(wl->qos_params)) {
3113 /* Queue not available or don't support setting
3114 * params on this queue. Return success to not
3115 * confuse mac80211. */
3118 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3119 ARRAY_SIZE(wl->qos_params));
3121 mutex_lock(&wl->mutex);
3122 dev = wl->current_dev;
3123 if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3126 memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3127 b43_mac_suspend(dev);
3128 b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3129 b43_qos_shm_offsets[queue]);
3130 b43_mac_enable(dev);
3134 mutex_unlock(&wl->mutex);
3139 static int b43_op_get_tx_stats(struct ieee80211_hw *hw,
3140 struct ieee80211_tx_queue_stats *stats)
3142 struct b43_wl *wl = hw_to_b43_wl(hw);
3143 struct b43_wldev *dev = wl->current_dev;
3144 unsigned long flags;
3149 spin_lock_irqsave(&wl->irq_lock, flags);
3150 if (likely(b43_status(dev) >= B43_STAT_STARTED)) {
3151 if (b43_using_pio_transfers(dev))
3152 b43_pio_get_tx_stats(dev, stats);
3154 b43_dma_get_tx_stats(dev, stats);
3157 spin_unlock_irqrestore(&wl->irq_lock, flags);
3162 static int b43_op_get_stats(struct ieee80211_hw *hw,
3163 struct ieee80211_low_level_stats *stats)
3165 struct b43_wl *wl = hw_to_b43_wl(hw);
3166 unsigned long flags;
3168 spin_lock_irqsave(&wl->irq_lock, flags);
3169 memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3170 spin_unlock_irqrestore(&wl->irq_lock, flags);
3175 static void b43_put_phy_into_reset(struct b43_wldev *dev)
3177 struct ssb_device *sdev = dev->dev;
3180 tmslow = ssb_read32(sdev, SSB_TMSLOW);
3181 tmslow &= ~B43_TMSLOW_GMODE;
3182 tmslow |= B43_TMSLOW_PHYRESET;
3183 tmslow |= SSB_TMSLOW_FGC;
3184 ssb_write32(sdev, SSB_TMSLOW, tmslow);
3187 tmslow = ssb_read32(sdev, SSB_TMSLOW);
3188 tmslow &= ~SSB_TMSLOW_FGC;
3189 tmslow |= B43_TMSLOW_PHYRESET;
3190 ssb_write32(sdev, SSB_TMSLOW, tmslow);
3194 static const char * band_to_string(enum ieee80211_band band)
3197 case IEEE80211_BAND_5GHZ:
3199 case IEEE80211_BAND_2GHZ:
3208 /* Expects wl->mutex locked */
3209 static int b43_switch_band(struct b43_wl *wl, struct ieee80211_channel *chan)
3211 struct b43_wldev *up_dev = NULL;
3212 struct b43_wldev *down_dev;
3213 struct b43_wldev *d;
3215 bool uninitialized_var(gmode);
3218 /* Find a device and PHY which supports the band. */
3219 list_for_each_entry(d, &wl->devlist, list) {
3220 switch (chan->band) {
3221 case IEEE80211_BAND_5GHZ:
3222 if (d->phy.supports_5ghz) {
3227 case IEEE80211_BAND_2GHZ:
3228 if (d->phy.supports_2ghz) {
3241 b43err(wl, "Could not find a device for %s-GHz band operation\n",
3242 band_to_string(chan->band));
3245 if ((up_dev == wl->current_dev) &&
3246 (!!wl->current_dev->phy.gmode == !!gmode)) {
3247 /* This device is already running. */
3250 b43dbg(wl, "Switching to %s-GHz band\n",
3251 band_to_string(chan->band));
3252 down_dev = wl->current_dev;
3254 prev_status = b43_status(down_dev);
3255 /* Shutdown the currently running core. */
3256 if (prev_status >= B43_STAT_STARTED)
3257 b43_wireless_core_stop(down_dev);
3258 if (prev_status >= B43_STAT_INITIALIZED)
3259 b43_wireless_core_exit(down_dev);
3261 if (down_dev != up_dev) {
3262 /* We switch to a different core, so we put PHY into
3263 * RESET on the old core. */
3264 b43_put_phy_into_reset(down_dev);
3267 /* Now start the new core. */
3268 up_dev->phy.gmode = gmode;
3269 if (prev_status >= B43_STAT_INITIALIZED) {
3270 err = b43_wireless_core_init(up_dev);
3272 b43err(wl, "Fatal: Could not initialize device for "
3273 "selected %s-GHz band\n",
3274 band_to_string(chan->band));
3278 if (prev_status >= B43_STAT_STARTED) {
3279 err = b43_wireless_core_start(up_dev);
3281 b43err(wl, "Fatal: Coult not start device for "
3282 "selected %s-GHz band\n",
3283 band_to_string(chan->band));
3284 b43_wireless_core_exit(up_dev);
3288 B43_WARN_ON(b43_status(up_dev) != prev_status);
3290 wl->current_dev = up_dev;
3294 /* Whoops, failed to init the new core. No core is operating now. */
3295 wl->current_dev = NULL;
3299 /* Write the short and long frame retry limit values. */
3300 static void b43_set_retry_limits(struct b43_wldev *dev,
3301 unsigned int short_retry,
3302 unsigned int long_retry)
3304 /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3305 * the chip-internal counter. */
3306 short_retry = min(short_retry, (unsigned int)0xF);
3307 long_retry = min(long_retry, (unsigned int)0xF);
3309 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3311 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3315 static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3317 struct b43_wl *wl = hw_to_b43_wl(hw);
3318 struct b43_wldev *dev;
3319 struct b43_phy *phy;
3320 struct ieee80211_conf *conf = &hw->conf;
3321 unsigned long flags;
3325 mutex_lock(&wl->mutex);
3327 /* Switch the band (if necessary). This might change the active core. */
3328 err = b43_switch_band(wl, conf->channel);
3330 goto out_unlock_mutex;
3331 dev = wl->current_dev;
3334 b43_mac_suspend(dev);
3336 if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
3337 b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
3338 conf->long_frame_max_tx_count);
3339 changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
3341 goto out_mac_enable;
3343 /* Switch to the requested channel.
3344 * The firmware takes care of races with the TX handler. */
3345 if (conf->channel->hw_value != phy->channel)
3346 b43_switch_channel(dev, conf->channel->hw_value);
3348 dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_RADIOTAP);
3350 /* Adjust the desired TX power level. */
3351 if (conf->power_level != 0) {
3352 spin_lock_irqsave(&wl->irq_lock, flags);
3353 if (conf->power_level != phy->desired_txpower) {
3354 phy->desired_txpower = conf->power_level;
3355 b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
3356 B43_TXPWR_IGNORE_TSSI);
3358 spin_unlock_irqrestore(&wl->irq_lock, flags);
3361 /* Antennas for RX and management frame TX. */
3362 antenna = B43_ANTENNA_DEFAULT;
3363 b43_mgmtframe_txantenna(dev, antenna);
3364 antenna = B43_ANTENNA_DEFAULT;
3365 if (phy->ops->set_rx_antenna)
3366 phy->ops->set_rx_antenna(dev, antenna);
3368 /* Update templates for AP/mesh mode. */
3369 if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3370 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
3371 b43_set_beacon_int(dev, conf->beacon_int);
3373 if (!!conf->radio_enabled != phy->radio_on) {
3374 if (conf->radio_enabled) {
3375 b43_software_rfkill(dev, RFKILL_STATE_UNBLOCKED);
3376 b43info(dev->wl, "Radio turned on by software\n");
3377 if (!dev->radio_hw_enable) {
3378 b43info(dev->wl, "The hardware RF-kill button "
3379 "still turns the radio physically off. "
3380 "Press the button to turn it on.\n");
3383 b43_software_rfkill(dev, RFKILL_STATE_SOFT_BLOCKED);
3384 b43info(dev->wl, "Radio turned off by software\n");
3389 b43_mac_enable(dev);
3391 mutex_unlock(&wl->mutex);
3396 static void b43_update_basic_rates(struct b43_wldev *dev, u64 brates)
3398 struct ieee80211_supported_band *sband =
3399 dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
3400 struct ieee80211_rate *rate;
3402 u16 basic, direct, offset, basic_offset, rateptr;
3404 for (i = 0; i < sband->n_bitrates; i++) {
3405 rate = &sband->bitrates[i];
3407 if (b43_is_cck_rate(rate->hw_value)) {
3408 direct = B43_SHM_SH_CCKDIRECT;
3409 basic = B43_SHM_SH_CCKBASIC;
3410 offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3413 direct = B43_SHM_SH_OFDMDIRECT;
3414 basic = B43_SHM_SH_OFDMBASIC;
3415 offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3419 rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
3421 if (b43_is_cck_rate(rate->hw_value)) {
3422 basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3423 basic_offset &= 0xF;
3425 basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3426 basic_offset &= 0xF;
3430 * Get the pointer that we need to point to
3431 * from the direct map
3433 rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
3434 direct + 2 * basic_offset);
3435 /* and write it to the basic map */
3436 b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
3441 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
3442 struct ieee80211_vif *vif,
3443 struct ieee80211_bss_conf *conf,
3446 struct b43_wl *wl = hw_to_b43_wl(hw);
3447 struct b43_wldev *dev;
3449 mutex_lock(&wl->mutex);
3451 dev = wl->current_dev;
3452 if (!dev || b43_status(dev) < B43_STAT_STARTED)
3453 goto out_unlock_mutex;
3454 b43_mac_suspend(dev);
3456 if (changed & BSS_CHANGED_BASIC_RATES)
3457 b43_update_basic_rates(dev, conf->basic_rates);
3459 if (changed & BSS_CHANGED_ERP_SLOT) {
3460 if (conf->use_short_slot)
3461 b43_short_slot_timing_enable(dev);
3463 b43_short_slot_timing_disable(dev);
3466 b43_mac_enable(dev);
3468 mutex_unlock(&wl->mutex);
3473 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
3474 const u8 *local_addr, const u8 *addr,
3475 struct ieee80211_key_conf *key)
3477 struct b43_wl *wl = hw_to_b43_wl(hw);
3478 struct b43_wldev *dev;
3483 if (modparam_nohwcrypt)
3484 return -ENOSPC; /* User disabled HW-crypto */
3486 mutex_lock(&wl->mutex);
3487 spin_lock_irq(&wl->irq_lock);
3488 write_lock(&wl->tx_lock);
3489 /* Why do we need all this locking here?
3490 * mutex -> Every config operation must take it.
3491 * irq_lock -> We modify the dev->key array, which is accessed
3492 * in the IRQ handlers.
3493 * tx_lock -> We modify the dev->key array, which is accessed
3494 * in the TX handler.
3497 dev = wl->current_dev;
3499 if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
3502 if (dev->fw.pcm_request_failed) {
3503 /* We don't have firmware for the crypto engine.
3504 * Must use software-crypto. */
3512 if (key->keylen == LEN_WEP40)
3513 algorithm = B43_SEC_ALGO_WEP40;
3515 algorithm = B43_SEC_ALGO_WEP104;
3518 algorithm = B43_SEC_ALGO_TKIP;
3521 algorithm = B43_SEC_ALGO_AES;
3527 index = (u8) (key->keyidx);
3533 if (algorithm == B43_SEC_ALGO_TKIP) {
3534 /* FIXME: No TKIP hardware encryption for now. */
3539 if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
3540 /* Pairwise key with an assigned MAC address. */
3541 err = b43_key_write(dev, -1, algorithm,
3542 key->key, key->keylen, addr, key);
3545 err = b43_key_write(dev, index, algorithm,
3546 key->key, key->keylen, NULL, key);
3551 if (algorithm == B43_SEC_ALGO_WEP40 ||
3552 algorithm == B43_SEC_ALGO_WEP104) {
3553 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
3556 b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
3558 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
3561 err = b43_key_clear(dev, key->hw_key_idx);
3572 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
3574 cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
3576 b43_dump_keymemory(dev);
3578 write_unlock(&wl->tx_lock);
3579 spin_unlock_irq(&wl->irq_lock);
3580 mutex_unlock(&wl->mutex);
3585 static void b43_op_configure_filter(struct ieee80211_hw *hw,
3586 unsigned int changed, unsigned int *fflags,
3587 int mc_count, struct dev_addr_list *mc_list)
3589 struct b43_wl *wl = hw_to_b43_wl(hw);
3590 struct b43_wldev *dev = wl->current_dev;
3591 unsigned long flags;
3598 spin_lock_irqsave(&wl->irq_lock, flags);
3599 *fflags &= FIF_PROMISC_IN_BSS |
3605 FIF_BCN_PRBRESP_PROMISC;
3607 changed &= FIF_PROMISC_IN_BSS |
3613 FIF_BCN_PRBRESP_PROMISC;
3615 wl->filter_flags = *fflags;
3617 if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
3618 b43_adjust_opmode(dev);
3619 spin_unlock_irqrestore(&wl->irq_lock, flags);
3622 static int b43_op_config_interface(struct ieee80211_hw *hw,
3623 struct ieee80211_vif *vif,
3624 struct ieee80211_if_conf *conf)
3626 struct b43_wl *wl = hw_to_b43_wl(hw);
3627 struct b43_wldev *dev = wl->current_dev;
3628 unsigned long flags;
3632 mutex_lock(&wl->mutex);
3633 spin_lock_irqsave(&wl->irq_lock, flags);
3634 B43_WARN_ON(wl->vif != vif);
3636 memcpy(wl->bssid, conf->bssid, ETH_ALEN);
3638 memset(wl->bssid, 0, ETH_ALEN);
3639 if (b43_status(dev) >= B43_STAT_INITIALIZED) {
3640 if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3641 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT)) {
3642 B43_WARN_ON(vif->type != wl->if_type);
3643 if (conf->changed & IEEE80211_IFCC_BEACON)
3644 b43_update_templates(wl);
3645 } else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC)) {
3646 if (conf->changed & IEEE80211_IFCC_BEACON)
3647 b43_update_templates(wl);
3649 b43_write_mac_bssid_templates(dev);
3651 spin_unlock_irqrestore(&wl->irq_lock, flags);
3652 mutex_unlock(&wl->mutex);
3657 /* Locking: wl->mutex */
3658 static void b43_wireless_core_stop(struct b43_wldev *dev)
3660 struct b43_wl *wl = dev->wl;
3661 unsigned long flags;
3663 if (b43_status(dev) < B43_STAT_STARTED)
3666 /* Disable and sync interrupts. We must do this before than
3667 * setting the status to INITIALIZED, as the interrupt handler
3668 * won't care about IRQs then. */
3669 spin_lock_irqsave(&wl->irq_lock, flags);
3670 dev->irq_savedstate = b43_interrupt_disable(dev, B43_IRQ_ALL);
3671 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* flush */
3672 spin_unlock_irqrestore(&wl->irq_lock, flags);
3673 b43_synchronize_irq(dev);
3675 write_lock_irqsave(&wl->tx_lock, flags);
3676 b43_set_status(dev, B43_STAT_INITIALIZED);
3677 write_unlock_irqrestore(&wl->tx_lock, flags);
3680 mutex_unlock(&wl->mutex);
3681 /* Must unlock as it would otherwise deadlock. No races here.
3682 * Cancel the possibly running self-rearming periodic work. */
3683 cancel_delayed_work_sync(&dev->periodic_work);
3684 mutex_lock(&wl->mutex);
3686 b43_mac_suspend(dev);
3687 free_irq(dev->dev->irq, dev);
3688 b43dbg(wl, "Wireless interface stopped\n");
3691 /* Locking: wl->mutex */
3692 static int b43_wireless_core_start(struct b43_wldev *dev)
3696 B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
3698 drain_txstatus_queue(dev);
3699 err = request_irq(dev->dev->irq, b43_interrupt_handler,
3700 IRQF_SHARED, KBUILD_MODNAME, dev);
3702 b43err(dev->wl, "Cannot request IRQ-%d\n", dev->dev->irq);
3706 /* We are ready to run. */
3707 b43_set_status(dev, B43_STAT_STARTED);
3709 /* Start data flow (TX/RX). */
3710 b43_mac_enable(dev);
3711 b43_interrupt_enable(dev, dev->irq_savedstate);
3713 /* Start maintainance work */
3714 b43_periodic_tasks_setup(dev);
3716 b43dbg(dev->wl, "Wireless interface started\n");
3721 /* Get PHY and RADIO versioning numbers */
3722 static int b43_phy_versioning(struct b43_wldev *dev)
3724 struct b43_phy *phy = &dev->phy;
3732 int unsupported = 0;
3734 /* Get PHY versioning */
3735 tmp = b43_read16(dev, B43_MMIO_PHY_VER);
3736 analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
3737 phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
3738 phy_rev = (tmp & B43_PHYVER_VERSION);
3745 if (phy_rev != 2 && phy_rev != 4 && phy_rev != 6
3753 #ifdef CONFIG_B43_NPHY
3763 b43err(dev->wl, "FOUND UNSUPPORTED PHY "
3764 "(Analog %u, Type %u, Revision %u)\n",
3765 analog_type, phy_type, phy_rev);
3768 b43dbg(dev->wl, "Found PHY: Analog %u, Type %u, Revision %u\n",
3769 analog_type, phy_type, phy_rev);
3771 /* Get RADIO versioning */
3772 if (dev->dev->bus->chip_id == 0x4317) {
3773 if (dev->dev->bus->chip_rev == 0)
3775 else if (dev->dev->bus->chip_rev == 1)
3780 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
3781 tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
3782 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
3783 tmp |= (u32)b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH) << 16;
3785 radio_manuf = (tmp & 0x00000FFF);
3786 radio_ver = (tmp & 0x0FFFF000) >> 12;
3787 radio_rev = (tmp & 0xF0000000) >> 28;
3788 if (radio_manuf != 0x17F /* Broadcom */)
3792 if (radio_ver != 0x2060)
3796 if (radio_manuf != 0x17F)
3800 if ((radio_ver & 0xFFF0) != 0x2050)
3804 if (radio_ver != 0x2050)
3808 if (radio_ver != 0x2055 && radio_ver != 0x2056)
3815 b43err(dev->wl, "FOUND UNSUPPORTED RADIO "
3816 "(Manuf 0x%X, Version 0x%X, Revision %u)\n",
3817 radio_manuf, radio_ver, radio_rev);
3820 b43dbg(dev->wl, "Found Radio: Manuf 0x%X, Version 0x%X, Revision %u\n",
3821 radio_manuf, radio_ver, radio_rev);
3823 phy->radio_manuf = radio_manuf;
3824 phy->radio_ver = radio_ver;
3825 phy->radio_rev = radio_rev;
3827 phy->analog = analog_type;
3828 phy->type = phy_type;
3834 static void setup_struct_phy_for_init(struct b43_wldev *dev,
3835 struct b43_phy *phy)
3837 phy->hardware_power_control = !!modparam_hwpctl;
3838 phy->next_txpwr_check_time = jiffies;
3839 /* PHY TX errors counter. */
3840 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3843 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
3847 /* Assume the radio is enabled. If it's not enabled, the state will
3848 * immediately get fixed on the first periodic work run. */
3849 dev->radio_hw_enable = 1;
3852 memset(&dev->stats, 0, sizeof(dev->stats));
3854 setup_struct_phy_for_init(dev, &dev->phy);
3856 /* IRQ related flags */
3857 dev->irq_reason = 0;
3858 memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
3859 dev->irq_savedstate = B43_IRQ_MASKTEMPLATE;
3861 dev->mac_suspended = 1;
3863 /* Noise calculation context */
3864 memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
3867 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
3869 struct ssb_sprom *sprom = &dev->dev->bus->sprom;
3872 if (!modparam_btcoex)
3874 if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
3876 if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
3879 hf = b43_hf_read(dev);
3880 if (sprom->boardflags_lo & B43_BFL_BTCMOD)
3881 hf |= B43_HF_BTCOEXALT;
3883 hf |= B43_HF_BTCOEX;
3884 b43_hf_write(dev, hf);
3887 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
3889 if (!modparam_btcoex)
3894 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
3896 #ifdef CONFIG_SSB_DRIVER_PCICORE
3897 struct ssb_bus *bus = dev->dev->bus;
3900 if (bus->pcicore.dev &&
3901 bus->pcicore.dev->id.coreid == SSB_DEV_PCI &&
3902 bus->pcicore.dev->id.revision <= 5) {
3903 /* IMCFGLO timeouts workaround. */
3904 tmp = ssb_read32(dev->dev, SSB_IMCFGLO);
3905 tmp &= ~SSB_IMCFGLO_REQTO;
3906 tmp &= ~SSB_IMCFGLO_SERTO;
3907 switch (bus->bustype) {
3908 case SSB_BUSTYPE_PCI:
3909 case SSB_BUSTYPE_PCMCIA:
3912 case SSB_BUSTYPE_SSB:
3916 ssb_write32(dev->dev, SSB_IMCFGLO, tmp);
3918 #endif /* CONFIG_SSB_DRIVER_PCICORE */
3921 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
3925 /* The time value is in microseconds. */
3926 if (dev->phy.type == B43_PHYTYPE_A)
3930 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
3932 if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
3933 pu_delay = max(pu_delay, (u16)2400);
3935 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
3938 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
3939 static void b43_set_pretbtt(struct b43_wldev *dev)
3943 /* The time value is in microseconds. */
3944 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC)) {
3947 if (dev->phy.type == B43_PHYTYPE_A)
3952 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
3953 b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
3956 /* Shutdown a wireless core */
3957 /* Locking: wl->mutex */
3958 static void b43_wireless_core_exit(struct b43_wldev *dev)
3962 B43_WARN_ON(b43_status(dev) > B43_STAT_INITIALIZED);
3963 if (b43_status(dev) != B43_STAT_INITIALIZED)
3965 b43_set_status(dev, B43_STAT_UNINIT);
3967 /* Stop the microcode PSM. */
3968 macctl = b43_read32(dev, B43_MMIO_MACCTL);
3969 macctl &= ~B43_MACCTL_PSM_RUN;
3970 macctl |= B43_MACCTL_PSM_JMP0;
3971 b43_write32(dev, B43_MMIO_MACCTL, macctl);
3973 if (!dev->suspend_in_progress) {
3975 b43_rng_exit(dev->wl);
3980 dev->phy.ops->switch_analog(dev, 0);
3981 if (dev->wl->current_beacon) {
3982 dev_kfree_skb_any(dev->wl->current_beacon);
3983 dev->wl->current_beacon = NULL;
3986 ssb_device_disable(dev->dev, 0);
3987 ssb_bus_may_powerdown(dev->dev->bus);
3990 /* Initialize a wireless core */
3991 static int b43_wireless_core_init(struct b43_wldev *dev)
3993 struct b43_wl *wl = dev->wl;
3994 struct ssb_bus *bus = dev->dev->bus;
3995 struct ssb_sprom *sprom = &bus->sprom;
3996 struct b43_phy *phy = &dev->phy;
4001 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4003 err = ssb_bus_powerup(bus, 0);
4006 if (!ssb_device_is_enabled(dev->dev)) {
4007 tmp = phy->gmode ? B43_TMSLOW_GMODE : 0;
4008 b43_wireless_core_reset(dev, tmp);
4011 /* Reset all data structures. */
4012 setup_struct_wldev_for_init(dev);
4013 phy->ops->prepare_structs(dev);
4015 /* Enable IRQ routing to this device. */
4016 ssb_pcicore_dev_irqvecs_enable(&bus->pcicore, dev->dev);
4018 b43_imcfglo_timeouts_workaround(dev);
4019 b43_bluetooth_coext_disable(dev);
4020 if (phy->ops->prepare_hardware) {
4021 err = phy->ops->prepare_hardware(dev);
4025 err = b43_chip_init(dev);
4028 b43_shm_write16(dev, B43_SHM_SHARED,
4029 B43_SHM_SH_WLCOREREV, dev->dev->id.revision);
4030 hf = b43_hf_read(dev);
4031 if (phy->type == B43_PHYTYPE_G) {
4035 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4036 hf |= B43_HF_OFDMPABOOST;
4037 } else if (phy->type == B43_PHYTYPE_B) {
4039 if (phy->rev >= 2 && phy->radio_ver == 0x2050)
4042 b43_hf_write(dev, hf);
4044 b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4045 B43_DEFAULT_LONG_RETRY_LIMIT);
4046 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4047 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4049 /* Disable sending probe responses from firmware.
4050 * Setting the MaxTime to one usec will always trigger
4051 * a timeout, so we never send any probe resp.
4052 * A timeout of zero is infinite. */
4053 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4055 b43_rate_memory_init(dev);
4056 b43_set_phytxctl_defaults(dev);
4058 /* Minimum Contention Window */
4059 if (phy->type == B43_PHYTYPE_B) {
4060 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4062 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4064 /* Maximum Contention Window */
4065 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4067 if ((dev->dev->bus->bustype == SSB_BUSTYPE_PCMCIA) || B43_FORCE_PIO) {
4068 dev->__using_pio_transfers = 1;
4069 err = b43_pio_init(dev);
4071 dev->__using_pio_transfers = 0;
4072 err = b43_dma_init(dev);
4077 b43_set_synth_pu_delay(dev, 1);
4078 b43_bluetooth_coext_enable(dev);
4080 ssb_bus_powerup(bus, 1); /* Enable dynamic PCTL */
4081 b43_upload_card_macaddress(dev);
4082 b43_security_init(dev);
4083 if (!dev->suspend_in_progress)
4086 b43_set_status(dev, B43_STAT_INITIALIZED);
4088 if (!dev->suspend_in_progress)
4096 ssb_bus_may_powerdown(bus);
4097 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4101 static int b43_op_add_interface(struct ieee80211_hw *hw,
4102 struct ieee80211_if_init_conf *conf)
4104 struct b43_wl *wl = hw_to_b43_wl(hw);
4105 struct b43_wldev *dev;
4106 unsigned long flags;
4107 int err = -EOPNOTSUPP;
4109 /* TODO: allow WDS/AP devices to coexist */
4111 if (conf->type != NL80211_IFTYPE_AP &&
4112 conf->type != NL80211_IFTYPE_MESH_POINT &&
4113 conf->type != NL80211_IFTYPE_STATION &&
4114 conf->type != NL80211_IFTYPE_WDS &&
4115 conf->type != NL80211_IFTYPE_ADHOC)
4118 mutex_lock(&wl->mutex);
4120 goto out_mutex_unlock;
4122 b43dbg(wl, "Adding Interface type %d\n", conf->type);
4124 dev = wl->current_dev;
4126 wl->vif = conf->vif;
4127 wl->if_type = conf->type;
4128 memcpy(wl->mac_addr, conf->mac_addr, ETH_ALEN);
4130 spin_lock_irqsave(&wl->irq_lock, flags);
4131 b43_adjust_opmode(dev);
4132 b43_set_pretbtt(dev);
4133 b43_set_synth_pu_delay(dev, 0);
4134 b43_upload_card_macaddress(dev);
4135 spin_unlock_irqrestore(&wl->irq_lock, flags);
4139 mutex_unlock(&wl->mutex);
4144 static void b43_op_remove_interface(struct ieee80211_hw *hw,
4145 struct ieee80211_if_init_conf *conf)
4147 struct b43_wl *wl = hw_to_b43_wl(hw);
4148 struct b43_wldev *dev = wl->current_dev;
4149 unsigned long flags;
4151 b43dbg(wl, "Removing Interface type %d\n", conf->type);
4153 mutex_lock(&wl->mutex);
4155 B43_WARN_ON(!wl->operating);
4156 B43_WARN_ON(wl->vif != conf->vif);
4161 spin_lock_irqsave(&wl->irq_lock, flags);
4162 b43_adjust_opmode(dev);
4163 memset(wl->mac_addr, 0, ETH_ALEN);
4164 b43_upload_card_macaddress(dev);
4165 spin_unlock_irqrestore(&wl->irq_lock, flags);
4167 mutex_unlock(&wl->mutex);
4170 static int b43_op_start(struct ieee80211_hw *hw)
4172 struct b43_wl *wl = hw_to_b43_wl(hw);
4173 struct b43_wldev *dev = wl->current_dev;
4176 bool do_rfkill_exit = 0;
4178 /* Kill all old instance specific information to make sure
4179 * the card won't use it in the short timeframe between start
4180 * and mac80211 reconfiguring it. */
4181 memset(wl->bssid, 0, ETH_ALEN);
4182 memset(wl->mac_addr, 0, ETH_ALEN);
4183 wl->filter_flags = 0;
4184 wl->radiotap_enabled = 0;
4186 wl->beacon0_uploaded = 0;
4187 wl->beacon1_uploaded = 0;
4188 wl->beacon_templates_virgin = 1;
4190 /* First register RFkill.
4191 * LEDs that are registered later depend on it. */
4192 b43_rfkill_init(dev);
4194 mutex_lock(&wl->mutex);
4196 if (b43_status(dev) < B43_STAT_INITIALIZED) {
4197 err = b43_wireless_core_init(dev);
4200 goto out_mutex_unlock;
4205 if (b43_status(dev) < B43_STAT_STARTED) {
4206 err = b43_wireless_core_start(dev);
4209 b43_wireless_core_exit(dev);
4211 goto out_mutex_unlock;
4216 mutex_unlock(&wl->mutex);
4219 b43_rfkill_exit(dev);
4224 static void b43_op_stop(struct ieee80211_hw *hw)
4226 struct b43_wl *wl = hw_to_b43_wl(hw);
4227 struct b43_wldev *dev = wl->current_dev;
4229 b43_rfkill_exit(dev);
4230 cancel_work_sync(&(wl->beacon_update_trigger));
4232 mutex_lock(&wl->mutex);
4233 if (b43_status(dev) >= B43_STAT_STARTED)
4234 b43_wireless_core_stop(dev);
4235 b43_wireless_core_exit(dev);
4236 mutex_unlock(&wl->mutex);
4238 cancel_work_sync(&(wl->txpower_adjust_work));
4241 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
4242 struct ieee80211_sta *sta, bool set)
4244 struct b43_wl *wl = hw_to_b43_wl(hw);
4245 unsigned long flags;
4247 spin_lock_irqsave(&wl->irq_lock, flags);
4248 b43_update_templates(wl);
4249 spin_unlock_irqrestore(&wl->irq_lock, flags);
4254 static void b43_op_sta_notify(struct ieee80211_hw *hw,
4255 struct ieee80211_vif *vif,
4256 enum sta_notify_cmd notify_cmd,
4257 struct ieee80211_sta *sta)
4259 struct b43_wl *wl = hw_to_b43_wl(hw);
4261 B43_WARN_ON(!vif || wl->vif != vif);
4264 static const struct ieee80211_ops b43_hw_ops = {
4266 .conf_tx = b43_op_conf_tx,
4267 .add_interface = b43_op_add_interface,
4268 .remove_interface = b43_op_remove_interface,
4269 .config = b43_op_config,
4270 .bss_info_changed = b43_op_bss_info_changed,
4271 .config_interface = b43_op_config_interface,
4272 .configure_filter = b43_op_configure_filter,
4273 .set_key = b43_op_set_key,
4274 .get_stats = b43_op_get_stats,
4275 .get_tx_stats = b43_op_get_tx_stats,
4276 .start = b43_op_start,
4277 .stop = b43_op_stop,
4278 .set_tim = b43_op_beacon_set_tim,
4279 .sta_notify = b43_op_sta_notify,
4282 /* Hard-reset the chip. Do not call this directly.
4283 * Use b43_controller_restart()
4285 static void b43_chip_reset(struct work_struct *work)
4287 struct b43_wldev *dev =
4288 container_of(work, struct b43_wldev, restart_work);
4289 struct b43_wl *wl = dev->wl;
4293 mutex_lock(&wl->mutex);
4295 prev_status = b43_status(dev);
4296 /* Bring the device down... */
4297 if (prev_status >= B43_STAT_STARTED)
4298 b43_wireless_core_stop(dev);
4299 if (prev_status >= B43_STAT_INITIALIZED)
4300 b43_wireless_core_exit(dev);
4302 /* ...and up again. */
4303 if (prev_status >= B43_STAT_INITIALIZED) {
4304 err = b43_wireless_core_init(dev);
4308 if (prev_status >= B43_STAT_STARTED) {
4309 err = b43_wireless_core_start(dev);
4311 b43_wireless_core_exit(dev);
4317 wl->current_dev = NULL; /* Failed to init the dev. */
4318 mutex_unlock(&wl->mutex);
4320 b43err(wl, "Controller restart FAILED\n");
4322 b43info(wl, "Controller restarted\n");
4325 static int b43_setup_bands(struct b43_wldev *dev,
4326 bool have_2ghz_phy, bool have_5ghz_phy)
4328 struct ieee80211_hw *hw = dev->wl->hw;
4331 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &b43_band_2GHz;
4332 if (dev->phy.type == B43_PHYTYPE_N) {
4334 hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_nphy;
4337 hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
4340 dev->phy.supports_2ghz = have_2ghz_phy;
4341 dev->phy.supports_5ghz = have_5ghz_phy;
4346 static void b43_wireless_core_detach(struct b43_wldev *dev)
4348 /* We release firmware that late to not be required to re-request
4349 * is all the time when we reinit the core. */
4350 b43_release_firmware(dev);
4354 static int b43_wireless_core_attach(struct b43_wldev *dev)
4356 struct b43_wl *wl = dev->wl;
4357 struct ssb_bus *bus = dev->dev->bus;
4358 struct pci_dev *pdev = bus->host_pci;
4360 bool have_2ghz_phy = 0, have_5ghz_phy = 0;
4363 /* Do NOT do any device initialization here.
4364 * Do it in wireless_core_init() instead.
4365 * This function is for gathering basic information about the HW, only.
4366 * Also some structs may be set up here. But most likely you want to have
4367 * that in core_init(), too.
4370 err = ssb_bus_powerup(bus, 0);
4372 b43err(wl, "Bus powerup failed\n");
4375 /* Get the PHY type. */
4376 if (dev->dev->id.revision >= 5) {
4379 tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
4380 have_2ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY);
4381 have_5ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_5GHZ_PHY);
4385 dev->phy.gmode = have_2ghz_phy;
4386 tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4387 b43_wireless_core_reset(dev, tmp);
4389 err = b43_phy_versioning(dev);
4392 /* Check if this device supports multiband. */
4394 (pdev->device != 0x4312 &&
4395 pdev->device != 0x4319 && pdev->device != 0x4324)) {
4396 /* No multiband support. */
4399 switch (dev->phy.type) {
4411 if (dev->phy.type == B43_PHYTYPE_A) {
4413 b43err(wl, "IEEE 802.11a devices are unsupported\n");
4417 if (1 /* disable A-PHY */) {
4418 /* FIXME: For now we disable the A-PHY on multi-PHY devices. */
4419 if (dev->phy.type != B43_PHYTYPE_N) {
4425 err = b43_phy_allocate(dev);
4429 dev->phy.gmode = have_2ghz_phy;
4430 tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4431 b43_wireless_core_reset(dev, tmp);
4433 err = b43_validate_chipaccess(dev);
4436 err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
4440 /* Now set some default "current_dev" */
4441 if (!wl->current_dev)
4442 wl->current_dev = dev;
4443 INIT_WORK(&dev->restart_work, b43_chip_reset);
4445 dev->phy.ops->switch_analog(dev, 0);
4446 ssb_device_disable(dev->dev, 0);
4447 ssb_bus_may_powerdown(bus);
4455 ssb_bus_may_powerdown(bus);
4459 static void b43_one_core_detach(struct ssb_device *dev)
4461 struct b43_wldev *wldev;
4464 /* Do not cancel ieee80211-workqueue based work here.
4465 * See comment in b43_remove(). */
4467 wldev = ssb_get_drvdata(dev);
4469 b43_debugfs_remove_device(wldev);
4470 b43_wireless_core_detach(wldev);
4471 list_del(&wldev->list);
4473 ssb_set_drvdata(dev, NULL);
4477 static int b43_one_core_attach(struct ssb_device *dev, struct b43_wl *wl)
4479 struct b43_wldev *wldev;
4480 struct pci_dev *pdev;
4483 if (!list_empty(&wl->devlist)) {
4484 /* We are not the first core on this chip. */
4485 pdev = dev->bus->host_pci;
4486 /* Only special chips support more than one wireless
4487 * core, although some of the other chips have more than
4488 * one wireless core as well. Check for this and
4492 ((pdev->device != 0x4321) &&
4493 (pdev->device != 0x4313) && (pdev->device != 0x431A))) {
4494 b43dbg(wl, "Ignoring unconnected 802.11 core\n");
4499 wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
4505 b43_set_status(wldev, B43_STAT_UNINIT);
4506 wldev->bad_frames_preempt = modparam_bad_frames_preempt;
4507 tasklet_init(&wldev->isr_tasklet,
4508 (void (*)(unsigned long))b43_interrupt_tasklet,
4509 (unsigned long)wldev);
4510 INIT_LIST_HEAD(&wldev->list);
4512 err = b43_wireless_core_attach(wldev);
4514 goto err_kfree_wldev;
4516 list_add(&wldev->list, &wl->devlist);
4518 ssb_set_drvdata(dev, wldev);
4519 b43_debugfs_add_device(wldev);
4529 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice) ( \
4530 (pdev->vendor == PCI_VENDOR_ID_##_vendor) && \
4531 (pdev->device == _device) && \
4532 (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) && \
4533 (pdev->subsystem_device == _subdevice) )
4535 static void b43_sprom_fixup(struct ssb_bus *bus)
4537 struct pci_dev *pdev;
4539 /* boardflags workarounds */
4540 if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
4541 bus->chip_id == 0x4301 && bus->boardinfo.rev == 0x74)
4542 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
4543 if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
4544 bus->boardinfo.type == 0x4E && bus->boardinfo.rev > 0x40)
4545 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
4546 if (bus->bustype == SSB_BUSTYPE_PCI) {
4547 pdev = bus->host_pci;
4548 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
4549 IS_PDEV(pdev, BROADCOM, 0x4320, DELL, 0x0003) ||
4550 IS_PDEV(pdev, BROADCOM, 0x4320, HP, 0x12f8) ||
4551 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
4552 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
4553 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
4554 IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
4555 bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
4559 static void b43_wireless_exit(struct ssb_device *dev, struct b43_wl *wl)
4561 struct ieee80211_hw *hw = wl->hw;
4563 ssb_set_devtypedata(dev, NULL);
4564 ieee80211_free_hw(hw);
4567 static int b43_wireless_init(struct ssb_device *dev)
4569 struct ssb_sprom *sprom = &dev->bus->sprom;
4570 struct ieee80211_hw *hw;
4574 b43_sprom_fixup(dev->bus);
4576 hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
4578 b43err(NULL, "Could not allocate ieee80211 device\n");
4583 hw->flags = IEEE80211_HW_RX_INCLUDES_FCS |
4584 IEEE80211_HW_SIGNAL_DBM |
4585 IEEE80211_HW_NOISE_DBM;
4587 hw->wiphy->interface_modes =
4588 BIT(NL80211_IFTYPE_AP) |
4589 BIT(NL80211_IFTYPE_MESH_POINT) |
4590 BIT(NL80211_IFTYPE_STATION) |
4591 BIT(NL80211_IFTYPE_WDS) |
4592 BIT(NL80211_IFTYPE_ADHOC);
4594 hw->queues = b43_modparam_qos ? 4 : 1;
4596 SET_IEEE80211_DEV(hw, dev->dev);
4597 if (is_valid_ether_addr(sprom->et1mac))
4598 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
4600 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
4602 /* Get and initialize struct b43_wl */
4603 wl = hw_to_b43_wl(hw);
4604 memset(wl, 0, sizeof(*wl));
4606 spin_lock_init(&wl->irq_lock);
4607 rwlock_init(&wl->tx_lock);
4608 spin_lock_init(&wl->leds_lock);
4609 spin_lock_init(&wl->shm_lock);
4610 mutex_init(&wl->mutex);
4611 INIT_LIST_HEAD(&wl->devlist);
4612 INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
4613 INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
4615 ssb_set_devtypedata(dev, wl);
4616 b43info(wl, "Broadcom %04X WLAN found\n", dev->bus->chip_id);
4622 static int b43_probe(struct ssb_device *dev, const struct ssb_device_id *id)
4628 wl = ssb_get_devtypedata(dev);
4630 /* Probing the first core. Must setup common struct b43_wl */
4632 err = b43_wireless_init(dev);
4635 wl = ssb_get_devtypedata(dev);
4638 err = b43_one_core_attach(dev, wl);
4640 goto err_wireless_exit;
4643 err = ieee80211_register_hw(wl->hw);
4645 goto err_one_core_detach;
4651 err_one_core_detach:
4652 b43_one_core_detach(dev);
4655 b43_wireless_exit(dev, wl);
4659 static void b43_remove(struct ssb_device *dev)
4661 struct b43_wl *wl = ssb_get_devtypedata(dev);
4662 struct b43_wldev *wldev = ssb_get_drvdata(dev);
4664 /* We must cancel any work here before unregistering from ieee80211,
4665 * as the ieee80211 unreg will destroy the workqueue. */
4666 cancel_work_sync(&wldev->restart_work);
4669 if (wl->current_dev == wldev)
4670 ieee80211_unregister_hw(wl->hw);
4672 b43_one_core_detach(dev);
4674 if (list_empty(&wl->devlist)) {
4675 /* Last core on the chip unregistered.
4676 * We can destroy common struct b43_wl.
4678 b43_wireless_exit(dev, wl);
4682 /* Perform a hardware reset. This can be called from any context. */
4683 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
4685 /* Must avoid requeueing, if we are in shutdown. */
4686 if (b43_status(dev) < B43_STAT_INITIALIZED)
4688 b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
4689 queue_work(dev->wl->hw->workqueue, &dev->restart_work);
4694 static int b43_suspend(struct ssb_device *dev, pm_message_t state)
4696 struct b43_wldev *wldev = ssb_get_drvdata(dev);
4697 struct b43_wl *wl = wldev->wl;
4699 b43dbg(wl, "Suspending...\n");
4701 mutex_lock(&wl->mutex);
4702 wldev->suspend_in_progress = true;
4703 wldev->suspend_init_status = b43_status(wldev);
4704 if (wldev->suspend_init_status >= B43_STAT_STARTED)
4705 b43_wireless_core_stop(wldev);
4706 if (wldev->suspend_init_status >= B43_STAT_INITIALIZED)
4707 b43_wireless_core_exit(wldev);
4708 mutex_unlock(&wl->mutex);
4710 b43dbg(wl, "Device suspended.\n");
4715 static int b43_resume(struct ssb_device *dev)
4717 struct b43_wldev *wldev = ssb_get_drvdata(dev);
4718 struct b43_wl *wl = wldev->wl;
4721 b43dbg(wl, "Resuming...\n");
4723 mutex_lock(&wl->mutex);
4724 if (wldev->suspend_init_status >= B43_STAT_INITIALIZED) {
4725 err = b43_wireless_core_init(wldev);
4727 b43err(wl, "Resume failed at core init\n");
4731 if (wldev->suspend_init_status >= B43_STAT_STARTED) {
4732 err = b43_wireless_core_start(wldev);
4734 b43_leds_exit(wldev);
4735 b43_rng_exit(wldev->wl);
4736 b43_wireless_core_exit(wldev);
4737 b43err(wl, "Resume failed at core start\n");
4741 b43dbg(wl, "Device resumed.\n");
4743 wldev->suspend_in_progress = false;
4744 mutex_unlock(&wl->mutex);
4748 #else /* CONFIG_PM */
4749 # define b43_suspend NULL
4750 # define b43_resume NULL
4751 #endif /* CONFIG_PM */
4753 static struct ssb_driver b43_ssb_driver = {
4754 .name = KBUILD_MODNAME,
4755 .id_table = b43_ssb_tbl,
4757 .remove = b43_remove,
4758 .suspend = b43_suspend,
4759 .resume = b43_resume,
4762 static void b43_print_driverinfo(void)
4764 const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
4765 *feat_leds = "", *feat_rfkill = "";
4767 #ifdef CONFIG_B43_PCI_AUTOSELECT
4770 #ifdef CONFIG_B43_PCMCIA
4773 #ifdef CONFIG_B43_NPHY
4776 #ifdef CONFIG_B43_LEDS
4779 #ifdef CONFIG_B43_RFKILL
4782 printk(KERN_INFO "Broadcom 43xx driver loaded "
4783 "[ Features: %s%s%s%s%s, Firmware-ID: "
4784 B43_SUPPORTED_FIRMWARE_ID " ]\n",
4785 feat_pci, feat_pcmcia, feat_nphy,
4786 feat_leds, feat_rfkill);
4789 static int __init b43_init(void)
4794 err = b43_pcmcia_init();
4797 err = ssb_driver_register(&b43_ssb_driver);
4799 goto err_pcmcia_exit;
4800 b43_print_driverinfo();
4811 static void __exit b43_exit(void)
4813 ssb_driver_unregister(&b43_ssb_driver);
4818 module_init(b43_init)
4819 module_exit(b43_exit)
projects / linux-2.6 / blob