Merge branch 'topic/quirk-cleanup' into topic/misc
[linux-2.6] / drivers / net / wireless / b43 / main.c
1 /*
2
3   Broadcom B43 wireless driver
4
5   Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6   Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7   Copyright (c) 2005, 2006 Michael Buesch <mb@bu3sch.de>
8   Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9   Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
10
11   Some parts of the code in this file are derived from the ipw2200
12   driver  Copyright(c) 2003 - 2004 Intel Corporation.
13
14   This program is free software; you can redistribute it and/or modify
15   it under the terms of the GNU General Public License as published by
16   the Free Software Foundation; either version 2 of the License, or
17   (at your option) any later version.
18
19   This program is distributed in the hope that it will be useful,
20   but WITHOUT ANY WARRANTY; without even the implied warranty of
21   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
22   GNU General Public License for more details.
23
24   You should have received a copy of the GNU General Public License
25   along with this program; see the file COPYING.  If not, write to
26   the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
27   Boston, MA 02110-1301, USA.
28
29 */
30
31 #include <linux/delay.h>
32 #include <linux/init.h>
33 #include <linux/moduleparam.h>
34 #include <linux/if_arp.h>
35 #include <linux/etherdevice.h>
36 #include <linux/firmware.h>
37 #include <linux/wireless.h>
38 #include <linux/workqueue.h>
39 #include <linux/skbuff.h>
40 #include <linux/io.h>
41 #include <linux/dma-mapping.h>
42 #include <asm/unaligned.h>
43
44 #include "b43.h"
45 #include "main.h"
46 #include "debugfs.h"
47 #include "phy_common.h"
48 #include "phy_g.h"
49 #include "phy_n.h"
50 #include "dma.h"
51 #include "pio.h"
52 #include "sysfs.h"
53 #include "xmit.h"
54 #include "lo.h"
55 #include "pcmcia.h"
56
57 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
58 MODULE_AUTHOR("Martin Langer");
59 MODULE_AUTHOR("Stefano Brivio");
60 MODULE_AUTHOR("Michael Buesch");
61 MODULE_LICENSE("GPL");
62
63 MODULE_FIRMWARE(B43_SUPPORTED_FIRMWARE_ID);
64
65
66 static int modparam_bad_frames_preempt;
67 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
68 MODULE_PARM_DESC(bad_frames_preempt,
69                  "enable(1) / disable(0) Bad Frames Preemption");
70
71 static char modparam_fwpostfix[16];
72 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
73 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
74
75 static int modparam_hwpctl;
76 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
77 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
78
79 static int modparam_nohwcrypt;
80 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
81 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
82
83 int b43_modparam_qos = 1;
84 module_param_named(qos, b43_modparam_qos, int, 0444);
85 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
86
87 static int modparam_btcoex = 1;
88 module_param_named(btcoex, modparam_btcoex, int, 0444);
89 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistance (default on)");
90
91
92 static const struct ssb_device_id b43_ssb_tbl[] = {
93         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
94         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
95         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
96         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
97         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
98         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
99         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
100         SSB_DEVTABLE_END
101 };
102
103 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
104
105 /* Channel and ratetables are shared for all devices.
106  * They can't be const, because ieee80211 puts some precalculated
107  * data in there. This data is the same for all devices, so we don't
108  * get concurrency issues */
109 #define RATETAB_ENT(_rateid, _flags) \
110         {                                                               \
111                 .bitrate        = B43_RATE_TO_BASE100KBPS(_rateid),     \
112                 .hw_value       = (_rateid),                            \
113                 .flags          = (_flags),                             \
114         }
115
116 /*
117  * NOTE: When changing this, sync with xmit.c's
118  *       b43_plcp_get_bitrate_idx_* functions!
119  */
120 static struct ieee80211_rate __b43_ratetable[] = {
121         RATETAB_ENT(B43_CCK_RATE_1MB, 0),
122         RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
123         RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
124         RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
125         RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
126         RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
127         RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
128         RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
129         RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
130         RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
131         RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
132         RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
133 };
134
135 #define b43_a_ratetable         (__b43_ratetable + 4)
136 #define b43_a_ratetable_size    8
137 #define b43_b_ratetable         (__b43_ratetable + 0)
138 #define b43_b_ratetable_size    4
139 #define b43_g_ratetable         (__b43_ratetable + 0)
140 #define b43_g_ratetable_size    12
141
142 #define CHAN4G(_channel, _freq, _flags) {                       \
143         .band                   = IEEE80211_BAND_2GHZ,          \
144         .center_freq            = (_freq),                      \
145         .hw_value               = (_channel),                   \
146         .flags                  = (_flags),                     \
147         .max_antenna_gain       = 0,                            \
148         .max_power              = 30,                           \
149 }
150 static struct ieee80211_channel b43_2ghz_chantable[] = {
151         CHAN4G(1, 2412, 0),
152         CHAN4G(2, 2417, 0),
153         CHAN4G(3, 2422, 0),
154         CHAN4G(4, 2427, 0),
155         CHAN4G(5, 2432, 0),
156         CHAN4G(6, 2437, 0),
157         CHAN4G(7, 2442, 0),
158         CHAN4G(8, 2447, 0),
159         CHAN4G(9, 2452, 0),
160         CHAN4G(10, 2457, 0),
161         CHAN4G(11, 2462, 0),
162         CHAN4G(12, 2467, 0),
163         CHAN4G(13, 2472, 0),
164         CHAN4G(14, 2484, 0),
165 };
166 #undef CHAN4G
167
168 #define CHAN5G(_channel, _flags) {                              \
169         .band                   = IEEE80211_BAND_5GHZ,          \
170         .center_freq            = 5000 + (5 * (_channel)),      \
171         .hw_value               = (_channel),                   \
172         .flags                  = (_flags),                     \
173         .max_antenna_gain       = 0,                            \
174         .max_power              = 30,                           \
175 }
176 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
177         CHAN5G(32, 0),          CHAN5G(34, 0),
178         CHAN5G(36, 0),          CHAN5G(38, 0),
179         CHAN5G(40, 0),          CHAN5G(42, 0),
180         CHAN5G(44, 0),          CHAN5G(46, 0),
181         CHAN5G(48, 0),          CHAN5G(50, 0),
182         CHAN5G(52, 0),          CHAN5G(54, 0),
183         CHAN5G(56, 0),          CHAN5G(58, 0),
184         CHAN5G(60, 0),          CHAN5G(62, 0),
185         CHAN5G(64, 0),          CHAN5G(66, 0),
186         CHAN5G(68, 0),          CHAN5G(70, 0),
187         CHAN5G(72, 0),          CHAN5G(74, 0),
188         CHAN5G(76, 0),          CHAN5G(78, 0),
189         CHAN5G(80, 0),          CHAN5G(82, 0),
190         CHAN5G(84, 0),          CHAN5G(86, 0),
191         CHAN5G(88, 0),          CHAN5G(90, 0),
192         CHAN5G(92, 0),          CHAN5G(94, 0),
193         CHAN5G(96, 0),          CHAN5G(98, 0),
194         CHAN5G(100, 0),         CHAN5G(102, 0),
195         CHAN5G(104, 0),         CHAN5G(106, 0),
196         CHAN5G(108, 0),         CHAN5G(110, 0),
197         CHAN5G(112, 0),         CHAN5G(114, 0),
198         CHAN5G(116, 0),         CHAN5G(118, 0),
199         CHAN5G(120, 0),         CHAN5G(122, 0),
200         CHAN5G(124, 0),         CHAN5G(126, 0),
201         CHAN5G(128, 0),         CHAN5G(130, 0),
202         CHAN5G(132, 0),         CHAN5G(134, 0),
203         CHAN5G(136, 0),         CHAN5G(138, 0),
204         CHAN5G(140, 0),         CHAN5G(142, 0),
205         CHAN5G(144, 0),         CHAN5G(145, 0),
206         CHAN5G(146, 0),         CHAN5G(147, 0),
207         CHAN5G(148, 0),         CHAN5G(149, 0),
208         CHAN5G(150, 0),         CHAN5G(151, 0),
209         CHAN5G(152, 0),         CHAN5G(153, 0),
210         CHAN5G(154, 0),         CHAN5G(155, 0),
211         CHAN5G(156, 0),         CHAN5G(157, 0),
212         CHAN5G(158, 0),         CHAN5G(159, 0),
213         CHAN5G(160, 0),         CHAN5G(161, 0),
214         CHAN5G(162, 0),         CHAN5G(163, 0),
215         CHAN5G(164, 0),         CHAN5G(165, 0),
216         CHAN5G(166, 0),         CHAN5G(168, 0),
217         CHAN5G(170, 0),         CHAN5G(172, 0),
218         CHAN5G(174, 0),         CHAN5G(176, 0),
219         CHAN5G(178, 0),         CHAN5G(180, 0),
220         CHAN5G(182, 0),         CHAN5G(184, 0),
221         CHAN5G(186, 0),         CHAN5G(188, 0),
222         CHAN5G(190, 0),         CHAN5G(192, 0),
223         CHAN5G(194, 0),         CHAN5G(196, 0),
224         CHAN5G(198, 0),         CHAN5G(200, 0),
225         CHAN5G(202, 0),         CHAN5G(204, 0),
226         CHAN5G(206, 0),         CHAN5G(208, 0),
227         CHAN5G(210, 0),         CHAN5G(212, 0),
228         CHAN5G(214, 0),         CHAN5G(216, 0),
229         CHAN5G(218, 0),         CHAN5G(220, 0),
230         CHAN5G(222, 0),         CHAN5G(224, 0),
231         CHAN5G(226, 0),         CHAN5G(228, 0),
232 };
233
234 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
235         CHAN5G(34, 0),          CHAN5G(36, 0),
236         CHAN5G(38, 0),          CHAN5G(40, 0),
237         CHAN5G(42, 0),          CHAN5G(44, 0),
238         CHAN5G(46, 0),          CHAN5G(48, 0),
239         CHAN5G(52, 0),          CHAN5G(56, 0),
240         CHAN5G(60, 0),          CHAN5G(64, 0),
241         CHAN5G(100, 0),         CHAN5G(104, 0),
242         CHAN5G(108, 0),         CHAN5G(112, 0),
243         CHAN5G(116, 0),         CHAN5G(120, 0),
244         CHAN5G(124, 0),         CHAN5G(128, 0),
245         CHAN5G(132, 0),         CHAN5G(136, 0),
246         CHAN5G(140, 0),         CHAN5G(149, 0),
247         CHAN5G(153, 0),         CHAN5G(157, 0),
248         CHAN5G(161, 0),         CHAN5G(165, 0),
249         CHAN5G(184, 0),         CHAN5G(188, 0),
250         CHAN5G(192, 0),         CHAN5G(196, 0),
251         CHAN5G(200, 0),         CHAN5G(204, 0),
252         CHAN5G(208, 0),         CHAN5G(212, 0),
253         CHAN5G(216, 0),
254 };
255 #undef CHAN5G
256
257 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
258         .band           = IEEE80211_BAND_5GHZ,
259         .channels       = b43_5ghz_nphy_chantable,
260         .n_channels     = ARRAY_SIZE(b43_5ghz_nphy_chantable),
261         .bitrates       = b43_a_ratetable,
262         .n_bitrates     = b43_a_ratetable_size,
263 };
264
265 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
266         .band           = IEEE80211_BAND_5GHZ,
267         .channels       = b43_5ghz_aphy_chantable,
268         .n_channels     = ARRAY_SIZE(b43_5ghz_aphy_chantable),
269         .bitrates       = b43_a_ratetable,
270         .n_bitrates     = b43_a_ratetable_size,
271 };
272
273 static struct ieee80211_supported_band b43_band_2GHz = {
274         .band           = IEEE80211_BAND_2GHZ,
275         .channels       = b43_2ghz_chantable,
276         .n_channels     = ARRAY_SIZE(b43_2ghz_chantable),
277         .bitrates       = b43_g_ratetable,
278         .n_bitrates     = b43_g_ratetable_size,
279 };
280
281 static void b43_wireless_core_exit(struct b43_wldev *dev);
282 static int b43_wireless_core_init(struct b43_wldev *dev);
283 static void b43_wireless_core_stop(struct b43_wldev *dev);
284 static int b43_wireless_core_start(struct b43_wldev *dev);
285
286 static int b43_ratelimit(struct b43_wl *wl)
287 {
288         if (!wl || !wl->current_dev)
289                 return 1;
290         if (b43_status(wl->current_dev) < B43_STAT_STARTED)
291                 return 1;
292         /* We are up and running.
293          * Ratelimit the messages to avoid DoS over the net. */
294         return net_ratelimit();
295 }
296
297 void b43info(struct b43_wl *wl, const char *fmt, ...)
298 {
299         va_list args;
300
301         if (!b43_ratelimit(wl))
302                 return;
303         va_start(args, fmt);
304         printk(KERN_INFO "b43-%s: ",
305                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
306         vprintk(fmt, args);
307         va_end(args);
308 }
309
310 void b43err(struct b43_wl *wl, const char *fmt, ...)
311 {
312         va_list args;
313
314         if (!b43_ratelimit(wl))
315                 return;
316         va_start(args, fmt);
317         printk(KERN_ERR "b43-%s ERROR: ",
318                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
319         vprintk(fmt, args);
320         va_end(args);
321 }
322
323 void b43warn(struct b43_wl *wl, const char *fmt, ...)
324 {
325         va_list args;
326
327         if (!b43_ratelimit(wl))
328                 return;
329         va_start(args, fmt);
330         printk(KERN_WARNING "b43-%s warning: ",
331                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
332         vprintk(fmt, args);
333         va_end(args);
334 }
335
336 #if B43_DEBUG
337 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
338 {
339         va_list args;
340
341         va_start(args, fmt);
342         printk(KERN_DEBUG "b43-%s debug: ",
343                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
344         vprintk(fmt, args);
345         va_end(args);
346 }
347 #endif /* DEBUG */
348
349 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
350 {
351         u32 macctl;
352
353         B43_WARN_ON(offset % 4 != 0);
354
355         macctl = b43_read32(dev, B43_MMIO_MACCTL);
356         if (macctl & B43_MACCTL_BE)
357                 val = swab32(val);
358
359         b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
360         mmiowb();
361         b43_write32(dev, B43_MMIO_RAM_DATA, val);
362 }
363
364 static inline void b43_shm_control_word(struct b43_wldev *dev,
365                                         u16 routing, u16 offset)
366 {
367         u32 control;
368
369         /* "offset" is the WORD offset. */
370         control = routing;
371         control <<= 16;
372         control |= offset;
373         b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
374 }
375
376 u32 __b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
377 {
378         u32 ret;
379
380         if (routing == B43_SHM_SHARED) {
381                 B43_WARN_ON(offset & 0x0001);
382                 if (offset & 0x0003) {
383                         /* Unaligned access */
384                         b43_shm_control_word(dev, routing, offset >> 2);
385                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
386                         ret <<= 16;
387                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
388                         ret |= b43_read16(dev, B43_MMIO_SHM_DATA);
389
390                         goto out;
391                 }
392                 offset >>= 2;
393         }
394         b43_shm_control_word(dev, routing, offset);
395         ret = b43_read32(dev, B43_MMIO_SHM_DATA);
396 out:
397         return ret;
398 }
399
400 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
401 {
402         struct b43_wl *wl = dev->wl;
403         unsigned long flags;
404         u32 ret;
405
406         spin_lock_irqsave(&wl->shm_lock, flags);
407         ret = __b43_shm_read32(dev, routing, offset);
408         spin_unlock_irqrestore(&wl->shm_lock, flags);
409
410         return ret;
411 }
412
413 u16 __b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
414 {
415         u16 ret;
416
417         if (routing == B43_SHM_SHARED) {
418                 B43_WARN_ON(offset & 0x0001);
419                 if (offset & 0x0003) {
420                         /* Unaligned access */
421                         b43_shm_control_word(dev, routing, offset >> 2);
422                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
423
424                         goto out;
425                 }
426                 offset >>= 2;
427         }
428         b43_shm_control_word(dev, routing, offset);
429         ret = b43_read16(dev, B43_MMIO_SHM_DATA);
430 out:
431         return ret;
432 }
433
434 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
435 {
436         struct b43_wl *wl = dev->wl;
437         unsigned long flags;
438         u16 ret;
439
440         spin_lock_irqsave(&wl->shm_lock, flags);
441         ret = __b43_shm_read16(dev, routing, offset);
442         spin_unlock_irqrestore(&wl->shm_lock, flags);
443
444         return ret;
445 }
446
447 void __b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
448 {
449         if (routing == B43_SHM_SHARED) {
450                 B43_WARN_ON(offset & 0x0001);
451                 if (offset & 0x0003) {
452                         /* Unaligned access */
453                         b43_shm_control_word(dev, routing, offset >> 2);
454                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
455                                     (value >> 16) & 0xffff);
456                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
457                         b43_write16(dev, B43_MMIO_SHM_DATA, value & 0xffff);
458                         return;
459                 }
460                 offset >>= 2;
461         }
462         b43_shm_control_word(dev, routing, offset);
463         b43_write32(dev, B43_MMIO_SHM_DATA, value);
464 }
465
466 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
467 {
468         struct b43_wl *wl = dev->wl;
469         unsigned long flags;
470
471         spin_lock_irqsave(&wl->shm_lock, flags);
472         __b43_shm_write32(dev, routing, offset, value);
473         spin_unlock_irqrestore(&wl->shm_lock, flags);
474 }
475
476 void __b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
477 {
478         if (routing == B43_SHM_SHARED) {
479                 B43_WARN_ON(offset & 0x0001);
480                 if (offset & 0x0003) {
481                         /* Unaligned access */
482                         b43_shm_control_word(dev, routing, offset >> 2);
483                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
484                         return;
485                 }
486                 offset >>= 2;
487         }
488         b43_shm_control_word(dev, routing, offset);
489         b43_write16(dev, B43_MMIO_SHM_DATA, value);
490 }
491
492 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
493 {
494         struct b43_wl *wl = dev->wl;
495         unsigned long flags;
496
497         spin_lock_irqsave(&wl->shm_lock, flags);
498         __b43_shm_write16(dev, routing, offset, value);
499         spin_unlock_irqrestore(&wl->shm_lock, flags);
500 }
501
502 /* Read HostFlags */
503 u64 b43_hf_read(struct b43_wldev * dev)
504 {
505         u64 ret;
506
507         ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI);
508         ret <<= 16;
509         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI);
510         ret <<= 16;
511         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO);
512
513         return ret;
514 }
515
516 /* Write HostFlags */
517 void b43_hf_write(struct b43_wldev *dev, u64 value)
518 {
519         u16 lo, mi, hi;
520
521         lo = (value & 0x00000000FFFFULL);
522         mi = (value & 0x0000FFFF0000ULL) >> 16;
523         hi = (value & 0xFFFF00000000ULL) >> 32;
524         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO, lo);
525         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI, mi);
526         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI, hi);
527 }
528
529 void b43_tsf_read(struct b43_wldev *dev, u64 * tsf)
530 {
531         /* We need to be careful. As we read the TSF from multiple
532          * registers, we should take care of register overflows.
533          * In theory, the whole tsf read process should be atomic.
534          * We try to be atomic here, by restaring the read process,
535          * if any of the high registers changed (overflew).
536          */
537         if (dev->dev->id.revision >= 3) {
538                 u32 low, high, high2;
539
540                 do {
541                         high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
542                         low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
543                         high2 = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
544                 } while (unlikely(high != high2));
545
546                 *tsf = high;
547                 *tsf <<= 32;
548                 *tsf |= low;
549         } else {
550                 u64 tmp;
551                 u16 v0, v1, v2, v3;
552                 u16 test1, test2, test3;
553
554                 do {
555                         v3 = b43_read16(dev, B43_MMIO_TSF_3);
556                         v2 = b43_read16(dev, B43_MMIO_TSF_2);
557                         v1 = b43_read16(dev, B43_MMIO_TSF_1);
558                         v0 = b43_read16(dev, B43_MMIO_TSF_0);
559
560                         test3 = b43_read16(dev, B43_MMIO_TSF_3);
561                         test2 = b43_read16(dev, B43_MMIO_TSF_2);
562                         test1 = b43_read16(dev, B43_MMIO_TSF_1);
563                 } while (v3 != test3 || v2 != test2 || v1 != test1);
564
565                 *tsf = v3;
566                 *tsf <<= 48;
567                 tmp = v2;
568                 tmp <<= 32;
569                 *tsf |= tmp;
570                 tmp = v1;
571                 tmp <<= 16;
572                 *tsf |= tmp;
573                 *tsf |= v0;
574         }
575 }
576
577 static void b43_time_lock(struct b43_wldev *dev)
578 {
579         u32 macctl;
580
581         macctl = b43_read32(dev, B43_MMIO_MACCTL);
582         macctl |= B43_MACCTL_TBTTHOLD;
583         b43_write32(dev, B43_MMIO_MACCTL, macctl);
584         /* Commit the write */
585         b43_read32(dev, B43_MMIO_MACCTL);
586 }
587
588 static void b43_time_unlock(struct b43_wldev *dev)
589 {
590         u32 macctl;
591
592         macctl = b43_read32(dev, B43_MMIO_MACCTL);
593         macctl &= ~B43_MACCTL_TBTTHOLD;
594         b43_write32(dev, B43_MMIO_MACCTL, macctl);
595         /* Commit the write */
596         b43_read32(dev, B43_MMIO_MACCTL);
597 }
598
599 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
600 {
601         /* Be careful with the in-progress timer.
602          * First zero out the low register, so we have a full
603          * register-overflow duration to complete the operation.
604          */
605         if (dev->dev->id.revision >= 3) {
606                 u32 lo = (tsf & 0x00000000FFFFFFFFULL);
607                 u32 hi = (tsf & 0xFFFFFFFF00000000ULL) >> 32;
608
609                 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, 0);
610                 mmiowb();
611                 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, hi);
612                 mmiowb();
613                 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, lo);
614         } else {
615                 u16 v0 = (tsf & 0x000000000000FFFFULL);
616                 u16 v1 = (tsf & 0x00000000FFFF0000ULL) >> 16;
617                 u16 v2 = (tsf & 0x0000FFFF00000000ULL) >> 32;
618                 u16 v3 = (tsf & 0xFFFF000000000000ULL) >> 48;
619
620                 b43_write16(dev, B43_MMIO_TSF_0, 0);
621                 mmiowb();
622                 b43_write16(dev, B43_MMIO_TSF_3, v3);
623                 mmiowb();
624                 b43_write16(dev, B43_MMIO_TSF_2, v2);
625                 mmiowb();
626                 b43_write16(dev, B43_MMIO_TSF_1, v1);
627                 mmiowb();
628                 b43_write16(dev, B43_MMIO_TSF_0, v0);
629         }
630 }
631
632 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
633 {
634         b43_time_lock(dev);
635         b43_tsf_write_locked(dev, tsf);
636         b43_time_unlock(dev);
637 }
638
639 static
640 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 * mac)
641 {
642         static const u8 zero_addr[ETH_ALEN] = { 0 };
643         u16 data;
644
645         if (!mac)
646                 mac = zero_addr;
647
648         offset |= 0x0020;
649         b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
650
651         data = mac[0];
652         data |= mac[1] << 8;
653         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
654         data = mac[2];
655         data |= mac[3] << 8;
656         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
657         data = mac[4];
658         data |= mac[5] << 8;
659         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
660 }
661
662 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
663 {
664         const u8 *mac;
665         const u8 *bssid;
666         u8 mac_bssid[ETH_ALEN * 2];
667         int i;
668         u32 tmp;
669
670         bssid = dev->wl->bssid;
671         mac = dev->wl->mac_addr;
672
673         b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
674
675         memcpy(mac_bssid, mac, ETH_ALEN);
676         memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
677
678         /* Write our MAC address and BSSID to template ram */
679         for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
680                 tmp = (u32) (mac_bssid[i + 0]);
681                 tmp |= (u32) (mac_bssid[i + 1]) << 8;
682                 tmp |= (u32) (mac_bssid[i + 2]) << 16;
683                 tmp |= (u32) (mac_bssid[i + 3]) << 24;
684                 b43_ram_write(dev, 0x20 + i, tmp);
685         }
686 }
687
688 static void b43_upload_card_macaddress(struct b43_wldev *dev)
689 {
690         b43_write_mac_bssid_templates(dev);
691         b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
692 }
693
694 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
695 {
696         /* slot_time is in usec. */
697         if (dev->phy.type != B43_PHYTYPE_G)
698                 return;
699         b43_write16(dev, 0x684, 510 + slot_time);
700         b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
701 }
702
703 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
704 {
705         b43_set_slot_time(dev, 9);
706 }
707
708 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
709 {
710         b43_set_slot_time(dev, 20);
711 }
712
713 /* Enable a Generic IRQ. "mask" is the mask of which IRQs to enable.
714  * Returns the _previously_ enabled IRQ mask.
715  */
716 static inline u32 b43_interrupt_enable(struct b43_wldev *dev, u32 mask)
717 {
718         u32 old_mask;
719
720         old_mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
721         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, old_mask | mask);
722
723         return old_mask;
724 }
725
726 /* Disable a Generic IRQ. "mask" is the mask of which IRQs to disable.
727  * Returns the _previously_ enabled IRQ mask.
728  */
729 static inline u32 b43_interrupt_disable(struct b43_wldev *dev, u32 mask)
730 {
731         u32 old_mask;
732
733         old_mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
734         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, old_mask & ~mask);
735
736         return old_mask;
737 }
738
739 /* Synchronize IRQ top- and bottom-half.
740  * IRQs must be masked before calling this.
741  * This must not be called with the irq_lock held.
742  */
743 static void b43_synchronize_irq(struct b43_wldev *dev)
744 {
745         synchronize_irq(dev->dev->irq);
746         tasklet_kill(&dev->isr_tasklet);
747 }
748
749 /* DummyTransmission function, as documented on
750  * http://bcm-specs.sipsolutions.net/DummyTransmission
751  */
752 void b43_dummy_transmission(struct b43_wldev *dev)
753 {
754         struct b43_wl *wl = dev->wl;
755         struct b43_phy *phy = &dev->phy;
756         unsigned int i, max_loop;
757         u16 value;
758         u32 buffer[5] = {
759                 0x00000000,
760                 0x00D40000,
761                 0x00000000,
762                 0x01000000,
763                 0x00000000,
764         };
765
766         switch (phy->type) {
767         case B43_PHYTYPE_A:
768                 max_loop = 0x1E;
769                 buffer[0] = 0x000201CC;
770                 break;
771         case B43_PHYTYPE_B:
772         case B43_PHYTYPE_G:
773                 max_loop = 0xFA;
774                 buffer[0] = 0x000B846E;
775                 break;
776         default:
777                 B43_WARN_ON(1);
778                 return;
779         }
780
781         spin_lock_irq(&wl->irq_lock);
782         write_lock(&wl->tx_lock);
783
784         for (i = 0; i < 5; i++)
785                 b43_ram_write(dev, i * 4, buffer[i]);
786
787         /* Commit writes */
788         b43_read32(dev, B43_MMIO_MACCTL);
789
790         b43_write16(dev, 0x0568, 0x0000);
791         b43_write16(dev, 0x07C0, 0x0000);
792         value = ((phy->type == B43_PHYTYPE_A) ? 1 : 0);
793         b43_write16(dev, 0x050C, value);
794         b43_write16(dev, 0x0508, 0x0000);
795         b43_write16(dev, 0x050A, 0x0000);
796         b43_write16(dev, 0x054C, 0x0000);
797         b43_write16(dev, 0x056A, 0x0014);
798         b43_write16(dev, 0x0568, 0x0826);
799         b43_write16(dev, 0x0500, 0x0000);
800         b43_write16(dev, 0x0502, 0x0030);
801
802         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
803                 b43_radio_write16(dev, 0x0051, 0x0017);
804         for (i = 0x00; i < max_loop; i++) {
805                 value = b43_read16(dev, 0x050E);
806                 if (value & 0x0080)
807                         break;
808                 udelay(10);
809         }
810         for (i = 0x00; i < 0x0A; i++) {
811                 value = b43_read16(dev, 0x050E);
812                 if (value & 0x0400)
813                         break;
814                 udelay(10);
815         }
816         for (i = 0x00; i < 0x19; i++) {
817                 value = b43_read16(dev, 0x0690);
818                 if (!(value & 0x0100))
819                         break;
820                 udelay(10);
821         }
822         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
823                 b43_radio_write16(dev, 0x0051, 0x0037);
824
825         write_unlock(&wl->tx_lock);
826         spin_unlock_irq(&wl->irq_lock);
827 }
828
829 static void key_write(struct b43_wldev *dev,
830                       u8 index, u8 algorithm, const u8 * key)
831 {
832         unsigned int i;
833         u32 offset;
834         u16 value;
835         u16 kidx;
836
837         /* Key index/algo block */
838         kidx = b43_kidx_to_fw(dev, index);
839         value = ((kidx << 4) | algorithm);
840         b43_shm_write16(dev, B43_SHM_SHARED,
841                         B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
842
843         /* Write the key to the Key Table Pointer offset */
844         offset = dev->ktp + (index * B43_SEC_KEYSIZE);
845         for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
846                 value = key[i];
847                 value |= (u16) (key[i + 1]) << 8;
848                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
849         }
850 }
851
852 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 * addr)
853 {
854         u32 addrtmp[2] = { 0, 0, };
855         u8 per_sta_keys_start = 8;
856
857         if (b43_new_kidx_api(dev))
858                 per_sta_keys_start = 4;
859
860         B43_WARN_ON(index < per_sta_keys_start);
861         /* We have two default TX keys and possibly two default RX keys.
862          * Physical mac 0 is mapped to physical key 4 or 8, depending
863          * on the firmware version.
864          * So we must adjust the index here.
865          */
866         index -= per_sta_keys_start;
867
868         if (addr) {
869                 addrtmp[0] = addr[0];
870                 addrtmp[0] |= ((u32) (addr[1]) << 8);
871                 addrtmp[0] |= ((u32) (addr[2]) << 16);
872                 addrtmp[0] |= ((u32) (addr[3]) << 24);
873                 addrtmp[1] = addr[4];
874                 addrtmp[1] |= ((u32) (addr[5]) << 8);
875         }
876
877         if (dev->dev->id.revision >= 5) {
878                 /* Receive match transmitter address mechanism */
879                 b43_shm_write32(dev, B43_SHM_RCMTA,
880                                 (index * 2) + 0, addrtmp[0]);
881                 b43_shm_write16(dev, B43_SHM_RCMTA,
882                                 (index * 2) + 1, addrtmp[1]);
883         } else {
884                 /* RXE (Receive Engine) and
885                  * PSM (Programmable State Machine) mechanism
886                  */
887                 if (index < 8) {
888                         /* TODO write to RCM 16, 19, 22 and 25 */
889                 } else {
890                         b43_shm_write32(dev, B43_SHM_SHARED,
891                                         B43_SHM_SH_PSM + (index * 6) + 0,
892                                         addrtmp[0]);
893                         b43_shm_write16(dev, B43_SHM_SHARED,
894                                         B43_SHM_SH_PSM + (index * 6) + 4,
895                                         addrtmp[1]);
896                 }
897         }
898 }
899
900 static void do_key_write(struct b43_wldev *dev,
901                          u8 index, u8 algorithm,
902                          const u8 * key, size_t key_len, const u8 * mac_addr)
903 {
904         u8 buf[B43_SEC_KEYSIZE] = { 0, };
905         u8 per_sta_keys_start = 8;
906
907         if (b43_new_kidx_api(dev))
908                 per_sta_keys_start = 4;
909
910         B43_WARN_ON(index >= dev->max_nr_keys);
911         B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
912
913         if (index >= per_sta_keys_start)
914                 keymac_write(dev, index, NULL); /* First zero out mac. */
915         if (key)
916                 memcpy(buf, key, key_len);
917         key_write(dev, index, algorithm, buf);
918         if (index >= per_sta_keys_start)
919                 keymac_write(dev, index, mac_addr);
920
921         dev->key[index].algorithm = algorithm;
922 }
923
924 static int b43_key_write(struct b43_wldev *dev,
925                          int index, u8 algorithm,
926                          const u8 * key, size_t key_len,
927                          const u8 * mac_addr,
928                          struct ieee80211_key_conf *keyconf)
929 {
930         int i;
931         int sta_keys_start;
932
933         if (key_len > B43_SEC_KEYSIZE)
934                 return -EINVAL;
935         for (i = 0; i < dev->max_nr_keys; i++) {
936                 /* Check that we don't already have this key. */
937                 B43_WARN_ON(dev->key[i].keyconf == keyconf);
938         }
939         if (index < 0) {
940                 /* Either pairwise key or address is 00:00:00:00:00:00
941                  * for transmit-only keys. Search the index. */
942                 if (b43_new_kidx_api(dev))
943                         sta_keys_start = 4;
944                 else
945                         sta_keys_start = 8;
946                 for (i = sta_keys_start; i < dev->max_nr_keys; i++) {
947                         if (!dev->key[i].keyconf) {
948                                 /* found empty */
949                                 index = i;
950                                 break;
951                         }
952                 }
953                 if (index < 0) {
954                         b43err(dev->wl, "Out of hardware key memory\n");
955                         return -ENOSPC;
956                 }
957         } else
958                 B43_WARN_ON(index > 3);
959
960         do_key_write(dev, index, algorithm, key, key_len, mac_addr);
961         if ((index <= 3) && !b43_new_kidx_api(dev)) {
962                 /* Default RX key */
963                 B43_WARN_ON(mac_addr);
964                 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
965         }
966         keyconf->hw_key_idx = index;
967         dev->key[index].keyconf = keyconf;
968
969         return 0;
970 }
971
972 static int b43_key_clear(struct b43_wldev *dev, int index)
973 {
974         if (B43_WARN_ON((index < 0) || (index >= dev->max_nr_keys)))
975                 return -EINVAL;
976         do_key_write(dev, index, B43_SEC_ALGO_NONE,
977                      NULL, B43_SEC_KEYSIZE, NULL);
978         if ((index <= 3) && !b43_new_kidx_api(dev)) {
979                 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
980                              NULL, B43_SEC_KEYSIZE, NULL);
981         }
982         dev->key[index].keyconf = NULL;
983
984         return 0;
985 }
986
987 static void b43_clear_keys(struct b43_wldev *dev)
988 {
989         int i;
990
991         for (i = 0; i < dev->max_nr_keys; i++)
992                 b43_key_clear(dev, i);
993 }
994
995 static void b43_dump_keymemory(struct b43_wldev *dev)
996 {
997         unsigned int i, index, offset;
998         DECLARE_MAC_BUF(macbuf);
999         u8 mac[ETH_ALEN];
1000         u16 algo;
1001         u32 rcmta0;
1002         u16 rcmta1;
1003         u64 hf;
1004         struct b43_key *key;
1005
1006         if (!b43_debug(dev, B43_DBG_KEYS))
1007                 return;
1008
1009         hf = b43_hf_read(dev);
1010         b43dbg(dev->wl, "Hardware key memory dump:  USEDEFKEYS=%u\n",
1011                !!(hf & B43_HF_USEDEFKEYS));
1012         for (index = 0; index < dev->max_nr_keys; index++) {
1013                 key = &(dev->key[index]);
1014                 printk(KERN_DEBUG "Key slot %02u: %s",
1015                        index, (key->keyconf == NULL) ? " " : "*");
1016                 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
1017                 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
1018                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1019                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1020                 }
1021
1022                 algo = b43_shm_read16(dev, B43_SHM_SHARED,
1023                                       B43_SHM_SH_KEYIDXBLOCK + (index * 2));
1024                 printk("   Algo: %04X/%02X", algo, key->algorithm);
1025
1026                 if (index >= 4) {
1027                         rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
1028                                                 ((index - 4) * 2) + 0);
1029                         rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
1030                                                 ((index - 4) * 2) + 1);
1031                         *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
1032                         *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
1033                         printk("   MAC: %s",
1034                                print_mac(macbuf, mac));
1035                 } else
1036                         printk("   DEFAULT KEY");
1037                 printk("\n");
1038         }
1039 }
1040
1041 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1042 {
1043         u32 macctl;
1044         u16 ucstat;
1045         bool hwps;
1046         bool awake;
1047         int i;
1048
1049         B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1050                     (ps_flags & B43_PS_DISABLED));
1051         B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1052
1053         if (ps_flags & B43_PS_ENABLED) {
1054                 hwps = 1;
1055         } else if (ps_flags & B43_PS_DISABLED) {
1056                 hwps = 0;
1057         } else {
1058                 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1059                 //      and thus is not an AP and we are associated, set bit 25
1060         }
1061         if (ps_flags & B43_PS_AWAKE) {
1062                 awake = 1;
1063         } else if (ps_flags & B43_PS_ASLEEP) {
1064                 awake = 0;
1065         } else {
1066                 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1067                 //      or we are associated, or FIXME, or the latest PS-Poll packet sent was
1068                 //      successful, set bit26
1069         }
1070
1071 /* FIXME: For now we force awake-on and hwps-off */
1072         hwps = 0;
1073         awake = 1;
1074
1075         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1076         if (hwps)
1077                 macctl |= B43_MACCTL_HWPS;
1078         else
1079                 macctl &= ~B43_MACCTL_HWPS;
1080         if (awake)
1081                 macctl |= B43_MACCTL_AWAKE;
1082         else
1083                 macctl &= ~B43_MACCTL_AWAKE;
1084         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1085         /* Commit write */
1086         b43_read32(dev, B43_MMIO_MACCTL);
1087         if (awake && dev->dev->id.revision >= 5) {
1088                 /* Wait for the microcode to wake up. */
1089                 for (i = 0; i < 100; i++) {
1090                         ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1091                                                 B43_SHM_SH_UCODESTAT);
1092                         if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1093                                 break;
1094                         udelay(10);
1095                 }
1096         }
1097 }
1098
1099 void b43_wireless_core_reset(struct b43_wldev *dev, u32 flags)
1100 {
1101         u32 tmslow;
1102         u32 macctl;
1103
1104         flags |= B43_TMSLOW_PHYCLKEN;
1105         flags |= B43_TMSLOW_PHYRESET;
1106         ssb_device_enable(dev->dev, flags);
1107         msleep(2);              /* Wait for the PLL to turn on. */
1108
1109         /* Now take the PHY out of Reset again */
1110         tmslow = ssb_read32(dev->dev, SSB_TMSLOW);
1111         tmslow |= SSB_TMSLOW_FGC;
1112         tmslow &= ~B43_TMSLOW_PHYRESET;
1113         ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1114         ssb_read32(dev->dev, SSB_TMSLOW);       /* flush */
1115         msleep(1);
1116         tmslow &= ~SSB_TMSLOW_FGC;
1117         ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1118         ssb_read32(dev->dev, SSB_TMSLOW);       /* flush */
1119         msleep(1);
1120
1121         /* Turn Analog ON, but only if we already know the PHY-type.
1122          * This protects against very early setup where we don't know the
1123          * PHY-type, yet. wireless_core_reset will be called once again later,
1124          * when we know the PHY-type. */
1125         if (dev->phy.ops)
1126                 dev->phy.ops->switch_analog(dev, 1);
1127
1128         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1129         macctl &= ~B43_MACCTL_GMODE;
1130         if (flags & B43_TMSLOW_GMODE)
1131                 macctl |= B43_MACCTL_GMODE;
1132         macctl |= B43_MACCTL_IHR_ENABLED;
1133         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1134 }
1135
1136 static void handle_irq_transmit_status(struct b43_wldev *dev)
1137 {
1138         u32 v0, v1;
1139         u16 tmp;
1140         struct b43_txstatus stat;
1141
1142         while (1) {
1143                 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1144                 if (!(v0 & 0x00000001))
1145                         break;
1146                 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1147
1148                 stat.cookie = (v0 >> 16);
1149                 stat.seq = (v1 & 0x0000FFFF);
1150                 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1151                 tmp = (v0 & 0x0000FFFF);
1152                 stat.frame_count = ((tmp & 0xF000) >> 12);
1153                 stat.rts_count = ((tmp & 0x0F00) >> 8);
1154                 stat.supp_reason = ((tmp & 0x001C) >> 2);
1155                 stat.pm_indicated = !!(tmp & 0x0080);
1156                 stat.intermediate = !!(tmp & 0x0040);
1157                 stat.for_ampdu = !!(tmp & 0x0020);
1158                 stat.acked = !!(tmp & 0x0002);
1159
1160                 b43_handle_txstatus(dev, &stat);
1161         }
1162 }
1163
1164 static void drain_txstatus_queue(struct b43_wldev *dev)
1165 {
1166         u32 dummy;
1167
1168         if (dev->dev->id.revision < 5)
1169                 return;
1170         /* Read all entries from the microcode TXstatus FIFO
1171          * and throw them away.
1172          */
1173         while (1) {
1174                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1175                 if (!(dummy & 0x00000001))
1176                         break;
1177                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1178         }
1179 }
1180
1181 static u32 b43_jssi_read(struct b43_wldev *dev)
1182 {
1183         u32 val = 0;
1184
1185         val = b43_shm_read16(dev, B43_SHM_SHARED, 0x08A);
1186         val <<= 16;
1187         val |= b43_shm_read16(dev, B43_SHM_SHARED, 0x088);
1188
1189         return val;
1190 }
1191
1192 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1193 {
1194         b43_shm_write16(dev, B43_SHM_SHARED, 0x088, (jssi & 0x0000FFFF));
1195         b43_shm_write16(dev, B43_SHM_SHARED, 0x08A, (jssi & 0xFFFF0000) >> 16);
1196 }
1197
1198 static void b43_generate_noise_sample(struct b43_wldev *dev)
1199 {
1200         b43_jssi_write(dev, 0x7F7F7F7F);
1201         b43_write32(dev, B43_MMIO_MACCMD,
1202                     b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1203 }
1204
1205 static void b43_calculate_link_quality(struct b43_wldev *dev)
1206 {
1207         /* Top half of Link Quality calculation. */
1208
1209         if (dev->phy.type != B43_PHYTYPE_G)
1210                 return;
1211         if (dev->noisecalc.calculation_running)
1212                 return;
1213         dev->noisecalc.calculation_running = 1;
1214         dev->noisecalc.nr_samples = 0;
1215
1216         b43_generate_noise_sample(dev);
1217 }
1218
1219 static void handle_irq_noise(struct b43_wldev *dev)
1220 {
1221         struct b43_phy_g *phy = dev->phy.g;
1222         u16 tmp;
1223         u8 noise[4];
1224         u8 i, j;
1225         s32 average;
1226
1227         /* Bottom half of Link Quality calculation. */
1228
1229         if (dev->phy.type != B43_PHYTYPE_G)
1230                 return;
1231
1232         /* Possible race condition: It might be possible that the user
1233          * changed to a different channel in the meantime since we
1234          * started the calculation. We ignore that fact, since it's
1235          * not really that much of a problem. The background noise is
1236          * an estimation only anyway. Slightly wrong results will get damped
1237          * by the averaging of the 8 sample rounds. Additionally the
1238          * value is shortlived. So it will be replaced by the next noise
1239          * calculation round soon. */
1240
1241         B43_WARN_ON(!dev->noisecalc.calculation_running);
1242         *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1243         if (noise[0] == 0x7F || noise[1] == 0x7F ||
1244             noise[2] == 0x7F || noise[3] == 0x7F)
1245                 goto generate_new;
1246
1247         /* Get the noise samples. */
1248         B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1249         i = dev->noisecalc.nr_samples;
1250         noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1251         noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1252         noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1253         noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1254         dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1255         dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1256         dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1257         dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1258         dev->noisecalc.nr_samples++;
1259         if (dev->noisecalc.nr_samples == 8) {
1260                 /* Calculate the Link Quality by the noise samples. */
1261                 average = 0;
1262                 for (i = 0; i < 8; i++) {
1263                         for (j = 0; j < 4; j++)
1264                                 average += dev->noisecalc.samples[i][j];
1265                 }
1266                 average /= (8 * 4);
1267                 average *= 125;
1268                 average += 64;
1269                 average /= 128;
1270                 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1271                 tmp = (tmp / 128) & 0x1F;
1272                 if (tmp >= 8)
1273                         average += 2;
1274                 else
1275                         average -= 25;
1276                 if (tmp == 8)
1277                         average -= 72;
1278                 else
1279                         average -= 48;
1280
1281                 dev->stats.link_noise = average;
1282                 dev->noisecalc.calculation_running = 0;
1283                 return;
1284         }
1285 generate_new:
1286         b43_generate_noise_sample(dev);
1287 }
1288
1289 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1290 {
1291         if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1292                 ///TODO: PS TBTT
1293         } else {
1294                 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1295                         b43_power_saving_ctl_bits(dev, 0);
1296         }
1297         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1298                 dev->dfq_valid = 1;
1299 }
1300
1301 static void handle_irq_atim_end(struct b43_wldev *dev)
1302 {
1303         if (dev->dfq_valid) {
1304                 b43_write32(dev, B43_MMIO_MACCMD,
1305                             b43_read32(dev, B43_MMIO_MACCMD)
1306                             | B43_MACCMD_DFQ_VALID);
1307                 dev->dfq_valid = 0;
1308         }
1309 }
1310
1311 static void handle_irq_pmq(struct b43_wldev *dev)
1312 {
1313         u32 tmp;
1314
1315         //TODO: AP mode.
1316
1317         while (1) {
1318                 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1319                 if (!(tmp & 0x00000008))
1320                         break;
1321         }
1322         /* 16bit write is odd, but correct. */
1323         b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1324 }
1325
1326 static void b43_write_template_common(struct b43_wldev *dev,
1327                                       const u8 * data, u16 size,
1328                                       u16 ram_offset,
1329                                       u16 shm_size_offset, u8 rate)
1330 {
1331         u32 i, tmp;
1332         struct b43_plcp_hdr4 plcp;
1333
1334         plcp.data = 0;
1335         b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1336         b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1337         ram_offset += sizeof(u32);
1338         /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1339          * So leave the first two bytes of the next write blank.
1340          */
1341         tmp = (u32) (data[0]) << 16;
1342         tmp |= (u32) (data[1]) << 24;
1343         b43_ram_write(dev, ram_offset, tmp);
1344         ram_offset += sizeof(u32);
1345         for (i = 2; i < size; i += sizeof(u32)) {
1346                 tmp = (u32) (data[i + 0]);
1347                 if (i + 1 < size)
1348                         tmp |= (u32) (data[i + 1]) << 8;
1349                 if (i + 2 < size)
1350                         tmp |= (u32) (data[i + 2]) << 16;
1351                 if (i + 3 < size)
1352                         tmp |= (u32) (data[i + 3]) << 24;
1353                 b43_ram_write(dev, ram_offset + i - 2, tmp);
1354         }
1355         b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1356                         size + sizeof(struct b43_plcp_hdr6));
1357 }
1358
1359 /* Check if the use of the antenna that ieee80211 told us to
1360  * use is possible. This will fall back to DEFAULT.
1361  * "antenna_nr" is the antenna identifier we got from ieee80211. */
1362 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1363                                   u8 antenna_nr)
1364 {
1365         u8 antenna_mask;
1366
1367         if (antenna_nr == 0) {
1368                 /* Zero means "use default antenna". That's always OK. */
1369                 return 0;
1370         }
1371
1372         /* Get the mask of available antennas. */
1373         if (dev->phy.gmode)
1374                 antenna_mask = dev->dev->bus->sprom.ant_available_bg;
1375         else
1376                 antenna_mask = dev->dev->bus->sprom.ant_available_a;
1377
1378         if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1379                 /* This antenna is not available. Fall back to default. */
1380                 return 0;
1381         }
1382
1383         return antenna_nr;
1384 }
1385
1386 /* Convert a b43 antenna number value to the PHY TX control value. */
1387 static u16 b43_antenna_to_phyctl(int antenna)
1388 {
1389         switch (antenna) {
1390         case B43_ANTENNA0:
1391                 return B43_TXH_PHY_ANT0;
1392         case B43_ANTENNA1:
1393                 return B43_TXH_PHY_ANT1;
1394         case B43_ANTENNA2:
1395                 return B43_TXH_PHY_ANT2;
1396         case B43_ANTENNA3:
1397                 return B43_TXH_PHY_ANT3;
1398         case B43_ANTENNA_AUTO:
1399                 return B43_TXH_PHY_ANT01AUTO;
1400         }
1401         B43_WARN_ON(1);
1402         return 0;
1403 }
1404
1405 static void b43_write_beacon_template(struct b43_wldev *dev,
1406                                       u16 ram_offset,
1407                                       u16 shm_size_offset)
1408 {
1409         unsigned int i, len, variable_len;
1410         const struct ieee80211_mgmt *bcn;
1411         const u8 *ie;
1412         bool tim_found = 0;
1413         unsigned int rate;
1414         u16 ctl;
1415         int antenna;
1416         struct ieee80211_tx_info *info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1417
1418         bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1419         len = min((size_t) dev->wl->current_beacon->len,
1420                   0x200 - sizeof(struct b43_plcp_hdr6));
1421         rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1422
1423         b43_write_template_common(dev, (const u8 *)bcn,
1424                                   len, ram_offset, shm_size_offset, rate);
1425
1426         /* Write the PHY TX control parameters. */
1427         antenna = B43_ANTENNA_DEFAULT;
1428         antenna = b43_antenna_to_phyctl(antenna);
1429         ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1430         /* We can't send beacons with short preamble. Would get PHY errors. */
1431         ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1432         ctl &= ~B43_TXH_PHY_ANT;
1433         ctl &= ~B43_TXH_PHY_ENC;
1434         ctl |= antenna;
1435         if (b43_is_cck_rate(rate))
1436                 ctl |= B43_TXH_PHY_ENC_CCK;
1437         else
1438                 ctl |= B43_TXH_PHY_ENC_OFDM;
1439         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1440
1441         /* Find the position of the TIM and the DTIM_period value
1442          * and write them to SHM. */
1443         ie = bcn->u.beacon.variable;
1444         variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1445         for (i = 0; i < variable_len - 2; ) {
1446                 uint8_t ie_id, ie_len;
1447
1448                 ie_id = ie[i];
1449                 ie_len = ie[i + 1];
1450                 if (ie_id == 5) {
1451                         u16 tim_position;
1452                         u16 dtim_period;
1453                         /* This is the TIM Information Element */
1454
1455                         /* Check whether the ie_len is in the beacon data range. */
1456                         if (variable_len < ie_len + 2 + i)
1457                                 break;
1458                         /* A valid TIM is at least 4 bytes long. */
1459                         if (ie_len < 4)
1460                                 break;
1461                         tim_found = 1;
1462
1463                         tim_position = sizeof(struct b43_plcp_hdr6);
1464                         tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1465                         tim_position += i;
1466
1467                         dtim_period = ie[i + 3];
1468
1469                         b43_shm_write16(dev, B43_SHM_SHARED,
1470                                         B43_SHM_SH_TIMBPOS, tim_position);
1471                         b43_shm_write16(dev, B43_SHM_SHARED,
1472                                         B43_SHM_SH_DTIMPER, dtim_period);
1473                         break;
1474                 }
1475                 i += ie_len + 2;
1476         }
1477         if (!tim_found) {
1478                 /*
1479                  * If ucode wants to modify TIM do it behind the beacon, this
1480                  * will happen, for example, when doing mesh networking.
1481                  */
1482                 b43_shm_write16(dev, B43_SHM_SHARED,
1483                                 B43_SHM_SH_TIMBPOS,
1484                                 len + sizeof(struct b43_plcp_hdr6));
1485                 b43_shm_write16(dev, B43_SHM_SHARED,
1486                                 B43_SHM_SH_DTIMPER, 0);
1487         }
1488         b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1489 }
1490
1491 static void b43_write_probe_resp_plcp(struct b43_wldev *dev,
1492                                       u16 shm_offset, u16 size,
1493                                       struct ieee80211_rate *rate)
1494 {
1495         struct b43_plcp_hdr4 plcp;
1496         u32 tmp;
1497         __le16 dur;
1498
1499         plcp.data = 0;
1500         b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate->hw_value);
1501         dur = ieee80211_generic_frame_duration(dev->wl->hw,
1502                                                dev->wl->vif, size,
1503                                                rate);
1504         /* Write PLCP in two parts and timing for packet transfer */
1505         tmp = le32_to_cpu(plcp.data);
1506         b43_shm_write16(dev, B43_SHM_SHARED, shm_offset, tmp & 0xFFFF);
1507         b43_shm_write16(dev, B43_SHM_SHARED, shm_offset + 2, tmp >> 16);
1508         b43_shm_write16(dev, B43_SHM_SHARED, shm_offset + 6, le16_to_cpu(dur));
1509 }
1510
1511 /* Instead of using custom probe response template, this function
1512  * just patches custom beacon template by:
1513  * 1) Changing packet type
1514  * 2) Patching duration field
1515  * 3) Stripping TIM
1516  */
1517 static const u8 * b43_generate_probe_resp(struct b43_wldev *dev,
1518                                           u16 *dest_size,
1519                                           struct ieee80211_rate *rate)
1520 {
1521         const u8 *src_data;
1522         u8 *dest_data;
1523         u16 src_size, elem_size, src_pos, dest_pos;
1524         __le16 dur;
1525         struct ieee80211_hdr *hdr;
1526         size_t ie_start;
1527
1528         src_size = dev->wl->current_beacon->len;
1529         src_data = (const u8 *)dev->wl->current_beacon->data;
1530
1531         /* Get the start offset of the variable IEs in the packet. */
1532         ie_start = offsetof(struct ieee80211_mgmt, u.probe_resp.variable);
1533         B43_WARN_ON(ie_start != offsetof(struct ieee80211_mgmt, u.beacon.variable));
1534
1535         if (B43_WARN_ON(src_size < ie_start))
1536                 return NULL;
1537
1538         dest_data = kmalloc(src_size, GFP_ATOMIC);
1539         if (unlikely(!dest_data))
1540                 return NULL;
1541
1542         /* Copy the static data and all Information Elements, except the TIM. */
1543         memcpy(dest_data, src_data, ie_start);
1544         src_pos = ie_start;
1545         dest_pos = ie_start;
1546         for ( ; src_pos < src_size - 2; src_pos += elem_size) {
1547                 elem_size = src_data[src_pos + 1] + 2;
1548                 if (src_data[src_pos] == 5) {
1549                         /* This is the TIM. */
1550                         continue;
1551                 }
1552                 memcpy(dest_data + dest_pos, src_data + src_pos,
1553                        elem_size);
1554                 dest_pos += elem_size;
1555         }
1556         *dest_size = dest_pos;
1557         hdr = (struct ieee80211_hdr *)dest_data;
1558
1559         /* Set the frame control. */
1560         hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
1561                                          IEEE80211_STYPE_PROBE_RESP);
1562         dur = ieee80211_generic_frame_duration(dev->wl->hw,
1563                                                dev->wl->vif, *dest_size,
1564                                                rate);
1565         hdr->duration_id = dur;
1566
1567         return dest_data;
1568 }
1569
1570 static void b43_write_probe_resp_template(struct b43_wldev *dev,
1571                                           u16 ram_offset,
1572                                           u16 shm_size_offset,
1573                                           struct ieee80211_rate *rate)
1574 {
1575         const u8 *probe_resp_data;
1576         u16 size;
1577
1578         size = dev->wl->current_beacon->len;
1579         probe_resp_data = b43_generate_probe_resp(dev, &size, rate);
1580         if (unlikely(!probe_resp_data))
1581                 return;
1582
1583         /* Looks like PLCP headers plus packet timings are stored for
1584          * all possible basic rates
1585          */
1586         b43_write_probe_resp_plcp(dev, 0x31A, size, &b43_b_ratetable[0]);
1587         b43_write_probe_resp_plcp(dev, 0x32C, size, &b43_b_ratetable[1]);
1588         b43_write_probe_resp_plcp(dev, 0x33E, size, &b43_b_ratetable[2]);
1589         b43_write_probe_resp_plcp(dev, 0x350, size, &b43_b_ratetable[3]);
1590
1591         size = min((size_t) size, 0x200 - sizeof(struct b43_plcp_hdr6));
1592         b43_write_template_common(dev, probe_resp_data,
1593                                   size, ram_offset, shm_size_offset,
1594                                   rate->hw_value);
1595         kfree(probe_resp_data);
1596 }
1597
1598 static void b43_upload_beacon0(struct b43_wldev *dev)
1599 {
1600         struct b43_wl *wl = dev->wl;
1601
1602         if (wl->beacon0_uploaded)
1603                 return;
1604         b43_write_beacon_template(dev, 0x68, 0x18);
1605         /* FIXME: Probe resp upload doesn't really belong here,
1606          *        but we don't use that feature anyway. */
1607         b43_write_probe_resp_template(dev, 0x268, 0x4A,
1608                                       &__b43_ratetable[3]);
1609         wl->beacon0_uploaded = 1;
1610 }
1611
1612 static void b43_upload_beacon1(struct b43_wldev *dev)
1613 {
1614         struct b43_wl *wl = dev->wl;
1615
1616         if (wl->beacon1_uploaded)
1617                 return;
1618         b43_write_beacon_template(dev, 0x468, 0x1A);
1619         wl->beacon1_uploaded = 1;
1620 }
1621
1622 static void handle_irq_beacon(struct b43_wldev *dev)
1623 {
1624         struct b43_wl *wl = dev->wl;
1625         u32 cmd, beacon0_valid, beacon1_valid;
1626
1627         if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1628             !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
1629                 return;
1630
1631         /* This is the bottom half of the asynchronous beacon update. */
1632
1633         /* Ignore interrupt in the future. */
1634         dev->irq_savedstate &= ~B43_IRQ_BEACON;
1635
1636         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1637         beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1638         beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1639
1640         /* Schedule interrupt manually, if busy. */
1641         if (beacon0_valid && beacon1_valid) {
1642                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1643                 dev->irq_savedstate |= B43_IRQ_BEACON;
1644                 return;
1645         }
1646
1647         if (unlikely(wl->beacon_templates_virgin)) {
1648                 /* We never uploaded a beacon before.
1649                  * Upload both templates now, but only mark one valid. */
1650                 wl->beacon_templates_virgin = 0;
1651                 b43_upload_beacon0(dev);
1652                 b43_upload_beacon1(dev);
1653                 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1654                 cmd |= B43_MACCMD_BEACON0_VALID;
1655                 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1656         } else {
1657                 if (!beacon0_valid) {
1658                         b43_upload_beacon0(dev);
1659                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1660                         cmd |= B43_MACCMD_BEACON0_VALID;
1661                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1662                 } else if (!beacon1_valid) {
1663                         b43_upload_beacon1(dev);
1664                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1665                         cmd |= B43_MACCMD_BEACON1_VALID;
1666                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1667                 }
1668         }
1669 }
1670
1671 static void b43_beacon_update_trigger_work(struct work_struct *work)
1672 {
1673         struct b43_wl *wl = container_of(work, struct b43_wl,
1674                                          beacon_update_trigger);
1675         struct b43_wldev *dev;
1676
1677         mutex_lock(&wl->mutex);
1678         dev = wl->current_dev;
1679         if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1680                 spin_lock_irq(&wl->irq_lock);
1681                 /* update beacon right away or defer to irq */
1682                 dev->irq_savedstate = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
1683                 handle_irq_beacon(dev);
1684                 /* The handler might have updated the IRQ mask. */
1685                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK,
1686                             dev->irq_savedstate);
1687                 mmiowb();
1688                 spin_unlock_irq(&wl->irq_lock);
1689         }
1690         mutex_unlock(&wl->mutex);
1691 }
1692
1693 /* Asynchronously update the packet templates in template RAM.
1694  * Locking: Requires wl->irq_lock to be locked. */
1695 static void b43_update_templates(struct b43_wl *wl)
1696 {
1697         struct sk_buff *beacon;
1698
1699         /* This is the top half of the ansynchronous beacon update.
1700          * The bottom half is the beacon IRQ.
1701          * Beacon update must be asynchronous to avoid sending an
1702          * invalid beacon. This can happen for example, if the firmware
1703          * transmits a beacon while we are updating it. */
1704
1705         /* We could modify the existing beacon and set the aid bit in
1706          * the TIM field, but that would probably require resizing and
1707          * moving of data within the beacon template.
1708          * Simply request a new beacon and let mac80211 do the hard work. */
1709         beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1710         if (unlikely(!beacon))
1711                 return;
1712
1713         if (wl->current_beacon)
1714                 dev_kfree_skb_any(wl->current_beacon);
1715         wl->current_beacon = beacon;
1716         wl->beacon0_uploaded = 0;
1717         wl->beacon1_uploaded = 0;
1718         queue_work(wl->hw->workqueue, &wl->beacon_update_trigger);
1719 }
1720
1721 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1722 {
1723         b43_time_lock(dev);
1724         if (dev->dev->id.revision >= 3) {
1725                 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1726                 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1727         } else {
1728                 b43_write16(dev, 0x606, (beacon_int >> 6));
1729                 b43_write16(dev, 0x610, beacon_int);
1730         }
1731         b43_time_unlock(dev);
1732         b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1733 }
1734
1735 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1736 {
1737         u16 reason;
1738
1739         /* Read the register that contains the reason code for the panic. */
1740         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1741         b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1742
1743         switch (reason) {
1744         default:
1745                 b43dbg(dev->wl, "The panic reason is unknown.\n");
1746                 /* fallthrough */
1747         case B43_FWPANIC_DIE:
1748                 /* Do not restart the controller or firmware.
1749                  * The device is nonfunctional from now on.
1750                  * Restarting would result in this panic to trigger again,
1751                  * so we avoid that recursion. */
1752                 break;
1753         case B43_FWPANIC_RESTART:
1754                 b43_controller_restart(dev, "Microcode panic");
1755                 break;
1756         }
1757 }
1758
1759 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1760 {
1761         unsigned int i, cnt;
1762         u16 reason, marker_id, marker_line;
1763         __le16 *buf;
1764
1765         /* The proprietary firmware doesn't have this IRQ. */
1766         if (!dev->fw.opensource)
1767                 return;
1768
1769         /* Read the register that contains the reason code for this IRQ. */
1770         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1771
1772         switch (reason) {
1773         case B43_DEBUGIRQ_PANIC:
1774                 b43_handle_firmware_panic(dev);
1775                 break;
1776         case B43_DEBUGIRQ_DUMP_SHM:
1777                 if (!B43_DEBUG)
1778                         break; /* Only with driver debugging enabled. */
1779                 buf = kmalloc(4096, GFP_ATOMIC);
1780                 if (!buf) {
1781                         b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1782                         goto out;
1783                 }
1784                 for (i = 0; i < 4096; i += 2) {
1785                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1786                         buf[i / 2] = cpu_to_le16(tmp);
1787                 }
1788                 b43info(dev->wl, "Shared memory dump:\n");
1789                 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1790                                16, 2, buf, 4096, 1);
1791                 kfree(buf);
1792                 break;
1793         case B43_DEBUGIRQ_DUMP_REGS:
1794                 if (!B43_DEBUG)
1795                         break; /* Only with driver debugging enabled. */
1796                 b43info(dev->wl, "Microcode register dump:\n");
1797                 for (i = 0, cnt = 0; i < 64; i++) {
1798                         u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1799                         if (cnt == 0)
1800                                 printk(KERN_INFO);
1801                         printk("r%02u: 0x%04X  ", i, tmp);
1802                         cnt++;
1803                         if (cnt == 6) {
1804                                 printk("\n");
1805                                 cnt = 0;
1806                         }
1807                 }
1808                 printk("\n");
1809                 break;
1810         case B43_DEBUGIRQ_MARKER:
1811                 if (!B43_DEBUG)
1812                         break; /* Only with driver debugging enabled. */
1813                 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1814                                            B43_MARKER_ID_REG);
1815                 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1816                                              B43_MARKER_LINE_REG);
1817                 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1818                         "at line number %u\n",
1819                         marker_id, marker_line);
1820                 break;
1821         default:
1822                 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1823                        reason);
1824         }
1825 out:
1826         /* Acknowledge the debug-IRQ, so the firmware can continue. */
1827         b43_shm_write16(dev, B43_SHM_SCRATCH,
1828                         B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1829 }
1830
1831 /* Interrupt handler bottom-half */
1832 static void b43_interrupt_tasklet(struct b43_wldev *dev)
1833 {
1834         u32 reason;
1835         u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1836         u32 merged_dma_reason = 0;
1837         int i;
1838         unsigned long flags;
1839
1840         spin_lock_irqsave(&dev->wl->irq_lock, flags);
1841
1842         B43_WARN_ON(b43_status(dev) != B43_STAT_STARTED);
1843
1844         reason = dev->irq_reason;
1845         for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1846                 dma_reason[i] = dev->dma_reason[i];
1847                 merged_dma_reason |= dma_reason[i];
1848         }
1849
1850         if (unlikely(reason & B43_IRQ_MAC_TXERR))
1851                 b43err(dev->wl, "MAC transmission error\n");
1852
1853         if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1854                 b43err(dev->wl, "PHY transmission error\n");
1855                 rmb();
1856                 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1857                         atomic_set(&dev->phy.txerr_cnt,
1858                                    B43_PHY_TX_BADNESS_LIMIT);
1859                         b43err(dev->wl, "Too many PHY TX errors, "
1860                                         "restarting the controller\n");
1861                         b43_controller_restart(dev, "PHY TX errors");
1862                 }
1863         }
1864
1865         if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK |
1866                                           B43_DMAIRQ_NONFATALMASK))) {
1867                 if (merged_dma_reason & B43_DMAIRQ_FATALMASK) {
1868                         b43err(dev->wl, "Fatal DMA error: "
1869                                "0x%08X, 0x%08X, 0x%08X, "
1870                                "0x%08X, 0x%08X, 0x%08X\n",
1871                                dma_reason[0], dma_reason[1],
1872                                dma_reason[2], dma_reason[3],
1873                                dma_reason[4], dma_reason[5]);
1874                         b43_controller_restart(dev, "DMA error");
1875                         mmiowb();
1876                         spin_unlock_irqrestore(&dev->wl->irq_lock, flags);
1877                         return;
1878                 }
1879                 if (merged_dma_reason & B43_DMAIRQ_NONFATALMASK) {
1880                         b43err(dev->wl, "DMA error: "
1881                                "0x%08X, 0x%08X, 0x%08X, "
1882                                "0x%08X, 0x%08X, 0x%08X\n",
1883                                dma_reason[0], dma_reason[1],
1884                                dma_reason[2], dma_reason[3],
1885                                dma_reason[4], dma_reason[5]);
1886                 }
1887         }
1888
1889         if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1890                 handle_irq_ucode_debug(dev);
1891         if (reason & B43_IRQ_TBTT_INDI)
1892                 handle_irq_tbtt_indication(dev);
1893         if (reason & B43_IRQ_ATIM_END)
1894                 handle_irq_atim_end(dev);
1895         if (reason & B43_IRQ_BEACON)
1896                 handle_irq_beacon(dev);
1897         if (reason & B43_IRQ_PMQ)
1898                 handle_irq_pmq(dev);
1899         if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1900                 ;/* TODO */
1901         if (reason & B43_IRQ_NOISESAMPLE_OK)
1902                 handle_irq_noise(dev);
1903
1904         /* Check the DMA reason registers for received data. */
1905         if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
1906                 if (b43_using_pio_transfers(dev))
1907                         b43_pio_rx(dev->pio.rx_queue);
1908                 else
1909                         b43_dma_rx(dev->dma.rx_ring);
1910         }
1911         B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1912         B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
1913         B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
1914         B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1915         B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1916
1917         if (reason & B43_IRQ_TX_OK)
1918                 handle_irq_transmit_status(dev);
1919
1920         b43_interrupt_enable(dev, dev->irq_savedstate);
1921         mmiowb();
1922         spin_unlock_irqrestore(&dev->wl->irq_lock, flags);
1923 }
1924
1925 static void b43_interrupt_ack(struct b43_wldev *dev, u32 reason)
1926 {
1927         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
1928
1929         b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
1930         b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
1931         b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
1932         b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
1933         b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
1934         b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
1935 }
1936
1937 /* Interrupt handler top-half */
1938 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
1939 {
1940         irqreturn_t ret = IRQ_NONE;
1941         struct b43_wldev *dev = dev_id;
1942         u32 reason;
1943
1944         if (!dev)
1945                 return IRQ_NONE;
1946
1947         spin_lock(&dev->wl->irq_lock);
1948
1949         if (b43_status(dev) < B43_STAT_STARTED)
1950                 goto out;
1951         reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1952         if (reason == 0xffffffff)       /* shared IRQ */
1953                 goto out;
1954         ret = IRQ_HANDLED;
1955         reason &= b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
1956         if (!reason)
1957                 goto out;
1958
1959         dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
1960             & 0x0001DC00;
1961         dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
1962             & 0x0000DC00;
1963         dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
1964             & 0x0000DC00;
1965         dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
1966             & 0x0001DC00;
1967         dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
1968             & 0x0000DC00;
1969         dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
1970             & 0x0000DC00;
1971
1972         b43_interrupt_ack(dev, reason);
1973         /* disable all IRQs. They are enabled again in the bottom half. */
1974         dev->irq_savedstate = b43_interrupt_disable(dev, B43_IRQ_ALL);
1975         /* save the reason code and call our bottom half. */
1976         dev->irq_reason = reason;
1977         tasklet_schedule(&dev->isr_tasklet);
1978       out:
1979         mmiowb();
1980         spin_unlock(&dev->wl->irq_lock);
1981
1982         return ret;
1983 }
1984
1985 static void do_release_fw(struct b43_firmware_file *fw)
1986 {
1987         release_firmware(fw->data);
1988         fw->data = NULL;
1989         fw->filename = NULL;
1990 }
1991
1992 static void b43_release_firmware(struct b43_wldev *dev)
1993 {
1994         do_release_fw(&dev->fw.ucode);
1995         do_release_fw(&dev->fw.pcm);
1996         do_release_fw(&dev->fw.initvals);
1997         do_release_fw(&dev->fw.initvals_band);
1998 }
1999
2000 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
2001 {
2002         const char *text;
2003
2004         text = "You must go to "
2005                "http://linuxwireless.org/en/users/Drivers/b43#devicefirmware "
2006                "and download the latest firmware (version 4).\n";
2007         if (error)
2008                 b43err(wl, text);
2009         else
2010                 b43warn(wl, text);
2011 }
2012
2013 static int do_request_fw(struct b43_wldev *dev,
2014                          const char *name,
2015                          struct b43_firmware_file *fw,
2016                          bool silent)
2017 {
2018         char path[sizeof(modparam_fwpostfix) + 32];
2019         const struct firmware *blob;
2020         struct b43_fw_header *hdr;
2021         u32 size;
2022         int err;
2023
2024         if (!name) {
2025                 /* Don't fetch anything. Free possibly cached firmware. */
2026                 do_release_fw(fw);
2027                 return 0;
2028         }
2029         if (fw->filename) {
2030                 if (strcmp(fw->filename, name) == 0)
2031                         return 0; /* Already have this fw. */
2032                 /* Free the cached firmware first. */
2033                 do_release_fw(fw);
2034         }
2035
2036         snprintf(path, ARRAY_SIZE(path),
2037                  "b43%s/%s.fw",
2038                  modparam_fwpostfix, name);
2039         err = request_firmware(&blob, path, dev->dev->dev);
2040         if (err == -ENOENT) {
2041                 if (!silent) {
2042                         b43err(dev->wl, "Firmware file \"%s\" not found\n",
2043                                path);
2044                 }
2045                 return err;
2046         } else if (err) {
2047                 b43err(dev->wl, "Firmware file \"%s\" request failed (err=%d)\n",
2048                        path, err);
2049                 return err;
2050         }
2051         if (blob->size < sizeof(struct b43_fw_header))
2052                 goto err_format;
2053         hdr = (struct b43_fw_header *)(blob->data);
2054         switch (hdr->type) {
2055         case B43_FW_TYPE_UCODE:
2056         case B43_FW_TYPE_PCM:
2057                 size = be32_to_cpu(hdr->size);
2058                 if (size != blob->size - sizeof(struct b43_fw_header))
2059                         goto err_format;
2060                 /* fallthrough */
2061         case B43_FW_TYPE_IV:
2062                 if (hdr->ver != 1)
2063                         goto err_format;
2064                 break;
2065         default:
2066                 goto err_format;
2067         }
2068
2069         fw->data = blob;
2070         fw->filename = name;
2071
2072         return 0;
2073
2074 err_format:
2075         b43err(dev->wl, "Firmware file \"%s\" format error.\n", path);
2076         release_firmware(blob);
2077
2078         return -EPROTO;
2079 }
2080
2081 static int b43_request_firmware(struct b43_wldev *dev)
2082 {
2083         struct b43_firmware *fw = &dev->fw;
2084         const u8 rev = dev->dev->id.revision;
2085         const char *filename;
2086         u32 tmshigh;
2087         int err;
2088
2089         /* Get microcode */
2090         tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
2091         if ((rev >= 5) && (rev <= 10))
2092                 filename = "ucode5";
2093         else if ((rev >= 11) && (rev <= 12))
2094                 filename = "ucode11";
2095         else if (rev >= 13)
2096                 filename = "ucode13";
2097         else
2098                 goto err_no_ucode;
2099         err = do_request_fw(dev, filename, &fw->ucode, 0);
2100         if (err)
2101                 goto err_load;
2102
2103         /* Get PCM code */
2104         if ((rev >= 5) && (rev <= 10))
2105                 filename = "pcm5";
2106         else if (rev >= 11)
2107                 filename = NULL;
2108         else
2109                 goto err_no_pcm;
2110         fw->pcm_request_failed = 0;
2111         err = do_request_fw(dev, filename, &fw->pcm, 1);
2112         if (err == -ENOENT) {
2113                 /* We did not find a PCM file? Not fatal, but
2114                  * core rev <= 10 must do without hwcrypto then. */
2115                 fw->pcm_request_failed = 1;
2116         } else if (err)
2117                 goto err_load;
2118
2119         /* Get initvals */
2120         switch (dev->phy.type) {
2121         case B43_PHYTYPE_A:
2122                 if ((rev >= 5) && (rev <= 10)) {
2123                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2124                                 filename = "a0g1initvals5";
2125                         else
2126                                 filename = "a0g0initvals5";
2127                 } else
2128                         goto err_no_initvals;
2129                 break;
2130         case B43_PHYTYPE_G:
2131                 if ((rev >= 5) && (rev <= 10))
2132                         filename = "b0g0initvals5";
2133                 else if (rev >= 13)
2134                         filename = "b0g0initvals13";
2135                 else
2136                         goto err_no_initvals;
2137                 break;
2138         case B43_PHYTYPE_N:
2139                 if ((rev >= 11) && (rev <= 12))
2140                         filename = "n0initvals11";
2141                 else
2142                         goto err_no_initvals;
2143                 break;
2144         default:
2145                 goto err_no_initvals;
2146         }
2147         err = do_request_fw(dev, filename, &fw->initvals, 0);
2148         if (err)
2149                 goto err_load;
2150
2151         /* Get bandswitch initvals */
2152         switch (dev->phy.type) {
2153         case B43_PHYTYPE_A:
2154                 if ((rev >= 5) && (rev <= 10)) {
2155                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2156                                 filename = "a0g1bsinitvals5";
2157                         else
2158                                 filename = "a0g0bsinitvals5";
2159                 } else if (rev >= 11)
2160                         filename = NULL;
2161                 else
2162                         goto err_no_initvals;
2163                 break;
2164         case B43_PHYTYPE_G:
2165                 if ((rev >= 5) && (rev <= 10))
2166                         filename = "b0g0bsinitvals5";
2167                 else if (rev >= 11)
2168                         filename = NULL;
2169                 else
2170                         goto err_no_initvals;
2171                 break;
2172         case B43_PHYTYPE_N:
2173                 if ((rev >= 11) && (rev <= 12))
2174                         filename = "n0bsinitvals11";
2175                 else
2176                         goto err_no_initvals;
2177                 break;
2178         default:
2179                 goto err_no_initvals;
2180         }
2181         err = do_request_fw(dev, filename, &fw->initvals_band, 0);
2182         if (err)
2183                 goto err_load;
2184
2185         return 0;
2186
2187 err_load:
2188         b43_print_fw_helptext(dev->wl, 1);
2189         goto error;
2190
2191 err_no_ucode:
2192         err = -ENODEV;
2193         b43err(dev->wl, "No microcode available for core rev %u\n", rev);
2194         goto error;
2195
2196 err_no_pcm:
2197         err = -ENODEV;
2198         b43err(dev->wl, "No PCM available for core rev %u\n", rev);
2199         goto error;
2200
2201 err_no_initvals:
2202         err = -ENODEV;
2203         b43err(dev->wl, "No Initial Values firmware file for PHY %u, "
2204                "core rev %u\n", dev->phy.type, rev);
2205         goto error;
2206
2207 error:
2208         b43_release_firmware(dev);
2209         return err;
2210 }
2211
2212 static int b43_upload_microcode(struct b43_wldev *dev)
2213 {
2214         const size_t hdr_len = sizeof(struct b43_fw_header);
2215         const __be32 *data;
2216         unsigned int i, len;
2217         u16 fwrev, fwpatch, fwdate, fwtime;
2218         u32 tmp, macctl;
2219         int err = 0;
2220
2221         /* Jump the microcode PSM to offset 0 */
2222         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2223         B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2224         macctl |= B43_MACCTL_PSM_JMP0;
2225         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2226         /* Zero out all microcode PSM registers and shared memory. */
2227         for (i = 0; i < 64; i++)
2228                 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2229         for (i = 0; i < 4096; i += 2)
2230                 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2231
2232         /* Upload Microcode. */
2233         data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2234         len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2235         b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2236         for (i = 0; i < len; i++) {
2237                 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2238                 udelay(10);
2239         }
2240
2241         if (dev->fw.pcm.data) {
2242                 /* Upload PCM data. */
2243                 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2244                 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2245                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2246                 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2247                 /* No need for autoinc bit in SHM_HW */
2248                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2249                 for (i = 0; i < len; i++) {
2250                         b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2251                         udelay(10);
2252                 }
2253         }
2254
2255         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2256
2257         /* Start the microcode PSM */
2258         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2259         macctl &= ~B43_MACCTL_PSM_JMP0;
2260         macctl |= B43_MACCTL_PSM_RUN;
2261         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2262
2263         /* Wait for the microcode to load and respond */
2264         i = 0;
2265         while (1) {
2266                 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2267                 if (tmp == B43_IRQ_MAC_SUSPENDED)
2268                         break;
2269                 i++;
2270                 if (i >= 20) {
2271                         b43err(dev->wl, "Microcode not responding\n");
2272                         b43_print_fw_helptext(dev->wl, 1);
2273                         err = -ENODEV;
2274                         goto error;
2275                 }
2276                 msleep_interruptible(50);
2277                 if (signal_pending(current)) {
2278                         err = -EINTR;
2279                         goto error;
2280                 }
2281         }
2282         b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);       /* dummy read */
2283
2284         /* Get and check the revisions. */
2285         fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2286         fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2287         fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2288         fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2289
2290         if (fwrev <= 0x128) {
2291                 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2292                        "binary drivers older than version 4.x is unsupported. "
2293                        "You must upgrade your firmware files.\n");
2294                 b43_print_fw_helptext(dev->wl, 1);
2295                 err = -EOPNOTSUPP;
2296                 goto error;
2297         }
2298         dev->fw.rev = fwrev;
2299         dev->fw.patch = fwpatch;
2300         dev->fw.opensource = (fwdate == 0xFFFF);
2301
2302         if (dev->fw.opensource) {
2303                 /* Patchlevel info is encoded in the "time" field. */
2304                 dev->fw.patch = fwtime;
2305                 b43info(dev->wl, "Loading OpenSource firmware version %u.%u%s\n",
2306                         dev->fw.rev, dev->fw.patch,
2307                         dev->fw.pcm_request_failed ? " (Hardware crypto not supported)" : "");
2308         } else {
2309                 b43info(dev->wl, "Loading firmware version %u.%u "
2310                         "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2311                         fwrev, fwpatch,
2312                         (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2313                         (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2314                 if (dev->fw.pcm_request_failed) {
2315                         b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2316                                 "Hardware accelerated cryptography is disabled.\n");
2317                         b43_print_fw_helptext(dev->wl, 0);
2318                 }
2319         }
2320
2321         if (b43_is_old_txhdr_format(dev)) {
2322                 b43warn(dev->wl, "You are using an old firmware image. "
2323                         "Support for old firmware will be removed in July 2008.\n");
2324                 b43_print_fw_helptext(dev->wl, 0);
2325         }
2326
2327         return 0;
2328
2329 error:
2330         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2331         macctl &= ~B43_MACCTL_PSM_RUN;
2332         macctl |= B43_MACCTL_PSM_JMP0;
2333         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2334
2335         return err;
2336 }
2337
2338 static int b43_write_initvals(struct b43_wldev *dev,
2339                               const struct b43_iv *ivals,
2340                               size_t count,
2341                               size_t array_size)
2342 {
2343         const struct b43_iv *iv;
2344         u16 offset;
2345         size_t i;
2346         bool bit32;
2347
2348         BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2349         iv = ivals;
2350         for (i = 0; i < count; i++) {
2351                 if (array_size < sizeof(iv->offset_size))
2352                         goto err_format;
2353                 array_size -= sizeof(iv->offset_size);
2354                 offset = be16_to_cpu(iv->offset_size);
2355                 bit32 = !!(offset & B43_IV_32BIT);
2356                 offset &= B43_IV_OFFSET_MASK;
2357                 if (offset >= 0x1000)
2358                         goto err_format;
2359                 if (bit32) {
2360                         u32 value;
2361
2362                         if (array_size < sizeof(iv->data.d32))
2363                                 goto err_format;
2364                         array_size -= sizeof(iv->data.d32);
2365
2366                         value = get_unaligned_be32(&iv->data.d32);
2367                         b43_write32(dev, offset, value);
2368
2369                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2370                                                         sizeof(__be16) +
2371                                                         sizeof(__be32));
2372                 } else {
2373                         u16 value;
2374
2375                         if (array_size < sizeof(iv->data.d16))
2376                                 goto err_format;
2377                         array_size -= sizeof(iv->data.d16);
2378
2379                         value = be16_to_cpu(iv->data.d16);
2380                         b43_write16(dev, offset, value);
2381
2382                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2383                                                         sizeof(__be16) +
2384                                                         sizeof(__be16));
2385                 }
2386         }
2387         if (array_size)
2388                 goto err_format;
2389
2390         return 0;
2391
2392 err_format:
2393         b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2394         b43_print_fw_helptext(dev->wl, 1);
2395
2396         return -EPROTO;
2397 }
2398
2399 static int b43_upload_initvals(struct b43_wldev *dev)
2400 {
2401         const size_t hdr_len = sizeof(struct b43_fw_header);
2402         const struct b43_fw_header *hdr;
2403         struct b43_firmware *fw = &dev->fw;
2404         const struct b43_iv *ivals;
2405         size_t count;
2406         int err;
2407
2408         hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2409         ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2410         count = be32_to_cpu(hdr->size);
2411         err = b43_write_initvals(dev, ivals, count,
2412                                  fw->initvals.data->size - hdr_len);
2413         if (err)
2414                 goto out;
2415         if (fw->initvals_band.data) {
2416                 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2417                 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2418                 count = be32_to_cpu(hdr->size);
2419                 err = b43_write_initvals(dev, ivals, count,
2420                                          fw->initvals_band.data->size - hdr_len);
2421                 if (err)
2422                         goto out;
2423         }
2424 out:
2425
2426         return err;
2427 }
2428
2429 /* Initialize the GPIOs
2430  * http://bcm-specs.sipsolutions.net/GPIO
2431  */
2432 static int b43_gpio_init(struct b43_wldev *dev)
2433 {
2434         struct ssb_bus *bus = dev->dev->bus;
2435         struct ssb_device *gpiodev, *pcidev = NULL;
2436         u32 mask, set;
2437
2438         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2439                     & ~B43_MACCTL_GPOUTSMSK);
2440
2441         b43_write16(dev, B43_MMIO_GPIO_MASK, b43_read16(dev, B43_MMIO_GPIO_MASK)
2442                     | 0x000F);
2443
2444         mask = 0x0000001F;
2445         set = 0x0000000F;
2446         if (dev->dev->bus->chip_id == 0x4301) {
2447                 mask |= 0x0060;
2448                 set |= 0x0060;
2449         }
2450         if (0 /* FIXME: conditional unknown */ ) {
2451                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2452                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2453                             | 0x0100);
2454                 mask |= 0x0180;
2455                 set |= 0x0180;
2456         }
2457         if (dev->dev->bus->sprom.boardflags_lo & B43_BFL_PACTRL) {
2458                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2459                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2460                             | 0x0200);
2461                 mask |= 0x0200;
2462                 set |= 0x0200;
2463         }
2464         if (dev->dev->id.revision >= 2)
2465                 mask |= 0x0010; /* FIXME: This is redundant. */
2466
2467 #ifdef CONFIG_SSB_DRIVER_PCICORE
2468         pcidev = bus->pcicore.dev;
2469 #endif
2470         gpiodev = bus->chipco.dev ? : pcidev;
2471         if (!gpiodev)
2472                 return 0;
2473         ssb_write32(gpiodev, B43_GPIO_CONTROL,
2474                     (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2475                      & mask) | set);
2476
2477         return 0;
2478 }
2479
2480 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2481 static void b43_gpio_cleanup(struct b43_wldev *dev)
2482 {
2483         struct ssb_bus *bus = dev->dev->bus;
2484         struct ssb_device *gpiodev, *pcidev = NULL;
2485
2486 #ifdef CONFIG_SSB_DRIVER_PCICORE
2487         pcidev = bus->pcicore.dev;
2488 #endif
2489         gpiodev = bus->chipco.dev ? : pcidev;
2490         if (!gpiodev)
2491                 return;
2492         ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2493 }
2494
2495 /* http://bcm-specs.sipsolutions.net/EnableMac */
2496 void b43_mac_enable(struct b43_wldev *dev)
2497 {
2498         if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2499                 u16 fwstate;
2500
2501                 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2502                                          B43_SHM_SH_UCODESTAT);
2503                 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2504                     (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2505                         b43err(dev->wl, "b43_mac_enable(): The firmware "
2506                                "should be suspended, but current state is %u\n",
2507                                fwstate);
2508                 }
2509         }
2510
2511         dev->mac_suspended--;
2512         B43_WARN_ON(dev->mac_suspended < 0);
2513         if (dev->mac_suspended == 0) {
2514                 b43_write32(dev, B43_MMIO_MACCTL,
2515                             b43_read32(dev, B43_MMIO_MACCTL)
2516                             | B43_MACCTL_ENABLED);
2517                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2518                             B43_IRQ_MAC_SUSPENDED);
2519                 /* Commit writes */
2520                 b43_read32(dev, B43_MMIO_MACCTL);
2521                 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2522                 b43_power_saving_ctl_bits(dev, 0);
2523         }
2524 }
2525
2526 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2527 void b43_mac_suspend(struct b43_wldev *dev)
2528 {
2529         int i;
2530         u32 tmp;
2531
2532         might_sleep();
2533         B43_WARN_ON(dev->mac_suspended < 0);
2534
2535         if (dev->mac_suspended == 0) {
2536                 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2537                 b43_write32(dev, B43_MMIO_MACCTL,
2538                             b43_read32(dev, B43_MMIO_MACCTL)
2539                             & ~B43_MACCTL_ENABLED);
2540                 /* force pci to flush the write */
2541                 b43_read32(dev, B43_MMIO_MACCTL);
2542                 for (i = 35; i; i--) {
2543                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2544                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2545                                 goto out;
2546                         udelay(10);
2547                 }
2548                 /* Hm, it seems this will take some time. Use msleep(). */
2549                 for (i = 40; i; i--) {
2550                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2551                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2552                                 goto out;
2553                         msleep(1);
2554                 }
2555                 b43err(dev->wl, "MAC suspend failed\n");
2556         }
2557 out:
2558         dev->mac_suspended++;
2559 }
2560
2561 static void b43_adjust_opmode(struct b43_wldev *dev)
2562 {
2563         struct b43_wl *wl = dev->wl;
2564         u32 ctl;
2565         u16 cfp_pretbtt;
2566
2567         ctl = b43_read32(dev, B43_MMIO_MACCTL);
2568         /* Reset status to STA infrastructure mode. */
2569         ctl &= ~B43_MACCTL_AP;
2570         ctl &= ~B43_MACCTL_KEEP_CTL;
2571         ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2572         ctl &= ~B43_MACCTL_KEEP_BAD;
2573         ctl &= ~B43_MACCTL_PROMISC;
2574         ctl &= ~B43_MACCTL_BEACPROMISC;
2575         ctl |= B43_MACCTL_INFRA;
2576
2577         if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
2578             b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
2579                 ctl |= B43_MACCTL_AP;
2580         else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
2581                 ctl &= ~B43_MACCTL_INFRA;
2582
2583         if (wl->filter_flags & FIF_CONTROL)
2584                 ctl |= B43_MACCTL_KEEP_CTL;
2585         if (wl->filter_flags & FIF_FCSFAIL)
2586                 ctl |= B43_MACCTL_KEEP_BAD;
2587         if (wl->filter_flags & FIF_PLCPFAIL)
2588                 ctl |= B43_MACCTL_KEEP_BADPLCP;
2589         if (wl->filter_flags & FIF_PROMISC_IN_BSS)
2590                 ctl |= B43_MACCTL_PROMISC;
2591         if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2592                 ctl |= B43_MACCTL_BEACPROMISC;
2593
2594         /* Workaround: On old hardware the HW-MAC-address-filter
2595          * doesn't work properly, so always run promisc in filter
2596          * it in software. */
2597         if (dev->dev->id.revision <= 4)
2598                 ctl |= B43_MACCTL_PROMISC;
2599
2600         b43_write32(dev, B43_MMIO_MACCTL, ctl);
2601
2602         cfp_pretbtt = 2;
2603         if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2604                 if (dev->dev->bus->chip_id == 0x4306 &&
2605                     dev->dev->bus->chip_rev == 3)
2606                         cfp_pretbtt = 100;
2607                 else
2608                         cfp_pretbtt = 50;
2609         }
2610         b43_write16(dev, 0x612, cfp_pretbtt);
2611 }
2612
2613 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
2614 {
2615         u16 offset;
2616
2617         if (is_ofdm) {
2618                 offset = 0x480;
2619                 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
2620         } else {
2621                 offset = 0x4C0;
2622                 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
2623         }
2624         b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
2625                         b43_shm_read16(dev, B43_SHM_SHARED, offset));
2626 }
2627
2628 static void b43_rate_memory_init(struct b43_wldev *dev)
2629 {
2630         switch (dev->phy.type) {
2631         case B43_PHYTYPE_A:
2632         case B43_PHYTYPE_G:
2633         case B43_PHYTYPE_N:
2634                 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
2635                 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
2636                 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
2637                 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
2638                 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
2639                 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
2640                 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
2641                 if (dev->phy.type == B43_PHYTYPE_A)
2642                         break;
2643                 /* fallthrough */
2644         case B43_PHYTYPE_B:
2645                 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
2646                 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
2647                 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
2648                 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
2649                 break;
2650         default:
2651                 B43_WARN_ON(1);
2652         }
2653 }
2654
2655 /* Set the default values for the PHY TX Control Words. */
2656 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
2657 {
2658         u16 ctl = 0;
2659
2660         ctl |= B43_TXH_PHY_ENC_CCK;
2661         ctl |= B43_TXH_PHY_ANT01AUTO;
2662         ctl |= B43_TXH_PHY_TXPWR;
2663
2664         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
2665         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
2666         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
2667 }
2668
2669 /* Set the TX-Antenna for management frames sent by firmware. */
2670 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
2671 {
2672         u16 ant;
2673         u16 tmp;
2674
2675         ant = b43_antenna_to_phyctl(antenna);
2676
2677         /* For ACK/CTS */
2678         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
2679         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2680         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
2681         /* For Probe Resposes */
2682         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
2683         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2684         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
2685 }
2686
2687 /* This is the opposite of b43_chip_init() */
2688 static void b43_chip_exit(struct b43_wldev *dev)
2689 {
2690         b43_phy_exit(dev);
2691         b43_gpio_cleanup(dev);
2692         /* firmware is released later */
2693 }
2694
2695 /* Initialize the chip
2696  * http://bcm-specs.sipsolutions.net/ChipInit
2697  */
2698 static int b43_chip_init(struct b43_wldev *dev)
2699 {
2700         struct b43_phy *phy = &dev->phy;
2701         int err;
2702         u32 value32, macctl;
2703         u16 value16;
2704
2705         /* Initialize the MAC control */
2706         macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
2707         if (dev->phy.gmode)
2708                 macctl |= B43_MACCTL_GMODE;
2709         macctl |= B43_MACCTL_INFRA;
2710         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2711
2712         err = b43_request_firmware(dev);
2713         if (err)
2714                 goto out;
2715         err = b43_upload_microcode(dev);
2716         if (err)
2717                 goto out;       /* firmware is released later */
2718
2719         err = b43_gpio_init(dev);
2720         if (err)
2721                 goto out;       /* firmware is released later */
2722
2723         err = b43_upload_initvals(dev);
2724         if (err)
2725                 goto err_gpio_clean;
2726
2727         /* Turn the Analog on and initialize the PHY. */
2728         phy->ops->switch_analog(dev, 1);
2729         err = b43_phy_init(dev);
2730         if (err)
2731                 goto err_gpio_clean;
2732
2733         /* Disable Interference Mitigation. */
2734         if (phy->ops->interf_mitigation)
2735                 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
2736
2737         /* Select the antennae */
2738         if (phy->ops->set_rx_antenna)
2739                 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
2740         b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
2741
2742         if (phy->type == B43_PHYTYPE_B) {
2743                 value16 = b43_read16(dev, 0x005E);
2744                 value16 |= 0x0004;
2745                 b43_write16(dev, 0x005E, value16);
2746         }
2747         b43_write32(dev, 0x0100, 0x01000000);
2748         if (dev->dev->id.revision < 5)
2749                 b43_write32(dev, 0x010C, 0x01000000);
2750
2751         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2752                     & ~B43_MACCTL_INFRA);
2753         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2754                     | B43_MACCTL_INFRA);
2755
2756         /* Probe Response Timeout value */
2757         /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
2758         b43_shm_write16(dev, B43_SHM_SHARED, 0x0074, 0x0000);
2759
2760         /* Initially set the wireless operation mode. */
2761         b43_adjust_opmode(dev);
2762
2763         if (dev->dev->id.revision < 3) {
2764                 b43_write16(dev, 0x060E, 0x0000);
2765                 b43_write16(dev, 0x0610, 0x8000);
2766                 b43_write16(dev, 0x0604, 0x0000);
2767                 b43_write16(dev, 0x0606, 0x0200);
2768         } else {
2769                 b43_write32(dev, 0x0188, 0x80000000);
2770                 b43_write32(dev, 0x018C, 0x02000000);
2771         }
2772         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
2773         b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001DC00);
2774         b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
2775         b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
2776         b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
2777         b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
2778         b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
2779
2780         value32 = ssb_read32(dev->dev, SSB_TMSLOW);
2781         value32 |= 0x00100000;
2782         ssb_write32(dev->dev, SSB_TMSLOW, value32);
2783
2784         b43_write16(dev, B43_MMIO_POWERUP_DELAY,
2785                     dev->dev->bus->chipco.fast_pwrup_delay);
2786
2787         err = 0;
2788         b43dbg(dev->wl, "Chip initialized\n");
2789 out:
2790         return err;
2791
2792 err_gpio_clean:
2793         b43_gpio_cleanup(dev);
2794         return err;
2795 }
2796
2797 static void b43_periodic_every60sec(struct b43_wldev *dev)
2798 {
2799         const struct b43_phy_operations *ops = dev->phy.ops;
2800
2801         if (ops->pwork_60sec)
2802                 ops->pwork_60sec(dev);
2803
2804         /* Force check the TX power emission now. */
2805         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
2806 }
2807
2808 static void b43_periodic_every30sec(struct b43_wldev *dev)
2809 {
2810         /* Update device statistics. */
2811         b43_calculate_link_quality(dev);
2812 }
2813
2814 static void b43_periodic_every15sec(struct b43_wldev *dev)
2815 {
2816         struct b43_phy *phy = &dev->phy;
2817         u16 wdr;
2818
2819         if (dev->fw.opensource) {
2820                 /* Check if the firmware is still alive.
2821                  * It will reset the watchdog counter to 0 in its idle loop. */
2822                 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
2823                 if (unlikely(wdr)) {
2824                         b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
2825                         b43_controller_restart(dev, "Firmware watchdog");
2826                         return;
2827                 } else {
2828                         b43_shm_write16(dev, B43_SHM_SCRATCH,
2829                                         B43_WATCHDOG_REG, 1);
2830                 }
2831         }
2832
2833         if (phy->ops->pwork_15sec)
2834                 phy->ops->pwork_15sec(dev);
2835
2836         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
2837         wmb();
2838 }
2839
2840 static void do_periodic_work(struct b43_wldev *dev)
2841 {
2842         unsigned int state;
2843
2844         state = dev->periodic_state;
2845         if (state % 4 == 0)
2846                 b43_periodic_every60sec(dev);
2847         if (state % 2 == 0)
2848                 b43_periodic_every30sec(dev);
2849         b43_periodic_every15sec(dev);
2850 }
2851
2852 /* Periodic work locking policy:
2853  *      The whole periodic work handler is protected by
2854  *      wl->mutex. If another lock is needed somewhere in the
2855  *      pwork callchain, it's aquired in-place, where it's needed.
2856  */
2857 static void b43_periodic_work_handler(struct work_struct *work)
2858 {
2859         struct b43_wldev *dev = container_of(work, struct b43_wldev,
2860                                              periodic_work.work);
2861         struct b43_wl *wl = dev->wl;
2862         unsigned long delay;
2863
2864         mutex_lock(&wl->mutex);
2865
2866         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
2867                 goto out;
2868         if (b43_debug(dev, B43_DBG_PWORK_STOP))
2869                 goto out_requeue;
2870
2871         do_periodic_work(dev);
2872
2873         dev->periodic_state++;
2874 out_requeue:
2875         if (b43_debug(dev, B43_DBG_PWORK_FAST))
2876                 delay = msecs_to_jiffies(50);
2877         else
2878                 delay = round_jiffies_relative(HZ * 15);
2879         queue_delayed_work(wl->hw->workqueue, &dev->periodic_work, delay);
2880 out:
2881         mutex_unlock(&wl->mutex);
2882 }
2883
2884 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
2885 {
2886         struct delayed_work *work = &dev->periodic_work;
2887
2888         dev->periodic_state = 0;
2889         INIT_DELAYED_WORK(work, b43_periodic_work_handler);
2890         queue_delayed_work(dev->wl->hw->workqueue, work, 0);
2891 }
2892
2893 /* Check if communication with the device works correctly. */
2894 static int b43_validate_chipaccess(struct b43_wldev *dev)
2895 {
2896         u32 v, backup;
2897
2898         backup = b43_shm_read32(dev, B43_SHM_SHARED, 0);
2899
2900         /* Check for read/write and endianness problems. */
2901         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
2902         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
2903                 goto error;
2904         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
2905         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
2906                 goto error;
2907
2908         b43_shm_write32(dev, B43_SHM_SHARED, 0, backup);
2909
2910         if ((dev->dev->id.revision >= 3) && (dev->dev->id.revision <= 10)) {
2911                 /* The 32bit register shadows the two 16bit registers
2912                  * with update sideeffects. Validate this. */
2913                 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
2914                 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
2915                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
2916                         goto error;
2917                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
2918                         goto error;
2919         }
2920         b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
2921
2922         v = b43_read32(dev, B43_MMIO_MACCTL);
2923         v |= B43_MACCTL_GMODE;
2924         if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
2925                 goto error;
2926
2927         return 0;
2928 error:
2929         b43err(dev->wl, "Failed to validate the chipaccess\n");
2930         return -ENODEV;
2931 }
2932
2933 static void b43_security_init(struct b43_wldev *dev)
2934 {
2935         dev->max_nr_keys = (dev->dev->id.revision >= 5) ? 58 : 20;
2936         B43_WARN_ON(dev->max_nr_keys > ARRAY_SIZE(dev->key));
2937         dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
2938         /* KTP is a word address, but we address SHM bytewise.
2939          * So multiply by two.
2940          */
2941         dev->ktp *= 2;
2942         if (dev->dev->id.revision >= 5) {
2943                 /* Number of RCMTA address slots */
2944                 b43_write16(dev, B43_MMIO_RCMTA_COUNT, dev->max_nr_keys - 8);
2945         }
2946         b43_clear_keys(dev);
2947 }
2948
2949 static int b43_rng_read(struct hwrng *rng, u32 * data)
2950 {
2951         struct b43_wl *wl = (struct b43_wl *)rng->priv;
2952         unsigned long flags;
2953
2954         /* Don't take wl->mutex here, as it could deadlock with
2955          * hwrng internal locking. It's not needed to take
2956          * wl->mutex here, anyway. */
2957
2958         spin_lock_irqsave(&wl->irq_lock, flags);
2959         *data = b43_read16(wl->current_dev, B43_MMIO_RNG);
2960         spin_unlock_irqrestore(&wl->irq_lock, flags);
2961
2962         return (sizeof(u16));
2963 }
2964
2965 static void b43_rng_exit(struct b43_wl *wl)
2966 {
2967         if (wl->rng_initialized)
2968                 hwrng_unregister(&wl->rng);
2969 }
2970
2971 static int b43_rng_init(struct b43_wl *wl)
2972 {
2973         int err;
2974
2975         snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
2976                  "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
2977         wl->rng.name = wl->rng_name;
2978         wl->rng.data_read = b43_rng_read;
2979         wl->rng.priv = (unsigned long)wl;
2980         wl->rng_initialized = 1;
2981         err = hwrng_register(&wl->rng);
2982         if (err) {
2983                 wl->rng_initialized = 0;
2984                 b43err(wl, "Failed to register the random "
2985                        "number generator (%d)\n", err);
2986         }
2987
2988         return err;
2989 }
2990
2991 static int b43_op_tx(struct ieee80211_hw *hw,
2992                      struct sk_buff *skb)
2993 {
2994         struct b43_wl *wl = hw_to_b43_wl(hw);
2995         struct b43_wldev *dev = wl->current_dev;
2996         unsigned long flags;
2997         int err;
2998
2999         if (unlikely(skb->len < 2 + 2 + 6)) {
3000                 /* Too short, this can't be a valid frame. */
3001                 goto drop_packet;
3002         }
3003         B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3004         if (unlikely(!dev))
3005                 goto drop_packet;
3006
3007         /* Transmissions on seperate queues can run concurrently. */
3008         read_lock_irqsave(&wl->tx_lock, flags);
3009
3010         err = -ENODEV;
3011         if (likely(b43_status(dev) >= B43_STAT_STARTED)) {
3012                 if (b43_using_pio_transfers(dev))
3013                         err = b43_pio_tx(dev, skb);
3014                 else
3015                         err = b43_dma_tx(dev, skb);
3016         }
3017
3018         read_unlock_irqrestore(&wl->tx_lock, flags);
3019
3020         if (unlikely(err))
3021                 goto drop_packet;
3022         return NETDEV_TX_OK;
3023
3024 drop_packet:
3025         /* We can not transmit this packet. Drop it. */
3026         dev_kfree_skb_any(skb);
3027         return NETDEV_TX_OK;
3028 }
3029
3030 /* Locking: wl->irq_lock */
3031 static void b43_qos_params_upload(struct b43_wldev *dev,
3032                                   const struct ieee80211_tx_queue_params *p,
3033                                   u16 shm_offset)
3034 {
3035         u16 params[B43_NR_QOSPARAMS];
3036         int bslots, tmp;
3037         unsigned int i;
3038
3039         bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3040
3041         memset(&params, 0, sizeof(params));
3042
3043         params[B43_QOSPARAM_TXOP] = p->txop * 32;
3044         params[B43_QOSPARAM_CWMIN] = p->cw_min;
3045         params[B43_QOSPARAM_CWMAX] = p->cw_max;
3046         params[B43_QOSPARAM_CWCUR] = p->cw_min;
3047         params[B43_QOSPARAM_AIFS] = p->aifs;
3048         params[B43_QOSPARAM_BSLOTS] = bslots;
3049         params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3050
3051         for (i = 0; i < ARRAY_SIZE(params); i++) {
3052                 if (i == B43_QOSPARAM_STATUS) {
3053                         tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3054                                              shm_offset + (i * 2));
3055                         /* Mark the parameters as updated. */
3056                         tmp |= 0x100;
3057                         b43_shm_write16(dev, B43_SHM_SHARED,
3058                                         shm_offset + (i * 2),
3059                                         tmp);
3060                 } else {
3061                         b43_shm_write16(dev, B43_SHM_SHARED,
3062                                         shm_offset + (i * 2),
3063                                         params[i]);
3064                 }
3065         }
3066 }
3067
3068 /* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3069 static const u16 b43_qos_shm_offsets[] = {
3070         /* [mac80211-queue-nr] = SHM_OFFSET, */
3071         [0] = B43_QOS_VOICE,
3072         [1] = B43_QOS_VIDEO,
3073         [2] = B43_QOS_BESTEFFORT,
3074         [3] = B43_QOS_BACKGROUND,
3075 };
3076
3077 /* Update all QOS parameters in hardware. */
3078 static void b43_qos_upload_all(struct b43_wldev *dev)
3079 {
3080         struct b43_wl *wl = dev->wl;
3081         struct b43_qos_params *params;
3082         unsigned int i;
3083
3084         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3085                      ARRAY_SIZE(wl->qos_params));
3086
3087         b43_mac_suspend(dev);
3088         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3089                 params = &(wl->qos_params[i]);
3090                 b43_qos_params_upload(dev, &(params->p),
3091                                       b43_qos_shm_offsets[i]);
3092         }
3093         b43_mac_enable(dev);
3094 }
3095
3096 static void b43_qos_clear(struct b43_wl *wl)
3097 {
3098         struct b43_qos_params *params;
3099         unsigned int i;
3100
3101         /* Initialize QoS parameters to sane defaults. */
3102
3103         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3104                      ARRAY_SIZE(wl->qos_params));
3105
3106         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3107                 params = &(wl->qos_params[i]);
3108
3109                 switch (b43_qos_shm_offsets[i]) {
3110                 case B43_QOS_VOICE:
3111                         params->p.txop = 0;
3112                         params->p.aifs = 2;
3113                         params->p.cw_min = 0x0001;
3114                         params->p.cw_max = 0x0001;
3115                         break;
3116                 case B43_QOS_VIDEO:
3117                         params->p.txop = 0;
3118                         params->p.aifs = 2;
3119                         params->p.cw_min = 0x0001;
3120                         params->p.cw_max = 0x0001;
3121                         break;
3122                 case B43_QOS_BESTEFFORT:
3123                         params->p.txop = 0;
3124                         params->p.aifs = 3;
3125                         params->p.cw_min = 0x0001;
3126                         params->p.cw_max = 0x03FF;
3127                         break;
3128                 case B43_QOS_BACKGROUND:
3129                         params->p.txop = 0;
3130                         params->p.aifs = 7;
3131                         params->p.cw_min = 0x0001;
3132                         params->p.cw_max = 0x03FF;
3133                         break;
3134                 default:
3135                         B43_WARN_ON(1);
3136                 }
3137         }
3138 }
3139
3140 /* Initialize the core's QOS capabilities */
3141 static void b43_qos_init(struct b43_wldev *dev)
3142 {
3143         /* Upload the current QOS parameters. */
3144         b43_qos_upload_all(dev);
3145
3146         /* Enable QOS support. */
3147         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3148         b43_write16(dev, B43_MMIO_IFSCTL,
3149                     b43_read16(dev, B43_MMIO_IFSCTL)
3150                     | B43_MMIO_IFSCTL_USE_EDCF);
3151 }
3152
3153 static int b43_op_conf_tx(struct ieee80211_hw *hw, u16 _queue,
3154                           const struct ieee80211_tx_queue_params *params)
3155 {
3156         struct b43_wl *wl = hw_to_b43_wl(hw);
3157         struct b43_wldev *dev;
3158         unsigned int queue = (unsigned int)_queue;
3159         int err = -ENODEV;
3160
3161         if (queue >= ARRAY_SIZE(wl->qos_params)) {
3162                 /* Queue not available or don't support setting
3163                  * params on this queue. Return success to not
3164                  * confuse mac80211. */
3165                 return 0;
3166         }
3167         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3168                      ARRAY_SIZE(wl->qos_params));
3169
3170         mutex_lock(&wl->mutex);
3171         dev = wl->current_dev;
3172         if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3173                 goto out_unlock;
3174
3175         memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3176         b43_mac_suspend(dev);
3177         b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3178                               b43_qos_shm_offsets[queue]);
3179         b43_mac_enable(dev);
3180         err = 0;
3181
3182 out_unlock:
3183         mutex_unlock(&wl->mutex);
3184
3185         return err;
3186 }
3187
3188 static int b43_op_get_tx_stats(struct ieee80211_hw *hw,
3189                                struct ieee80211_tx_queue_stats *stats)
3190 {
3191         struct b43_wl *wl = hw_to_b43_wl(hw);
3192         struct b43_wldev *dev = wl->current_dev;
3193         unsigned long flags;
3194         int err = -ENODEV;
3195
3196         if (!dev)
3197                 goto out;
3198         spin_lock_irqsave(&wl->irq_lock, flags);
3199         if (likely(b43_status(dev) >= B43_STAT_STARTED)) {
3200                 if (b43_using_pio_transfers(dev))
3201                         b43_pio_get_tx_stats(dev, stats);
3202                 else
3203                         b43_dma_get_tx_stats(dev, stats);
3204                 err = 0;
3205         }
3206         spin_unlock_irqrestore(&wl->irq_lock, flags);
3207 out:
3208         return err;
3209 }
3210
3211 static int b43_op_get_stats(struct ieee80211_hw *hw,
3212                             struct ieee80211_low_level_stats *stats)
3213 {
3214         struct b43_wl *wl = hw_to_b43_wl(hw);
3215         unsigned long flags;
3216
3217         spin_lock_irqsave(&wl->irq_lock, flags);
3218         memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3219         spin_unlock_irqrestore(&wl->irq_lock, flags);
3220
3221         return 0;
3222 }
3223
3224 static void b43_put_phy_into_reset(struct b43_wldev *dev)
3225 {
3226         struct ssb_device *sdev = dev->dev;
3227         u32 tmslow;
3228
3229         tmslow = ssb_read32(sdev, SSB_TMSLOW);
3230         tmslow &= ~B43_TMSLOW_GMODE;
3231         tmslow |= B43_TMSLOW_PHYRESET;
3232         tmslow |= SSB_TMSLOW_FGC;
3233         ssb_write32(sdev, SSB_TMSLOW, tmslow);
3234         msleep(1);
3235
3236         tmslow = ssb_read32(sdev, SSB_TMSLOW);
3237         tmslow &= ~SSB_TMSLOW_FGC;
3238         tmslow |= B43_TMSLOW_PHYRESET;
3239         ssb_write32(sdev, SSB_TMSLOW, tmslow);
3240         msleep(1);
3241 }
3242
3243 static const char * band_to_string(enum ieee80211_band band)
3244 {
3245         switch (band) {
3246         case IEEE80211_BAND_5GHZ:
3247                 return "5";
3248         case IEEE80211_BAND_2GHZ:
3249                 return "2.4";
3250         default:
3251                 break;
3252         }
3253         B43_WARN_ON(1);
3254         return "";
3255 }
3256
3257 /* Expects wl->mutex locked */
3258 static int b43_switch_band(struct b43_wl *wl, struct ieee80211_channel *chan)
3259 {
3260         struct b43_wldev *up_dev = NULL;
3261         struct b43_wldev *down_dev;
3262         struct b43_wldev *d;
3263         int err;
3264         bool uninitialized_var(gmode);
3265         int prev_status;
3266
3267         /* Find a device and PHY which supports the band. */
3268         list_for_each_entry(d, &wl->devlist, list) {
3269                 switch (chan->band) {
3270                 case IEEE80211_BAND_5GHZ:
3271                         if (d->phy.supports_5ghz) {
3272                                 up_dev = d;
3273                                 gmode = 0;
3274                         }
3275                         break;
3276                 case IEEE80211_BAND_2GHZ:
3277                         if (d->phy.supports_2ghz) {
3278                                 up_dev = d;
3279                                 gmode = 1;
3280                         }
3281                         break;
3282                 default:
3283                         B43_WARN_ON(1);
3284                         return -EINVAL;
3285                 }
3286                 if (up_dev)
3287                         break;
3288         }
3289         if (!up_dev) {
3290                 b43err(wl, "Could not find a device for %s-GHz band operation\n",
3291                        band_to_string(chan->band));
3292                 return -ENODEV;
3293         }
3294         if ((up_dev == wl->current_dev) &&
3295             (!!wl->current_dev->phy.gmode == !!gmode)) {
3296                 /* This device is already running. */
3297                 return 0;
3298         }
3299         b43dbg(wl, "Switching to %s-GHz band\n",
3300                band_to_string(chan->band));
3301         down_dev = wl->current_dev;
3302
3303         prev_status = b43_status(down_dev);
3304         /* Shutdown the currently running core. */
3305         if (prev_status >= B43_STAT_STARTED)
3306                 b43_wireless_core_stop(down_dev);
3307         if (prev_status >= B43_STAT_INITIALIZED)
3308                 b43_wireless_core_exit(down_dev);
3309
3310         if (down_dev != up_dev) {
3311                 /* We switch to a different core, so we put PHY into
3312                  * RESET on the old core. */
3313                 b43_put_phy_into_reset(down_dev);
3314         }
3315
3316         /* Now start the new core. */
3317         up_dev->phy.gmode = gmode;
3318         if (prev_status >= B43_STAT_INITIALIZED) {
3319                 err = b43_wireless_core_init(up_dev);
3320                 if (err) {
3321                         b43err(wl, "Fatal: Could not initialize device for "
3322                                "selected %s-GHz band\n",
3323                                band_to_string(chan->band));
3324                         goto init_failure;
3325                 }
3326         }
3327         if (prev_status >= B43_STAT_STARTED) {
3328                 err = b43_wireless_core_start(up_dev);
3329                 if (err) {
3330                         b43err(wl, "Fatal: Coult not start device for "
3331                                "selected %s-GHz band\n",
3332                                band_to_string(chan->band));
3333                         b43_wireless_core_exit(up_dev);
3334                         goto init_failure;
3335                 }
3336         }
3337         B43_WARN_ON(b43_status(up_dev) != prev_status);
3338
3339         wl->current_dev = up_dev;
3340
3341         return 0;
3342 init_failure:
3343         /* Whoops, failed to init the new core. No core is operating now. */
3344         wl->current_dev = NULL;
3345         return err;
3346 }
3347
3348 /* Write the short and long frame retry limit values. */
3349 static void b43_set_retry_limits(struct b43_wldev *dev,
3350                                  unsigned int short_retry,
3351                                  unsigned int long_retry)
3352 {
3353         /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3354          * the chip-internal counter. */
3355         short_retry = min(short_retry, (unsigned int)0xF);
3356         long_retry = min(long_retry, (unsigned int)0xF);
3357
3358         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3359                         short_retry);
3360         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3361                         long_retry);
3362 }
3363
3364 static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3365 {
3366         struct b43_wl *wl = hw_to_b43_wl(hw);
3367         struct b43_wldev *dev;
3368         struct b43_phy *phy;
3369         struct ieee80211_conf *conf = &hw->conf;
3370         unsigned long flags;
3371         int antenna;
3372         int err = 0;
3373
3374         mutex_lock(&wl->mutex);
3375
3376         /* Switch the band (if necessary). This might change the active core. */
3377         err = b43_switch_band(wl, conf->channel);
3378         if (err)
3379                 goto out_unlock_mutex;
3380         dev = wl->current_dev;
3381         phy = &dev->phy;
3382
3383         b43_mac_suspend(dev);
3384
3385         if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
3386                 b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
3387                                           conf->long_frame_max_tx_count);
3388         changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
3389         if (!changed)
3390                 goto out_mac_enable;
3391
3392         /* Switch to the requested channel.
3393          * The firmware takes care of races with the TX handler. */
3394         if (conf->channel->hw_value != phy->channel)
3395                 b43_switch_channel(dev, conf->channel->hw_value);
3396
3397         dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_RADIOTAP);
3398
3399         /* Adjust the desired TX power level. */
3400         if (conf->power_level != 0) {
3401                 spin_lock_irqsave(&wl->irq_lock, flags);
3402                 if (conf->power_level != phy->desired_txpower) {
3403                         phy->desired_txpower = conf->power_level;
3404                         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
3405                                                    B43_TXPWR_IGNORE_TSSI);
3406                 }
3407                 spin_unlock_irqrestore(&wl->irq_lock, flags);
3408         }
3409
3410         /* Antennas for RX and management frame TX. */
3411         antenna = B43_ANTENNA_DEFAULT;
3412         b43_mgmtframe_txantenna(dev, antenna);
3413         antenna = B43_ANTENNA_DEFAULT;
3414         if (phy->ops->set_rx_antenna)
3415                 phy->ops->set_rx_antenna(dev, antenna);
3416
3417         /* Update templates for AP/mesh mode. */
3418         if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3419             b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
3420                 b43_set_beacon_int(dev, conf->beacon_int);
3421
3422         if (!!conf->radio_enabled != phy->radio_on) {
3423                 if (conf->radio_enabled) {
3424                         b43_software_rfkill(dev, RFKILL_STATE_UNBLOCKED);
3425                         b43info(dev->wl, "Radio turned on by software\n");
3426                         if (!dev->radio_hw_enable) {
3427                                 b43info(dev->wl, "The hardware RF-kill button "
3428                                         "still turns the radio physically off. "
3429                                         "Press the button to turn it on.\n");
3430                         }
3431                 } else {
3432                         b43_software_rfkill(dev, RFKILL_STATE_SOFT_BLOCKED);
3433                         b43info(dev->wl, "Radio turned off by software\n");
3434                 }
3435         }
3436
3437 out_mac_enable:
3438         b43_mac_enable(dev);
3439 out_unlock_mutex:
3440         mutex_unlock(&wl->mutex);
3441
3442         return err;
3443 }
3444
3445 static void b43_update_basic_rates(struct b43_wldev *dev, u64 brates)
3446 {
3447         struct ieee80211_supported_band *sband =
3448                 dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
3449         struct ieee80211_rate *rate;
3450         int i;
3451         u16 basic, direct, offset, basic_offset, rateptr;
3452
3453         for (i = 0; i < sband->n_bitrates; i++) {
3454                 rate = &sband->bitrates[i];
3455
3456                 if (b43_is_cck_rate(rate->hw_value)) {
3457                         direct = B43_SHM_SH_CCKDIRECT;
3458                         basic = B43_SHM_SH_CCKBASIC;
3459                         offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3460                         offset &= 0xF;
3461                 } else {
3462                         direct = B43_SHM_SH_OFDMDIRECT;
3463                         basic = B43_SHM_SH_OFDMBASIC;
3464                         offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3465                         offset &= 0xF;
3466                 }
3467
3468                 rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
3469
3470                 if (b43_is_cck_rate(rate->hw_value)) {
3471                         basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3472                         basic_offset &= 0xF;
3473                 } else {
3474                         basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3475                         basic_offset &= 0xF;
3476                 }
3477
3478                 /*
3479                  * Get the pointer that we need to point to
3480                  * from the direct map
3481                  */
3482                 rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
3483                                          direct + 2 * basic_offset);
3484                 /* and write it to the basic map */
3485                 b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
3486                                 rateptr);
3487         }
3488 }
3489
3490 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
3491                                     struct ieee80211_vif *vif,
3492                                     struct ieee80211_bss_conf *conf,
3493                                     u32 changed)
3494 {
3495         struct b43_wl *wl = hw_to_b43_wl(hw);
3496         struct b43_wldev *dev;
3497
3498         mutex_lock(&wl->mutex);
3499
3500         dev = wl->current_dev;
3501         if (!dev || b43_status(dev) < B43_STAT_STARTED)
3502                 goto out_unlock_mutex;
3503         b43_mac_suspend(dev);
3504
3505         if (changed & BSS_CHANGED_BASIC_RATES)
3506                 b43_update_basic_rates(dev, conf->basic_rates);
3507
3508         if (changed & BSS_CHANGED_ERP_SLOT) {
3509                 if (conf->use_short_slot)
3510                         b43_short_slot_timing_enable(dev);
3511                 else
3512                         b43_short_slot_timing_disable(dev);
3513         }
3514
3515         b43_mac_enable(dev);
3516 out_unlock_mutex:
3517         mutex_unlock(&wl->mutex);
3518
3519         return;
3520 }
3521
3522 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
3523                            const u8 *local_addr, const u8 *addr,
3524                            struct ieee80211_key_conf *key)
3525 {
3526         struct b43_wl *wl = hw_to_b43_wl(hw);
3527         struct b43_wldev *dev;
3528         unsigned long flags;
3529         u8 algorithm;
3530         u8 index;
3531         int err;
3532
3533         if (modparam_nohwcrypt)
3534                 return -ENOSPC; /* User disabled HW-crypto */
3535
3536         mutex_lock(&wl->mutex);
3537         spin_lock_irqsave(&wl->irq_lock, flags);
3538
3539         dev = wl->current_dev;
3540         err = -ENODEV;
3541         if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
3542                 goto out_unlock;
3543
3544         if (dev->fw.pcm_request_failed) {
3545                 /* We don't have firmware for the crypto engine.
3546                  * Must use software-crypto. */
3547                 err = -EOPNOTSUPP;
3548                 goto out_unlock;
3549         }
3550
3551         err = -EINVAL;
3552         switch (key->alg) {
3553         case ALG_WEP:
3554                 if (key->keylen == 5)
3555                         algorithm = B43_SEC_ALGO_WEP40;
3556                 else
3557                         algorithm = B43_SEC_ALGO_WEP104;
3558                 break;
3559         case ALG_TKIP:
3560                 algorithm = B43_SEC_ALGO_TKIP;
3561                 break;
3562         case ALG_CCMP:
3563                 algorithm = B43_SEC_ALGO_AES;
3564                 break;
3565         default:
3566                 B43_WARN_ON(1);
3567                 goto out_unlock;
3568         }
3569         index = (u8) (key->keyidx);
3570         if (index > 3)
3571                 goto out_unlock;
3572
3573         switch (cmd) {
3574         case SET_KEY:
3575                 if (algorithm == B43_SEC_ALGO_TKIP) {
3576                         /* FIXME: No TKIP hardware encryption for now. */
3577                         err = -EOPNOTSUPP;
3578                         goto out_unlock;
3579                 }
3580
3581                 if (is_broadcast_ether_addr(addr)) {
3582                         /* addr is FF:FF:FF:FF:FF:FF for default keys */
3583                         err = b43_key_write(dev, index, algorithm,
3584                                             key->key, key->keylen, NULL, key);
3585                 } else {
3586                         /*
3587                          * either pairwise key or address is 00:00:00:00:00:00
3588                          * for transmit-only keys
3589                          */
3590                         err = b43_key_write(dev, -1, algorithm,
3591                                             key->key, key->keylen, addr, key);
3592                 }
3593                 if (err)
3594                         goto out_unlock;
3595
3596                 if (algorithm == B43_SEC_ALGO_WEP40 ||
3597                     algorithm == B43_SEC_ALGO_WEP104) {
3598                         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
3599                 } else {
3600                         b43_hf_write(dev,
3601                                      b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
3602                 }
3603                 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
3604                 break;
3605         case DISABLE_KEY: {
3606                 err = b43_key_clear(dev, key->hw_key_idx);
3607                 if (err)
3608                         goto out_unlock;
3609                 break;
3610         }
3611         default:
3612                 B43_WARN_ON(1);
3613         }
3614
3615 out_unlock:
3616         if (!err) {
3617                 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
3618                        "mac: %pM\n",
3619                        cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
3620                        addr);
3621                 b43_dump_keymemory(dev);
3622         }
3623         spin_unlock_irqrestore(&wl->irq_lock, flags);
3624         mutex_unlock(&wl->mutex);
3625
3626         return err;
3627 }
3628
3629 static void b43_op_configure_filter(struct ieee80211_hw *hw,
3630                                     unsigned int changed, unsigned int *fflags,
3631                                     int mc_count, struct dev_addr_list *mc_list)
3632 {
3633         struct b43_wl *wl = hw_to_b43_wl(hw);
3634         struct b43_wldev *dev = wl->current_dev;
3635         unsigned long flags;
3636
3637         if (!dev) {
3638                 *fflags = 0;
3639                 return;
3640         }
3641
3642         spin_lock_irqsave(&wl->irq_lock, flags);
3643         *fflags &= FIF_PROMISC_IN_BSS |
3644                   FIF_ALLMULTI |
3645                   FIF_FCSFAIL |
3646                   FIF_PLCPFAIL |
3647                   FIF_CONTROL |
3648                   FIF_OTHER_BSS |
3649                   FIF_BCN_PRBRESP_PROMISC;
3650
3651         changed &= FIF_PROMISC_IN_BSS |
3652                    FIF_ALLMULTI |
3653                    FIF_FCSFAIL |
3654                    FIF_PLCPFAIL |
3655                    FIF_CONTROL |
3656                    FIF_OTHER_BSS |
3657                    FIF_BCN_PRBRESP_PROMISC;
3658
3659         wl->filter_flags = *fflags;
3660
3661         if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
3662                 b43_adjust_opmode(dev);
3663         spin_unlock_irqrestore(&wl->irq_lock, flags);
3664 }
3665
3666 static int b43_op_config_interface(struct ieee80211_hw *hw,
3667                                    struct ieee80211_vif *vif,
3668                                    struct ieee80211_if_conf *conf)
3669 {
3670         struct b43_wl *wl = hw_to_b43_wl(hw);
3671         struct b43_wldev *dev = wl->current_dev;
3672         unsigned long flags;
3673
3674         if (!dev)
3675                 return -ENODEV;
3676         mutex_lock(&wl->mutex);
3677         spin_lock_irqsave(&wl->irq_lock, flags);
3678         B43_WARN_ON(wl->vif != vif);
3679         if (conf->bssid)
3680                 memcpy(wl->bssid, conf->bssid, ETH_ALEN);
3681         else
3682                 memset(wl->bssid, 0, ETH_ALEN);
3683         if (b43_status(dev) >= B43_STAT_INITIALIZED) {
3684                 if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3685                     b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT)) {
3686                         B43_WARN_ON(vif->type != wl->if_type);
3687                         if (conf->changed & IEEE80211_IFCC_BEACON)
3688                                 b43_update_templates(wl);
3689                 } else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC)) {
3690                         if (conf->changed & IEEE80211_IFCC_BEACON)
3691                                 b43_update_templates(wl);
3692                 }
3693                 b43_write_mac_bssid_templates(dev);
3694         }
3695         spin_unlock_irqrestore(&wl->irq_lock, flags);
3696         mutex_unlock(&wl->mutex);
3697
3698         return 0;
3699 }
3700
3701 /* Locking: wl->mutex */
3702 static void b43_wireless_core_stop(struct b43_wldev *dev)
3703 {
3704         struct b43_wl *wl = dev->wl;
3705         unsigned long flags;
3706
3707         if (b43_status(dev) < B43_STAT_STARTED)
3708                 return;
3709
3710         /* Disable and sync interrupts. We must do this before than
3711          * setting the status to INITIALIZED, as the interrupt handler
3712          * won't care about IRQs then. */
3713         spin_lock_irqsave(&wl->irq_lock, flags);
3714         dev->irq_savedstate = b43_interrupt_disable(dev, B43_IRQ_ALL);
3715         b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* flush */
3716         spin_unlock_irqrestore(&wl->irq_lock, flags);
3717         b43_synchronize_irq(dev);
3718
3719         write_lock_irqsave(&wl->tx_lock, flags);
3720         b43_set_status(dev, B43_STAT_INITIALIZED);
3721         write_unlock_irqrestore(&wl->tx_lock, flags);
3722
3723         b43_pio_stop(dev);
3724         mutex_unlock(&wl->mutex);
3725         /* Must unlock as it would otherwise deadlock. No races here.
3726          * Cancel the possibly running self-rearming periodic work. */
3727         cancel_delayed_work_sync(&dev->periodic_work);
3728         mutex_lock(&wl->mutex);
3729
3730         b43_mac_suspend(dev);
3731         free_irq(dev->dev->irq, dev);
3732         b43dbg(wl, "Wireless interface stopped\n");
3733 }
3734
3735 /* Locking: wl->mutex */
3736 static int b43_wireless_core_start(struct b43_wldev *dev)
3737 {
3738         int err;
3739
3740         B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
3741
3742         drain_txstatus_queue(dev);
3743         err = request_irq(dev->dev->irq, b43_interrupt_handler,
3744                           IRQF_SHARED, KBUILD_MODNAME, dev);
3745         if (err) {
3746                 b43err(dev->wl, "Cannot request IRQ-%d\n", dev->dev->irq);
3747                 goto out;
3748         }
3749
3750         /* We are ready to run. */
3751         b43_set_status(dev, B43_STAT_STARTED);
3752
3753         /* Start data flow (TX/RX). */
3754         b43_mac_enable(dev);
3755         b43_interrupt_enable(dev, dev->irq_savedstate);
3756
3757         /* Start maintainance work */
3758         b43_periodic_tasks_setup(dev);
3759
3760         b43dbg(dev->wl, "Wireless interface started\n");
3761       out:
3762         return err;
3763 }
3764
3765 /* Get PHY and RADIO versioning numbers */
3766 static int b43_phy_versioning(struct b43_wldev *dev)
3767 {
3768         struct b43_phy *phy = &dev->phy;
3769         u32 tmp;
3770         u8 analog_type;
3771         u8 phy_type;
3772         u8 phy_rev;
3773         u16 radio_manuf;
3774         u16 radio_ver;
3775         u16 radio_rev;
3776         int unsupported = 0;
3777
3778         /* Get PHY versioning */
3779         tmp = b43_read16(dev, B43_MMIO_PHY_VER);
3780         analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
3781         phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
3782         phy_rev = (tmp & B43_PHYVER_VERSION);
3783         switch (phy_type) {
3784         case B43_PHYTYPE_A:
3785                 if (phy_rev >= 4)
3786                         unsupported = 1;
3787                 break;
3788         case B43_PHYTYPE_B:
3789                 if (phy_rev != 2 && phy_rev != 4 && phy_rev != 6
3790                     && phy_rev != 7)
3791                         unsupported = 1;
3792                 break;
3793         case B43_PHYTYPE_G:
3794                 if (phy_rev > 9)
3795                         unsupported = 1;
3796                 break;
3797 #ifdef CONFIG_B43_NPHY
3798         case B43_PHYTYPE_N:
3799                 if (phy_rev > 1)
3800                         unsupported = 1;
3801                 break;
3802 #endif
3803         default:
3804                 unsupported = 1;
3805         };
3806         if (unsupported) {
3807                 b43err(dev->wl, "FOUND UNSUPPORTED PHY "
3808                        "(Analog %u, Type %u, Revision %u)\n",
3809                        analog_type, phy_type, phy_rev);
3810                 return -EOPNOTSUPP;
3811         }
3812         b43dbg(dev->wl, "Found PHY: Analog %u, Type %u, Revision %u\n",
3813                analog_type, phy_type, phy_rev);
3814
3815         /* Get RADIO versioning */
3816         if (dev->dev->bus->chip_id == 0x4317) {
3817                 if (dev->dev->bus->chip_rev == 0)
3818                         tmp = 0x3205017F;
3819                 else if (dev->dev->bus->chip_rev == 1)
3820                         tmp = 0x4205017F;
3821                 else
3822                         tmp = 0x5205017F;
3823         } else {
3824                 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
3825                 tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
3826                 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
3827                 tmp |= (u32)b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH) << 16;
3828         }
3829         radio_manuf = (tmp & 0x00000FFF);
3830         radio_ver = (tmp & 0x0FFFF000) >> 12;
3831         radio_rev = (tmp & 0xF0000000) >> 28;
3832         if (radio_manuf != 0x17F /* Broadcom */)
3833                 unsupported = 1;
3834         switch (phy_type) {
3835         case B43_PHYTYPE_A:
3836                 if (radio_ver != 0x2060)
3837                         unsupported = 1;
3838                 if (radio_rev != 1)
3839                         unsupported = 1;
3840                 if (radio_manuf != 0x17F)
3841                         unsupported = 1;
3842                 break;
3843         case B43_PHYTYPE_B:
3844                 if ((radio_ver & 0xFFF0) != 0x2050)
3845                         unsupported = 1;
3846                 break;
3847         case B43_PHYTYPE_G:
3848                 if (radio_ver != 0x2050)
3849                         unsupported = 1;
3850                 break;
3851         case B43_PHYTYPE_N:
3852                 if (radio_ver != 0x2055)
3853                         unsupported = 1;
3854                 break;
3855         default:
3856                 B43_WARN_ON(1);
3857         }
3858         if (unsupported) {
3859                 b43err(dev->wl, "FOUND UNSUPPORTED RADIO "
3860                        "(Manuf 0x%X, Version 0x%X, Revision %u)\n",
3861                        radio_manuf, radio_ver, radio_rev);
3862                 return -EOPNOTSUPP;
3863         }
3864         b43dbg(dev->wl, "Found Radio: Manuf 0x%X, Version 0x%X, Revision %u\n",
3865                radio_manuf, radio_ver, radio_rev);
3866
3867         phy->radio_manuf = radio_manuf;
3868         phy->radio_ver = radio_ver;
3869         phy->radio_rev = radio_rev;
3870
3871         phy->analog = analog_type;
3872         phy->type = phy_type;
3873         phy->rev = phy_rev;
3874
3875         return 0;
3876 }
3877
3878 static void setup_struct_phy_for_init(struct b43_wldev *dev,
3879                                       struct b43_phy *phy)
3880 {
3881         phy->hardware_power_control = !!modparam_hwpctl;
3882         phy->next_txpwr_check_time = jiffies;
3883         /* PHY TX errors counter. */
3884         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3885 }
3886
3887 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
3888 {
3889         dev->dfq_valid = 0;
3890
3891         /* Assume the radio is enabled. If it's not enabled, the state will
3892          * immediately get fixed on the first periodic work run. */
3893         dev->radio_hw_enable = 1;
3894
3895         /* Stats */
3896         memset(&dev->stats, 0, sizeof(dev->stats));
3897
3898         setup_struct_phy_for_init(dev, &dev->phy);
3899
3900         /* IRQ related flags */
3901         dev->irq_reason = 0;
3902         memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
3903         dev->irq_savedstate = B43_IRQ_MASKTEMPLATE;
3904
3905         dev->mac_suspended = 1;
3906
3907         /* Noise calculation context */
3908         memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
3909 }
3910
3911 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
3912 {
3913         struct ssb_sprom *sprom = &dev->dev->bus->sprom;
3914         u64 hf;
3915
3916         if (!modparam_btcoex)
3917                 return;
3918         if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
3919                 return;
3920         if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
3921                 return;
3922
3923         hf = b43_hf_read(dev);
3924         if (sprom->boardflags_lo & B43_BFL_BTCMOD)
3925                 hf |= B43_HF_BTCOEXALT;
3926         else
3927                 hf |= B43_HF_BTCOEX;
3928         b43_hf_write(dev, hf);
3929 }
3930
3931 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
3932 {
3933         if (!modparam_btcoex)
3934                 return;
3935         //TODO
3936 }
3937
3938 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
3939 {
3940 #ifdef CONFIG_SSB_DRIVER_PCICORE
3941         struct ssb_bus *bus = dev->dev->bus;
3942         u32 tmp;
3943
3944         if (bus->pcicore.dev &&
3945             bus->pcicore.dev->id.coreid == SSB_DEV_PCI &&
3946             bus->pcicore.dev->id.revision <= 5) {
3947                 /* IMCFGLO timeouts workaround. */
3948                 tmp = ssb_read32(dev->dev, SSB_IMCFGLO);
3949                 tmp &= ~SSB_IMCFGLO_REQTO;
3950                 tmp &= ~SSB_IMCFGLO_SERTO;
3951                 switch (bus->bustype) {
3952                 case SSB_BUSTYPE_PCI:
3953                 case SSB_BUSTYPE_PCMCIA:
3954                         tmp |= 0x32;
3955                         break;
3956                 case SSB_BUSTYPE_SSB:
3957                         tmp |= 0x53;
3958                         break;
3959                 }
3960                 ssb_write32(dev->dev, SSB_IMCFGLO, tmp);
3961         }
3962 #endif /* CONFIG_SSB_DRIVER_PCICORE */
3963 }
3964
3965 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
3966 {
3967         u16 pu_delay;
3968
3969         /* The time value is in microseconds. */
3970         if (dev->phy.type == B43_PHYTYPE_A)
3971                 pu_delay = 3700;
3972         else
3973                 pu_delay = 1050;
3974         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
3975                 pu_delay = 500;
3976         if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
3977                 pu_delay = max(pu_delay, (u16)2400);
3978
3979         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
3980 }
3981
3982 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
3983 static void b43_set_pretbtt(struct b43_wldev *dev)
3984 {
3985         u16 pretbtt;
3986
3987         /* The time value is in microseconds. */
3988         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC)) {
3989                 pretbtt = 2;
3990         } else {
3991                 if (dev->phy.type == B43_PHYTYPE_A)
3992                         pretbtt = 120;
3993                 else
3994                         pretbtt = 250;
3995         }
3996         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
3997         b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
3998 }
3999
4000 /* Shutdown a wireless core */
4001 /* Locking: wl->mutex */
4002 static void b43_wireless_core_exit(struct b43_wldev *dev)
4003 {
4004         u32 macctl;
4005
4006         B43_WARN_ON(b43_status(dev) > B43_STAT_INITIALIZED);
4007         if (b43_status(dev) != B43_STAT_INITIALIZED)
4008                 return;
4009         b43_set_status(dev, B43_STAT_UNINIT);
4010
4011         /* Stop the microcode PSM. */
4012         macctl = b43_read32(dev, B43_MMIO_MACCTL);
4013         macctl &= ~B43_MACCTL_PSM_RUN;
4014         macctl |= B43_MACCTL_PSM_JMP0;
4015         b43_write32(dev, B43_MMIO_MACCTL, macctl);
4016
4017         if (!dev->suspend_in_progress) {
4018                 b43_leds_exit(dev);
4019                 b43_rng_exit(dev->wl);
4020         }
4021         b43_dma_free(dev);
4022         b43_pio_free(dev);
4023         b43_chip_exit(dev);
4024         dev->phy.ops->switch_analog(dev, 0);
4025         if (dev->wl->current_beacon) {
4026                 dev_kfree_skb_any(dev->wl->current_beacon);
4027                 dev->wl->current_beacon = NULL;
4028         }
4029
4030         ssb_device_disable(dev->dev, 0);
4031         ssb_bus_may_powerdown(dev->dev->bus);
4032 }
4033
4034 /* Initialize a wireless core */
4035 static int b43_wireless_core_init(struct b43_wldev *dev)
4036 {
4037         struct b43_wl *wl = dev->wl;
4038         struct ssb_bus *bus = dev->dev->bus;
4039         struct ssb_sprom *sprom = &bus->sprom;
4040         struct b43_phy *phy = &dev->phy;
4041         int err;
4042         u64 hf;
4043         u32 tmp;
4044
4045         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4046
4047         err = ssb_bus_powerup(bus, 0);
4048         if (err)
4049                 goto out;
4050         if (!ssb_device_is_enabled(dev->dev)) {
4051                 tmp = phy->gmode ? B43_TMSLOW_GMODE : 0;
4052                 b43_wireless_core_reset(dev, tmp);
4053         }
4054
4055         /* Reset all data structures. */
4056         setup_struct_wldev_for_init(dev);
4057         phy->ops->prepare_structs(dev);
4058
4059         /* Enable IRQ routing to this device. */
4060         ssb_pcicore_dev_irqvecs_enable(&bus->pcicore, dev->dev);
4061
4062         b43_imcfglo_timeouts_workaround(dev);
4063         b43_bluetooth_coext_disable(dev);
4064         if (phy->ops->prepare_hardware) {
4065                 err = phy->ops->prepare_hardware(dev);
4066                 if (err)
4067                         goto err_busdown;
4068         }
4069         err = b43_chip_init(dev);
4070         if (err)
4071                 goto err_busdown;
4072         b43_shm_write16(dev, B43_SHM_SHARED,
4073                         B43_SHM_SH_WLCOREREV, dev->dev->id.revision);
4074         hf = b43_hf_read(dev);
4075         if (phy->type == B43_PHYTYPE_G) {
4076                 hf |= B43_HF_SYMW;
4077                 if (phy->rev == 1)
4078                         hf |= B43_HF_GDCW;
4079                 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4080                         hf |= B43_HF_OFDMPABOOST;
4081         } else if (phy->type == B43_PHYTYPE_B) {
4082                 hf |= B43_HF_SYMW;
4083                 if (phy->rev >= 2 && phy->radio_ver == 0x2050)
4084                         hf &= ~B43_HF_GDCW;
4085         }
4086         b43_hf_write(dev, hf);
4087
4088         b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4089                              B43_DEFAULT_LONG_RETRY_LIMIT);
4090         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4091         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4092
4093         /* Disable sending probe responses from firmware.
4094          * Setting the MaxTime to one usec will always trigger
4095          * a timeout, so we never send any probe resp.
4096          * A timeout of zero is infinite. */
4097         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4098
4099         b43_rate_memory_init(dev);
4100         b43_set_phytxctl_defaults(dev);
4101
4102         /* Minimum Contention Window */
4103         if (phy->type == B43_PHYTYPE_B) {
4104                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4105         } else {
4106                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4107         }
4108         /* Maximum Contention Window */
4109         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4110
4111         if ((dev->dev->bus->bustype == SSB_BUSTYPE_PCMCIA) || B43_FORCE_PIO) {
4112                 dev->__using_pio_transfers = 1;
4113                 err = b43_pio_init(dev);
4114         } else {
4115                 dev->__using_pio_transfers = 0;
4116                 err = b43_dma_init(dev);
4117         }
4118         if (err)
4119                 goto err_chip_exit;
4120         b43_qos_init(dev);
4121         b43_set_synth_pu_delay(dev, 1);
4122         b43_bluetooth_coext_enable(dev);
4123
4124         ssb_bus_powerup(bus, 1);        /* Enable dynamic PCTL */
4125         b43_upload_card_macaddress(dev);
4126         b43_security_init(dev);
4127         if (!dev->suspend_in_progress)
4128                 b43_rng_init(wl);
4129
4130         b43_set_status(dev, B43_STAT_INITIALIZED);
4131
4132         if (!dev->suspend_in_progress)
4133                 b43_leds_init(dev);
4134 out:
4135         return err;
4136
4137 err_chip_exit:
4138         b43_chip_exit(dev);
4139 err_busdown:
4140         ssb_bus_may_powerdown(bus);
4141         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4142         return err;
4143 }
4144
4145 static int b43_op_add_interface(struct ieee80211_hw *hw,
4146                                 struct ieee80211_if_init_conf *conf)
4147 {
4148         struct b43_wl *wl = hw_to_b43_wl(hw);
4149         struct b43_wldev *dev;
4150         unsigned long flags;
4151         int err = -EOPNOTSUPP;
4152
4153         /* TODO: allow WDS/AP devices to coexist */
4154
4155         if (conf->type != NL80211_IFTYPE_AP &&
4156             conf->type != NL80211_IFTYPE_MESH_POINT &&
4157             conf->type != NL80211_IFTYPE_STATION &&
4158             conf->type != NL80211_IFTYPE_WDS &&
4159             conf->type != NL80211_IFTYPE_ADHOC)
4160                 return -EOPNOTSUPP;
4161
4162         mutex_lock(&wl->mutex);
4163         if (wl->operating)
4164                 goto out_mutex_unlock;
4165
4166         b43dbg(wl, "Adding Interface type %d\n", conf->type);
4167
4168         dev = wl->current_dev;
4169         wl->operating = 1;
4170         wl->vif = conf->vif;
4171         wl->if_type = conf->type;
4172         memcpy(wl->mac_addr, conf->mac_addr, ETH_ALEN);
4173
4174         spin_lock_irqsave(&wl->irq_lock, flags);
4175         b43_adjust_opmode(dev);
4176         b43_set_pretbtt(dev);
4177         b43_set_synth_pu_delay(dev, 0);
4178         b43_upload_card_macaddress(dev);
4179         spin_unlock_irqrestore(&wl->irq_lock, flags);
4180
4181         err = 0;
4182  out_mutex_unlock:
4183         mutex_unlock(&wl->mutex);
4184
4185         return err;
4186 }
4187
4188 static void b43_op_remove_interface(struct ieee80211_hw *hw,
4189                                     struct ieee80211_if_init_conf *conf)
4190 {
4191         struct b43_wl *wl = hw_to_b43_wl(hw);
4192         struct b43_wldev *dev = wl->current_dev;
4193         unsigned long flags;
4194
4195         b43dbg(wl, "Removing Interface type %d\n", conf->type);
4196
4197         mutex_lock(&wl->mutex);
4198
4199         B43_WARN_ON(!wl->operating);
4200         B43_WARN_ON(wl->vif != conf->vif);
4201         wl->vif = NULL;
4202
4203         wl->operating = 0;
4204
4205         spin_lock_irqsave(&wl->irq_lock, flags);
4206         b43_adjust_opmode(dev);
4207         memset(wl->mac_addr, 0, ETH_ALEN);
4208         b43_upload_card_macaddress(dev);
4209         spin_unlock_irqrestore(&wl->irq_lock, flags);
4210
4211         mutex_unlock(&wl->mutex);
4212 }
4213
4214 static int b43_op_start(struct ieee80211_hw *hw)
4215 {
4216         struct b43_wl *wl = hw_to_b43_wl(hw);
4217         struct b43_wldev *dev = wl->current_dev;
4218         int did_init = 0;
4219         int err = 0;
4220         bool do_rfkill_exit = 0;
4221
4222         /* Kill all old instance specific information to make sure
4223          * the card won't use it in the short timeframe between start
4224          * and mac80211 reconfiguring it. */
4225         memset(wl->bssid, 0, ETH_ALEN);
4226         memset(wl->mac_addr, 0, ETH_ALEN);
4227         wl->filter_flags = 0;
4228         wl->radiotap_enabled = 0;
4229         b43_qos_clear(wl);
4230         wl->beacon0_uploaded = 0;
4231         wl->beacon1_uploaded = 0;
4232         wl->beacon_templates_virgin = 1;
4233
4234         /* First register RFkill.
4235          * LEDs that are registered later depend on it. */
4236         b43_rfkill_init(dev);
4237
4238         mutex_lock(&wl->mutex);
4239
4240         if (b43_status(dev) < B43_STAT_INITIALIZED) {
4241                 err = b43_wireless_core_init(dev);
4242                 if (err) {
4243                         do_rfkill_exit = 1;
4244                         goto out_mutex_unlock;
4245                 }
4246                 did_init = 1;
4247         }
4248
4249         if (b43_status(dev) < B43_STAT_STARTED) {
4250                 err = b43_wireless_core_start(dev);
4251                 if (err) {
4252                         if (did_init)
4253                                 b43_wireless_core_exit(dev);
4254                         do_rfkill_exit = 1;
4255                         goto out_mutex_unlock;
4256                 }
4257         }
4258
4259  out_mutex_unlock:
4260         mutex_unlock(&wl->mutex);
4261
4262         if (do_rfkill_exit)
4263                 b43_rfkill_exit(dev);
4264
4265         return err;
4266 }
4267
4268 static void b43_op_stop(struct ieee80211_hw *hw)
4269 {
4270         struct b43_wl *wl = hw_to_b43_wl(hw);
4271         struct b43_wldev *dev = wl->current_dev;
4272
4273         b43_rfkill_exit(dev);
4274         cancel_work_sync(&(wl->beacon_update_trigger));
4275
4276         mutex_lock(&wl->mutex);
4277         if (b43_status(dev) >= B43_STAT_STARTED)
4278                 b43_wireless_core_stop(dev);
4279         b43_wireless_core_exit(dev);
4280         mutex_unlock(&wl->mutex);
4281
4282         cancel_work_sync(&(wl->txpower_adjust_work));
4283 }
4284
4285 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
4286                                  struct ieee80211_sta *sta, bool set)
4287 {
4288         struct b43_wl *wl = hw_to_b43_wl(hw);
4289         unsigned long flags;
4290
4291         spin_lock_irqsave(&wl->irq_lock, flags);
4292         b43_update_templates(wl);
4293         spin_unlock_irqrestore(&wl->irq_lock, flags);
4294
4295         return 0;
4296 }
4297
4298 static void b43_op_sta_notify(struct ieee80211_hw *hw,
4299                               struct ieee80211_vif *vif,
4300                               enum sta_notify_cmd notify_cmd,
4301                               struct ieee80211_sta *sta)
4302 {
4303         struct b43_wl *wl = hw_to_b43_wl(hw);
4304
4305         B43_WARN_ON(!vif || wl->vif != vif);
4306 }
4307
4308 static const struct ieee80211_ops b43_hw_ops = {
4309         .tx                     = b43_op_tx,
4310         .conf_tx                = b43_op_conf_tx,
4311         .add_interface          = b43_op_add_interface,
4312         .remove_interface       = b43_op_remove_interface,
4313         .config                 = b43_op_config,
4314         .bss_info_changed       = b43_op_bss_info_changed,
4315         .config_interface       = b43_op_config_interface,
4316         .configure_filter       = b43_op_configure_filter,
4317         .set_key                = b43_op_set_key,
4318         .get_stats              = b43_op_get_stats,
4319         .get_tx_stats           = b43_op_get_tx_stats,
4320         .start                  = b43_op_start,
4321         .stop                   = b43_op_stop,
4322         .set_tim                = b43_op_beacon_set_tim,
4323         .sta_notify             = b43_op_sta_notify,
4324 };
4325
4326 /* Hard-reset the chip. Do not call this directly.
4327  * Use b43_controller_restart()
4328  */
4329 static void b43_chip_reset(struct work_struct *work)
4330 {
4331         struct b43_wldev *dev =
4332             container_of(work, struct b43_wldev, restart_work);
4333         struct b43_wl *wl = dev->wl;
4334         int err = 0;
4335         int prev_status;
4336
4337         mutex_lock(&wl->mutex);
4338
4339         prev_status = b43_status(dev);
4340         /* Bring the device down... */
4341         if (prev_status >= B43_STAT_STARTED)
4342                 b43_wireless_core_stop(dev);
4343         if (prev_status >= B43_STAT_INITIALIZED)
4344                 b43_wireless_core_exit(dev);
4345
4346         /* ...and up again. */
4347         if (prev_status >= B43_STAT_INITIALIZED) {
4348                 err = b43_wireless_core_init(dev);
4349                 if (err)
4350                         goto out;
4351         }
4352         if (prev_status >= B43_STAT_STARTED) {
4353                 err = b43_wireless_core_start(dev);
4354                 if (err) {
4355                         b43_wireless_core_exit(dev);
4356                         goto out;
4357                 }
4358         }
4359 out:
4360         if (err)
4361                 wl->current_dev = NULL; /* Failed to init the dev. */
4362         mutex_unlock(&wl->mutex);
4363         if (err)
4364                 b43err(wl, "Controller restart FAILED\n");
4365         else
4366                 b43info(wl, "Controller restarted\n");
4367 }
4368
4369 static int b43_setup_bands(struct b43_wldev *dev,
4370                            bool have_2ghz_phy, bool have_5ghz_phy)
4371 {
4372         struct ieee80211_hw *hw = dev->wl->hw;
4373
4374         if (have_2ghz_phy)
4375                 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &b43_band_2GHz;
4376         if (dev->phy.type == B43_PHYTYPE_N) {
4377                 if (have_5ghz_phy)
4378                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_nphy;
4379         } else {
4380                 if (have_5ghz_phy)
4381                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
4382         }
4383
4384         dev->phy.supports_2ghz = have_2ghz_phy;
4385         dev->phy.supports_5ghz = have_5ghz_phy;
4386
4387         return 0;
4388 }
4389
4390 static void b43_wireless_core_detach(struct b43_wldev *dev)
4391 {
4392         /* We release firmware that late to not be required to re-request
4393          * is all the time when we reinit the core. */
4394         b43_release_firmware(dev);
4395         b43_phy_free(dev);
4396 }
4397
4398 static int b43_wireless_core_attach(struct b43_wldev *dev)
4399 {
4400         struct b43_wl *wl = dev->wl;
4401         struct ssb_bus *bus = dev->dev->bus;
4402         struct pci_dev *pdev = bus->host_pci;
4403         int err;
4404         bool have_2ghz_phy = 0, have_5ghz_phy = 0;
4405         u32 tmp;
4406
4407         /* Do NOT do any device initialization here.
4408          * Do it in wireless_core_init() instead.
4409          * This function is for gathering basic information about the HW, only.
4410          * Also some structs may be set up here. But most likely you want to have
4411          * that in core_init(), too.
4412          */
4413
4414         err = ssb_bus_powerup(bus, 0);
4415         if (err) {
4416                 b43err(wl, "Bus powerup failed\n");
4417                 goto out;
4418         }
4419         /* Get the PHY type. */
4420         if (dev->dev->id.revision >= 5) {
4421                 u32 tmshigh;
4422
4423                 tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
4424                 have_2ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY);
4425                 have_5ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_5GHZ_PHY);
4426         } else
4427                 B43_WARN_ON(1);
4428
4429         dev->phy.gmode = have_2ghz_phy;
4430         tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4431         b43_wireless_core_reset(dev, tmp);
4432
4433         err = b43_phy_versioning(dev);
4434         if (err)
4435                 goto err_powerdown;
4436         /* Check if this device supports multiband. */
4437         if (!pdev ||
4438             (pdev->device != 0x4312 &&
4439              pdev->device != 0x4319 && pdev->device != 0x4324)) {
4440                 /* No multiband support. */
4441                 have_2ghz_phy = 0;
4442                 have_5ghz_phy = 0;
4443                 switch (dev->phy.type) {
4444                 case B43_PHYTYPE_A:
4445                         have_5ghz_phy = 1;
4446                         break;
4447                 case B43_PHYTYPE_G:
4448                 case B43_PHYTYPE_N:
4449                         have_2ghz_phy = 1;
4450                         break;
4451                 default:
4452                         B43_WARN_ON(1);
4453                 }
4454         }
4455         if (dev->phy.type == B43_PHYTYPE_A) {
4456                 /* FIXME */
4457                 b43err(wl, "IEEE 802.11a devices are unsupported\n");
4458                 err = -EOPNOTSUPP;
4459                 goto err_powerdown;
4460         }
4461         if (1 /* disable A-PHY */) {
4462                 /* FIXME: For now we disable the A-PHY on multi-PHY devices. */
4463                 if (dev->phy.type != B43_PHYTYPE_N) {
4464                         have_2ghz_phy = 1;
4465                         have_5ghz_phy = 0;
4466                 }
4467         }
4468
4469         err = b43_phy_allocate(dev);
4470         if (err)
4471                 goto err_powerdown;
4472
4473         dev->phy.gmode = have_2ghz_phy;
4474         tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4475         b43_wireless_core_reset(dev, tmp);
4476
4477         err = b43_validate_chipaccess(dev);
4478         if (err)
4479                 goto err_phy_free;
4480         err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
4481         if (err)
4482                 goto err_phy_free;
4483
4484         /* Now set some default "current_dev" */
4485         if (!wl->current_dev)
4486                 wl->current_dev = dev;
4487         INIT_WORK(&dev->restart_work, b43_chip_reset);
4488
4489         dev->phy.ops->switch_analog(dev, 0);
4490         ssb_device_disable(dev->dev, 0);
4491         ssb_bus_may_powerdown(bus);
4492
4493 out:
4494         return err;
4495
4496 err_phy_free:
4497         b43_phy_free(dev);
4498 err_powerdown:
4499         ssb_bus_may_powerdown(bus);
4500         return err;
4501 }
4502
4503 static void b43_one_core_detach(struct ssb_device *dev)
4504 {
4505         struct b43_wldev *wldev;
4506         struct b43_wl *wl;
4507
4508         /* Do not cancel ieee80211-workqueue based work here.
4509          * See comment in b43_remove(). */
4510
4511         wldev = ssb_get_drvdata(dev);
4512         wl = wldev->wl;
4513         b43_debugfs_remove_device(wldev);
4514         b43_wireless_core_detach(wldev);
4515         list_del(&wldev->list);
4516         wl->nr_devs--;
4517         ssb_set_drvdata(dev, NULL);
4518         kfree(wldev);
4519 }
4520
4521 static int b43_one_core_attach(struct ssb_device *dev, struct b43_wl *wl)
4522 {
4523         struct b43_wldev *wldev;
4524         struct pci_dev *pdev;
4525         int err = -ENOMEM;
4526
4527         if (!list_empty(&wl->devlist)) {
4528                 /* We are not the first core on this chip. */
4529                 pdev = dev->bus->host_pci;
4530                 /* Only special chips support more than one wireless
4531                  * core, although some of the other chips have more than
4532                  * one wireless core as well. Check for this and
4533                  * bail out early.
4534                  */
4535                 if (!pdev ||
4536                     ((pdev->device != 0x4321) &&
4537                      (pdev->device != 0x4313) && (pdev->device != 0x431A))) {
4538                         b43dbg(wl, "Ignoring unconnected 802.11 core\n");
4539                         return -ENODEV;
4540                 }
4541         }
4542
4543         wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
4544         if (!wldev)
4545                 goto out;
4546
4547         wldev->dev = dev;
4548         wldev->wl = wl;
4549         b43_set_status(wldev, B43_STAT_UNINIT);
4550         wldev->bad_frames_preempt = modparam_bad_frames_preempt;
4551         tasklet_init(&wldev->isr_tasklet,
4552                      (void (*)(unsigned long))b43_interrupt_tasklet,
4553                      (unsigned long)wldev);
4554         INIT_LIST_HEAD(&wldev->list);
4555
4556         err = b43_wireless_core_attach(wldev);
4557         if (err)
4558                 goto err_kfree_wldev;
4559
4560         list_add(&wldev->list, &wl->devlist);
4561         wl->nr_devs++;
4562         ssb_set_drvdata(dev, wldev);
4563         b43_debugfs_add_device(wldev);
4564
4565       out:
4566         return err;
4567
4568       err_kfree_wldev:
4569         kfree(wldev);
4570         return err;
4571 }
4572
4573 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice)         ( \
4574         (pdev->vendor == PCI_VENDOR_ID_##_vendor) &&                    \
4575         (pdev->device == _device) &&                                    \
4576         (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) &&       \
4577         (pdev->subsystem_device == _subdevice)                          )
4578
4579 static void b43_sprom_fixup(struct ssb_bus *bus)
4580 {
4581         struct pci_dev *pdev;
4582
4583         /* boardflags workarounds */
4584         if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
4585             bus->chip_id == 0x4301 && bus->boardinfo.rev == 0x74)
4586                 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
4587         if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
4588             bus->boardinfo.type == 0x4E && bus->boardinfo.rev > 0x40)
4589                 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
4590         if (bus->bustype == SSB_BUSTYPE_PCI) {
4591                 pdev = bus->host_pci;
4592                 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
4593                     IS_PDEV(pdev, BROADCOM, 0x4320,    DELL, 0x0003) ||
4594                     IS_PDEV(pdev, BROADCOM, 0x4320,      HP, 0x12f8) ||
4595                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
4596                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
4597                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
4598                     IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
4599                         bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
4600         }
4601 }
4602
4603 static void b43_wireless_exit(struct ssb_device *dev, struct b43_wl *wl)
4604 {
4605         struct ieee80211_hw *hw = wl->hw;
4606
4607         ssb_set_devtypedata(dev, NULL);
4608         ieee80211_free_hw(hw);
4609 }
4610
4611 static int b43_wireless_init(struct ssb_device *dev)
4612 {
4613         struct ssb_sprom *sprom = &dev->bus->sprom;
4614         struct ieee80211_hw *hw;
4615         struct b43_wl *wl;
4616         int err = -ENOMEM;
4617
4618         b43_sprom_fixup(dev->bus);
4619
4620         hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
4621         if (!hw) {
4622                 b43err(NULL, "Could not allocate ieee80211 device\n");
4623                 goto out;
4624         }
4625
4626         /* fill hw info */
4627         hw->flags = IEEE80211_HW_RX_INCLUDES_FCS |
4628                     IEEE80211_HW_SIGNAL_DBM |
4629                     IEEE80211_HW_NOISE_DBM;
4630
4631         hw->wiphy->interface_modes =
4632                 BIT(NL80211_IFTYPE_AP) |
4633                 BIT(NL80211_IFTYPE_MESH_POINT) |
4634                 BIT(NL80211_IFTYPE_STATION) |
4635                 BIT(NL80211_IFTYPE_WDS) |
4636                 BIT(NL80211_IFTYPE_ADHOC);
4637
4638         hw->queues = b43_modparam_qos ? 4 : 1;
4639         hw->max_rates = 2;
4640         SET_IEEE80211_DEV(hw, dev->dev);
4641         if (is_valid_ether_addr(sprom->et1mac))
4642                 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
4643         else
4644                 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
4645
4646         /* Get and initialize struct b43_wl */
4647         wl = hw_to_b43_wl(hw);
4648         memset(wl, 0, sizeof(*wl));
4649         wl->hw = hw;
4650         spin_lock_init(&wl->irq_lock);
4651         rwlock_init(&wl->tx_lock);
4652         spin_lock_init(&wl->leds_lock);
4653         spin_lock_init(&wl->shm_lock);
4654         mutex_init(&wl->mutex);
4655         INIT_LIST_HEAD(&wl->devlist);
4656         INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
4657         INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
4658
4659         ssb_set_devtypedata(dev, wl);
4660         b43info(wl, "Broadcom %04X WLAN found\n", dev->bus->chip_id);
4661         err = 0;
4662       out:
4663         return err;
4664 }
4665
4666 static int b43_probe(struct ssb_device *dev, const struct ssb_device_id *id)
4667 {
4668         struct b43_wl *wl;
4669         int err;
4670         int first = 0;
4671
4672         wl = ssb_get_devtypedata(dev);
4673         if (!wl) {
4674                 /* Probing the first core. Must setup common struct b43_wl */
4675                 first = 1;
4676                 err = b43_wireless_init(dev);
4677                 if (err)
4678                         goto out;
4679                 wl = ssb_get_devtypedata(dev);
4680                 B43_WARN_ON(!wl);
4681         }
4682         err = b43_one_core_attach(dev, wl);
4683         if (err)
4684                 goto err_wireless_exit;
4685
4686         if (first) {
4687                 err = ieee80211_register_hw(wl->hw);
4688                 if (err)
4689                         goto err_one_core_detach;
4690         }
4691
4692       out:
4693         return err;
4694
4695       err_one_core_detach:
4696         b43_one_core_detach(dev);
4697       err_wireless_exit:
4698         if (first)
4699                 b43_wireless_exit(dev, wl);
4700         return err;
4701 }
4702
4703 static void b43_remove(struct ssb_device *dev)
4704 {
4705         struct b43_wl *wl = ssb_get_devtypedata(dev);
4706         struct b43_wldev *wldev = ssb_get_drvdata(dev);
4707
4708         /* We must cancel any work here before unregistering from ieee80211,
4709          * as the ieee80211 unreg will destroy the workqueue. */
4710         cancel_work_sync(&wldev->restart_work);
4711
4712         B43_WARN_ON(!wl);
4713         if (wl->current_dev == wldev)
4714                 ieee80211_unregister_hw(wl->hw);
4715
4716         b43_one_core_detach(dev);
4717
4718         if (list_empty(&wl->devlist)) {
4719                 /* Last core on the chip unregistered.
4720                  * We can destroy common struct b43_wl.
4721                  */
4722                 b43_wireless_exit(dev, wl);
4723         }
4724 }
4725
4726 /* Perform a hardware reset. This can be called from any context. */
4727 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
4728 {
4729         /* Must avoid requeueing, if we are in shutdown. */
4730         if (b43_status(dev) < B43_STAT_INITIALIZED)
4731                 return;
4732         b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
4733         queue_work(dev->wl->hw->workqueue, &dev->restart_work);
4734 }
4735
4736 #ifdef CONFIG_PM
4737
4738 static int b43_suspend(struct ssb_device *dev, pm_message_t state)
4739 {
4740         struct b43_wldev *wldev = ssb_get_drvdata(dev);
4741         struct b43_wl *wl = wldev->wl;
4742
4743         b43dbg(wl, "Suspending...\n");
4744
4745         mutex_lock(&wl->mutex);
4746         wldev->suspend_in_progress = true;
4747         wldev->suspend_init_status = b43_status(wldev);
4748         if (wldev->suspend_init_status >= B43_STAT_STARTED)
4749                 b43_wireless_core_stop(wldev);
4750         if (wldev->suspend_init_status >= B43_STAT_INITIALIZED)
4751                 b43_wireless_core_exit(wldev);
4752         mutex_unlock(&wl->mutex);
4753
4754         b43dbg(wl, "Device suspended.\n");
4755
4756         return 0;
4757 }
4758
4759 static int b43_resume(struct ssb_device *dev)
4760 {
4761         struct b43_wldev *wldev = ssb_get_drvdata(dev);
4762         struct b43_wl *wl = wldev->wl;
4763         int err = 0;
4764
4765         b43dbg(wl, "Resuming...\n");
4766
4767         mutex_lock(&wl->mutex);
4768         if (wldev->suspend_init_status >= B43_STAT_INITIALIZED) {
4769                 err = b43_wireless_core_init(wldev);
4770                 if (err) {
4771                         b43err(wl, "Resume failed at core init\n");
4772                         goto out;
4773                 }
4774         }
4775         if (wldev->suspend_init_status >= B43_STAT_STARTED) {
4776                 err = b43_wireless_core_start(wldev);
4777                 if (err) {
4778                         b43_leds_exit(wldev);
4779                         b43_rng_exit(wldev->wl);
4780                         b43_wireless_core_exit(wldev);
4781                         b43err(wl, "Resume failed at core start\n");
4782                         goto out;
4783                 }
4784         }
4785         b43dbg(wl, "Device resumed.\n");
4786  out:
4787         wldev->suspend_in_progress = false;
4788         mutex_unlock(&wl->mutex);
4789         return err;
4790 }
4791
4792 #else /* CONFIG_PM */
4793 # define b43_suspend    NULL
4794 # define b43_resume     NULL
4795 #endif /* CONFIG_PM */
4796
4797 static struct ssb_driver b43_ssb_driver = {
4798         .name           = KBUILD_MODNAME,
4799         .id_table       = b43_ssb_tbl,
4800         .probe          = b43_probe,
4801         .remove         = b43_remove,
4802         .suspend        = b43_suspend,
4803         .resume         = b43_resume,
4804 };
4805
4806 static void b43_print_driverinfo(void)
4807 {
4808         const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
4809                    *feat_leds = "", *feat_rfkill = "";
4810
4811 #ifdef CONFIG_B43_PCI_AUTOSELECT
4812         feat_pci = "P";
4813 #endif
4814 #ifdef CONFIG_B43_PCMCIA
4815         feat_pcmcia = "M";
4816 #endif
4817 #ifdef CONFIG_B43_NPHY
4818         feat_nphy = "N";
4819 #endif
4820 #ifdef CONFIG_B43_LEDS
4821         feat_leds = "L";
4822 #endif
4823 #ifdef CONFIG_B43_RFKILL
4824         feat_rfkill = "R";
4825 #endif
4826         printk(KERN_INFO "Broadcom 43xx driver loaded "
4827                "[ Features: %s%s%s%s%s, Firmware-ID: "
4828                B43_SUPPORTED_FIRMWARE_ID " ]\n",
4829                feat_pci, feat_pcmcia, feat_nphy,
4830                feat_leds, feat_rfkill);
4831 }
4832
4833 static int __init b43_init(void)
4834 {
4835         int err;
4836
4837         b43_debugfs_init();
4838         err = b43_pcmcia_init();
4839         if (err)
4840                 goto err_dfs_exit;
4841         err = ssb_driver_register(&b43_ssb_driver);
4842         if (err)
4843                 goto err_pcmcia_exit;
4844         b43_print_driverinfo();
4845
4846         return err;
4847
4848 err_pcmcia_exit:
4849         b43_pcmcia_exit();
4850 err_dfs_exit:
4851         b43_debugfs_exit();
4852         return err;
4853 }
4854
4855 static void __exit b43_exit(void)
4856 {
4857         ssb_driver_unregister(&b43_ssb_driver);
4858         b43_pcmcia_exit();
4859         b43_debugfs_exit();
4860 }
4861
4862 module_init(b43_init)
4863 module_exit(b43_exit)