Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
atmel.c
Go to the documentation of this file.
1 /*** -*- linux-c -*- **********************************************************
2 
3  Driver for Atmel at76c502 at76c504 and at76c506 wireless cards.
4 
5  Copyright 2000-2001 ATMEL Corporation.
6  Copyright 2003-2004 Simon Kelley.
7 
8  This code was developed from version 2.1.1 of the Atmel drivers,
9  released by Atmel corp. under the GPL in December 2002. It also
10  includes code from the Linux aironet drivers (C) Benjamin Reed,
11  and the Linux PCMCIA package, (C) David Hinds and the Linux wireless
12  extensions, (C) Jean Tourrilhes.
13 
14  The firmware module for reading the MAC address of the card comes from
15  net.russotto.AtmelMACFW, written by Matthew T. Russotto and copyright
16  by him. net.russotto.AtmelMACFW is used under the GPL license version 2.
17  This file contains the module in binary form and, under the terms
18  of the GPL, in source form. The source is located at the end of the file.
19 
20  This program is free software; you can redistribute it and/or modify
21  it under the terms of the GNU General Public License as published by
22  the Free Software Foundation; either version 2 of the License, or
23  (at your option) any later version.
24 
25  This software is distributed in the hope that it will be useful,
26  but WITHOUT ANY WARRANTY; without even the implied warranty of
27  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
28  GNU General Public License for more details.
29 
30  You should have received a copy of the GNU General Public License
31  along with Atmel wireless lan drivers; if not, write to the Free Software
32  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
33 
34  For all queries about this code, please contact the current author,
35  Simon Kelley <[email protected]> and not Atmel Corporation.
36 
37  Credit is due to HP UK and Cambridge Online Systems Ltd for supplying
38  hardware used during development of this driver.
39 
40 ******************************************************************************/
41 
42 #include <linux/init.h>
43 #include <linux/interrupt.h>
44 
45 #include <linux/kernel.h>
46 #include <linux/ptrace.h>
47 #include <linux/slab.h>
48 #include <linux/string.h>
49 #include <linux/ctype.h>
50 #include <linux/timer.h>
51 #include <asm/byteorder.h>
52 #include <asm/io.h>
53 #include <asm/uaccess.h>
54 #include <linux/module.h>
55 #include <linux/netdevice.h>
56 #include <linux/etherdevice.h>
57 #include <linux/skbuff.h>
58 #include <linux/if_arp.h>
59 #include <linux/ioport.h>
60 #include <linux/fcntl.h>
61 #include <linux/delay.h>
62 #include <linux/wireless.h>
63 #include <net/iw_handler.h>
64 #include <linux/crc32.h>
65 #include <linux/proc_fs.h>
66 #include <linux/device.h>
67 #include <linux/moduleparam.h>
68 #include <linux/firmware.h>
69 #include <linux/jiffies.h>
70 #include <linux/ieee80211.h>
71 #include "atmel.h"
72 
73 #define DRIVER_MAJOR 0
74 #define DRIVER_MINOR 98
75 
76 MODULE_AUTHOR("Simon Kelley");
77 MODULE_DESCRIPTION("Support for Atmel at76c50x 802.11 wireless ethernet cards.");
78 MODULE_LICENSE("GPL");
79 MODULE_SUPPORTED_DEVICE("Atmel at76c50x wireless cards");
80 
81 /* The name of the firmware file to be loaded
82  over-rides any automatic selection */
83 static char *firmware = NULL;
84 module_param(firmware, charp, 0);
85 
86 /* table of firmware file names */
87 static struct {
88  AtmelFWType fw_type;
89  const char *fw_file;
90  const char *fw_file_ext;
91 } fw_table[] = {
92  { ATMEL_FW_TYPE_502, "atmel_at76c502", "bin" },
93  { ATMEL_FW_TYPE_502D, "atmel_at76c502d", "bin" },
94  { ATMEL_FW_TYPE_502E, "atmel_at76c502e", "bin" },
95  { ATMEL_FW_TYPE_502_3COM, "atmel_at76c502_3com", "bin" },
96  { ATMEL_FW_TYPE_504, "atmel_at76c504", "bin" },
97  { ATMEL_FW_TYPE_504_2958, "atmel_at76c504_2958", "bin" },
98  { ATMEL_FW_TYPE_504A_2958, "atmel_at76c504a_2958", "bin" },
99  { ATMEL_FW_TYPE_506, "atmel_at76c506", "bin" },
100  { ATMEL_FW_TYPE_NONE, NULL, NULL }
101 };
102 MODULE_FIRMWARE("atmel_at76c502-wpa.bin");
103 MODULE_FIRMWARE("atmel_at76c502.bin");
104 MODULE_FIRMWARE("atmel_at76c502d-wpa.bin");
105 MODULE_FIRMWARE("atmel_at76c502d.bin");
106 MODULE_FIRMWARE("atmel_at76c502e-wpa.bin");
107 MODULE_FIRMWARE("atmel_at76c502e.bin");
108 MODULE_FIRMWARE("atmel_at76c502_3com-wpa.bin");
109 MODULE_FIRMWARE("atmel_at76c502_3com.bin");
110 MODULE_FIRMWARE("atmel_at76c504-wpa.bin");
111 MODULE_FIRMWARE("atmel_at76c504.bin");
112 MODULE_FIRMWARE("atmel_at76c504_2958-wpa.bin");
113 MODULE_FIRMWARE("atmel_at76c504_2958.bin");
114 MODULE_FIRMWARE("atmel_at76c504a_2958-wpa.bin");
115 MODULE_FIRMWARE("atmel_at76c504a_2958.bin");
116 MODULE_FIRMWARE("atmel_at76c506-wpa.bin");
117 MODULE_FIRMWARE("atmel_at76c506.bin");
118 
119 #define MAX_SSID_LENGTH 32
120 #define MGMT_JIFFIES (256 * HZ / 100)
121 
122 #define MAX_BSS_ENTRIES 64
123 
124 /* registers */
125 #define GCR 0x00 /* (SIR0) General Configuration Register */
126 #define BSR 0x02 /* (SIR1) Bank Switching Select Register */
127 #define AR 0x04
128 #define DR 0x08
129 #define MR1 0x12 /* Mirror Register 1 */
130 #define MR2 0x14 /* Mirror Register 2 */
131 #define MR3 0x16 /* Mirror Register 3 */
132 #define MR4 0x18 /* Mirror Register 4 */
133 
134 #define GPR1 0x0c
135 #define GPR2 0x0e
136 #define GPR3 0x10
137 /*
138  * Constants for the GCR register.
139  */
140 #define GCR_REMAP 0x0400 /* Remap internal SRAM to 0 */
141 #define GCR_SWRES 0x0080 /* BIU reset (ARM and PAI are NOT reset) */
142 #define GCR_CORES 0x0060 /* Core Reset (ARM and PAI are reset) */
143 #define GCR_ENINT 0x0002 /* Enable Interrupts */
144 #define GCR_ACKINT 0x0008 /* Acknowledge Interrupts */
145 
146 #define BSS_SRAM 0x0200 /* AMBA module selection --> SRAM */
147 #define BSS_IRAM 0x0100 /* AMBA module selection --> IRAM */
148 /*
149  *Constants for the MR registers.
150  */
151 #define MAC_INIT_COMPLETE 0x0001 /* MAC init has been completed */
152 #define MAC_BOOT_COMPLETE 0x0010 /* MAC boot has been completed */
153 #define MAC_INIT_OK 0x0002 /* MAC boot has been completed */
154 
155 #define MIB_MAX_DATA_BYTES 212
156 #define MIB_HEADER_SIZE 4 /* first four fields */
157 
158 struct get_set_mib {
159  u8 type;
160  u8 size;
161  u8 index;
162  u8 reserved;
163  u8 data[MIB_MAX_DATA_BYTES];
164 };
165 
166 struct rx_desc {
167  u32 Next;
168  u16 MsduPos;
169  u16 MsduSize;
170 
171  u8 State;
172  u8 Status;
173  u8 Rate;
174  u8 Rssi;
175  u8 LinkQuality;
176  u8 PreambleType;
177  u16 Duration;
178  u32 RxTime;
179 };
180 
181 #define RX_DESC_FLAG_VALID 0x80
182 #define RX_DESC_FLAG_CONSUMED 0x40
183 #define RX_DESC_FLAG_IDLE 0x00
184 
185 #define RX_STATUS_SUCCESS 0x00
186 
187 #define RX_DESC_MSDU_POS_OFFSET 4
188 #define RX_DESC_MSDU_SIZE_OFFSET 6
189 #define RX_DESC_FLAGS_OFFSET 8
190 #define RX_DESC_STATUS_OFFSET 9
191 #define RX_DESC_RSSI_OFFSET 11
192 #define RX_DESC_LINK_QUALITY_OFFSET 12
193 #define RX_DESC_PREAMBLE_TYPE_OFFSET 13
194 #define RX_DESC_DURATION_OFFSET 14
195 #define RX_DESC_RX_TIME_OFFSET 16
196 
197 struct tx_desc {
198  u32 NextDescriptor;
199  u16 TxStartOfFrame;
200  u16 TxLength;
201 
202  u8 TxState;
203  u8 TxStatus;
204  u8 RetryCount;
205 
206  u8 TxRate;
207 
208  u8 KeyIndex;
209  u8 ChiperType;
210  u8 ChipreLength;
211  u8 Reserved1;
212 
213  u8 Reserved;
214  u8 PacketType;
215  u16 HostTxLength;
216 };
217 
218 #define TX_DESC_NEXT_OFFSET 0
219 #define TX_DESC_POS_OFFSET 4
220 #define TX_DESC_SIZE_OFFSET 6
221 #define TX_DESC_FLAGS_OFFSET 8
222 #define TX_DESC_STATUS_OFFSET 9
223 #define TX_DESC_RETRY_OFFSET 10
224 #define TX_DESC_RATE_OFFSET 11
225 #define TX_DESC_KEY_INDEX_OFFSET 12
226 #define TX_DESC_CIPHER_TYPE_OFFSET 13
227 #define TX_DESC_CIPHER_LENGTH_OFFSET 14
228 #define TX_DESC_PACKET_TYPE_OFFSET 17
229 #define TX_DESC_HOST_LENGTH_OFFSET 18
230 
231 /*
232  * Host-MAC interface
233  */
234 
235 #define TX_STATUS_SUCCESS 0x00
236 
237 #define TX_FIRM_OWN 0x80
238 #define TX_DONE 0x40
239 
240 #define TX_ERROR 0x01
241 
242 #define TX_PACKET_TYPE_DATA 0x01
243 #define TX_PACKET_TYPE_MGMT 0x02
244 
245 #define ISR_EMPTY 0x00 /* no bits set in ISR */
246 #define ISR_TxCOMPLETE 0x01 /* packet transmitted */
247 #define ISR_RxCOMPLETE 0x02 /* packet received */
248 #define ISR_RxFRAMELOST 0x04 /* Rx Frame lost */
249 #define ISR_FATAL_ERROR 0x08 /* Fatal error */
250 #define ISR_COMMAND_COMPLETE 0x10 /* command completed */
251 #define ISR_OUT_OF_RANGE 0x20 /* command completed */
252 #define ISR_IBSS_MERGE 0x40 /* (4.1.2.30): IBSS merge */
253 #define ISR_GENERIC_IRQ 0x80
254 
255 #define Local_Mib_Type 0x01
256 #define Mac_Address_Mib_Type 0x02
257 #define Mac_Mib_Type 0x03
258 #define Statistics_Mib_Type 0x04
259 #define Mac_Mgmt_Mib_Type 0x05
260 #define Mac_Wep_Mib_Type 0x06
261 #define Phy_Mib_Type 0x07
262 #define Multi_Domain_MIB 0x08
263 
264 #define MAC_MGMT_MIB_CUR_BSSID_POS 14
265 #define MAC_MIB_FRAG_THRESHOLD_POS 8
266 #define MAC_MIB_RTS_THRESHOLD_POS 10
267 #define MAC_MIB_SHORT_RETRY_POS 16
268 #define MAC_MIB_LONG_RETRY_POS 17
269 #define MAC_MIB_SHORT_RETRY_LIMIT_POS 16
270 #define MAC_MGMT_MIB_BEACON_PER_POS 0
271 #define MAC_MGMT_MIB_STATION_ID_POS 6
272 #define MAC_MGMT_MIB_CUR_PRIVACY_POS 11
273 #define MAC_MGMT_MIB_CUR_BSSID_POS 14
274 #define MAC_MGMT_MIB_PS_MODE_POS 53
275 #define MAC_MGMT_MIB_LISTEN_INTERVAL_POS 54
276 #define MAC_MGMT_MIB_MULTI_DOMAIN_IMPLEMENTED 56
277 #define MAC_MGMT_MIB_MULTI_DOMAIN_ENABLED 57
278 #define PHY_MIB_CHANNEL_POS 14
279 #define PHY_MIB_RATE_SET_POS 20
280 #define PHY_MIB_REG_DOMAIN_POS 26
281 #define LOCAL_MIB_AUTO_TX_RATE_POS 3
282 #define LOCAL_MIB_SSID_SIZE 5
283 #define LOCAL_MIB_TX_PROMISCUOUS_POS 6
284 #define LOCAL_MIB_TX_MGMT_RATE_POS 7
285 #define LOCAL_MIB_TX_CONTROL_RATE_POS 8
286 #define LOCAL_MIB_PREAMBLE_TYPE 9
287 #define MAC_ADDR_MIB_MAC_ADDR_POS 0
288 
289 #define CMD_Set_MIB_Vars 0x01
290 #define CMD_Get_MIB_Vars 0x02
291 #define CMD_Scan 0x03
292 #define CMD_Join 0x04
293 #define CMD_Start 0x05
294 #define CMD_EnableRadio 0x06
295 #define CMD_DisableRadio 0x07
296 #define CMD_SiteSurvey 0x0B
297 
298 #define CMD_STATUS_IDLE 0x00
299 #define CMD_STATUS_COMPLETE 0x01
300 #define CMD_STATUS_UNKNOWN 0x02
301 #define CMD_STATUS_INVALID_PARAMETER 0x03
302 #define CMD_STATUS_FUNCTION_NOT_SUPPORTED 0x04
303 #define CMD_STATUS_TIME_OUT 0x07
304 #define CMD_STATUS_IN_PROGRESS 0x08
305 #define CMD_STATUS_REJECTED_RADIO_OFF 0x09
306 #define CMD_STATUS_HOST_ERROR 0xFF
307 #define CMD_STATUS_BUSY 0xFE
308 
309 #define CMD_BLOCK_COMMAND_OFFSET 0
310 #define CMD_BLOCK_STATUS_OFFSET 1
311 #define CMD_BLOCK_PARAMETERS_OFFSET 4
312 
313 #define SCAN_OPTIONS_SITE_SURVEY 0x80
314 
315 #define MGMT_FRAME_BODY_OFFSET 24
316 #define MAX_AUTHENTICATION_RETRIES 3
317 #define MAX_ASSOCIATION_RETRIES 3
318 
319 #define AUTHENTICATION_RESPONSE_TIME_OUT 1000
320 
321 #define MAX_WIRELESS_BODY 2316 /* mtu is 2312, CRC is 4 */
322 #define LOOP_RETRY_LIMIT 500000
323 
324 #define ACTIVE_MODE 1
325 #define PS_MODE 2
326 
327 #define MAX_ENCRYPTION_KEYS 4
328 #define MAX_ENCRYPTION_KEY_SIZE 40
329 
330 /*
331  * 802.11 related definitions
332  */
333 
334 /*
335  * Regulatory Domains
336  */
337 
338 #define REG_DOMAIN_FCC 0x10 /* Channels 1-11 USA */
339 #define REG_DOMAIN_DOC 0x20 /* Channel 1-11 Canada */
340 #define REG_DOMAIN_ETSI 0x30 /* Channel 1-13 Europe (ex Spain/France) */
341 #define REG_DOMAIN_SPAIN 0x31 /* Channel 10-11 Spain */
342 #define REG_DOMAIN_FRANCE 0x32 /* Channel 10-13 France */
343 #define REG_DOMAIN_MKK 0x40 /* Channel 14 Japan */
344 #define REG_DOMAIN_MKK1 0x41 /* Channel 1-14 Japan(MKK1) */
345 #define REG_DOMAIN_ISRAEL 0x50 /* Channel 3-9 ISRAEL */
346 
347 #define BSS_TYPE_AD_HOC 1
348 #define BSS_TYPE_INFRASTRUCTURE 2
349 
350 #define SCAN_TYPE_ACTIVE 0
351 #define SCAN_TYPE_PASSIVE 1
352 
353 #define LONG_PREAMBLE 0
354 #define SHORT_PREAMBLE 1
355 #define AUTO_PREAMBLE 2
356 
357 #define DATA_FRAME_WS_HEADER_SIZE 30
358 
359 /* promiscuous mode control */
360 #define PROM_MODE_OFF 0x0
361 #define PROM_MODE_UNKNOWN 0x1
362 #define PROM_MODE_CRC_FAILED 0x2
363 #define PROM_MODE_DUPLICATED 0x4
364 #define PROM_MODE_MGMT 0x8
365 #define PROM_MODE_CTRL 0x10
366 #define PROM_MODE_BAD_PROTOCOL 0x20
367 
368 #define IFACE_INT_STATUS_OFFSET 0
369 #define IFACE_INT_MASK_OFFSET 1
370 #define IFACE_LOCKOUT_HOST_OFFSET 2
371 #define IFACE_LOCKOUT_MAC_OFFSET 3
372 #define IFACE_FUNC_CTRL_OFFSET 28
373 #define IFACE_MAC_STAT_OFFSET 30
374 #define IFACE_GENERIC_INT_TYPE_OFFSET 32
375 
376 #define CIPHER_SUITE_NONE 0
377 #define CIPHER_SUITE_WEP_64 1
378 #define CIPHER_SUITE_TKIP 2
379 #define CIPHER_SUITE_AES 3
380 #define CIPHER_SUITE_CCX 4
381 #define CIPHER_SUITE_WEP_128 5
382 
383 /*
384  * IFACE MACROS & definitions
385  */
386 
387 /*
388  * FuncCtrl field:
389  */
390 #define FUNC_CTRL_TxENABLE 0x10
391 #define FUNC_CTRL_RxENABLE 0x20
392 #define FUNC_CTRL_INIT_COMPLETE 0x01
393 
394 /* A stub firmware image which reads the MAC address from NVRAM on the card.
395  For copyright information and source see the end of this file. */
396 static u8 mac_reader[] = {
397  0x06, 0x00, 0x00, 0xea, 0x04, 0x00, 0x00, 0xea, 0x03, 0x00, 0x00, 0xea, 0x02, 0x00, 0x00, 0xea,
398  0x01, 0x00, 0x00, 0xea, 0x00, 0x00, 0x00, 0xea, 0xff, 0xff, 0xff, 0xea, 0xfe, 0xff, 0xff, 0xea,
399  0xd3, 0x00, 0xa0, 0xe3, 0x00, 0xf0, 0x21, 0xe1, 0x0e, 0x04, 0xa0, 0xe3, 0x00, 0x10, 0xa0, 0xe3,
400  0x81, 0x11, 0xa0, 0xe1, 0x00, 0x10, 0x81, 0xe3, 0x00, 0x10, 0x80, 0xe5, 0x1c, 0x10, 0x90, 0xe5,
401  0x10, 0x10, 0xc1, 0xe3, 0x1c, 0x10, 0x80, 0xe5, 0x01, 0x10, 0xa0, 0xe3, 0x08, 0x10, 0x80, 0xe5,
402  0x02, 0x03, 0xa0, 0xe3, 0x00, 0x10, 0xa0, 0xe3, 0xb0, 0x10, 0xc0, 0xe1, 0xb4, 0x10, 0xc0, 0xe1,
403  0xb8, 0x10, 0xc0, 0xe1, 0xbc, 0x10, 0xc0, 0xe1, 0x56, 0xdc, 0xa0, 0xe3, 0x21, 0x00, 0x00, 0xeb,
404  0x0a, 0x00, 0xa0, 0xe3, 0x1a, 0x00, 0x00, 0xeb, 0x10, 0x00, 0x00, 0xeb, 0x07, 0x00, 0x00, 0xeb,
405  0x02, 0x03, 0xa0, 0xe3, 0x02, 0x14, 0xa0, 0xe3, 0xb4, 0x10, 0xc0, 0xe1, 0x4c, 0x10, 0x9f, 0xe5,
406  0xbc, 0x10, 0xc0, 0xe1, 0x10, 0x10, 0xa0, 0xe3, 0xb8, 0x10, 0xc0, 0xe1, 0xfe, 0xff, 0xff, 0xea,
407  0x00, 0x40, 0x2d, 0xe9, 0x00, 0x20, 0xa0, 0xe3, 0x02, 0x3c, 0xa0, 0xe3, 0x00, 0x10, 0xa0, 0xe3,
408  0x28, 0x00, 0x9f, 0xe5, 0x37, 0x00, 0x00, 0xeb, 0x00, 0x40, 0xbd, 0xe8, 0x1e, 0xff, 0x2f, 0xe1,
409  0x00, 0x40, 0x2d, 0xe9, 0x12, 0x2e, 0xa0, 0xe3, 0x06, 0x30, 0xa0, 0xe3, 0x00, 0x10, 0xa0, 0xe3,
410  0x02, 0x04, 0xa0, 0xe3, 0x2f, 0x00, 0x00, 0xeb, 0x00, 0x40, 0xbd, 0xe8, 0x1e, 0xff, 0x2f, 0xe1,
411  0x00, 0x02, 0x00, 0x02, 0x80, 0x01, 0x90, 0xe0, 0x01, 0x00, 0x00, 0x0a, 0x01, 0x00, 0x50, 0xe2,
412  0xfc, 0xff, 0xff, 0xea, 0x1e, 0xff, 0x2f, 0xe1, 0x80, 0x10, 0xa0, 0xe3, 0xf3, 0x06, 0xa0, 0xe3,
413  0x00, 0x10, 0x80, 0xe5, 0x00, 0x10, 0xa0, 0xe3, 0x00, 0x10, 0x80, 0xe5, 0x01, 0x10, 0xa0, 0xe3,
414  0x04, 0x10, 0x80, 0xe5, 0x00, 0x10, 0x80, 0xe5, 0x0e, 0x34, 0xa0, 0xe3, 0x1c, 0x10, 0x93, 0xe5,
415  0x02, 0x1a, 0x81, 0xe3, 0x1c, 0x10, 0x83, 0xe5, 0x58, 0x11, 0x9f, 0xe5, 0x30, 0x10, 0x80, 0xe5,
416  0x54, 0x11, 0x9f, 0xe5, 0x34, 0x10, 0x80, 0xe5, 0x38, 0x10, 0x80, 0xe5, 0x3c, 0x10, 0x80, 0xe5,
417  0x10, 0x10, 0x90, 0xe5, 0x08, 0x00, 0x90, 0xe5, 0x1e, 0xff, 0x2f, 0xe1, 0xf3, 0x16, 0xa0, 0xe3,
418  0x08, 0x00, 0x91, 0xe5, 0x05, 0x00, 0xa0, 0xe3, 0x0c, 0x00, 0x81, 0xe5, 0x10, 0x00, 0x91, 0xe5,
419  0x02, 0x00, 0x10, 0xe3, 0xfc, 0xff, 0xff, 0x0a, 0xff, 0x00, 0xa0, 0xe3, 0x0c, 0x00, 0x81, 0xe5,
420  0x10, 0x00, 0x91, 0xe5, 0x02, 0x00, 0x10, 0xe3, 0xfc, 0xff, 0xff, 0x0a, 0x08, 0x00, 0x91, 0xe5,
421  0x10, 0x00, 0x91, 0xe5, 0x01, 0x00, 0x10, 0xe3, 0xfc, 0xff, 0xff, 0x0a, 0x08, 0x00, 0x91, 0xe5,
422  0xff, 0x00, 0x00, 0xe2, 0x1e, 0xff, 0x2f, 0xe1, 0x30, 0x40, 0x2d, 0xe9, 0x00, 0x50, 0xa0, 0xe1,
423  0x03, 0x40, 0xa0, 0xe1, 0xa2, 0x02, 0xa0, 0xe1, 0x08, 0x00, 0x00, 0xe2, 0x03, 0x00, 0x80, 0xe2,
424  0xd8, 0x10, 0x9f, 0xe5, 0x00, 0x00, 0xc1, 0xe5, 0x01, 0x20, 0xc1, 0xe5, 0xe2, 0xff, 0xff, 0xeb,
425  0x01, 0x00, 0x10, 0xe3, 0xfc, 0xff, 0xff, 0x1a, 0x14, 0x00, 0xa0, 0xe3, 0xc4, 0xff, 0xff, 0xeb,
426  0x04, 0x20, 0xa0, 0xe1, 0x05, 0x10, 0xa0, 0xe1, 0x02, 0x00, 0xa0, 0xe3, 0x01, 0x00, 0x00, 0xeb,
427  0x30, 0x40, 0xbd, 0xe8, 0x1e, 0xff, 0x2f, 0xe1, 0x70, 0x40, 0x2d, 0xe9, 0xf3, 0x46, 0xa0, 0xe3,
428  0x00, 0x30, 0xa0, 0xe3, 0x00, 0x00, 0x50, 0xe3, 0x08, 0x00, 0x00, 0x9a, 0x8c, 0x50, 0x9f, 0xe5,
429  0x03, 0x60, 0xd5, 0xe7, 0x0c, 0x60, 0x84, 0xe5, 0x10, 0x60, 0x94, 0xe5, 0x02, 0x00, 0x16, 0xe3,
430  0xfc, 0xff, 0xff, 0x0a, 0x01, 0x30, 0x83, 0xe2, 0x00, 0x00, 0x53, 0xe1, 0xf7, 0xff, 0xff, 0x3a,
431  0xff, 0x30, 0xa0, 0xe3, 0x0c, 0x30, 0x84, 0xe5, 0x08, 0x00, 0x94, 0xe5, 0x10, 0x00, 0x94, 0xe5,
432  0x01, 0x00, 0x10, 0xe3, 0xfc, 0xff, 0xff, 0x0a, 0x08, 0x00, 0x94, 0xe5, 0x00, 0x00, 0xa0, 0xe3,
433  0x00, 0x00, 0x52, 0xe3, 0x0b, 0x00, 0x00, 0x9a, 0x10, 0x50, 0x94, 0xe5, 0x02, 0x00, 0x15, 0xe3,
434  0xfc, 0xff, 0xff, 0x0a, 0x0c, 0x30, 0x84, 0xe5, 0x10, 0x50, 0x94, 0xe5, 0x01, 0x00, 0x15, 0xe3,
435  0xfc, 0xff, 0xff, 0x0a, 0x08, 0x50, 0x94, 0xe5, 0x01, 0x50, 0xc1, 0xe4, 0x01, 0x00, 0x80, 0xe2,
436  0x02, 0x00, 0x50, 0xe1, 0xf3, 0xff, 0xff, 0x3a, 0xc8, 0x00, 0xa0, 0xe3, 0x98, 0xff, 0xff, 0xeb,
437  0x70, 0x40, 0xbd, 0xe8, 0x1e, 0xff, 0x2f, 0xe1, 0x01, 0x0c, 0x00, 0x02, 0x01, 0x02, 0x00, 0x02,
438  0x00, 0x01, 0x00, 0x02
439 };
440 
441 struct atmel_private {
442  void *card; /* Bus dependent structure varies for PCcard */
443  int (*present_callback)(void *); /* And callback which uses it */
444  char firmware_id[32];
445  AtmelFWType firmware_type;
446  u8 *firmware;
447  int firmware_length;
448  struct timer_list management_timer;
449  struct net_device *dev;
450  struct device *sys_dev;
451  struct iw_statistics wstats;
452  spinlock_t irqlock, timerlock; /* spinlocks */
453  enum { BUS_TYPE_PCCARD, BUS_TYPE_PCI } bus_type;
454  enum {
455  CARD_TYPE_PARALLEL_FLASH,
456  CARD_TYPE_SPI_FLASH,
457  CARD_TYPE_EEPROM
458  } card_type;
459  int do_rx_crc; /* If we need to CRC incoming packets */
460  int probe_crc; /* set if we don't yet know */
461  int crc_ok_cnt, crc_ko_cnt; /* counters for probing */
462  u16 rx_desc_head;
463  u16 tx_desc_free, tx_desc_head, tx_desc_tail, tx_desc_previous;
464  u16 tx_free_mem, tx_buff_head, tx_buff_tail;
465 
466  u16 frag_seq, frag_len, frag_no;
467  u8 frag_source[6];
468 
469  u8 wep_is_on, default_key, exclude_unencrypted, encryption_level;
470  u8 group_cipher_suite, pairwise_cipher_suite;
471  u8 wep_keys[MAX_ENCRYPTION_KEYS][MAX_ENCRYPTION_KEY_SIZE];
472  int wep_key_len[MAX_ENCRYPTION_KEYS];
473  int use_wpa, radio_on_broken; /* firmware dependent stuff. */
474 
475  u16 host_info_base;
476  struct host_info_struct {
477  /* NB this is matched to the hardware, don't change. */
478  u8 volatile int_status;
479  u8 volatile int_mask;
480  u8 volatile lockout_host;
481  u8 volatile lockout_mac;
482 
483  u16 tx_buff_pos;
484  u16 tx_buff_size;
485  u16 tx_desc_pos;
486  u16 tx_desc_count;
487 
488  u16 rx_buff_pos;
489  u16 rx_buff_size;
490  u16 rx_desc_pos;
491  u16 rx_desc_count;
492 
493  u16 build_version;
494  u16 command_pos;
495 
496  u16 major_version;
497  u16 minor_version;
498 
499  u16 func_ctrl;
500  u16 mac_status;
501  u16 generic_IRQ_type;
502  u8 reserved[2];
503  } host_info;
504 
505  enum {
506  STATION_STATE_SCANNING,
507  STATION_STATE_JOINNING,
508  STATION_STATE_AUTHENTICATING,
509  STATION_STATE_ASSOCIATING,
510  STATION_STATE_READY,
511  STATION_STATE_REASSOCIATING,
512  STATION_STATE_DOWN,
513  STATION_STATE_MGMT_ERROR
514  } station_state;
515 
516  int operating_mode, power_mode;
517  time_t last_qual;
518  int beacons_this_sec;
519  int channel;
520  int reg_domain, config_reg_domain;
521  int tx_rate;
522  int auto_tx_rate;
523  int rts_threshold;
524  int frag_threshold;
525  int long_retry, short_retry;
526  int preamble;
527  int default_beacon_period, beacon_period, listen_interval;
528  int CurrentAuthentTransactionSeqNum, ExpectedAuthentTransactionSeqNum;
529  int AuthenticationRequestRetryCnt, AssociationRequestRetryCnt, ReAssociationRequestRetryCnt;
530  enum {
531  SITE_SURVEY_IDLE,
532  SITE_SURVEY_IN_PROGRESS,
533  SITE_SURVEY_COMPLETED
534  } site_survey_state;
535  unsigned long last_survey;
536 
537  int station_was_associated, station_is_associated;
538  int fast_scan;
539 
540  struct bss_info {
541  int channel;
542  int SSIDsize;
543  int RSSI;
544  int UsingWEP;
545  int preamble;
546  int beacon_period;
547  int BSStype;
548  u8 BSSID[6];
549  u8 SSID[MAX_SSID_LENGTH];
550  } BSSinfo[MAX_BSS_ENTRIES];
551  int BSS_list_entries, current_BSS;
552  int connect_to_any_BSS;
553  int SSID_size, new_SSID_size;
554  u8 CurrentBSSID[6], BSSID[6];
555  u8 SSID[MAX_SSID_LENGTH], new_SSID[MAX_SSID_LENGTH];
556  u64 last_beacon_timestamp;
557  u8 rx_buf[MAX_WIRELESS_BODY];
558 };
559 
560 static u8 atmel_basic_rates[4] = {0x82, 0x84, 0x0b, 0x16};
561 
562 static const struct {
563  int reg_domain;
564  int min, max;
565  char *name;
566 } channel_table[] = { { REG_DOMAIN_FCC, 1, 11, "USA" },
567  { REG_DOMAIN_DOC, 1, 11, "Canada" },
568  { REG_DOMAIN_ETSI, 1, 13, "Europe" },
569  { REG_DOMAIN_SPAIN, 10, 11, "Spain" },
570  { REG_DOMAIN_FRANCE, 10, 13, "France" },
571  { REG_DOMAIN_MKK, 14, 14, "MKK" },
572  { REG_DOMAIN_MKK1, 1, 14, "MKK1" },
573  { REG_DOMAIN_ISRAEL, 3, 9, "Israel"} };
574 
575 static void build_wpa_mib(struct atmel_private *priv);
576 static int atmel_ioctl(struct net_device *dev, struct ifreq *rq, int cmd);
577 static void atmel_copy_to_card(struct net_device *dev, u16 dest,
578  const unsigned char *src, u16 len);
579 static void atmel_copy_to_host(struct net_device *dev, unsigned char *dest,
580  u16 src, u16 len);
581 static void atmel_set_gcr(struct net_device *dev, u16 mask);
582 static void atmel_clear_gcr(struct net_device *dev, u16 mask);
583 static int atmel_lock_mac(struct atmel_private *priv);
584 static void atmel_wmem32(struct atmel_private *priv, u16 pos, u32 data);
585 static void atmel_command_irq(struct atmel_private *priv);
586 static int atmel_validate_channel(struct atmel_private *priv, int channel);
587 static void atmel_management_frame(struct atmel_private *priv,
588  struct ieee80211_hdr *header,
589  u16 frame_len, u8 rssi);
590 static void atmel_management_timer(u_long a);
591 static void atmel_send_command(struct atmel_private *priv, int command,
592  void *cmd, int cmd_size);
593 static int atmel_send_command_wait(struct atmel_private *priv, int command,
594  void *cmd, int cmd_size);
595 static void atmel_transmit_management_frame(struct atmel_private *priv,
596  struct ieee80211_hdr *header,
597  u8 *body, int body_len);
598 
599 static u8 atmel_get_mib8(struct atmel_private *priv, u8 type, u8 index);
600 static void atmel_set_mib8(struct atmel_private *priv, u8 type, u8 index,
601  u8 data);
602 static void atmel_set_mib16(struct atmel_private *priv, u8 type, u8 index,
603  u16 data);
604 static void atmel_set_mib(struct atmel_private *priv, u8 type, u8 index,
605  u8 *data, int data_len);
606 static void atmel_get_mib(struct atmel_private *priv, u8 type, u8 index,
607  u8 *data, int data_len);
608 static void atmel_scan(struct atmel_private *priv, int specific_ssid);
609 static void atmel_join_bss(struct atmel_private *priv, int bss_index);
610 static void atmel_smooth_qual(struct atmel_private *priv);
611 static void atmel_writeAR(struct net_device *dev, u16 data);
612 static int probe_atmel_card(struct net_device *dev);
613 static int reset_atmel_card(struct net_device *dev);
614 static void atmel_enter_state(struct atmel_private *priv, int new_state);
615 int atmel_open (struct net_device *dev);
616 
617 static inline u16 atmel_hi(struct atmel_private *priv, u16 offset)
618 {
619  return priv->host_info_base + offset;
620 }
621 
622 static inline u16 atmel_co(struct atmel_private *priv, u16 offset)
623 {
624  return priv->host_info.command_pos + offset;
625 }
626 
627 static inline u16 atmel_rx(struct atmel_private *priv, u16 offset, u16 desc)
628 {
629  return priv->host_info.rx_desc_pos + (sizeof(struct rx_desc) * desc) + offset;
630 }
631 
632 static inline u16 atmel_tx(struct atmel_private *priv, u16 offset, u16 desc)
633 {
634  return priv->host_info.tx_desc_pos + (sizeof(struct tx_desc) * desc) + offset;
635 }
636 
637 static inline u8 atmel_read8(struct net_device *dev, u16 offset)
638 {
639  return inb(dev->base_addr + offset);
640 }
641 
642 static inline void atmel_write8(struct net_device *dev, u16 offset, u8 data)
643 {
644  outb(data, dev->base_addr + offset);
645 }
646 
647 static inline u16 atmel_read16(struct net_device *dev, u16 offset)
648 {
649  return inw(dev->base_addr + offset);
650 }
651 
652 static inline void atmel_write16(struct net_device *dev, u16 offset, u16 data)
653 {
654  outw(data, dev->base_addr + offset);
655 }
656 
657 static inline u8 atmel_rmem8(struct atmel_private *priv, u16 pos)
658 {
659  atmel_writeAR(priv->dev, pos);
660  return atmel_read8(priv->dev, DR);
661 }
662 
663 static inline void atmel_wmem8(struct atmel_private *priv, u16 pos, u16 data)
664 {
665  atmel_writeAR(priv->dev, pos);
666  atmel_write8(priv->dev, DR, data);
667 }
668 
669 static inline u16 atmel_rmem16(struct atmel_private *priv, u16 pos)
670 {
671  atmel_writeAR(priv->dev, pos);
672  return atmel_read16(priv->dev, DR);
673 }
674 
675 static inline void atmel_wmem16(struct atmel_private *priv, u16 pos, u16 data)
676 {
677  atmel_writeAR(priv->dev, pos);
678  atmel_write16(priv->dev, DR, data);
679 }
680 
681 static const struct iw_handler_def atmel_handler_def;
682 
683 static void tx_done_irq(struct atmel_private *priv)
684 {
685  int i;
686 
687  for (i = 0;
688  atmel_rmem8(priv, atmel_tx(priv, TX_DESC_FLAGS_OFFSET, priv->tx_desc_head)) == TX_DONE &&
689  i < priv->host_info.tx_desc_count;
690  i++) {
691  u8 status = atmel_rmem8(priv, atmel_tx(priv, TX_DESC_STATUS_OFFSET, priv->tx_desc_head));
692  u16 msdu_size = atmel_rmem16(priv, atmel_tx(priv, TX_DESC_SIZE_OFFSET, priv->tx_desc_head));
693  u8 type = atmel_rmem8(priv, atmel_tx(priv, TX_DESC_PACKET_TYPE_OFFSET, priv->tx_desc_head));
694 
695  atmel_wmem8(priv, atmel_tx(priv, TX_DESC_FLAGS_OFFSET, priv->tx_desc_head), 0);
696 
697  priv->tx_free_mem += msdu_size;
698  priv->tx_desc_free++;
699 
700  if (priv->tx_buff_head + msdu_size > (priv->host_info.tx_buff_pos + priv->host_info.tx_buff_size))
701  priv->tx_buff_head = 0;
702  else
703  priv->tx_buff_head += msdu_size;
704 
705  if (priv->tx_desc_head < (priv->host_info.tx_desc_count - 1))
706  priv->tx_desc_head++ ;
707  else
708  priv->tx_desc_head = 0;
709 
710  if (type == TX_PACKET_TYPE_DATA) {
711  if (status == TX_STATUS_SUCCESS)
712  priv->dev->stats.tx_packets++;
713  else
714  priv->dev->stats.tx_errors++;
715  netif_wake_queue(priv->dev);
716  }
717  }
718 }
719 
720 static u16 find_tx_buff(struct atmel_private *priv, u16 len)
721 {
722  u16 bottom_free = priv->host_info.tx_buff_size - priv->tx_buff_tail;
723 
724  if (priv->tx_desc_free == 3 || priv->tx_free_mem < len)
725  return 0;
726 
727  if (bottom_free >= len)
728  return priv->host_info.tx_buff_pos + priv->tx_buff_tail;
729 
730  if (priv->tx_free_mem - bottom_free >= len) {
731  priv->tx_buff_tail = 0;
732  return priv->host_info.tx_buff_pos;
733  }
734 
735  return 0;
736 }
737 
738 static void tx_update_descriptor(struct atmel_private *priv, int is_bcast,
739  u16 len, u16 buff, u8 type)
740 {
741  atmel_wmem16(priv, atmel_tx(priv, TX_DESC_POS_OFFSET, priv->tx_desc_tail), buff);
742  atmel_wmem16(priv, atmel_tx(priv, TX_DESC_SIZE_OFFSET, priv->tx_desc_tail), len);
743  if (!priv->use_wpa)
744  atmel_wmem16(priv, atmel_tx(priv, TX_DESC_HOST_LENGTH_OFFSET, priv->tx_desc_tail), len);
745  atmel_wmem8(priv, atmel_tx(priv, TX_DESC_PACKET_TYPE_OFFSET, priv->tx_desc_tail), type);
746  atmel_wmem8(priv, atmel_tx(priv, TX_DESC_RATE_OFFSET, priv->tx_desc_tail), priv->tx_rate);
747  atmel_wmem8(priv, atmel_tx(priv, TX_DESC_RETRY_OFFSET, priv->tx_desc_tail), 0);
748  if (priv->use_wpa) {
749  int cipher_type, cipher_length;
750  if (is_bcast) {
751  cipher_type = priv->group_cipher_suite;
752  if (cipher_type == CIPHER_SUITE_WEP_64 ||
753  cipher_type == CIPHER_SUITE_WEP_128)
754  cipher_length = 8;
755  else if (cipher_type == CIPHER_SUITE_TKIP)
756  cipher_length = 12;
757  else if (priv->pairwise_cipher_suite == CIPHER_SUITE_WEP_64 ||
758  priv->pairwise_cipher_suite == CIPHER_SUITE_WEP_128) {
759  cipher_type = priv->pairwise_cipher_suite;
760  cipher_length = 8;
761  } else {
762  cipher_type = CIPHER_SUITE_NONE;
763  cipher_length = 0;
764  }
765  } else {
766  cipher_type = priv->pairwise_cipher_suite;
767  if (cipher_type == CIPHER_SUITE_WEP_64 ||
768  cipher_type == CIPHER_SUITE_WEP_128)
769  cipher_length = 8;
770  else if (cipher_type == CIPHER_SUITE_TKIP)
771  cipher_length = 12;
772  else if (priv->group_cipher_suite == CIPHER_SUITE_WEP_64 ||
773  priv->group_cipher_suite == CIPHER_SUITE_WEP_128) {
774  cipher_type = priv->group_cipher_suite;
775  cipher_length = 8;
776  } else {
777  cipher_type = CIPHER_SUITE_NONE;
778  cipher_length = 0;
779  }
780  }
781 
782  atmel_wmem8(priv, atmel_tx(priv, TX_DESC_CIPHER_TYPE_OFFSET, priv->tx_desc_tail),
783  cipher_type);
784  atmel_wmem8(priv, atmel_tx(priv, TX_DESC_CIPHER_LENGTH_OFFSET, priv->tx_desc_tail),
785  cipher_length);
786  }
787  atmel_wmem32(priv, atmel_tx(priv, TX_DESC_NEXT_OFFSET, priv->tx_desc_tail), 0x80000000L);
788  atmel_wmem8(priv, atmel_tx(priv, TX_DESC_FLAGS_OFFSET, priv->tx_desc_tail), TX_FIRM_OWN);
789  if (priv->tx_desc_previous != priv->tx_desc_tail)
790  atmel_wmem32(priv, atmel_tx(priv, TX_DESC_NEXT_OFFSET, priv->tx_desc_previous), 0);
791  priv->tx_desc_previous = priv->tx_desc_tail;
792  if (priv->tx_desc_tail < (priv->host_info.tx_desc_count - 1))
793  priv->tx_desc_tail++;
794  else
795  priv->tx_desc_tail = 0;
796  priv->tx_desc_free--;
797  priv->tx_free_mem -= len;
798 }
799 
800 static netdev_tx_t start_tx(struct sk_buff *skb, struct net_device *dev)
801 {
802  static const u8 SNAP_RFC1024[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
803  struct atmel_private *priv = netdev_priv(dev);
804  struct ieee80211_hdr header;
805  unsigned long flags;
806  u16 buff, frame_ctl, len = (ETH_ZLEN < skb->len) ? skb->len : ETH_ZLEN;
807 
808  if (priv->card && priv->present_callback &&
809  !(*priv->present_callback)(priv->card)) {
810  dev->stats.tx_errors++;
811  dev_kfree_skb(skb);
812  return NETDEV_TX_OK;
813  }
814 
815  if (priv->station_state != STATION_STATE_READY) {
816  dev->stats.tx_errors++;
817  dev_kfree_skb(skb);
818  return NETDEV_TX_OK;
819  }
820 
821  /* first ensure the timer func cannot run */
822  spin_lock_bh(&priv->timerlock);
823  /* then stop the hardware ISR */
824  spin_lock_irqsave(&priv->irqlock, flags);
825  /* nb doing the above in the opposite order will deadlock */
826 
827  /* The Wireless Header is 30 bytes. In the Ethernet packet we "cut" the
828  12 first bytes (containing DA/SA) and put them in the appropriate
829  fields of the Wireless Header. Thus the packet length is then the
830  initial + 18 (+30-12) */
831 
832  if (!(buff = find_tx_buff(priv, len + 18))) {
833  dev->stats.tx_dropped++;
834  spin_unlock_irqrestore(&priv->irqlock, flags);
835  spin_unlock_bh(&priv->timerlock);
836  netif_stop_queue(dev);
837  return NETDEV_TX_BUSY;
838  }
839 
840  frame_ctl = IEEE80211_FTYPE_DATA;
841  header.duration_id = 0;
842  header.seq_ctrl = 0;
843  if (priv->wep_is_on)
844  frame_ctl |= IEEE80211_FCTL_PROTECTED;
845  if (priv->operating_mode == IW_MODE_ADHOC) {
846  skb_copy_from_linear_data(skb, &header.addr1, 6);
847  memcpy(&header.addr2, dev->dev_addr, 6);
848  memcpy(&header.addr3, priv->BSSID, 6);
849  } else {
850  frame_ctl |= IEEE80211_FCTL_TODS;
851  memcpy(&header.addr1, priv->CurrentBSSID, 6);
852  memcpy(&header.addr2, dev->dev_addr, 6);
853  skb_copy_from_linear_data(skb, &header.addr3, 6);
854  }
855 
856  if (priv->use_wpa)
857  memcpy(&header.addr4, SNAP_RFC1024, 6);
858 
859  header.frame_control = cpu_to_le16(frame_ctl);
860  /* Copy the wireless header into the card */
861  atmel_copy_to_card(dev, buff, (unsigned char *)&header, DATA_FRAME_WS_HEADER_SIZE);
862  /* Copy the packet sans its 802.3 header addresses which have been replaced */
863  atmel_copy_to_card(dev, buff + DATA_FRAME_WS_HEADER_SIZE, skb->data + 12, len - 12);
864  priv->tx_buff_tail += len - 12 + DATA_FRAME_WS_HEADER_SIZE;
865 
866  /* low bit of first byte of destination tells us if broadcast */
867  tx_update_descriptor(priv, *(skb->data) & 0x01, len + 18, buff, TX_PACKET_TYPE_DATA);
868  dev->stats.tx_bytes += len;
869 
870  spin_unlock_irqrestore(&priv->irqlock, flags);
871  spin_unlock_bh(&priv->timerlock);
872  dev_kfree_skb(skb);
873 
874  return NETDEV_TX_OK;
875 }
876 
877 static void atmel_transmit_management_frame(struct atmel_private *priv,
878  struct ieee80211_hdr *header,
879  u8 *body, int body_len)
880 {
881  u16 buff;
882  int len = MGMT_FRAME_BODY_OFFSET + body_len;
883 
884  if (!(buff = find_tx_buff(priv, len)))
885  return;
886 
887  atmel_copy_to_card(priv->dev, buff, (u8 *)header, MGMT_FRAME_BODY_OFFSET);
888  atmel_copy_to_card(priv->dev, buff + MGMT_FRAME_BODY_OFFSET, body, body_len);
889  priv->tx_buff_tail += len;
890  tx_update_descriptor(priv, header->addr1[0] & 0x01, len, buff, TX_PACKET_TYPE_MGMT);
891 }
892 
893 static void fast_rx_path(struct atmel_private *priv,
894  struct ieee80211_hdr *header,
895  u16 msdu_size, u16 rx_packet_loc, u32 crc)
896 {
897  /* fast path: unfragmented packet copy directly into skbuf */
898  u8 mac4[6];
899  struct sk_buff *skb;
900  unsigned char *skbp;
901 
902  /* get the final, mac 4 header field, this tells us encapsulation */
903  atmel_copy_to_host(priv->dev, mac4, rx_packet_loc + 24, 6);
904  msdu_size -= 6;
905 
906  if (priv->do_rx_crc) {
907  crc = crc32_le(crc, mac4, 6);
908  msdu_size -= 4;
909  }
910 
911  if (!(skb = dev_alloc_skb(msdu_size + 14))) {
912  priv->dev->stats.rx_dropped++;
913  return;
914  }
915 
916  skb_reserve(skb, 2);
917  skbp = skb_put(skb, msdu_size + 12);
918  atmel_copy_to_host(priv->dev, skbp + 12, rx_packet_loc + 30, msdu_size);
919 
920  if (priv->do_rx_crc) {
921  u32 netcrc;
922  crc = crc32_le(crc, skbp + 12, msdu_size);
923  atmel_copy_to_host(priv->dev, (void *)&netcrc, rx_packet_loc + 30 + msdu_size, 4);
924  if ((crc ^ 0xffffffff) != netcrc) {
925  priv->dev->stats.rx_crc_errors++;
926  dev_kfree_skb(skb);
927  return;
928  }
929  }
930 
931  memcpy(skbp, header->addr1, 6); /* destination address */
932  if (le16_to_cpu(header->frame_control) & IEEE80211_FCTL_FROMDS)
933  memcpy(&skbp[6], header->addr3, 6);
934  else
935  memcpy(&skbp[6], header->addr2, 6); /* source address */
936 
937  skb->protocol = eth_type_trans(skb, priv->dev);
938  skb->ip_summed = CHECKSUM_NONE;
939  netif_rx(skb);
940  priv->dev->stats.rx_bytes += 12 + msdu_size;
941  priv->dev->stats.rx_packets++;
942 }
943 
944 /* Test to see if the packet in card memory at packet_loc has a valid CRC
945  It doesn't matter that this is slow: it is only used to proble the first few
946  packets. */
947 static int probe_crc(struct atmel_private *priv, u16 packet_loc, u16 msdu_size)
948 {
949  int i = msdu_size - 4;
950  u32 netcrc, crc = 0xffffffff;
951 
952  if (msdu_size < 4)
953  return 0;
954 
955  atmel_copy_to_host(priv->dev, (void *)&netcrc, packet_loc + i, 4);
956 
957  atmel_writeAR(priv->dev, packet_loc);
958  while (i--) {
959  u8 octet = atmel_read8(priv->dev, DR);
960  crc = crc32_le(crc, &octet, 1);
961  }
962 
963  return (crc ^ 0xffffffff) == netcrc;
964 }
965 
966 static void frag_rx_path(struct atmel_private *priv,
967  struct ieee80211_hdr *header,
968  u16 msdu_size, u16 rx_packet_loc, u32 crc, u16 seq_no,
969  u8 frag_no, int more_frags)
970 {
971  u8 mac4[6];
972  u8 source[6];
973  struct sk_buff *skb;
974 
975  if (le16_to_cpu(header->frame_control) & IEEE80211_FCTL_FROMDS)
976  memcpy(source, header->addr3, 6);
977  else
978  memcpy(source, header->addr2, 6);
979 
980  rx_packet_loc += 24; /* skip header */
981 
982  if (priv->do_rx_crc)
983  msdu_size -= 4;
984 
985  if (frag_no == 0) { /* first fragment */
986  atmel_copy_to_host(priv->dev, mac4, rx_packet_loc, 6);
987  msdu_size -= 6;
988  rx_packet_loc += 6;
989 
990  if (priv->do_rx_crc)
991  crc = crc32_le(crc, mac4, 6);
992 
993  priv->frag_seq = seq_no;
994  priv->frag_no = 1;
995  priv->frag_len = msdu_size;
996  memcpy(priv->frag_source, source, 6);
997  memcpy(&priv->rx_buf[6], source, 6);
998  memcpy(priv->rx_buf, header->addr1, 6);
999 
1000  atmel_copy_to_host(priv->dev, &priv->rx_buf[12], rx_packet_loc, msdu_size);
1001 
1002  if (priv->do_rx_crc) {
1003  u32 netcrc;
1004  crc = crc32_le(crc, &priv->rx_buf[12], msdu_size);
1005  atmel_copy_to_host(priv->dev, (void *)&netcrc, rx_packet_loc + msdu_size, 4);
1006  if ((crc ^ 0xffffffff) != netcrc) {
1007  priv->dev->stats.rx_crc_errors++;
1008  memset(priv->frag_source, 0xff, 6);
1009  }
1010  }
1011 
1012  } else if (priv->frag_no == frag_no &&
1013  priv->frag_seq == seq_no &&
1014  memcmp(priv->frag_source, source, 6) == 0) {
1015 
1016  atmel_copy_to_host(priv->dev, &priv->rx_buf[12 + priv->frag_len],
1017  rx_packet_loc, msdu_size);
1018  if (priv->do_rx_crc) {
1019  u32 netcrc;
1020  crc = crc32_le(crc,
1021  &priv->rx_buf[12 + priv->frag_len],
1022  msdu_size);
1023  atmel_copy_to_host(priv->dev, (void *)&netcrc, rx_packet_loc + msdu_size, 4);
1024  if ((crc ^ 0xffffffff) != netcrc) {
1025  priv->dev->stats.rx_crc_errors++;
1026  memset(priv->frag_source, 0xff, 6);
1027  more_frags = 1; /* don't send broken assembly */
1028  }
1029  }
1030 
1031  priv->frag_len += msdu_size;
1032  priv->frag_no++;
1033 
1034  if (!more_frags) { /* last one */
1035  memset(priv->frag_source, 0xff, 6);
1036  if (!(skb = dev_alloc_skb(priv->frag_len + 14))) {
1037  priv->dev->stats.rx_dropped++;
1038  } else {
1039  skb_reserve(skb, 2);
1040  memcpy(skb_put(skb, priv->frag_len + 12),
1041  priv->rx_buf,
1042  priv->frag_len + 12);
1043  skb->protocol = eth_type_trans(skb, priv->dev);
1044  skb->ip_summed = CHECKSUM_NONE;
1045  netif_rx(skb);
1046  priv->dev->stats.rx_bytes += priv->frag_len + 12;
1047  priv->dev->stats.rx_packets++;
1048  }
1049  }
1050  } else
1051  priv->wstats.discard.fragment++;
1052 }
1053 
1054 static void rx_done_irq(struct atmel_private *priv)
1055 {
1056  int i;
1057  struct ieee80211_hdr header;
1058 
1059  for (i = 0;
1060  atmel_rmem8(priv, atmel_rx(priv, RX_DESC_FLAGS_OFFSET, priv->rx_desc_head)) == RX_DESC_FLAG_VALID &&
1061  i < priv->host_info.rx_desc_count;
1062  i++) {
1063 
1064  u16 msdu_size, rx_packet_loc, frame_ctl, seq_control;
1065  u8 status = atmel_rmem8(priv, atmel_rx(priv, RX_DESC_STATUS_OFFSET, priv->rx_desc_head));
1066  u32 crc = 0xffffffff;
1067 
1068  if (status != RX_STATUS_SUCCESS) {
1069  if (status == 0xc1) /* determined by experiment */
1070  priv->wstats.discard.nwid++;
1071  else
1072  priv->dev->stats.rx_errors++;
1073  goto next;
1074  }
1075 
1076  msdu_size = atmel_rmem16(priv, atmel_rx(priv, RX_DESC_MSDU_SIZE_OFFSET, priv->rx_desc_head));
1077  rx_packet_loc = atmel_rmem16(priv, atmel_rx(priv, RX_DESC_MSDU_POS_OFFSET, priv->rx_desc_head));
1078 
1079  if (msdu_size < 30) {
1080  priv->dev->stats.rx_errors++;
1081  goto next;
1082  }
1083 
1084  /* Get header as far as end of seq_ctrl */
1085  atmel_copy_to_host(priv->dev, (char *)&header, rx_packet_loc, 24);
1086  frame_ctl = le16_to_cpu(header.frame_control);
1087  seq_control = le16_to_cpu(header.seq_ctrl);
1088 
1089  /* probe for CRC use here if needed once five packets have
1090  arrived with the same crc status, we assume we know what's
1091  happening and stop probing */
1092  if (priv->probe_crc) {
1093  if (!priv->wep_is_on || !(frame_ctl & IEEE80211_FCTL_PROTECTED)) {
1094  priv->do_rx_crc = probe_crc(priv, rx_packet_loc, msdu_size);
1095  } else {
1096  priv->do_rx_crc = probe_crc(priv, rx_packet_loc + 24, msdu_size - 24);
1097  }
1098  if (priv->do_rx_crc) {
1099  if (priv->crc_ok_cnt++ > 5)
1100  priv->probe_crc = 0;
1101  } else {
1102  if (priv->crc_ko_cnt++ > 5)
1103  priv->probe_crc = 0;
1104  }
1105  }
1106 
1107  /* don't CRC header when WEP in use */
1108  if (priv->do_rx_crc && (!priv->wep_is_on || !(frame_ctl & IEEE80211_FCTL_PROTECTED))) {
1109  crc = crc32_le(0xffffffff, (unsigned char *)&header, 24);
1110  }
1111  msdu_size -= 24; /* header */
1112 
1113  if ((frame_ctl & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA) {
1114  int more_fragments = frame_ctl & IEEE80211_FCTL_MOREFRAGS;
1115  u8 packet_fragment_no = seq_control & IEEE80211_SCTL_FRAG;
1116  u16 packet_sequence_no = (seq_control & IEEE80211_SCTL_SEQ) >> 4;
1117 
1118  if (!more_fragments && packet_fragment_no == 0) {
1119  fast_rx_path(priv, &header, msdu_size, rx_packet_loc, crc);
1120  } else {
1121  frag_rx_path(priv, &header, msdu_size, rx_packet_loc, crc,
1122  packet_sequence_no, packet_fragment_no, more_fragments);
1123  }
1124  }
1125 
1126  if ((frame_ctl & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT) {
1127  /* copy rest of packet into buffer */
1128  atmel_copy_to_host(priv->dev, (unsigned char *)&priv->rx_buf, rx_packet_loc + 24, msdu_size);
1129 
1130  /* we use the same buffer for frag reassembly and control packets */
1131  memset(priv->frag_source, 0xff, 6);
1132 
1133  if (priv->do_rx_crc) {
1134  /* last 4 octets is crc */
1135  msdu_size -= 4;
1136  crc = crc32_le(crc, (unsigned char *)&priv->rx_buf, msdu_size);
1137  if ((crc ^ 0xffffffff) != (*((u32 *)&priv->rx_buf[msdu_size]))) {
1138  priv->dev->stats.rx_crc_errors++;
1139  goto next;
1140  }
1141  }
1142 
1143  atmel_management_frame(priv, &header, msdu_size,
1144  atmel_rmem8(priv, atmel_rx(priv, RX_DESC_RSSI_OFFSET, priv->rx_desc_head)));
1145  }
1146 
1147 next:
1148  /* release descriptor */
1149  atmel_wmem8(priv, atmel_rx(priv, RX_DESC_FLAGS_OFFSET, priv->rx_desc_head), RX_DESC_FLAG_CONSUMED);
1150 
1151  if (priv->rx_desc_head < (priv->host_info.rx_desc_count - 1))
1152  priv->rx_desc_head++;
1153  else
1154  priv->rx_desc_head = 0;
1155  }
1156 }
1157 
1158 static irqreturn_t service_interrupt(int irq, void *dev_id)
1159 {
1160  struct net_device *dev = (struct net_device *) dev_id;
1161  struct atmel_private *priv = netdev_priv(dev);
1162  u8 isr;
1163  int i = -1;
1164  static const u8 irq_order[] = {
1165  ISR_OUT_OF_RANGE,
1166  ISR_RxCOMPLETE,
1167  ISR_TxCOMPLETE,
1168  ISR_RxFRAMELOST,
1169  ISR_FATAL_ERROR,
1170  ISR_COMMAND_COMPLETE,
1171  ISR_IBSS_MERGE,
1172  ISR_GENERIC_IRQ
1173  };
1174 
1175  if (priv->card && priv->present_callback &&
1176  !(*priv->present_callback)(priv->card))
1177  return IRQ_HANDLED;
1178 
1179  /* In this state upper-level code assumes it can mess with
1180  the card unhampered by interrupts which may change register state.
1181  Note that even though the card shouldn't generate interrupts
1182  the inturrupt line may be shared. This allows card setup
1183  to go on without disabling interrupts for a long time. */
1184  if (priv->station_state == STATION_STATE_DOWN)
1185  return IRQ_NONE;
1186 
1187  atmel_clear_gcr(dev, GCR_ENINT); /* disable interrupts */
1188 
1189  while (1) {
1190  if (!atmel_lock_mac(priv)) {
1191  /* failed to contact card */
1192  printk(KERN_ALERT "%s: failed to contact MAC.\n", dev->name);
1193  return IRQ_HANDLED;
1194  }
1195 
1196  isr = atmel_rmem8(priv, atmel_hi(priv, IFACE_INT_STATUS_OFFSET));
1197  atmel_wmem8(priv, atmel_hi(priv, IFACE_LOCKOUT_MAC_OFFSET), 0);
1198 
1199  if (!isr) {
1200  atmel_set_gcr(dev, GCR_ENINT); /* enable interrupts */
1201  return i == -1 ? IRQ_NONE : IRQ_HANDLED;
1202  }
1203 
1204  atmel_set_gcr(dev, GCR_ACKINT); /* acknowledge interrupt */
1205 
1206  for (i = 0; i < ARRAY_SIZE(irq_order); i++)
1207  if (isr & irq_order[i])
1208  break;
1209 
1210  if (!atmel_lock_mac(priv)) {
1211  /* failed to contact card */
1212  printk(KERN_ALERT "%s: failed to contact MAC.\n", dev->name);
1213  return IRQ_HANDLED;
1214  }
1215 
1216  isr = atmel_rmem8(priv, atmel_hi(priv, IFACE_INT_STATUS_OFFSET));
1217  isr ^= irq_order[i];
1218  atmel_wmem8(priv, atmel_hi(priv, IFACE_INT_STATUS_OFFSET), isr);
1219  atmel_wmem8(priv, atmel_hi(priv, IFACE_LOCKOUT_MAC_OFFSET), 0);
1220 
1221  switch (irq_order[i]) {
1222 
1223  case ISR_OUT_OF_RANGE:
1224  if (priv->operating_mode == IW_MODE_INFRA &&
1225  priv->station_state == STATION_STATE_READY) {
1226  priv->station_is_associated = 0;
1227  atmel_scan(priv, 1);
1228  }
1229  break;
1230 
1231  case ISR_RxFRAMELOST:
1232  priv->wstats.discard.misc++;
1233  /* fall through */
1234  case ISR_RxCOMPLETE:
1235  rx_done_irq(priv);
1236  break;
1237 
1238  case ISR_TxCOMPLETE:
1239  tx_done_irq(priv);
1240  break;
1241 
1242  case ISR_FATAL_ERROR:
1243  printk(KERN_ALERT "%s: *** FATAL error interrupt ***\n", dev->name);
1244  atmel_enter_state(priv, STATION_STATE_MGMT_ERROR);
1245  break;
1246 
1247  case ISR_COMMAND_COMPLETE:
1248  atmel_command_irq(priv);
1249  break;
1250 
1251  case ISR_IBSS_MERGE:
1252  atmel_get_mib(priv, Mac_Mgmt_Mib_Type, MAC_MGMT_MIB_CUR_BSSID_POS,
1253  priv->CurrentBSSID, 6);
1254  /* The WPA stuff cares about the current AP address */
1255  if (priv->use_wpa)
1256  build_wpa_mib(priv);
1257  break;
1258  case ISR_GENERIC_IRQ:
1259  printk(KERN_INFO "%s: Generic_irq received.\n", dev->name);
1260  break;
1261  }
1262  }
1263 }
1264 
1265 static struct iw_statistics *atmel_get_wireless_stats(struct net_device *dev)
1266 {
1267  struct atmel_private *priv = netdev_priv(dev);
1268 
1269  /* update the link quality here in case we are seeing no beacons
1270  at all to drive the process */
1271  atmel_smooth_qual(priv);
1272 
1273  priv->wstats.status = priv->station_state;
1274 
1275  if (priv->operating_mode == IW_MODE_INFRA) {
1276  if (priv->station_state != STATION_STATE_READY) {
1277  priv->wstats.qual.qual = 0;
1278  priv->wstats.qual.level = 0;
1279  priv->wstats.qual.updated = (IW_QUAL_QUAL_INVALID
1280  | IW_QUAL_LEVEL_INVALID);
1281  }
1282  priv->wstats.qual.noise = 0;
1283  priv->wstats.qual.updated |= IW_QUAL_NOISE_INVALID;
1284  } else {
1285  /* Quality levels cannot be determined in ad-hoc mode,
1286  because we can 'hear' more that one remote station. */
1287  priv->wstats.qual.qual = 0;
1288  priv->wstats.qual.level = 0;
1289  priv->wstats.qual.noise = 0;
1290  priv->wstats.qual.updated = IW_QUAL_QUAL_INVALID
1291  | IW_QUAL_LEVEL_INVALID
1292  | IW_QUAL_NOISE_INVALID;
1293  priv->wstats.miss.beacon = 0;
1294  }
1295 
1296  return &priv->wstats;
1297 }
1298 
1299 static int atmel_change_mtu(struct net_device *dev, int new_mtu)
1300 {
1301  if ((new_mtu < 68) || (new_mtu > 2312))
1302  return -EINVAL;
1303  dev->mtu = new_mtu;
1304  return 0;
1305 }
1306 
1307 static int atmel_set_mac_address(struct net_device *dev, void *p)
1308 {
1309  struct sockaddr *addr = p;
1310 
1311  memcpy (dev->dev_addr, addr->sa_data, dev->addr_len);
1312  return atmel_open(dev);
1313 }
1314 
1315 EXPORT_SYMBOL(atmel_open);
1316 
1317 int atmel_open(struct net_device *dev)
1318 {
1319  struct atmel_private *priv = netdev_priv(dev);
1320  int i, channel, err;
1321 
1322  /* any scheduled timer is no longer needed and might screw things up.. */
1323  del_timer_sync(&priv->management_timer);
1324 
1325  /* Interrupts will not touch the card once in this state... */
1326  priv->station_state = STATION_STATE_DOWN;
1327 
1328  if (priv->new_SSID_size) {
1329  memcpy(priv->SSID, priv->new_SSID, priv->new_SSID_size);
1330  priv->SSID_size = priv->new_SSID_size;
1331  priv->new_SSID_size = 0;
1332  }
1333  priv->BSS_list_entries = 0;
1334 
1335  priv->AuthenticationRequestRetryCnt = 0;
1336  priv->AssociationRequestRetryCnt = 0;
1337  priv->ReAssociationRequestRetryCnt = 0;
1338  priv->CurrentAuthentTransactionSeqNum = 0x0001;
1339  priv->ExpectedAuthentTransactionSeqNum = 0x0002;
1340 
1341  priv->site_survey_state = SITE_SURVEY_IDLE;
1342  priv->station_is_associated = 0;
1343 
1344  err = reset_atmel_card(dev);
1345  if (err)
1346  return err;
1347 
1348  if (priv->config_reg_domain) {
1349  priv->reg_domain = priv->config_reg_domain;
1350  atmel_set_mib8(priv, Phy_Mib_Type, PHY_MIB_REG_DOMAIN_POS, priv->reg_domain);
1351  } else {
1352  priv->reg_domain = atmel_get_mib8(priv, Phy_Mib_Type, PHY_MIB_REG_DOMAIN_POS);
1353  for (i = 0; i < ARRAY_SIZE(channel_table); i++)
1354  if (priv->reg_domain == channel_table[i].reg_domain)
1355  break;
1356  if (i == ARRAY_SIZE(channel_table)) {
1357  priv->reg_domain = REG_DOMAIN_MKK1;
1358  printk(KERN_ALERT "%s: failed to get regulatory domain: assuming MKK1.\n", dev->name);
1359  }
1360  }
1361 
1362  if ((channel = atmel_validate_channel(priv, priv->channel)))
1363  priv->channel = channel;
1364 
1365  /* this moves station_state on.... */
1366  atmel_scan(priv, 1);
1367 
1368  atmel_set_gcr(priv->dev, GCR_ENINT); /* enable interrupts */
1369  return 0;
1370 }
1371 
1372 static int atmel_close(struct net_device *dev)
1373 {
1374  struct atmel_private *priv = netdev_priv(dev);
1375 
1376  /* Send event to userspace that we are disassociating */
1377  if (priv->station_state == STATION_STATE_READY) {
1378  union iwreq_data wrqu;
1379 
1380  wrqu.data.length = 0;
1381  wrqu.data.flags = 0;
1382  wrqu.ap_addr.sa_family = ARPHRD_ETHER;
1383  memset(wrqu.ap_addr.sa_data, 0, ETH_ALEN);
1384  wireless_send_event(priv->dev, SIOCGIWAP, &wrqu, NULL);
1385  }
1386 
1387  atmel_enter_state(priv, STATION_STATE_DOWN);
1388 
1389  if (priv->bus_type == BUS_TYPE_PCCARD)
1390  atmel_write16(dev, GCR, 0x0060);
1391  atmel_write16(dev, GCR, 0x0040);
1392  return 0;
1393 }
1394 
1395 static int atmel_validate_channel(struct atmel_private *priv, int channel)
1396 {
1397  /* check that channel is OK, if so return zero,
1398  else return suitable default channel */
1399  int i;
1400 
1401  for (i = 0; i < ARRAY_SIZE(channel_table); i++)
1402  if (priv->reg_domain == channel_table[i].reg_domain) {
1403  if (channel >= channel_table[i].min &&
1404  channel <= channel_table[i].max)
1405  return 0;
1406  else
1407  return channel_table[i].min;
1408  }
1409  return 0;
1410 }
1411 
1412 static int atmel_proc_output (char *buf, struct atmel_private *priv)
1413 {
1414  int i;
1415  char *p = buf;
1416  char *s, *r, *c;
1417 
1418  p += sprintf(p, "Driver version:\t\t%d.%d\n",
1419  DRIVER_MAJOR, DRIVER_MINOR);
1420 
1421  if (priv->station_state != STATION_STATE_DOWN) {
1422  p += sprintf(p, "Firmware version:\t%d.%d build %d\n"
1423  "Firmware location:\t",
1424  priv->host_info.major_version,
1425  priv->host_info.minor_version,
1426  priv->host_info.build_version);
1427 
1428  if (priv->card_type != CARD_TYPE_EEPROM)
1429  p += sprintf(p, "on card\n");
1430  else if (priv->firmware)
1431  p += sprintf(p, "%s loaded by host\n",
1432  priv->firmware_id);
1433  else
1434  p += sprintf(p, "%s loaded by hotplug\n",
1435  priv->firmware_id);
1436 
1437  switch (priv->card_type) {
1438  case CARD_TYPE_PARALLEL_FLASH:
1439  c = "Parallel flash";
1440  break;
1441  case CARD_TYPE_SPI_FLASH:
1442  c = "SPI flash\n";
1443  break;
1444  case CARD_TYPE_EEPROM:
1445  c = "EEPROM";
1446  break;
1447  default:
1448  c = "<unknown>";
1449  }
1450 
1451  r = "<unknown>";
1452  for (i = 0; i < ARRAY_SIZE(channel_table); i++)
1453  if (priv->reg_domain == channel_table[i].reg_domain)
1454  r = channel_table[i].name;
1455 
1456  p += sprintf(p, "MAC memory type:\t%s\n", c);
1457  p += sprintf(p, "Regulatory domain:\t%s\n", r);
1458  p += sprintf(p, "Host CRC checking:\t%s\n",
1459  priv->do_rx_crc ? "On" : "Off");
1460  p += sprintf(p, "WPA-capable firmware:\t%s\n",
1461  priv->use_wpa ? "Yes" : "No");
1462  }
1463 
1464  switch (priv->station_state) {
1465  case STATION_STATE_SCANNING:
1466  s = "Scanning";
1467  break;
1468  case STATION_STATE_JOINNING:
1469  s = "Joining";
1470  break;
1471  case STATION_STATE_AUTHENTICATING:
1472  s = "Authenticating";
1473  break;
1474  case STATION_STATE_ASSOCIATING:
1475  s = "Associating";
1476  break;
1477  case STATION_STATE_READY:
1478  s = "Ready";
1479  break;
1480  case STATION_STATE_REASSOCIATING:
1481  s = "Reassociating";
1482  break;
1483  case STATION_STATE_MGMT_ERROR:
1484  s = "Management error";
1485  break;
1486  case STATION_STATE_DOWN:
1487  s = "Down";
1488  break;
1489  default:
1490  s = "<unknown>";
1491  }
1492 
1493  p += sprintf(p, "Current state:\t\t%s\n", s);
1494  return p - buf;
1495 }
1496 
1497 static int atmel_read_proc(char *page, char **start, off_t off,
1498  int count, int *eof, void *data)
1499 {
1500  struct atmel_private *priv = data;
1501  int len = atmel_proc_output (page, priv);
1502  if (len <= off+count)
1503  *eof = 1;
1504  *start = page + off;
1505  len -= off;
1506  if (len > count)
1507  len = count;
1508  if (len < 0)
1509  len = 0;
1510  return len;
1511 }
1512 
1513 static const struct net_device_ops atmel_netdev_ops = {
1514  .ndo_open = atmel_open,
1515  .ndo_stop = atmel_close,
1516  .ndo_change_mtu = atmel_change_mtu,
1517  .ndo_set_mac_address = atmel_set_mac_address,
1518  .ndo_start_xmit = start_tx,
1519  .ndo_do_ioctl = atmel_ioctl,
1520  .ndo_validate_addr = eth_validate_addr,
1521 };
1522 
1523 struct net_device *init_atmel_card(unsigned short irq, unsigned long port,
1524  const AtmelFWType fw_type,
1525  struct device *sys_dev,
1526  int (*card_present)(void *), void *card)
1527 {
1528  struct proc_dir_entry *ent;
1529  struct net_device *dev;
1530  struct atmel_private *priv;
1531  int rc;
1532 
1533  /* Create the network device object. */
1534  dev = alloc_etherdev(sizeof(*priv));
1535  if (!dev)
1536  return NULL;
1537 
1538  if (dev_alloc_name(dev, dev->name) < 0) {
1539  printk(KERN_ERR "atmel: Couldn't get name!\n");
1540  goto err_out_free;
1541  }
1542 
1543  priv = netdev_priv(dev);
1544  priv->dev = dev;
1545  priv->sys_dev = sys_dev;
1546  priv->present_callback = card_present;
1547  priv->card = card;
1548  priv->firmware = NULL;
1549  priv->firmware_id[0] = '\0';
1550  priv->firmware_type = fw_type;
1551  if (firmware) /* module parameter */
1552  strcpy(priv->firmware_id, firmware);
1553  priv->bus_type = card_present ? BUS_TYPE_PCCARD : BUS_TYPE_PCI;
1554  priv->station_state = STATION_STATE_DOWN;
1555  priv->do_rx_crc = 0;
1556  /* For PCMCIA cards, some chips need CRC, some don't
1557  so we have to probe. */
1558  if (priv->bus_type == BUS_TYPE_PCCARD) {
1559  priv->probe_crc = 1;
1560  priv->crc_ok_cnt = priv->crc_ko_cnt = 0;
1561  } else
1562  priv->probe_crc = 0;
1563  priv->last_qual = jiffies;
1564  priv->last_beacon_timestamp = 0;
1565  memset(priv->frag_source, 0xff, sizeof(priv->frag_source));
1566  memset(priv->BSSID, 0, 6);
1567  priv->CurrentBSSID[0] = 0xFF; /* Initialize to something invalid.... */
1568  priv->station_was_associated = 0;
1569 
1570  priv->last_survey = jiffies;
1571  priv->preamble = LONG_PREAMBLE;
1572  priv->operating_mode = IW_MODE_INFRA;
1573  priv->connect_to_any_BSS = 0;
1574  priv->config_reg_domain = 0;
1575  priv->reg_domain = 0;
1576  priv->tx_rate = 3;
1577  priv->auto_tx_rate = 1;
1578  priv->channel = 4;
1579  priv->power_mode = 0;
1580  priv->SSID[0] = '\0';
1581  priv->SSID_size = 0;
1582  priv->new_SSID_size = 0;
1583  priv->frag_threshold = 2346;
1584  priv->rts_threshold = 2347;
1585  priv->short_retry = 7;
1586  priv->long_retry = 4;
1587 
1588  priv->wep_is_on = 0;
1589  priv->default_key = 0;
1590  priv->encryption_level = 0;
1591  priv->exclude_unencrypted = 0;
1592  priv->group_cipher_suite = priv->pairwise_cipher_suite = CIPHER_SUITE_NONE;
1593  priv->use_wpa = 0;
1594  memset(priv->wep_keys, 0, sizeof(priv->wep_keys));
1595  memset(priv->wep_key_len, 0, sizeof(priv->wep_key_len));
1596 
1597  priv->default_beacon_period = priv->beacon_period = 100;
1598  priv->listen_interval = 1;
1599 
1600  init_timer(&priv->management_timer);
1601  spin_lock_init(&priv->irqlock);
1602  spin_lock_init(&priv->timerlock);
1603  priv->management_timer.function = atmel_management_timer;
1604  priv->management_timer.data = (unsigned long) dev;
1605 
1606  dev->netdev_ops = &atmel_netdev_ops;
1607  dev->wireless_handlers = &atmel_handler_def;
1608  dev->irq = irq;
1609  dev->base_addr = port;
1610 
1611  SET_NETDEV_DEV(dev, sys_dev);
1612 
1613  if ((rc = request_irq(dev->irq, service_interrupt, IRQF_SHARED, dev->name, dev))) {
1614  printk(KERN_ERR "%s: register interrupt %d failed, rc %d\n", dev->name, irq, rc);
1615  goto err_out_free;
1616  }
1617 
1618  if (!request_region(dev->base_addr, 32,
1619  priv->bus_type == BUS_TYPE_PCCARD ? "atmel_cs" : "atmel_pci")) {
1620  goto err_out_irq;
1621  }
1622 
1623  if (register_netdev(dev))
1624  goto err_out_res;
1625 
1626  if (!probe_atmel_card(dev)) {
1627  unregister_netdev(dev);
1628  goto err_out_res;
1629  }
1630 
1631  netif_carrier_off(dev);
1632 
1633  ent = create_proc_read_entry ("driver/atmel", 0, NULL, atmel_read_proc, priv);
1634  if (!ent)
1635  printk(KERN_WARNING "atmel: unable to create /proc entry.\n");
1636 
1637  printk(KERN_INFO "%s: Atmel at76c50x. Version %d.%d. MAC %pM\n",
1638  dev->name, DRIVER_MAJOR, DRIVER_MINOR, dev->dev_addr);
1639 
1640  return dev;
1641 
1642 err_out_res:
1643  release_region(dev->base_addr, 32);
1644 err_out_irq:
1645  free_irq(dev->irq, dev);
1646 err_out_free:
1647  free_netdev(dev);
1648  return NULL;
1649 }
1650 
1651 EXPORT_SYMBOL(init_atmel_card);
1652 
1653 void stop_atmel_card(struct net_device *dev)
1654 {
1655  struct atmel_private *priv = netdev_priv(dev);
1656 
1657  /* put a brick on it... */
1658  if (priv->bus_type == BUS_TYPE_PCCARD)
1659  atmel_write16(dev, GCR, 0x0060);
1660  atmel_write16(dev, GCR, 0x0040);
1661 
1662  del_timer_sync(&priv->management_timer);
1663  unregister_netdev(dev);
1664  remove_proc_entry("driver/atmel", NULL);
1665  free_irq(dev->irq, dev);
1666  kfree(priv->firmware);
1667  release_region(dev->base_addr, 32);
1668  free_netdev(dev);
1669 }
1670 
1671 EXPORT_SYMBOL(stop_atmel_card);
1672 
1673 static int atmel_set_essid(struct net_device *dev,
1674  struct iw_request_info *info,
1675  struct iw_point *dwrq,
1676  char *extra)
1677 {
1678  struct atmel_private *priv = netdev_priv(dev);
1679 
1680  /* Check if we asked for `any' */
1681  if (dwrq->flags == 0) {
1682  priv->connect_to_any_BSS = 1;
1683  } else {
1684  int index = (dwrq->flags & IW_ENCODE_INDEX) - 1;
1685 
1686  priv->connect_to_any_BSS = 0;
1687 
1688  /* Check the size of the string */
1689  if (dwrq->length > MAX_SSID_LENGTH)
1690  return -E2BIG;
1691  if (index != 0)
1692  return -EINVAL;
1693 
1694  memcpy(priv->new_SSID, extra, dwrq->length);
1695  priv->new_SSID_size = dwrq->length;
1696  }
1697 
1698  return -EINPROGRESS;
1699 }
1700 
1701 static int atmel_get_essid(struct net_device *dev,
1702  struct iw_request_info *info,
1703  struct iw_point *dwrq,
1704  char *extra)
1705 {
1706  struct atmel_private *priv = netdev_priv(dev);
1707 
1708  /* Get the current SSID */
1709  if (priv->new_SSID_size != 0) {
1710  memcpy(extra, priv->new_SSID, priv->new_SSID_size);
1711  dwrq->length = priv->new_SSID_size;
1712  } else {
1713  memcpy(extra, priv->SSID, priv->SSID_size);
1714  dwrq->length = priv->SSID_size;
1715  }
1716 
1717  dwrq->flags = !priv->connect_to_any_BSS; /* active */
1718 
1719  return 0;
1720 }
1721 
1722 static int atmel_get_wap(struct net_device *dev,
1723  struct iw_request_info *info,
1724  struct sockaddr *awrq,
1725  char *extra)
1726 {
1727  struct atmel_private *priv = netdev_priv(dev);
1728  memcpy(awrq->sa_data, priv->CurrentBSSID, 6);
1729  awrq->sa_family = ARPHRD_ETHER;
1730 
1731  return 0;
1732 }
1733 
1734 static int atmel_set_encode(struct net_device *dev,
1735  struct iw_request_info *info,
1736  struct iw_point *dwrq,
1737  char *extra)
1738 {
1739  struct atmel_private *priv = netdev_priv(dev);
1740 
1741  /* Basic checking: do we have a key to set ?
1742  * Note : with the new API, it's impossible to get a NULL pointer.
1743  * Therefore, we need to check a key size == 0 instead.
1744  * New version of iwconfig properly set the IW_ENCODE_NOKEY flag
1745  * when no key is present (only change flags), but older versions
1746  * don't do it. - Jean II */
1747  if (dwrq->length > 0) {
1748  int index = (dwrq->flags & IW_ENCODE_INDEX) - 1;
1749  int current_index = priv->default_key;
1750  /* Check the size of the key */
1751  if (dwrq->length > 13) {
1752  return -EINVAL;
1753  }
1754  /* Check the index (none -> use current) */
1755  if (index < 0 || index >= 4)
1756  index = current_index;
1757  else
1758  priv->default_key = index;
1759  /* Set the length */
1760  if (dwrq->length > 5)
1761  priv->wep_key_len[index] = 13;
1762  else
1763  if (dwrq->length > 0)
1764  priv->wep_key_len[index] = 5;
1765  else
1766  /* Disable the key */
1767  priv->wep_key_len[index] = 0;
1768  /* Check if the key is not marked as invalid */
1769  if (!(dwrq->flags & IW_ENCODE_NOKEY)) {
1770  /* Cleanup */
1771  memset(priv->wep_keys[index], 0, 13);
1772  /* Copy the key in the driver */
1773  memcpy(priv->wep_keys[index], extra, dwrq->length);
1774  }
1775  /* WE specify that if a valid key is set, encryption
1776  * should be enabled (user may turn it off later)
1777  * This is also how "iwconfig ethX key on" works */
1778  if (index == current_index &&
1779  priv->wep_key_len[index] > 0) {
1780  priv->wep_is_on = 1;
1781  priv->exclude_unencrypted = 1;
1782  if (priv->wep_key_len[index] > 5) {
1783  priv->pairwise_cipher_suite = CIPHER_SUITE_WEP_128;
1784  priv->encryption_level = 2;
1785  } else {
1786  priv->pairwise_cipher_suite = CIPHER_SUITE_WEP_64;
1787  priv->encryption_level = 1;
1788  }
1789  }
1790  } else {
1791  /* Do we want to just set the transmit key index ? */
1792  int index = (dwrq->flags & IW_ENCODE_INDEX) - 1;
1793  if (index >= 0 && index < 4) {
1794  priv->default_key = index;
1795  } else
1796  /* Don't complain if only change the mode */
1797  if (!(dwrq->flags & IW_ENCODE_MODE))
1798  return -EINVAL;
1799  }
1800  /* Read the flags */
1801  if (dwrq->flags & IW_ENCODE_DISABLED) {
1802  priv->wep_is_on = 0;
1803  priv->encryption_level = 0;
1804  priv->pairwise_cipher_suite = CIPHER_SUITE_NONE;
1805  } else {
1806  priv->wep_is_on = 1;
1807  if (priv->wep_key_len[priv->default_key] > 5) {
1808  priv->pairwise_cipher_suite = CIPHER_SUITE_WEP_128;
1809  priv->encryption_level = 2;
1810  } else {
1811  priv->pairwise_cipher_suite = CIPHER_SUITE_WEP_64;
1812  priv->encryption_level = 1;
1813  }
1814  }
1815  if (dwrq->flags & IW_ENCODE_RESTRICTED)
1816  priv->exclude_unencrypted = 1;
1817  if (dwrq->flags & IW_ENCODE_OPEN)
1818  priv->exclude_unencrypted = 0;
1819 
1820  return -EINPROGRESS; /* Call commit handler */
1821 }
1822 
1823 static int atmel_get_encode(struct net_device *dev,
1824  struct iw_request_info *info,
1825  struct iw_point *dwrq,
1826  char *extra)
1827 {
1828  struct atmel_private *priv = netdev_priv(dev);
1829  int index = (dwrq->flags & IW_ENCODE_INDEX) - 1;
1830 
1831  if (!priv->wep_is_on)
1832  dwrq->flags = IW_ENCODE_DISABLED;
1833  else {
1834  if (priv->exclude_unencrypted)
1835  dwrq->flags = IW_ENCODE_RESTRICTED;
1836  else
1837  dwrq->flags = IW_ENCODE_OPEN;
1838  }
1839  /* Which key do we want ? -1 -> tx index */
1840  if (index < 0 || index >= 4)
1841  index = priv->default_key;
1842  dwrq->flags |= index + 1;
1843  /* Copy the key to the user buffer */
1844  dwrq->length = priv->wep_key_len[index];
1845  if (dwrq->length > 16) {
1846  dwrq->length = 0;
1847  } else {
1848  memset(extra, 0, 16);
1849  memcpy(extra, priv->wep_keys[index], dwrq->length);
1850  }
1851 
1852  return 0;
1853 }
1854 
1855 static int atmel_set_encodeext(struct net_device *dev,
1856  struct iw_request_info *info,
1857  union iwreq_data *wrqu,
1858  char *extra)
1859 {
1860  struct atmel_private *priv = netdev_priv(dev);
1861  struct iw_point *encoding = &wrqu->encoding;
1862  struct iw_encode_ext *ext = (struct iw_encode_ext *)extra;
1863  int idx, key_len, alg = ext->alg, set_key = 1;
1864 
1865  /* Determine and validate the key index */
1866  idx = encoding->flags & IW_ENCODE_INDEX;
1867  if (idx) {
1868  if (idx < 1 || idx > 4)
1869  return -EINVAL;
1870  idx--;
1871  } else
1872  idx = priv->default_key;
1873 
1874  if (encoding->flags & IW_ENCODE_DISABLED)
1875  alg = IW_ENCODE_ALG_NONE;
1876 
1877  if (ext->ext_flags & IW_ENCODE_EXT_SET_TX_KEY) {
1878  priv->default_key = idx;
1879  set_key = ext->key_len > 0 ? 1 : 0;
1880  }
1881 
1882  if (set_key) {
1883  /* Set the requested key first */
1884  switch (alg) {
1885  case IW_ENCODE_ALG_NONE:
1886  priv->wep_is_on = 0;
1887  priv->encryption_level = 0;
1888  priv->pairwise_cipher_suite = CIPHER_SUITE_NONE;
1889  break;
1890  case IW_ENCODE_ALG_WEP:
1891  if (ext->key_len > 5) {
1892  priv->wep_key_len[idx] = 13;
1893  priv->pairwise_cipher_suite = CIPHER_SUITE_WEP_128;
1894  priv->encryption_level = 2;
1895  } else if (ext->key_len > 0) {
1896  priv->wep_key_len[idx] = 5;
1897  priv->pairwise_cipher_suite = CIPHER_SUITE_WEP_64;
1898  priv->encryption_level = 1;
1899  } else {
1900  return -EINVAL;
1901  }
1902  priv->wep_is_on = 1;
1903  memset(priv->wep_keys[idx], 0, 13);
1904  key_len = min ((int)ext->key_len, priv->wep_key_len[idx]);
1905  memcpy(priv->wep_keys[idx], ext->key, key_len);
1906  break;
1907  default:
1908  return -EINVAL;
1909  }
1910  }
1911 
1912  return -EINPROGRESS;
1913 }
1914 
1915 static int atmel_get_encodeext(struct net_device *dev,
1916  struct iw_request_info *info,
1917  union iwreq_data *wrqu,
1918  char *extra)
1919 {
1920  struct atmel_private *priv = netdev_priv(dev);
1921  struct iw_point *encoding = &wrqu->encoding;
1922  struct iw_encode_ext *ext = (struct iw_encode_ext *)extra;
1923  int idx, max_key_len;
1924 
1925  max_key_len = encoding->length - sizeof(*ext);
1926  if (max_key_len < 0)
1927  return -EINVAL;
1928 
1929  idx = encoding->flags & IW_ENCODE_INDEX;
1930  if (idx) {
1931  if (idx < 1 || idx > 4)
1932  return -EINVAL;
1933  idx--;
1934  } else
1935  idx = priv->default_key;
1936 
1937  encoding->flags = idx + 1;
1938  memset(ext, 0, sizeof(*ext));
1939 
1940  if (!priv->wep_is_on) {
1941  ext->alg = IW_ENCODE_ALG_NONE;
1942  ext->key_len = 0;
1943  encoding->flags |= IW_ENCODE_DISABLED;
1944  } else {
1945  if (priv->encryption_level > 0)
1946  ext->alg = IW_ENCODE_ALG_WEP;
1947  else
1948  return -EINVAL;
1949 
1950  ext->key_len = priv->wep_key_len[idx];
1951  memcpy(ext->key, priv->wep_keys[idx], ext->key_len);
1952  encoding->flags |= IW_ENCODE_ENABLED;
1953  }
1954 
1955  return 0;
1956 }
1957 
1958 static int atmel_set_auth(struct net_device *dev,
1959  struct iw_request_info *info,
1960  union iwreq_data *wrqu, char *extra)
1961 {
1962  struct atmel_private *priv = netdev_priv(dev);
1963  struct iw_param *param = &wrqu->param;
1964 
1965  switch (param->flags & IW_AUTH_INDEX) {
1966  case IW_AUTH_WPA_VERSION:
1967  case IW_AUTH_CIPHER_PAIRWISE:
1968  case IW_AUTH_CIPHER_GROUP:
1969  case IW_AUTH_KEY_MGMT:
1970  case IW_AUTH_RX_UNENCRYPTED_EAPOL:
1971  case IW_AUTH_PRIVACY_INVOKED:
1972  /*
1973  * atmel does not use these parameters
1974  */
1975  break;
1976 
1977  case IW_AUTH_DROP_UNENCRYPTED:
1978  priv->exclude_unencrypted = param->value ? 1 : 0;
1979  break;
1980 
1981  case IW_AUTH_80211_AUTH_ALG: {
1982  if (param->value & IW_AUTH_ALG_SHARED_KEY) {
1983  priv->exclude_unencrypted = 1;
1984  } else if (param->value & IW_AUTH_ALG_OPEN_SYSTEM) {
1985  priv->exclude_unencrypted = 0;
1986  } else
1987  return -EINVAL;
1988  break;
1989  }
1990 
1991  case IW_AUTH_WPA_ENABLED:
1992  /* Silently accept disable of WPA */
1993  if (param->value > 0)
1994  return -EOPNOTSUPP;
1995  break;
1996 
1997  default:
1998  return -EOPNOTSUPP;
1999  }
2000  return -EINPROGRESS;
2001 }
2002 
2003 static int atmel_get_auth(struct net_device *dev,
2004  struct iw_request_info *info,
2005  union iwreq_data *wrqu, char *extra)
2006 {
2007  struct atmel_private *priv = netdev_priv(dev);
2008  struct iw_param *param = &wrqu->param;
2009 
2010  switch (param->flags & IW_AUTH_INDEX) {
2011  case IW_AUTH_DROP_UNENCRYPTED:
2012  param->value = priv->exclude_unencrypted;
2013  break;
2014 
2015  case IW_AUTH_80211_AUTH_ALG:
2016  if (priv->exclude_unencrypted == 1)
2017  param->value = IW_AUTH_ALG_SHARED_KEY;
2018  else
2019  param->value = IW_AUTH_ALG_OPEN_SYSTEM;
2020  break;
2021 
2022  case IW_AUTH_WPA_ENABLED:
2023  param->value = 0;
2024  break;
2025 
2026  default:
2027  return -EOPNOTSUPP;
2028  }
2029  return 0;
2030 }
2031 
2032 
2033 static int atmel_get_name(struct net_device *dev,
2034  struct iw_request_info *info,
2035  char *cwrq,
2036  char *extra)
2037 {
2038  strcpy(cwrq, "IEEE 802.11-DS");
2039  return 0;
2040 }
2041 
2042 static int atmel_set_rate(struct net_device *dev,
2043  struct iw_request_info *info,
2044  struct iw_param *vwrq,
2045  char *extra)
2046 {
2047  struct atmel_private *priv = netdev_priv(dev);
2048 
2049  if (vwrq->fixed == 0) {
2050  priv->tx_rate = 3;
2051  priv->auto_tx_rate = 1;
2052  } else {
2053  priv->auto_tx_rate = 0;
2054 
2055  /* Which type of value ? */
2056  if ((vwrq->value < 4) && (vwrq->value >= 0)) {
2057  /* Setting by rate index */
2058  priv->tx_rate = vwrq->value;
2059  } else {
2060  /* Setting by frequency value */
2061  switch (vwrq->value) {
2062  case 1000000:
2063  priv->tx_rate = 0;
2064  break;
2065  case 2000000:
2066  priv->tx_rate = 1;
2067  break;
2068  case 5500000:
2069  priv->tx_rate = 2;
2070  break;
2071  case 11000000:
2072  priv->tx_rate = 3;
2073  break;
2074  default:
2075  return -EINVAL;
2076  }
2077  }
2078  }
2079 
2080  return -EINPROGRESS;
2081 }
2082 
2083 static int atmel_set_mode(struct net_device *dev,
2084  struct iw_request_info *info,
2085  __u32 *uwrq,
2086  char *extra)
2087 {
2088  struct atmel_private *priv = netdev_priv(dev);
2089 
2090  if (*uwrq != IW_MODE_ADHOC && *uwrq != IW_MODE_INFRA)
2091  return -EINVAL;
2092 
2093  priv->operating_mode = *uwrq;
2094  return -EINPROGRESS;
2095 }
2096 
2097 static int atmel_get_mode(struct net_device *dev,
2098  struct iw_request_info *info,
2099  __u32 *uwrq,
2100  char *extra)
2101 {
2102  struct atmel_private *priv = netdev_priv(dev);
2103 
2104  *uwrq = priv->operating_mode;
2105  return 0;
2106 }
2107 
2108 static int atmel_get_rate(struct net_device *dev,
2109  struct iw_request_info *info,
2110  struct iw_param *vwrq,
2111  char *extra)
2112 {
2113  struct atmel_private *priv = netdev_priv(dev);
2114 
2115  if (priv->auto_tx_rate) {
2116  vwrq->fixed = 0;
2117  vwrq->value = 11000000;
2118  } else {
2119  vwrq->fixed = 1;
2120  switch (priv->tx_rate) {
2121  case 0:
2122  vwrq->value = 1000000;
2123  break;
2124  case 1:
2125  vwrq->value = 2000000;
2126  break;
2127  case 2:
2128  vwrq->value = 5500000;
2129  break;
2130  case 3:
2131  vwrq->value = 11000000;
2132  break;
2133  }
2134  }
2135  return 0;
2136 }
2137 
2138 static int atmel_set_power(struct net_device *dev,
2139  struct iw_request_info *info,
2140  struct iw_param *vwrq,
2141  char *extra)
2142 {
2143  struct atmel_private *priv = netdev_priv(dev);
2144  priv->power_mode = vwrq->disabled ? 0 : 1;
2145  return -EINPROGRESS;
2146 }
2147 
2148 static int atmel_get_power(struct net_device *dev,
2149  struct iw_request_info *info,
2150  struct iw_param *vwrq,
2151  char *extra)
2152 {
2153  struct atmel_private *priv = netdev_priv(dev);
2154  vwrq->disabled = priv->power_mode ? 0 : 1;
2155  vwrq->flags = IW_POWER_ON;
2156  return 0;
2157 }
2158 
2159 static int atmel_set_retry(struct net_device *dev,
2160  struct iw_request_info *info,
2161  struct iw_param *vwrq,
2162  char *extra)
2163 {
2164  struct atmel_private *priv = netdev_priv(dev);
2165 
2166  if (!vwrq->disabled && (vwrq->flags & IW_RETRY_LIMIT)) {
2167  if (vwrq->flags & IW_RETRY_LONG)
2168  priv->long_retry = vwrq->value;
2169  else if (vwrq->flags & IW_RETRY_SHORT)
2170  priv->short_retry = vwrq->value;
2171  else {
2172  /* No modifier : set both */
2173  priv->long_retry = vwrq->value;
2174  priv->short_retry = vwrq->value;
2175  }
2176  return -EINPROGRESS;
2177  }
2178 
2179  return -EINVAL;
2180 }
2181 
2182 static int atmel_get_retry(struct net_device *dev,
2183  struct iw_request_info *info,
2184  struct iw_param *vwrq,
2185  char *extra)
2186 {
2187  struct atmel_private *priv = netdev_priv(dev);
2188 
2189  vwrq->disabled = 0; /* Can't be disabled */
2190 
2191  /* Note : by default, display the short retry number */
2192  if (vwrq->flags & IW_RETRY_LONG) {
2193  vwrq->flags = IW_RETRY_LIMIT | IW_RETRY_LONG;
2194  vwrq->value = priv->long_retry;
2195  } else {
2196  vwrq->flags = IW_RETRY_LIMIT;
2197  vwrq->value = priv->short_retry;
2198  if (priv->long_retry != priv->short_retry)
2199  vwrq->flags |= IW_RETRY_SHORT;
2200  }
2201 
2202  return 0;
2203 }
2204 
2205 static int atmel_set_rts(struct net_device *dev,
2206  struct iw_request_info *info,
2207  struct iw_param *vwrq,
2208  char *extra)
2209 {
2210  struct atmel_private *priv = netdev_priv(dev);
2211  int rthr = vwrq->value;
2212 
2213  if (vwrq->disabled)
2214  rthr = 2347;
2215  if ((rthr < 0) || (rthr > 2347)) {
2216  return -EINVAL;
2217  }
2218  priv->rts_threshold = rthr;
2219 
2220  return -EINPROGRESS; /* Call commit handler */
2221 }
2222 
2223 static int atmel_get_rts(struct net_device *dev,
2224  struct iw_request_info *info,
2225  struct iw_param *vwrq,
2226  char *extra)
2227 {
2228  struct atmel_private *priv = netdev_priv(dev);
2229 
2230  vwrq->value = priv->rts_threshold;
2231  vwrq->disabled = (vwrq->value >= 2347);
2232  vwrq->fixed = 1;
2233 
2234  return 0;
2235 }
2236 
2237 static int atmel_set_frag(struct net_device *dev,
2238  struct iw_request_info *info,
2239  struct iw_param *vwrq,
2240  char *extra)
2241 {
2242  struct atmel_private *priv = netdev_priv(dev);
2243  int fthr = vwrq->value;
2244 
2245  if (vwrq->disabled)
2246  fthr = 2346;
2247  if ((fthr < 256) || (fthr > 2346)) {
2248  return -EINVAL;
2249  }
2250  fthr &= ~0x1; /* Get an even value - is it really needed ??? */
2251  priv->frag_threshold = fthr;
2252 
2253  return -EINPROGRESS; /* Call commit handler */
2254 }
2255 
2256 static int atmel_get_frag(struct net_device *dev,
2257  struct iw_request_info *info,
2258  struct iw_param *vwrq,
2259  char *extra)
2260 {
2261  struct atmel_private *priv = netdev_priv(dev);
2262 
2263  vwrq->value = priv->frag_threshold;
2264  vwrq->disabled = (vwrq->value >= 2346);
2265  vwrq->fixed = 1;
2266 
2267  return 0;
2268 }
2269 
2270 static int atmel_set_freq(struct net_device *dev,
2271  struct iw_request_info *info,
2272  struct iw_freq *fwrq,
2273  char *extra)
2274 {
2275  struct atmel_private *priv = netdev_priv(dev);
2276  int rc = -EINPROGRESS; /* Call commit handler */
2277 
2278  /* If setting by frequency, convert to a channel */
2279  if (fwrq->e == 1) {
2280  int f = fwrq->m / 100000;
2281 
2282  /* Hack to fall through... */
2283  fwrq->e = 0;
2284  fwrq->m = ieee80211_freq_to_dsss_chan(f);
2285  }
2286  /* Setting by channel number */
2287  if ((fwrq->m > 1000) || (fwrq->e > 0))
2288  rc = -EOPNOTSUPP;
2289  else {
2290  int channel = fwrq->m;
2291  if (atmel_validate_channel(priv, channel) == 0) {
2292  priv->channel = channel;
2293  } else {
2294  rc = -EINVAL;
2295  }
2296  }
2297  return rc;
2298 }
2299 
2300 static int atmel_get_freq(struct net_device *dev,
2301  struct iw_request_info *info,
2302  struct iw_freq *fwrq,
2303  char *extra)
2304 {
2305  struct atmel_private *priv = netdev_priv(dev);
2306 
2307  fwrq->m = priv->channel;
2308  fwrq->e = 0;
2309  return 0;
2310 }
2311 
2312 static int atmel_set_scan(struct net_device *dev,
2313  struct iw_request_info *info,
2314  struct iw_point *dwrq,
2315  char *extra)
2316 {
2317  struct atmel_private *priv = netdev_priv(dev);
2318  unsigned long flags;
2319 
2320  /* Note : you may have realised that, as this is a SET operation,
2321  * this is privileged and therefore a normal user can't
2322  * perform scanning.
2323  * This is not an error, while the device perform scanning,
2324  * traffic doesn't flow, so it's a perfect DoS...
2325  * Jean II */
2326 
2327  if (priv->station_state == STATION_STATE_DOWN)
2328  return -EAGAIN;
2329 
2330  /* Timeout old surveys. */
2331  if (time_after(jiffies, priv->last_survey + 20 * HZ))
2332  priv->site_survey_state = SITE_SURVEY_IDLE;
2333  priv->last_survey = jiffies;
2334 
2335  /* Initiate a scan command */
2336  if (priv->site_survey_state == SITE_SURVEY_IN_PROGRESS)
2337  return -EBUSY;
2338 
2339  del_timer_sync(&priv->management_timer);
2340  spin_lock_irqsave(&priv->irqlock, flags);
2341 
2342  priv->site_survey_state = SITE_SURVEY_IN_PROGRESS;
2343  priv->fast_scan = 0;
2344  atmel_scan(priv, 0);
2345  spin_unlock_irqrestore(&priv->irqlock, flags);
2346 
2347  return 0;
2348 }
2349 
2350 static int atmel_get_scan(struct net_device *dev,
2351  struct iw_request_info *info,
2352  struct iw_point *dwrq,
2353  char *extra)
2354 {
2355  struct atmel_private *priv = netdev_priv(dev);
2356  int i;
2357  char *current_ev = extra;
2358  struct iw_event iwe;
2359 
2360  if (priv->site_survey_state != SITE_SURVEY_COMPLETED)
2361  return -EAGAIN;
2362 
2363  for (i = 0; i < priv->BSS_list_entries; i++) {
2364  iwe.cmd = SIOCGIWAP;
2365  iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
2366  memcpy(iwe.u.ap_addr.sa_data, priv->BSSinfo[i].BSSID, 6);
2367  current_ev = iwe_stream_add_event(info, current_ev,
2368  extra + IW_SCAN_MAX_DATA,
2369  &iwe, IW_EV_ADDR_LEN);
2370 
2371  iwe.u.data.length = priv->BSSinfo[i].SSIDsize;
2372  if (iwe.u.data.length > 32)
2373  iwe.u.data.length = 32;
2374  iwe.cmd = SIOCGIWESSID;
2375  iwe.u.data.flags = 1;
2376  current_ev = iwe_stream_add_point(info, current_ev,
2377  extra + IW_SCAN_MAX_DATA,
2378  &iwe, priv->BSSinfo[i].SSID);
2379 
2380  iwe.cmd = SIOCGIWMODE;
2381  iwe.u.mode = priv->BSSinfo[i].BSStype;
2382  current_ev = iwe_stream_add_event(info, current_ev,
2383  extra + IW_SCAN_MAX_DATA,
2384  &iwe, IW_EV_UINT_LEN);
2385 
2386  iwe.cmd = SIOCGIWFREQ;
2387  iwe.u.freq.m = priv->BSSinfo[i].channel;
2388  iwe.u.freq.e = 0;
2389  current_ev = iwe_stream_add_event(info, current_ev,
2390  extra + IW_SCAN_MAX_DATA,
2391  &iwe, IW_EV_FREQ_LEN);
2392 
2393  /* Add quality statistics */
2394  iwe.cmd = IWEVQUAL;
2395  iwe.u.qual.level = priv->BSSinfo[i].RSSI;
2396  iwe.u.qual.qual = iwe.u.qual.level;
2397  /* iwe.u.qual.noise = SOMETHING */
2398  current_ev = iwe_stream_add_event(info, current_ev,
2399  extra + IW_SCAN_MAX_DATA,
2400  &iwe, IW_EV_QUAL_LEN);
2401 
2402 
2403  iwe.cmd = SIOCGIWENCODE;
2404  if (priv->BSSinfo[i].UsingWEP)
2405  iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
2406  else
2407  iwe.u.data.flags = IW_ENCODE_DISABLED;
2408  iwe.u.data.length = 0;
2409  current_ev = iwe_stream_add_point(info, current_ev,
2410  extra + IW_SCAN_MAX_DATA,
2411  &iwe, NULL);
2412  }
2413 
2414  /* Length of data */
2415  dwrq->length = (current_ev - extra);
2416  dwrq->flags = 0;
2417 
2418  return 0;
2419 }
2420 
2421 static int atmel_get_range(struct net_device *dev,
2422  struct iw_request_info *info,
2423  struct iw_point *dwrq,
2424  char *extra)
2425 {
2426  struct atmel_private *priv = netdev_priv(dev);
2427  struct iw_range *range = (struct iw_range *) extra;
2428  int k, i, j;
2429 
2430  dwrq->length = sizeof(struct iw_range);
2431  memset(range, 0, sizeof(struct iw_range));
2432  range->min_nwid = 0x0000;
2433  range->max_nwid = 0x0000;
2434  range->num_channels = 0;
2435  for (j = 0; j < ARRAY_SIZE(channel_table); j++)
2436  if (priv->reg_domain == channel_table[j].reg_domain) {
2437  range->num_channels = channel_table[j].max - channel_table[j].min + 1;
2438  break;
2439  }
2440  if (range->num_channels != 0) {
2441  for (k = 0, i = channel_table[j].min; i <= channel_table[j].max; i++) {
2442  range->freq[k].i = i; /* List index */
2443 
2444  /* Values in MHz -> * 10^5 * 10 */
2445  range->freq[k].m = (ieee80211_dsss_chan_to_freq(i) *
2446  100000);
2447  range->freq[k++].e = 1;
2448  }
2449  range->num_frequency = k;
2450  }
2451 
2452  range->max_qual.qual = 100;
2453  range->max_qual.level = 100;
2454  range->max_qual.noise = 0;
2455  range->max_qual.updated = IW_QUAL_NOISE_INVALID;
2456 
2457  range->avg_qual.qual = 50;
2458  range->avg_qual.level = 50;
2459  range->avg_qual.noise = 0;
2460  range->avg_qual.updated = IW_QUAL_NOISE_INVALID;
2461 
2462  range->sensitivity = 0;
2463 
2464  range->bitrate[0] = 1000000;
2465  range->bitrate[1] = 2000000;
2466  range->bitrate[2] = 5500000;
2467  range->bitrate[3] = 11000000;
2468  range->num_bitrates = 4;
2469 
2470  range->min_rts = 0;
2471  range->max_rts = 2347;
2472  range->min_frag = 256;
2473  range->max_frag = 2346;
2474 
2475  range->encoding_size[0] = 5;
2476  range->encoding_size[1] = 13;
2477  range->num_encoding_sizes = 2;
2478  range->max_encoding_tokens = 4;
2479 
2480  range->pmp_flags = IW_POWER_ON;
2481  range->pmt_flags = IW_POWER_ON;
2482  range->pm_capa = 0;
2483 
2484  range->we_version_source = WIRELESS_EXT;
2485  range->we_version_compiled = WIRELESS_EXT;
2486  range->retry_capa = IW_RETRY_LIMIT ;
2487  range->retry_flags = IW_RETRY_LIMIT;
2488  range->r_time_flags = 0;
2489  range->min_retry = 1;
2490  range->max_retry = 65535;
2491 
2492  return 0;
2493 }
2494 
2495 static int atmel_set_wap(struct net_device *dev,
2496  struct iw_request_info *info,
2497  struct sockaddr *awrq,
2498  char *extra)
2499 {
2500  struct atmel_private *priv = netdev_priv(dev);
2501  int i;
2502  static const u8 any[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
2503  static const u8 off[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
2504  unsigned long flags;
2505 
2506  if (awrq->sa_family != ARPHRD_ETHER)
2507  return -EINVAL;
2508 
2509  if (!memcmp(any, awrq->sa_data, 6) ||
2510  !memcmp(off, awrq->sa_data, 6)) {
2511  del_timer_sync(&priv->management_timer);
2512  spin_lock_irqsave(&priv->irqlock, flags);
2513  atmel_scan(priv, 1);
2514  spin_unlock_irqrestore(&priv->irqlock, flags);
2515  return 0;
2516  }
2517 
2518  for (i = 0; i < priv->BSS_list_entries; i++) {
2519  if (memcmp(priv->BSSinfo[i].BSSID, awrq->sa_data, 6) == 0) {
2520  if (!priv->wep_is_on && priv->BSSinfo[i].UsingWEP) {
2521  return -EINVAL;
2522  } else if (priv->wep_is_on && !priv->BSSinfo[i].UsingWEP) {
2523  return -EINVAL;
2524  } else {
2525  del_timer_sync(&priv->management_timer);
2526  spin_lock_irqsave(&priv->irqlock, flags);
2527  atmel_join_bss(priv, i);
2528  spin_unlock_irqrestore(&priv->irqlock, flags);
2529  return 0;
2530  }
2531  }
2532  }
2533 
2534  return -EINVAL;
2535 }
2536 
2537 static int atmel_config_commit(struct net_device *dev,
2538  struct iw_request_info *info, /* NULL */
2539  void *zwrq, /* NULL */
2540  char *extra) /* NULL */
2541 {
2542  return atmel_open(dev);
2543 }
2544 
2545 static const iw_handler atmel_handler[] =
2546 {
2547  (iw_handler) atmel_config_commit, /* SIOCSIWCOMMIT */
2548  (iw_handler) atmel_get_name, /* SIOCGIWNAME */
2549  (iw_handler) NULL, /* SIOCSIWNWID */
2550  (iw_handler) NULL, /* SIOCGIWNWID */
2551  (iw_handler) atmel_set_freq, /* SIOCSIWFREQ */
2552  (iw_handler) atmel_get_freq, /* SIOCGIWFREQ */
2553  (iw_handler) atmel_set_mode, /* SIOCSIWMODE */
2554  (iw_handler) atmel_get_mode, /* SIOCGIWMODE */
2555  (iw_handler) NULL, /* SIOCSIWSENS */
2556  (iw_handler) NULL, /* SIOCGIWSENS */
2557  (iw_handler) NULL, /* SIOCSIWRANGE */
2558  (iw_handler) atmel_get_range, /* SIOCGIWRANGE */
2559  (iw_handler) NULL, /* SIOCSIWPRIV */
2560  (iw_handler) NULL, /* SIOCGIWPRIV */
2561  (iw_handler) NULL, /* SIOCSIWSTATS */
2562  (iw_handler) NULL, /* SIOCGIWSTATS */
2563  (iw_handler) NULL, /* SIOCSIWSPY */
2564  (iw_handler) NULL, /* SIOCGIWSPY */
2565  (iw_handler) NULL, /* -- hole -- */
2566  (iw_handler) NULL, /* -- hole -- */
2567  (iw_handler) atmel_set_wap, /* SIOCSIWAP */
2568  (iw_handler) atmel_get_wap, /* SIOCGIWAP */
2569  (iw_handler) NULL, /* -- hole -- */
2570  (iw_handler) NULL, /* SIOCGIWAPLIST */
2571  (iw_handler) atmel_set_scan, /* SIOCSIWSCAN */
2572  (iw_handler) atmel_get_scan, /* SIOCGIWSCAN */
2573  (iw_handler) atmel_set_essid, /* SIOCSIWESSID */
2574  (iw_handler) atmel_get_essid, /* SIOCGIWESSID */
2575  (iw_handler) NULL, /* SIOCSIWNICKN */
2576  (iw_handler) NULL, /* SIOCGIWNICKN */
2577  (iw_handler) NULL, /* -- hole -- */
2578  (iw_handler) NULL, /* -- hole -- */
2579  (iw_handler) atmel_set_rate, /* SIOCSIWRATE */
2580  (iw_handler) atmel_get_rate, /* SIOCGIWRATE */
2581  (iw_handler) atmel_set_rts, /* SIOCSIWRTS */
2582  (iw_handler) atmel_get_rts, /* SIOCGIWRTS */
2583  (iw_handler) atmel_set_frag, /* SIOCSIWFRAG */
2584  (iw_handler) atmel_get_frag, /* SIOCGIWFRAG */
2585  (iw_handler) NULL, /* SIOCSIWTXPOW */
2586  (iw_handler) NULL, /* SIOCGIWTXPOW */
2587  (iw_handler) atmel_set_retry, /* SIOCSIWRETRY */
2588  (iw_handler) atmel_get_retry, /* SIOCGIWRETRY */
2589  (iw_handler) atmel_set_encode, /* SIOCSIWENCODE */
2590  (iw_handler) atmel_get_encode, /* SIOCGIWENCODE */
2591  (iw_handler) atmel_set_power, /* SIOCSIWPOWER */
2592  (iw_handler) atmel_get_power, /* SIOCGIWPOWER */
2593  (iw_handler) NULL, /* -- hole -- */
2594  (iw_handler) NULL, /* -- hole -- */
2595  (iw_handler) NULL, /* SIOCSIWGENIE */
2596  (iw_handler) NULL, /* SIOCGIWGENIE */
2597  (iw_handler) atmel_set_auth, /* SIOCSIWAUTH */
2598  (iw_handler) atmel_get_auth, /* SIOCGIWAUTH */
2599  (iw_handler) atmel_set_encodeext, /* SIOCSIWENCODEEXT */
2600  (iw_handler) atmel_get_encodeext, /* SIOCGIWENCODEEXT */
2601  (iw_handler) NULL, /* SIOCSIWPMKSA */
2602 };
2603 
2604 static const iw_handler atmel_private_handler[] =
2605 {
2606  NULL, /* SIOCIWFIRSTPRIV */
2607 };
2608 
2609 typedef struct atmel_priv_ioctl {
2610  char id[32];
2611  unsigned char __user *data;
2612  unsigned short len;
2613 } atmel_priv_ioctl;
2614 
2615 #define ATMELFWL SIOCIWFIRSTPRIV
2616 #define ATMELIDIFC ATMELFWL + 1
2617 #define ATMELRD ATMELFWL + 2
2618 #define ATMELMAGIC 0x51807
2619 #define REGDOMAINSZ 20
2620 
2621 static const struct iw_priv_args atmel_private_args[] = {
2622  {
2623  .cmd = ATMELFWL,
2624  .set_args = IW_PRIV_TYPE_BYTE
2625  | IW_PRIV_SIZE_FIXED
2626  | sizeof (atmel_priv_ioctl),
2627  .get_args = IW_PRIV_TYPE_NONE,
2628  .name = "atmelfwl"
2629  }, {
2630  .cmd = ATMELIDIFC,
2631  .set_args = IW_PRIV_TYPE_NONE,
2632  .get_args = IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1,
2633  .name = "atmelidifc"
2634  }, {
2635  .cmd = ATMELRD,
2636  .set_args = IW_PRIV_TYPE_CHAR | REGDOMAINSZ,
2637  .get_args = IW_PRIV_TYPE_NONE,
2638  .name = "regdomain"
2639  },
2640 };
2641 
2642 static const struct iw_handler_def atmel_handler_def = {
2643  .num_standard = ARRAY_SIZE(atmel_handler),
2644  .num_private = ARRAY_SIZE(atmel_private_handler),
2645  .num_private_args = ARRAY_SIZE(atmel_private_args),
2646  .standard = (iw_handler *) atmel_handler,
2647  .private = (iw_handler *) atmel_private_handler,
2648  .private_args = (struct iw_priv_args *) atmel_private_args,
2649  .get_wireless_stats = atmel_get_wireless_stats
2650 };
2651 
2652 static int atmel_ioctl(struct net_device *dev, struct ifreq *rq, int cmd)
2653 {
2654  int i, rc = 0;
2655  struct atmel_private *priv = netdev_priv(dev);
2656  atmel_priv_ioctl com;
2657  struct iwreq *wrq = (struct iwreq *) rq;
2658  unsigned char *new_firmware;
2659  char domain[REGDOMAINSZ + 1];
2660 
2661  switch (cmd) {
2662  case ATMELIDIFC:
2663  wrq->u.param.value = ATMELMAGIC;
2664  break;
2665 
2666  case ATMELFWL:
2667  if (copy_from_user(&com, rq->ifr_data, sizeof(com))) {
2668  rc = -EFAULT;
2669  break;
2670  }
2671 
2672  if (!capable(CAP_NET_ADMIN)) {
2673  rc = -EPERM;
2674  break;
2675  }
2676 
2677  if (!(new_firmware = kmalloc(com.len, GFP_KERNEL))) {
2678  rc = -ENOMEM;
2679  break;
2680  }
2681 
2682  if (copy_from_user(new_firmware, com.data, com.len)) {
2683  kfree(new_firmware);
2684  rc = -EFAULT;
2685  break;
2686  }
2687 
2688  kfree(priv->firmware);
2689 
2690  priv->firmware = new_firmware;
2691  priv->firmware_length = com.len;
2692  strncpy(priv->firmware_id, com.id, 31);
2693  priv->firmware_id[31] = '\0';
2694  break;
2695 
2696  case ATMELRD:
2697  if (copy_from_user(domain, rq->ifr_data, REGDOMAINSZ)) {
2698  rc = -EFAULT;
2699  break;
2700  }
2701 
2702  if (!capable(CAP_NET_ADMIN)) {
2703  rc = -EPERM;
2704  break;
2705  }
2706 
2707  domain[REGDOMAINSZ] = 0;
2708  rc = -EINVAL;
2709  for (i = 0; i < ARRAY_SIZE(channel_table); i++) {
2710  /* strcasecmp doesn't exist in the library */
2711  char *a = channel_table[i].name;
2712  char *b = domain;
2713  while (*a) {
2714  char c1 = *a++;
2715  char c2 = *b++;
2716  if (tolower(c1) != tolower(c2))
2717  break;
2718  }
2719  if (!*a && !*b) {
2720  priv->config_reg_domain = channel_table[i].reg_domain;
2721  rc = 0;
2722  }
2723  }
2724 
2725  if (rc == 0 && priv->station_state != STATION_STATE_DOWN)
2726  rc = atmel_open(dev);
2727  break;
2728 
2729  default:
2730  rc = -EOPNOTSUPP;
2731  }
2732 
2733  return rc;
2734 }
2735 
2736 struct auth_body {
2737  __le16 alg;
2738  __le16 trans_seq;
2739  __le16 status;
2740  u8 el_id;
2741  u8 chall_text_len;
2742  u8 chall_text[253];
2743 };
2744 
2745 static void atmel_enter_state(struct atmel_private *priv, int new_state)
2746 {
2747  int old_state = priv->station_state;
2748 
2749  if (new_state == old_state)
2750  return;
2751 
2752  priv->station_state = new_state;
2753 
2754  if (new_state == STATION_STATE_READY) {
2755  netif_start_queue(priv->dev);
2756  netif_carrier_on(priv->dev);
2757  }
2758 
2759  if (old_state == STATION_STATE_READY) {
2760  netif_carrier_off(priv->dev);
2761  if (netif_running(priv->dev))
2762  netif_stop_queue(priv->dev);
2763  priv->last_beacon_timestamp = 0;
2764  }
2765 }
2766 
2767 static void atmel_scan(struct atmel_private *priv, int specific_ssid)
2768 {
2769  struct {
2770  u8 BSSID[6];
2771  u8 SSID[MAX_SSID_LENGTH];
2772  u8 scan_type;
2773  u8 channel;
2774  __le16 BSS_type;
2775  __le16 min_channel_time;
2776  __le16 max_channel_time;
2777  u8 options;
2778  u8 SSID_size;
2779  } cmd;
2780 
2781  memset(cmd.BSSID, 0xff, 6);
2782 
2783  if (priv->fast_scan) {
2784  cmd.SSID_size = priv->SSID_size;
2785  memcpy(cmd.SSID, priv->SSID, priv->SSID_size);
2786  cmd.min_channel_time = cpu_to_le16(10);
2787  cmd.max_channel_time = cpu_to_le16(50);
2788  } else {
2789  priv->BSS_list_entries = 0;
2790  cmd.SSID_size = 0;
2791  cmd.min_channel_time = cpu_to_le16(10);
2792  cmd.max_channel_time = cpu_to_le16(120);
2793  }
2794 
2795  cmd.options = 0;
2796 
2797  if (!specific_ssid)
2798  cmd.options |= SCAN_OPTIONS_SITE_SURVEY;
2799 
2800  cmd.channel = (priv->channel & 0x7f);
2801  cmd.scan_type = SCAN_TYPE_ACTIVE;
2802  cmd.BSS_type = cpu_to_le16(priv->operating_mode == IW_MODE_ADHOC ?
2803  BSS_TYPE_AD_HOC : BSS_TYPE_INFRASTRUCTURE);
2804 
2805  atmel_send_command(priv, CMD_Scan, &cmd, sizeof(cmd));
2806 
2807  /* This must come after all hardware access to avoid being messed up
2808  by stuff happening in interrupt context after we leave STATE_DOWN */
2809  atmel_enter_state(priv, STATION_STATE_SCANNING);
2810 }
2811 
2812 static void join(struct atmel_private *priv, int type)
2813 {
2814  struct {
2815  u8 BSSID[6];
2816  u8 SSID[MAX_SSID_LENGTH];
2817  u8 BSS_type; /* this is a short in a scan command - weird */
2818  u8 channel;
2819  __le16 timeout;
2820  u8 SSID_size;
2821  u8 reserved;
2822  } cmd;
2823 
2824  cmd.SSID_size = priv->SSID_size;
2825  memcpy(cmd.SSID, priv->SSID, priv->SSID_size);
2826  memcpy(cmd.BSSID, priv->CurrentBSSID, 6);
2827  cmd.channel = (priv->channel & 0x7f);
2828  cmd.BSS_type = type;
2829  cmd.timeout = cpu_to_le16(2000);
2830 
2831  atmel_send_command(priv, CMD_Join, &cmd, sizeof(cmd));
2832 }
2833 
2834 static void start(struct atmel_private *priv, int type)
2835 {
2836  struct {
2837  u8 BSSID[6];
2838  u8 SSID[MAX_SSID_LENGTH];
2839  u8 BSS_type;
2840  u8 channel;
2841  u8 SSID_size;
2842  u8 reserved[3];
2843  } cmd;
2844 
2845  cmd.SSID_size = priv->SSID_size;
2846  memcpy(cmd.SSID, priv->SSID, priv->SSID_size);
2847  memcpy(cmd.BSSID, priv->BSSID, 6);
2848  cmd.BSS_type = type;
2849  cmd.channel = (priv->channel & 0x7f);
2850 
2851  atmel_send_command(priv, CMD_Start, &cmd, sizeof(cmd));
2852 }
2853 
2854 static void handle_beacon_probe(struct atmel_private *priv, u16 capability,
2855  u8 channel)
2856 {
2857  int rejoin = 0;
2858  int new = capability & WLAN_CAPABILITY_SHORT_PREAMBLE ?
2859  SHORT_PREAMBLE : LONG_PREAMBLE;
2860 
2861  if (priv->preamble != new) {
2862  priv->preamble = new;
2863  rejoin = 1;
2864  atmel_set_mib8(priv, Local_Mib_Type, LOCAL_MIB_PREAMBLE_TYPE, new);
2865  }
2866 
2867  if (priv->channel != channel) {
2868  priv->channel = channel;
2869  rejoin = 1;
2870  atmel_set_mib8(priv, Phy_Mib_Type, PHY_MIB_CHANNEL_POS, channel);
2871  }
2872 
2873  if (rejoin) {
2874  priv->station_is_associated = 0;
2875  atmel_enter_state(priv, STATION_STATE_JOINNING);
2876 
2877  if (priv->operating_mode == IW_MODE_INFRA)
2878  join(priv, BSS_TYPE_INFRASTRUCTURE);
2879  else
2880  join(priv, BSS_TYPE_AD_HOC);
2881  }
2882 }
2883 
2884 static void send_authentication_request(struct atmel_private *priv, u16 system,
2885  u8 *challenge, int challenge_len)
2886 {
2887  struct ieee80211_hdr header;
2888  struct auth_body auth;
2889 
2890  header.frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_AUTH);
2891  header.duration_id = cpu_to_le16(0x8000);
2892  header.seq_ctrl = 0;
2893  memcpy(header.addr1, priv->CurrentBSSID, 6);
2894  memcpy(header.addr2, priv->dev->dev_addr, 6);
2895  memcpy(header.addr3, priv->CurrentBSSID, 6);
2896 
2897  if (priv->wep_is_on && priv->CurrentAuthentTransactionSeqNum != 1)
2898  /* no WEP for authentication frames with TrSeqNo 1 */
2899  header.frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
2900 
2901  auth.alg = cpu_to_le16(system);
2902 
2903  auth.status = 0;
2904  auth.trans_seq = cpu_to_le16(priv->CurrentAuthentTransactionSeqNum);
2905  priv->ExpectedAuthentTransactionSeqNum = priv->CurrentAuthentTransactionSeqNum+1;
2906  priv->CurrentAuthentTransactionSeqNum += 2;
2907 
2908  if (challenge_len != 0) {
2909  auth.el_id = 16; /* challenge_text */
2910  auth.chall_text_len = challenge_len;
2911  memcpy(auth.chall_text, challenge, challenge_len);
2912  atmel_transmit_management_frame(priv, &header, (u8 *)&auth, 8 + challenge_len);
2913  } else {
2914  atmel_transmit_management_frame(priv, &header, (u8 *)&auth, 6);
2915  }
2916 }
2917 
2918 static void send_association_request(struct atmel_private *priv, int is_reassoc)
2919 {
2920  u8 *ssid_el_p;
2921  int bodysize;
2922  struct ieee80211_hdr header;
2923  struct ass_req_format {
2924  __le16 capability;
2925  __le16 listen_interval;
2926  u8 ap[6]; /* nothing after here directly accessible */
2927  u8 ssid_el_id;
2928  u8 ssid_len;
2929  u8 ssid[MAX_SSID_LENGTH];
2930  u8 sup_rates_el_id;
2931  u8 sup_rates_len;
2932  u8 rates[4];
2933  } body;
2934 
2935  header.frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
2936  (is_reassoc ? IEEE80211_STYPE_REASSOC_REQ : IEEE80211_STYPE_ASSOC_REQ));
2937  header.duration_id = cpu_to_le16(0x8000);
2938  header.seq_ctrl = 0;
2939 
2940  memcpy(header.addr1, priv->CurrentBSSID, 6);
2941  memcpy(header.addr2, priv->dev->dev_addr, 6);
2942  memcpy(header.addr3, priv->CurrentBSSID, 6);
2943 
2944  body.capability = cpu_to_le16(WLAN_CAPABILITY_ESS);
2945  if (priv->wep_is_on)
2946  body.capability |= cpu_to_le16(WLAN_CAPABILITY_PRIVACY);
2947  if (priv->preamble == SHORT_PREAMBLE)
2948  body.capability |= cpu_to_le16(WLAN_CAPABILITY_SHORT_PREAMBLE);
2949 
2950  body.listen_interval = cpu_to_le16(priv->listen_interval * priv->beacon_period);
2951 
2952  /* current AP address - only in reassoc frame */
2953  if (is_reassoc) {
2954  memcpy(body.ap, priv->CurrentBSSID, 6);
2955  ssid_el_p = &body.ssid_el_id;
2956  bodysize = 18 + priv->SSID_size;
2957  } else {
2958  ssid_el_p = &body.ap[0];
2959  bodysize = 12 + priv->SSID_size;
2960  }
2961 
2962  ssid_el_p[0] = WLAN_EID_SSID;
2963  ssid_el_p[1] = priv->SSID_size;
2964  memcpy(ssid_el_p + 2, priv->SSID, priv->SSID_size);
2965  ssid_el_p[2 + priv->SSID_size] = WLAN_EID_SUPP_RATES;
2966  ssid_el_p[3 + priv->SSID_size] = 4; /* len of suported rates */
2967  memcpy(ssid_el_p + 4 + priv->SSID_size, atmel_basic_rates, 4);
2968 
2969  atmel_transmit_management_frame(priv, &header, (void *)&body, bodysize);
2970 }
2971 
2972 static int is_frame_from_current_bss(struct atmel_private *priv,
2973  struct ieee80211_hdr *header)
2974 {
2975  if (le16_to_cpu(header->frame_control) & IEEE80211_FCTL_FROMDS)
2976  return memcmp(header->addr3, priv->CurrentBSSID, 6) == 0;
2977  else
2978  return memcmp(header->addr2, priv->CurrentBSSID, 6) == 0;
2979 }
2980 
2981 static int retrieve_bss(struct atmel_private *priv)
2982 {
2983  int i;
2984  int max_rssi = -128;
2985  int max_index = -1;
2986 
2987  if (priv->BSS_list_entries == 0)
2988  return -1;
2989 
2990  if (priv->connect_to_any_BSS) {
2991  /* Select a BSS with the max-RSSI but of the same type and of
2992  the same WEP mode and that it is not marked as 'bad' (i.e.
2993  we had previously failed to connect to this BSS with the
2994  settings that we currently use) */
2995  priv->current_BSS = 0;
2996  for (i = 0; i < priv->BSS_list_entries; i++) {
2997  if (priv->operating_mode == priv->BSSinfo[i].BSStype &&
2998  ((!priv->wep_is_on && !priv->BSSinfo[i].UsingWEP) ||
2999  (priv->wep_is_on && priv->BSSinfo[i].UsingWEP)) &&
3000  !(priv->BSSinfo[i].channel & 0x80)) {
3001  max_rssi = priv->BSSinfo[i].RSSI;
3002  priv->current_BSS = max_index = i;
3003  }
3004  }
3005  return max_index;
3006  }
3007 
3008  for (i = 0; i < priv->BSS_list_entries; i++) {
3009  if (priv->SSID_size == priv->BSSinfo[i].SSIDsize &&
3010  memcmp(priv->SSID, priv->BSSinfo[i].SSID, priv->SSID_size) == 0 &&
3011  priv->operating_mode == priv->BSSinfo[i].BSStype &&
3012  atmel_validate_channel(priv, priv->BSSinfo[i].channel) == 0) {
3013  if (priv->BSSinfo[i].RSSI >= max_rssi) {
3014  max_rssi = priv->BSSinfo[i].RSSI;
3015  max_index = i;
3016  }
3017  }
3018  }
3019  return max_index;
3020 }
3021 
3022 static void store_bss_info(struct atmel_private *priv,
3023  struct ieee80211_hdr *header, u16 capability,
3024  u16 beacon_period, u8 channel, u8 rssi, u8 ssid_len,
3025  u8 *ssid, int is_beacon)
3026 {
3027  u8 *bss = capability & WLAN_CAPABILITY_ESS ? header->addr2 : header->addr3;
3028  int i, index;
3029 
3030  for (index = -1, i = 0; i < priv->BSS_list_entries; i++)
3031  if (memcmp(bss, priv->BSSinfo[i].BSSID, 6) == 0)
3032  index = i;
3033 
3034  /* If we process a probe and an entry from this BSS exists
3035  we will update the BSS entry with the info from this BSS.
3036  If we process a beacon we will only update RSSI */
3037 
3038  if (index == -1) {
3039  if (priv->BSS_list_entries == MAX_BSS_ENTRIES)
3040  return;
3041  index = priv->BSS_list_entries++;
3042  memcpy(priv->BSSinfo[index].BSSID, bss, 6);
3043  priv->BSSinfo[index].RSSI = rssi;
3044  } else {
3045  if (rssi > priv->BSSinfo[index].RSSI)
3046  priv->BSSinfo[index].RSSI = rssi;
3047  if (is_beacon)
3048  return;
3049  }
3050 
3051  priv->BSSinfo[index].channel = channel;
3052  priv->BSSinfo[index].beacon_period = beacon_period;
3053  priv->BSSinfo[index].UsingWEP = capability & WLAN_CAPABILITY_PRIVACY;
3054  memcpy(priv->BSSinfo[index].SSID, ssid, ssid_len);
3055  priv->BSSinfo[index].SSIDsize = ssid_len;
3056 
3057  if (capability & WLAN_CAPABILITY_IBSS)
3058  priv->BSSinfo[index].BSStype = IW_MODE_ADHOC;
3059  else if (capability & WLAN_CAPABILITY_ESS)
3060  priv->BSSinfo[index].BSStype = IW_MODE_INFRA;
3061 
3062  priv->BSSinfo[index].preamble = capability & WLAN_CAPABILITY_SHORT_PREAMBLE ?
3063  SHORT_PREAMBLE : LONG_PREAMBLE;
3064 }
3065 
3066 static void authenticate(struct atmel_private *priv, u16 frame_len)
3067 {
3068  struct auth_body *auth = (struct auth_body *)priv->rx_buf;
3069  u16 status = le16_to_cpu(auth->status);
3070  u16 trans_seq_no = le16_to_cpu(auth->trans_seq);
3071  u16 system = le16_to_cpu(auth->alg);
3072 
3073  if (status == WLAN_STATUS_SUCCESS && !priv->wep_is_on) {
3074  /* no WEP */
3075  if (priv->station_was_associated) {
3076  atmel_enter_state(priv, STATION_STATE_REASSOCIATING);
3077  send_association_request(priv, 1);
3078  return;
3079  } else {
3080  atmel_enter_state(priv, STATION_STATE_ASSOCIATING);
3081  send_association_request(priv, 0);
3082  return;
3083  }
3084  }
3085 
3086  if (status == WLAN_STATUS_SUCCESS && priv->wep_is_on) {
3087  int should_associate = 0;
3088  /* WEP */
3089  if (trans_seq_no != priv->ExpectedAuthentTransactionSeqNum)
3090  return;
3091 
3092  if (system == WLAN_AUTH_OPEN) {
3093  if (trans_seq_no == 0x0002) {
3094  should_associate = 1;
3095  }
3096  } else if (system == WLAN_AUTH_SHARED_KEY) {
3097  if (trans_seq_no == 0x0002 &&
3098  auth->el_id == WLAN_EID_CHALLENGE) {
3099  send_authentication_request(priv, system, auth->chall_text, auth->chall_text_len);
3100  return;
3101  } else if (trans_seq_no == 0x0004) {
3102  should_associate = 1;
3103  }
3104  }
3105 
3106  if (should_associate) {
3107  if (priv->station_was_associated) {
3108  atmel_enter_state(priv, STATION_STATE_REASSOCIATING);
3109  send_association_request(priv, 1);
3110  return;
3111  } else {
3112  atmel_enter_state(priv, STATION_STATE_ASSOCIATING);
3113  send_association_request(priv, 0);
3114  return;
3115  }
3116  }
3117  }
3118 
3119  if (status == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG) {
3120  /* Flip back and forth between WEP auth modes until the max
3121  * authentication tries has been exceeded.
3122  */
3123  if (system == WLAN_AUTH_OPEN) {
3124  priv->CurrentAuthentTransactionSeqNum = 0x001;
3125  priv->exclude_unencrypted = 1;
3126  send_authentication_request(priv, WLAN_AUTH_SHARED_KEY, NULL, 0);
3127  return;
3128  } else if (system == WLAN_AUTH_SHARED_KEY
3129  && priv->wep_is_on) {
3130  priv->CurrentAuthentTransactionSeqNum = 0x001;
3131  priv->exclude_unencrypted = 0;
3132  send_authentication_request(priv, WLAN_AUTH_OPEN, NULL, 0);
3133  return;
3134  } else if (priv->connect_to_any_BSS) {
3135  int bss_index;
3136 
3137  priv->BSSinfo[(int)(priv->current_BSS)].channel |= 0x80;
3138 
3139  if ((bss_index = retrieve_bss(priv)) != -1) {
3140  atmel_join_bss(priv, bss_index);
3141  return;
3142  }
3143  }
3144  }
3145 
3146  priv->AuthenticationRequestRetryCnt = 0;
3147  atmel_enter_state(priv, STATION_STATE_MGMT_ERROR);
3148  priv->station_is_associated = 0;
3149 }
3150 
3151 static void associate(struct atmel_private *priv, u16 frame_len, u16 subtype)
3152 {
3153  struct ass_resp_format {
3154  __le16 capability;
3155  __le16 status;
3156  __le16 ass_id;
3157  u8 el_id;
3158  u8 length;
3159  u8 rates[4];
3160  } *ass_resp = (struct ass_resp_format *)priv->rx_buf;
3161 
3162  u16 status = le16_to_cpu(ass_resp->status);
3163  u16 ass_id = le16_to_cpu(ass_resp->ass_id);
3164  u16 rates_len = ass_resp->length > 4 ? 4 : ass_resp->length;
3165 
3166  union iwreq_data wrqu;
3167 
3168  if (frame_len < 8 + rates_len)
3169  return;
3170 
3171  if (status == WLAN_STATUS_SUCCESS) {
3172  if (subtype == IEEE80211_STYPE_ASSOC_RESP)
3173  priv->AssociationRequestRetryCnt = 0;
3174  else
3175  priv->ReAssociationRequestRetryCnt = 0;
3176 
3177  atmel_set_mib16(priv, Mac_Mgmt_Mib_Type,
3178  MAC_MGMT_MIB_STATION_ID_POS, ass_id & 0x3fff);
3179  atmel_set_mib(priv, Phy_Mib_Type,
3180  PHY_MIB_RATE_SET_POS, ass_resp->rates, rates_len);
3181  if (priv->power_mode == 0) {
3182  priv->listen_interval = 1;
3183  atmel_set_mib8(priv, Mac_Mgmt_Mib_Type,
3184  MAC_MGMT_MIB_PS_MODE_POS, ACTIVE_MODE);
3185  atmel_set_mib16(priv, Mac_Mgmt_Mib_Type,
3186  MAC_MGMT_MIB_LISTEN_INTERVAL_POS, 1);
3187  } else {
3188  priv->listen_interval = 2;
3189  atmel_set_mib8(priv, Mac_Mgmt_Mib_Type,
3190  MAC_MGMT_MIB_PS_MODE_POS, PS_MODE);
3191  atmel_set_mib16(priv, Mac_Mgmt_Mib_Type,
3192  MAC_MGMT_MIB_LISTEN_INTERVAL_POS, 2);
3193  }
3194 
3195  priv->station_is_associated = 1;
3196  priv->station_was_associated = 1;
3197  atmel_enter_state(priv, STATION_STATE_READY);
3198 
3199  /* Send association event to userspace */
3200  wrqu.data.length = 0;
3201  wrqu.data.flags = 0;
3202  memcpy(wrqu.ap_addr.sa_data, priv->CurrentBSSID, ETH_ALEN);
3203  wrqu.ap_addr.sa_family = ARPHRD_ETHER;
3204  wireless_send_event(priv->dev, SIOCGIWAP, &wrqu, NULL);
3205 
3206  return;
3207  }
3208 
3209  if (subtype == IEEE80211_STYPE_ASSOC_RESP &&
3210  status != WLAN_STATUS_ASSOC_DENIED_RATES &&
3211  status != WLAN_STATUS_CAPS_UNSUPPORTED &&
3212  priv->AssociationRequestRetryCnt < MAX_ASSOCIATION_RETRIES) {
3213  mod_timer(&priv->management_timer, jiffies + MGMT_JIFFIES);
3214  priv->AssociationRequestRetryCnt++;
3215  send_association_request(priv, 0);
3216  return;
3217  }
3218 
3219  if (subtype == IEEE80211_STYPE_REASSOC_RESP &&
3220  status != WLAN_STATUS_ASSOC_DENIED_RATES &&
3221  status != WLAN_STATUS_CAPS_UNSUPPORTED &&
3222  priv->AssociationRequestRetryCnt < MAX_ASSOCIATION_RETRIES) {
3223  mod_timer(&priv->management_timer, jiffies + MGMT_JIFFIES);
3224  priv->ReAssociationRequestRetryCnt++;
3225  send_association_request(priv, 1);
3226  return;
3227  }
3228 
3229  atmel_enter_state(priv, STATION_STATE_MGMT_ERROR);
3230  priv->station_is_associated = 0;
3231 
3232  if (priv->connect_to_any_BSS) {
3233  int bss_index;
3234  priv->BSSinfo[(int)(priv->current_BSS)].channel |= 0x80;
3235 
3236  if ((bss_index = retrieve_bss(priv)) != -1)
3237  atmel_join_bss(priv, bss_index);
3238  }
3239 }
3240 
3241 static void atmel_join_bss(struct atmel_private *priv, int bss_index)
3242 {
3243  struct bss_info *bss = &priv->BSSinfo[bss_index];
3244 
3245  memcpy(priv->CurrentBSSID, bss->BSSID, 6);
3246  memcpy(priv->SSID, bss->SSID, priv->SSID_size = bss->SSIDsize);
3247 
3248  /* The WPA stuff cares about the current AP address */
3249  if (priv->use_wpa)
3250  build_wpa_mib(priv);
3251 
3252  /* When switching to AdHoc turn OFF Power Save if needed */
3253 
3254  if (bss->BSStype == IW_MODE_ADHOC &&
3255  priv->operating_mode != IW_MODE_ADHOC &&
3256  priv->power_mode) {
3257  priv->power_mode = 0;
3258  priv->listen_interval = 1;
3259  atmel_set_mib8(priv, Mac_Mgmt_Mib_Type,
3260  MAC_MGMT_MIB_PS_MODE_POS, ACTIVE_MODE);
3261  atmel_set_mib16(priv, Mac_Mgmt_Mib_Type,
3262  MAC_MGMT_MIB_LISTEN_INTERVAL_POS, 1);
3263  }
3264 
3265  priv->operating_mode = bss->BSStype;
3266  priv->channel = bss->channel & 0x7f;
3267  priv->beacon_period = bss->beacon_period;
3268 
3269  if (priv->preamble != bss->preamble) {
3270  priv->preamble = bss->preamble;
3271  atmel_set_mib8(priv, Local_Mib_Type,
3272  LOCAL_MIB_PREAMBLE_TYPE, bss->preamble);
3273  }
3274 
3275  if (!priv->wep_is_on && bss->UsingWEP) {
3276  atmel_enter_state(priv, STATION_STATE_MGMT_ERROR);
3277  priv->station_is_associated = 0;
3278  return;
3279  }
3280 
3281  if (priv->wep_is_on && !bss->UsingWEP) {
3282  atmel_enter_state(priv, STATION_STATE_MGMT_ERROR);
3283  priv->station_is_associated = 0;
3284  return;
3285  }
3286 
3287  atmel_enter_state(priv, STATION_STATE_JOINNING);
3288 
3289  if (priv->operating_mode == IW_MODE_INFRA)
3290  join(priv, BSS_TYPE_INFRASTRUCTURE);
3291  else
3292  join(priv, BSS_TYPE_AD_HOC);
3293 }
3294 
3295 static void restart_search(struct atmel_private *priv)
3296 {
3297  int bss_index;
3298 
3299  if (!priv->connect_to_any_BSS) {
3300  atmel_scan(priv, 1);
3301  } else {
3302  priv->BSSinfo[(int)(priv->current_BSS)].channel |= 0x80;
3303 
3304  if ((bss_index = retrieve_bss(priv)) != -1)
3305  atmel_join_bss(priv, bss_index);
3306  else
3307  atmel_scan(priv, 0);
3308  }
3309 }
3310 
3311 static void smooth_rssi(struct atmel_private *priv, u8 rssi)
3312 {
3313  u8 old = priv->wstats.qual.level;
3314  u8 max_rssi = 42; /* 502-rmfd-revd max by experiment, default for now */
3315 
3316  switch (priv->firmware_type) {
3317  case ATMEL_FW_TYPE_502E:
3318  max_rssi = 63; /* 502-rmfd-reve max by experiment */
3319  break;
3320  default:
3321  break;
3322  }
3323 
3324  rssi = rssi * 100 / max_rssi;
3325  if ((rssi + old) % 2)
3326  priv->wstats.qual.level = (rssi + old) / 2 + 1;
3327  else
3328  priv->wstats.qual.level = (rssi + old) / 2;
3329  priv->wstats.qual.updated |= IW_QUAL_LEVEL_UPDATED;
3330  priv->wstats.qual.updated &= ~IW_QUAL_LEVEL_INVALID;
3331 }
3332 
3333 static void atmel_smooth_qual(struct atmel_private *priv)
3334 {
3335  unsigned long time_diff = (jiffies - priv->last_qual) / HZ;
3336  while (time_diff--) {
3337  priv->last_qual += HZ;
3338  priv->wstats.qual.qual = priv->wstats.qual.qual / 2;
3339  priv->wstats.qual.qual +=
3340  priv->beacons_this_sec * priv->beacon_period * (priv->wstats.qual.level + 100) / 4000;
3341  priv->beacons_this_sec = 0;
3342  }
3343  priv->wstats.qual.updated |= IW_QUAL_QUAL_UPDATED;
3344  priv->wstats.qual.updated &= ~IW_QUAL_QUAL_INVALID;
3345 }
3346 
3347 /* deals with incoming management frames. */
3348 static void atmel_management_frame(struct atmel_private *priv,
3349  struct ieee80211_hdr *header,
3350  u16 frame_len, u8 rssi)
3351 {
3352  u16 subtype;
3353 
3354  subtype = le16_to_cpu(header->frame_control) & IEEE80211_FCTL_STYPE;
3355  switch (subtype) {
3356  case IEEE80211_STYPE_BEACON:
3357  case IEEE80211_STYPE_PROBE_RESP:
3358 
3359  /* beacon frame has multiple variable-length fields -
3360  never let an engineer loose with a data structure design. */
3361  {
3362  struct beacon_format {
3363  __le64 timestamp;
3364  __le16 interval;
3365  __le16 capability;
3366  u8 ssid_el_id;
3367  u8 ssid_length;
3368  /* ssid here */
3369  u8 rates_el_id;
3370  u8 rates_length;
3371  /* rates here */
3372  u8 ds_el_id;
3373  u8 ds_length;
3374  /* ds here */
3375  } *beacon = (struct beacon_format *)priv->rx_buf;
3376 
3377  u8 channel, rates_length, ssid_length;
3378  u64 timestamp = le64_to_cpu(beacon->timestamp);
3379  u16 beacon_interval = le16_to_cpu(beacon->interval);
3380  u16 capability = le16_to_cpu(beacon->capability);
3381  u8 *beaconp = priv->rx_buf;
3382  ssid_length = beacon->ssid_length;
3383  /* this blows chunks. */
3384  if (frame_len < 14 || frame_len < ssid_length + 15)
3385  return;
3386  rates_length = beaconp[beacon->ssid_length + 15];
3387  if (frame_len < ssid_length + rates_length + 18)
3388  return;
3389  if (ssid_length > MAX_SSID_LENGTH)
3390  return;
3391  channel = beaconp[ssid_length + rates_length + 18];
3392 
3393  if (priv->station_state == STATION_STATE_READY) {
3394  smooth_rssi(priv, rssi);
3395  if (is_frame_from_current_bss(priv, header)) {
3396  priv->beacons_this_sec++;
3397  atmel_smooth_qual(priv);
3398  if (priv->last_beacon_timestamp) {
3399  /* Note truncate this to 32 bits - kernel can't divide a long long */
3400  u32 beacon_delay = timestamp - priv->last_beacon_timestamp;
3401  int beacons = beacon_delay / (beacon_interval * 1000);
3402  if (beacons > 1)
3403  priv->wstats.miss.beacon += beacons - 1;
3404  }
3405  priv->last_beacon_timestamp = timestamp;
3406  handle_beacon_probe(priv, capability, channel);
3407  }
3408  }
3409 
3410  if (priv->station_state == STATION_STATE_SCANNING)
3411  store_bss_info(priv, header, capability,
3412  beacon_interval, channel, rssi,
3413  ssid_length,
3414  &beacon->rates_el_id,
3415  subtype == IEEE80211_STYPE_BEACON);
3416  }
3417  break;
3418 
3419  case IEEE80211_STYPE_AUTH:
3420 
3421  if (priv->station_state == STATION_STATE_AUTHENTICATING)
3422  authenticate(priv, frame_len);
3423 
3424  break;
3425 
3426  case IEEE80211_STYPE_ASSOC_RESP:
3427  case IEEE80211_STYPE_REASSOC_RESP:
3428 
3429  if (priv->station_state == STATION_STATE_ASSOCIATING ||
3430  priv->station_state == STATION_STATE_REASSOCIATING)
3431  associate(priv, frame_len, subtype);
3432 
3433  break;
3434 
3435  case IEEE80211_STYPE_DISASSOC:
3436  if (priv->station_is_associated &&
3437  priv->operating_mode == IW_MODE_INFRA &&
3438  is_frame_from_current_bss(priv, header)) {
3439  priv->station_was_associated = 0;
3440  priv->station_is_associated = 0;
3441 
3442  atmel_enter_state(priv, STATION_STATE_JOINNING);
3443  join(priv, BSS_TYPE_INFRASTRUCTURE);
3444  }
3445 
3446  break;
3447 
3448  case IEEE80211_STYPE_DEAUTH:
3449  if (priv->operating_mode == IW_MODE_INFRA &&
3450  is_frame_from_current_bss(priv, header)) {
3451  priv->station_was_associated = 0;
3452 
3453  atmel_enter_state(priv, STATION_STATE_JOINNING);
3454  join(priv, BSS_TYPE_INFRASTRUCTURE);
3455  }
3456 
3457  break;
3458  }
3459 }
3460 
3461 /* run when timer expires */
3462 static void atmel_management_timer(u_long a)
3463 {
3464  struct net_device *dev = (struct net_device *) a;
3465  struct atmel_private *priv = netdev_priv(dev);
3466  unsigned long flags;
3467 
3468  /* Check if the card has been yanked. */
3469  if (priv->card && priv->present_callback &&
3470  !(*priv->present_callback)(priv->card))
3471  return;
3472 
3473  spin_lock_irqsave(&priv->irqlock, flags);
3474 
3475  switch (priv->station_state) {
3476 
3477  case STATION_STATE_AUTHENTICATING:
3478  if (priv->AuthenticationRequestRetryCnt >= MAX_AUTHENTICATION_RETRIES) {
3479  atmel_enter_state(priv, STATION_STATE_MGMT_ERROR);
3480  priv->station_is_associated = 0;
3481  priv->AuthenticationRequestRetryCnt = 0;
3482  restart_search(priv);
3483  } else {
3484  int auth = WLAN_AUTH_OPEN;
3485  priv->AuthenticationRequestRetryCnt++;
3486  priv->CurrentAuthentTransactionSeqNum = 0x0001;
3487  mod_timer(&priv->management_timer, jiffies + MGMT_JIFFIES);
3488  if (priv->wep_is_on && priv->exclude_unencrypted)
3489  auth = WLAN_AUTH_SHARED_KEY;
3490  send_authentication_request(priv, auth, NULL, 0);
3491  }
3492  break;
3493 
3494  case STATION_STATE_ASSOCIATING:
3495  if (priv->AssociationRequestRetryCnt == MAX_ASSOCIATION_RETRIES) {
3496  atmel_enter_state(priv, STATION_STATE_MGMT_ERROR);
3497  priv->station_is_associated = 0;
3498  priv->AssociationRequestRetryCnt = 0;
3499  restart_search(priv);
3500  } else {
3501  priv->AssociationRequestRetryCnt++;
3502  mod_timer(&priv->management_timer, jiffies + MGMT_JIFFIES);
3503  send_association_request(priv, 0);
3504  }
3505  break;
3506 
3507  case STATION_STATE_REASSOCIATING:
3508  if (priv->ReAssociationRequestRetryCnt == MAX_ASSOCIATION_RETRIES) {
3509  atmel_enter_state(priv, STATION_STATE_MGMT_ERROR);
3510  priv->station_is_associated = 0;
3511  priv->ReAssociationRequestRetryCnt = 0;
3512  restart_search(priv);
3513  } else {
3514  priv->ReAssociationRequestRetryCnt++;
3515  mod_timer(&priv->management_timer, jiffies + MGMT_JIFFIES);
3516  send_association_request(priv, 1);
3517  }
3518  break;
3519 
3520  default:
3521  break;
3522  }
3523 
3524  spin_unlock_irqrestore(&priv->irqlock, flags);
3525 }
3526 
3527 static void atmel_command_irq(struct atmel_private *priv)
3528 {
3529  u8 status = atmel_rmem8(priv, atmel_co(priv, CMD_BLOCK_STATUS_OFFSET));
3530  u8 command = atmel_rmem8(priv, atmel_co(priv, CMD_BLOCK_COMMAND_OFFSET));
3531  int fast_scan;
3532  union iwreq_data wrqu;
3533 
3534  if (status == CMD_STATUS_IDLE ||
3535  status == CMD_STATUS_IN_PROGRESS)
3536  return;
3537 
3538  switch (command) {
3539  case CMD_Start:
3540  if (status == CMD_STATUS_COMPLETE) {
3541  priv->station_was_associated = priv->station_is_associated;
3542  atmel_get_mib(priv, Mac_Mgmt_Mib_Type, MAC_MGMT_MIB_CUR_BSSID_POS,
3543  (u8 *)priv->CurrentBSSID, 6);
3544  atmel_enter_state(priv, STATION_STATE_READY);
3545  }
3546  break;
3547 
3548  case CMD_Scan:
3549  fast_scan = priv->fast_scan;
3550  priv->fast_scan = 0;
3551 
3552  if (status != CMD_STATUS_COMPLETE) {
3553  atmel_scan(priv, 1);
3554  } else {
3555  int bss_index = retrieve_bss(priv);
3556  int notify_scan_complete = 1;
3557  if (bss_index != -1) {
3558  atmel_join_bss(priv, bss_index);
3559  } else if (priv->operating_mode == IW_MODE_ADHOC &&
3560  priv->SSID_size != 0) {
3561  start(priv, BSS_TYPE_AD_HOC);
3562  } else {
3563  priv->fast_scan = !fast_scan;
3564  atmel_scan(priv, 1);
3565  notify_scan_complete = 0;
3566  }
3567  priv->site_survey_state = SITE_SURVEY_COMPLETED;
3568  if (notify_scan_complete) {
3569  wrqu.data.length = 0;
3570  wrqu.data.flags = 0;
3571  wireless_send_event(priv->dev, SIOCGIWSCAN, &wrqu, NULL);
3572  }
3573  }
3574  break;
3575 
3576  case CMD_SiteSurvey:
3577  priv->fast_scan = 0;
3578 
3579  if (status != CMD_STATUS_COMPLETE)
3580  return;
3581 
3582  priv->site_survey_state = SITE_SURVEY_COMPLETED;
3583  if (priv->station_is_associated) {
3584  atmel_enter_state(priv, STATION_STATE_READY);
3585  wrqu.data.length = 0;
3586  wrqu.data.flags = 0;
3587  wireless_send_event(priv->dev, SIOCGIWSCAN, &wrqu, NULL);
3588  } else {
3589  atmel_scan(priv, 1);
3590  }
3591  break;
3592 
3593  case CMD_Join:
3594  if (status == CMD_STATUS_COMPLETE) {
3595  if (priv->operating_mode == IW_MODE_ADHOC) {
3596  priv->station_was_associated = priv->station_is_associated;
3597  atmel_enter_state(priv, STATION_STATE_READY);
3598  } else {
3599  int auth = WLAN_AUTH_OPEN;
3600  priv->AuthenticationRequestRetryCnt = 0;
3601  atmel_enter_state(priv, STATION_STATE_AUTHENTICATING);
3602 
3603  mod_timer(&priv->management_timer, jiffies + MGMT_JIFFIES);
3604  priv->CurrentAuthentTransactionSeqNum = 0x0001;
3605  if (priv->wep_is_on && priv->exclude_unencrypted)
3606  auth = WLAN_AUTH_SHARED_KEY;
3607  send_authentication_request(priv, auth, NULL, 0);
3608  }
3609  return;
3610  }
3611 
3612  atmel_scan(priv, 1);
3613  }
3614 }
3615 
3616 static int atmel_wakeup_firmware(struct atmel_private *priv)
3617 {
3618  struct host_info_struct *iface = &priv->host_info;
3619  u16 mr1, mr3;
3620  int i;
3621 
3622  if (priv->card_type == CARD_TYPE_SPI_FLASH)
3623  atmel_set_gcr(priv->dev, GCR_REMAP);
3624 
3625  /* wake up on-board processor */
3626  atmel_clear_gcr(priv->dev, 0x0040);
3627  atmel_write16(priv->dev, BSR, BSS_SRAM);
3628 
3629  if (priv->card_type == CARD_TYPE_SPI_FLASH)
3630  mdelay(100);
3631 
3632  /* and wait for it */
3633  for (i = LOOP_RETRY_LIMIT; i; i--) {
3634  mr1 = atmel_read16(priv->dev, MR1);
3635  mr3 = atmel_read16(priv->dev, MR3);
3636 
3637  if (mr3 & MAC_BOOT_COMPLETE)
3638  break;
3639  if (mr1 & MAC_BOOT_COMPLETE &&
3640  priv->bus_type == BUS_TYPE_PCCARD)
3641  break;
3642  }
3643 
3644  if (i == 0) {
3645  printk(KERN_ALERT "%s: MAC failed to boot.\n", priv->dev->name);
3646  return -EIO;
3647  }
3648 
3649  if ((priv->host_info_base = atmel_read16(priv->dev, MR2)) == 0xffff) {
3650  printk(KERN_ALERT "%s: card missing.\n", priv->dev->name);
3651  return -ENODEV;
3652  }
3653 
3654  /* now check for completion of MAC initialization through
3655  the FunCtrl field of the IFACE, poll MR1 to detect completion of
3656  MAC initialization, check completion status, set interrupt mask,
3657  enables interrupts and calls Tx and Rx initialization functions */
3658 
3659  atmel_wmem8(priv, atmel_hi(priv, IFACE_FUNC_CTRL_OFFSET), FUNC_CTRL_INIT_COMPLETE);
3660 
3661  for (i = LOOP_RETRY_LIMIT; i; i--) {
3662  mr1 = atmel_read16(priv->dev, MR1);
3663  mr3 = atmel_read16(priv->dev, MR3);
3664 
3665  if (mr3 & MAC_INIT_COMPLETE)
3666  break;
3667  if (mr1 & MAC_INIT_COMPLETE &&
3668  priv->bus_type == BUS_TYPE_PCCARD)
3669  break;
3670  }
3671 
3672  if (i == 0) {
3673  printk(KERN_ALERT "%s: MAC failed to initialise.\n",
3674  priv->dev->name);
3675  return -EIO;
3676  }
3677 
3678  /* Check for MAC_INIT_OK only on the register that the MAC_INIT_OK was set */
3679  if ((mr3 & MAC_INIT_COMPLETE) &&
3680  !(atmel_read16(priv->dev, MR3) & MAC_INIT_OK)) {
3681  printk(KERN_ALERT "%s: MAC failed MR3 self-test.\n", priv->dev->name);
3682  return -EIO;
3683  }
3684  if ((mr1 & MAC_INIT_COMPLETE) &&
3685  !(atmel_read16(priv->dev, MR1) & MAC_INIT_OK)) {
3686  printk(KERN_ALERT "%s: MAC failed MR1 self-test.\n", priv->dev->name);
3687  return -EIO;
3688  }
3689 
3690  atmel_copy_to_host(priv->dev, (unsigned char *)iface,
3691  priv->host_info_base, sizeof(*iface));
3692 
3693  iface->tx_buff_pos = le16_to_cpu(iface->tx_buff_pos);
3694  iface->tx_buff_size = le16_to_cpu(iface->tx_buff_size);
3695  iface->tx_desc_pos = le16_to_cpu(iface->tx_desc_pos);
3696  iface->tx_desc_count = le16_to_cpu(iface->tx_desc_count);
3697  iface->rx_buff_pos = le16_to_cpu(iface->rx_buff_pos);
3698  iface->rx_buff_size = le16_to_cpu(iface->rx_buff_size);
3699  iface->rx_desc_pos = le16_to_cpu(iface->rx_desc_pos);
3700  iface->rx_desc_count = le16_to_cpu(iface->rx_desc_count);
3701  iface->build_version = le16_to_cpu(iface->build_version);
3702  iface->command_pos = le16_to_cpu(iface->command_pos);
3703  iface->major_version = le16_to_cpu(iface->major_version);
3704  iface->minor_version = le16_to_cpu(iface->minor_version);
3705  iface->func_ctrl = le16_to_cpu(iface->func_ctrl);
3706  iface->mac_status = le16_to_cpu(iface->mac_status);
3707 
3708  return 0;
3709 }
3710 
3711 /* determine type of memory and MAC address */
3712 static int probe_atmel_card(struct net_device *dev)
3713 {
3714  int rc = 0;
3715  struct atmel_private *priv = netdev_priv(dev);
3716 
3717  /* reset pccard */
3718  if (priv->bus_type == BUS_TYPE_PCCARD)
3719  atmel_write16(dev, GCR, 0x0060);
3720 
3721  atmel_write16(dev, GCR, 0x0040);
3722  mdelay(500);
3723 
3724  if (atmel_read16(dev, MR2) == 0) {
3725  /* No stored firmware so load a small stub which just
3726  tells us the MAC address */
3727  int i;
3728  priv->card_type = CARD_TYPE_EEPROM;
3729  atmel_write16(dev, BSR, BSS_IRAM);
3730  atmel_copy_to_card(dev, 0, mac_reader, sizeof(mac_reader));
3731  atmel_set_gcr(dev, GCR_REMAP);
3732  atmel_clear_gcr(priv->dev, 0x0040);
3733  atmel_write16(dev, BSR, BSS_SRAM);
3734  for (i = LOOP_RETRY_LIMIT; i; i--)
3735  if (atmel_read16(dev, MR3) & MAC_BOOT_COMPLETE)
3736  break;
3737  if (i == 0) {
3738  printk(KERN_ALERT "%s: MAC failed to boot MAC address reader.\n", dev->name);
3739  } else {
3740  atmel_copy_to_host(dev, dev->dev_addr, atmel_read16(dev, MR2), 6);
3741  /* got address, now squash it again until the network
3742  interface is opened */
3743  if (priv->bus_type == BUS_TYPE_PCCARD)
3744  atmel_write16(dev, GCR, 0x0060);
3745  atmel_write16(dev, GCR, 0x0040);
3746  rc = 1;
3747  }
3748  } else if (atmel_read16(dev, MR4) == 0) {
3749  /* Mac address easy in this case. */
3750  priv->card_type = CARD_TYPE_PARALLEL_FLASH;
3751  atmel_write16(dev, BSR, 1);
3752  atmel_copy_to_host(dev, dev->dev_addr, 0xc000, 6);
3753  atmel_write16(dev, BSR, 0x200);
3754  rc = 1;
3755  } else {
3756  /* Standard firmware in flash, boot it up and ask
3757  for the Mac Address */
3758  priv->card_type = CARD_TYPE_SPI_FLASH;
3759  if (atmel_wakeup_firmware(priv) == 0) {
3760  atmel_get_mib(priv, Mac_Address_Mib_Type, 0, dev->dev_addr, 6);
3761 
3762  /* got address, now squash it again until the network
3763  interface is opened */
3764  if (priv->bus_type == BUS_TYPE_PCCARD)
3765  atmel_write16(dev, GCR, 0x0060);
3766  atmel_write16(dev, GCR, 0x0040);
3767  rc = 1;
3768  }
3769  }
3770 
3771  if (rc) {
3772  if (dev->dev_addr[0] == 0xFF) {
3773  static const u8 default_mac[] = {
3774  0x00, 0x04, 0x25, 0x00, 0x00, 0x00
3775  };
3776  printk(KERN_ALERT "%s: *** Invalid MAC address. UPGRADE Firmware ****\n", dev->name);
3777  memcpy(dev->dev_addr, default_mac, 6);
3778  }
3779  }
3780 
3781  return rc;
3782 }
3783 
3784 /* Move the encyption information on the MIB structure.
3785  This routine is for the pre-WPA firmware: later firmware has
3786  a different format MIB and a different routine. */
3787 static void build_wep_mib(struct atmel_private *priv)
3788 {
3789  struct { /* NB this is matched to the hardware, don't change. */
3790  u8 wep_is_on;
3791  u8 default_key; /* 0..3 */
3792  u8 reserved;
3793  u8 exclude_unencrypted;
3794 
3795  u32 WEPICV_error_count;
3796  u32 WEP_excluded_count;
3797 
3798  u8 wep_keys[MAX_ENCRYPTION_KEYS][13];
3799  u8 encryption_level; /* 0, 1, 2 */
3800  u8 reserved2[3];
3801  } mib;
3802  int i;
3803 
3804  mib.wep_is_on = priv->wep_is_on;
3805  if (priv->wep_is_on) {
3806  if (priv->wep_key_len[priv->default_key] > 5)
3807  mib.encryption_level = 2;
3808  else
3809  mib.encryption_level = 1;
3810  } else {
3811  mib.encryption_level = 0;
3812  }
3813 
3814  mib.default_key = priv->default_key;
3815  mib.exclude_unencrypted = priv->exclude_unencrypted;
3816 
3817  for (i = 0; i < MAX_ENCRYPTION_KEYS; i++)
3818  memcpy(mib.wep_keys[i], priv->wep_keys[i], 13);
3819 
3820  atmel_set_mib(priv, Mac_Wep_Mib_Type, 0, (u8 *)&mib, sizeof(mib));
3821 }
3822 
3823 static void build_wpa_mib(struct atmel_private *priv)
3824 {
3825  /* This is for the later (WPA enabled) firmware. */
3826 
3827  struct { /* NB this is matched to the hardware, don't change. */
3828  u8 cipher_default_key_value[MAX_ENCRYPTION_KEYS][MAX_ENCRYPTION_KEY_SIZE];
3829  u8 receiver_address[6];
3830  u8 wep_is_on;
3831  u8 default_key; /* 0..3 */
3832  u8 group_key;
3833  u8 exclude_unencrypted;
3834  u8 encryption_type;
3835  u8 reserved;
3836 
3837  u32 WEPICV_error_count;
3838  u32 WEP_excluded_count;
3839 
3840  u8 key_RSC[4][8];
3841  } mib;
3842 
3843  int i;
3844 
3845  mib.wep_is_on = priv->wep_is_on;
3846  mib.exclude_unencrypted = priv->exclude_unencrypted;
3847  memcpy(mib.receiver_address, priv->CurrentBSSID, 6);
3848 
3849  /* zero all the keys before adding in valid ones. */
3850  memset(mib.cipher_default_key_value, 0, sizeof(mib.cipher_default_key_value));
3851 
3852  if (priv->wep_is_on) {
3853  /* There's a comment in the Atmel code to the effect that this
3854  is only valid when still using WEP, it may need to be set to
3855  something to use WPA */
3856  memset(mib.key_RSC, 0, sizeof(mib.key_RSC));
3857 
3858  mib.default_key = mib.group_key = 255;
3859  for (i = 0; i < MAX_ENCRYPTION_KEYS; i++) {
3860  if (priv->wep_key_len[i] > 0) {
3861  memcpy(mib.cipher_default_key_value[i], priv->wep_keys[i], MAX_ENCRYPTION_KEY_SIZE);
3862  if (i == priv->default_key) {
3863  mib.default_key = i;
3864  mib.cipher_default_key_value[i][MAX_ENCRYPTION_KEY_SIZE-1] = 7;
3865  mib.cipher_default_key_value[i][MAX_ENCRYPTION_KEY_SIZE-2] = priv->pairwise_cipher_suite;
3866  } else {
3867  mib.group_key = i;
3868  priv->group_cipher_suite = priv->pairwise_cipher_suite;
3869  mib.cipher_default_key_value[i][MAX_ENCRYPTION_KEY_SIZE-1] = 1;
3870  mib.cipher_default_key_value[i][MAX_ENCRYPTION_KEY_SIZE-2] = priv->group_cipher_suite;
3871  }
3872  }
3873  }
3874  if (mib.default_key == 255)
3875  mib.default_key = mib.group_key != 255 ? mib.group_key : 0;
3876  if (mib.group_key == 255)
3877  mib.group_key = mib.default_key;
3878 
3879  }
3880 
3881  atmel_set_mib(priv, Mac_Wep_Mib_Type, 0, (u8 *)&mib, sizeof(mib));
3882 }
3883 
3884 static int reset_atmel_card(struct net_device *dev)
3885 {
3886  /* do everything necessary to wake up the hardware, including
3887  waiting for the lightning strike and throwing the knife switch....
3888 
3889  set all the Mib values which matter in the card to match
3890  their settings in the atmel_private structure. Some of these
3891  can be altered on the fly, but many (WEP, infrastucture or ad-hoc)
3892  can only be changed by tearing down the world and coming back through
3893  here.
3894 
3895  This routine is also responsible for initialising some
3896  hardware-specific fields in the atmel_private structure,
3897  including a copy of the firmware's hostinfo structure
3898  which is the route into the rest of the firmware datastructures. */
3899 
3900  struct atmel_private *priv = netdev_priv(dev);
3901  u8 configuration;
3902  int old_state = priv->station_state;
3903  int err = 0;
3904 
3905  /* data to add to the firmware names, in priority order
3906  this implemenents firmware versioning */
3907 
3908  static char *firmware_modifier[] = {
3909  "-wpa",
3910  "",
3911  NULL
3912  };
3913 
3914  /* reset pccard */
3915  if (priv->bus_type == BUS_TYPE_PCCARD)
3916  atmel_write16(priv->dev, GCR, 0x0060);
3917 
3918  /* stop card , disable interrupts */
3919  atmel_write16(priv->dev, GCR, 0x0040);
3920 
3921  if (priv->card_type == CARD_TYPE_EEPROM) {
3922  /* copy in firmware if needed */
3923  const struct firmware *fw_entry = NULL;
3924  const unsigned char *fw;
3925  int len = priv->firmware_length;
3926  if (!(fw = priv->firmware)) {
3927  if (priv->firmware_type == ATMEL_FW_TYPE_NONE) {
3928  if (strlen(priv->firmware_id) == 0) {
3929  printk(KERN_INFO
3930  "%s: card type is unknown: assuming at76c502 firmware is OK.\n",
3931  dev->name);
3932  printk(KERN_INFO
3933  "%s: if not, use the firmware= module parameter.\n",
3934  dev->name);
3935  strcpy(priv->firmware_id, "atmel_at76c502.bin");
3936  }
3937  err = request_firmware(&fw_entry, priv->firmware_id, priv->sys_dev);
3938  if (err != 0) {
3939  printk(KERN_ALERT
3940  "%s: firmware %s is missing, cannot continue.\n",
3941  dev->name, priv->firmware_id);
3942  return err;
3943  }
3944  } else {
3945  int fw_index = 0;
3946  int success = 0;
3947 
3948  /* get firmware filename entry based on firmware type ID */
3949  while (fw_table[fw_index].fw_type != priv->firmware_type
3950  && fw_table[fw_index].fw_type != ATMEL_FW_TYPE_NONE)
3951  fw_index++;
3952 
3953  /* construct the actual firmware file name */
3954  if (fw_table[fw_index].fw_type != ATMEL_FW_TYPE_NONE) {
3955  int i;
3956  for (i = 0; firmware_modifier[i]; i++) {
3957  snprintf(priv->firmware_id, 32, "%s%s.%s", fw_table[fw_index].fw_file,
3958  firmware_modifier[i], fw_table[fw_index].fw_file_ext);
3959  priv->firmware_id[31] = '\0';
3960  if (request_firmware(&fw_entry, priv->firmware_id, priv->sys_dev) == 0) {
3961  success = 1;
3962  break;
3963  }
3964  }
3965  }
3966  if (!success) {
3967  printk(KERN_ALERT
3968  "%s: firmware %s is missing, cannot start.\n",
3969  dev->name, priv->firmware_id);
3970  priv->firmware_id[0] = '\0';
3971  return -ENOENT;
3972  }
3973  }
3974 
3975  fw = fw_entry->data;
3976  len = fw_entry->size;
3977  }
3978 
3979  if (len <= 0x6000) {
3980  atmel_write16(priv->dev, BSR, BSS_IRAM);
3981  atmel_copy_to_card(priv->dev, 0, fw, len);
3982  atmel_set_gcr(priv->dev, GCR_REMAP);
3983  } else {
3984  /* Remap */
3985  atmel_set_gcr(priv->dev, GCR_REMAP);
3986  atmel_write16(priv->dev, BSR, BSS_IRAM);
3987  atmel_copy_to_card(priv->dev, 0, fw, 0x6000);
3988  atmel_write16(priv->dev, BSR, 0x2ff);
3989  atmel_copy_to_card(priv->dev, 0x8000, &fw[0x6000], len - 0x6000);
3990  }
3991 
3992  release_firmware(fw_entry);
3993  }
3994 
3995  err = atmel_wakeup_firmware(priv);
3996  if (err != 0)
3997  return err;
3998 
3999  /* Check the version and set the correct flag for wpa stuff,
4000  old and new firmware is incompatible.
4001  The pre-wpa 3com firmware reports major version 5,
4002  the wpa 3com firmware is major version 4 and doesn't need
4003  the 3com broken-ness filter. */
4004  priv->use_wpa = (priv->host_info.major_version == 4);
4005  priv->radio_on_broken = (priv->host_info.major_version == 5);
4006 
4007  /* unmask all irq sources */
4008  atmel_wmem8(priv, atmel_hi(priv, IFACE_INT_MASK_OFFSET), 0xff);
4009 
4010  /* int Tx system and enable Tx */
4011  atmel_wmem8(priv, atmel_tx(priv, TX_DESC_FLAGS_OFFSET, 0), 0);
4012  atmel_wmem32(priv, atmel_tx(priv, TX_DESC_NEXT_OFFSET, 0), 0x80000000L);
4013  atmel_wmem16(priv, atmel_tx(priv, TX_DESC_POS_OFFSET, 0), 0);
4014  atmel_wmem16(priv, atmel_tx(priv, TX_DESC_SIZE_OFFSET, 0), 0);
4015 
4016  priv->tx_desc_free = priv->host_info.tx_desc_count;
4017  priv->tx_desc_head = 0;
4018  priv->tx_desc_tail = 0;
4019  priv->tx_desc_previous = 0;
4020  priv->tx_free_mem = priv->host_info.tx_buff_size;
4021  priv->tx_buff_head = 0;
4022  priv->tx_buff_tail = 0;
4023 
4024  configuration = atmel_rmem8(priv, atmel_hi(priv, IFACE_FUNC_CTRL_OFFSET));
4025  atmel_wmem8(priv, atmel_hi(priv, IFACE_FUNC_CTRL_OFFSET),
4026  configuration | FUNC_CTRL_TxENABLE);
4027 
4028  /* init Rx system and enable */
4029  priv->rx_desc_head = 0;
4030 
4031  configuration = atmel_rmem8(priv, atmel_hi(priv, IFACE_FUNC_CTRL_OFFSET));
4032  atmel_wmem8(priv, atmel_hi(priv, IFACE_FUNC_CTRL_OFFSET),
4033  configuration | FUNC_CTRL_RxENABLE);
4034 
4035  if (!priv->radio_on_broken) {
4036  if (atmel_send_command_wait(priv, CMD_EnableRadio, NULL, 0) ==
4037  CMD_STATUS_REJECTED_RADIO_OFF) {
4038  printk(KERN_INFO "%s: cannot turn the radio on.\n",
4039  dev->name);
4040  return -EIO;
4041  }
4042  }
4043 
4044  /* set up enough MIB values to run. */
4045  atmel_set_mib8(priv, Local_Mib_Type, LOCAL_MIB_AUTO_TX_RATE_POS, priv->auto_tx_rate);
4046  atmel_set_mib8(priv, Local_Mib_Type, LOCAL_MIB_TX_PROMISCUOUS_POS, PROM_MODE_OFF);
4047  atmel_set_mib16(priv, Mac_Mib_Type, MAC_MIB_RTS_THRESHOLD_POS, priv->rts_threshold);
4048  atmel_set_mib16(priv, Mac_Mib_Type, MAC_MIB_FRAG_THRESHOLD_POS, priv->frag_threshold);
4049  atmel_set_mib8(priv, Mac_Mib_Type, MAC_MIB_SHORT_RETRY_POS, priv->short_retry);
4050  atmel_set_mib8(priv, Mac_Mib_Type, MAC_MIB_LONG_RETRY_POS, priv->long_retry);
4051  atmel_set_mib8(priv, Local_Mib_Type, LOCAL_MIB_PREAMBLE_TYPE, priv->preamble);
4052  atmel_set_mib(priv, Mac_Address_Mib_Type, MAC_ADDR_MIB_MAC_ADDR_POS,
4053  priv->dev->dev_addr, 6);
4054  atmel_set_mib8(priv, Mac_Mgmt_Mib_Type, MAC_MGMT_MIB_PS_MODE_POS, ACTIVE_MODE);
4055  atmel_set_mib16(priv, Mac_Mgmt_Mib_Type, MAC_MGMT_MIB_LISTEN_INTERVAL_POS, 1);
4056  atmel_set_mib16(priv, Mac_Mgmt_Mib_Type, MAC_MGMT_MIB_BEACON_PER_POS, priv->default_beacon_period);
4057  atmel_set_mib(priv, Phy_Mib_Type, PHY_MIB_RATE_SET_POS, atmel_basic_rates, 4);
4058  atmel_set_mib8(priv, Mac_Mgmt_Mib_Type, MAC_MGMT_MIB_CUR_PRIVACY_POS, priv->wep_is_on);
4059  if (priv->use_wpa)
4060  build_wpa_mib(priv);
4061  else
4062  build_wep_mib(priv);
4063 
4064  if (old_state == STATION_STATE_READY) {
4065  union iwreq_data wrqu;
4066 
4067  wrqu.data.length = 0;
4068  wrqu.data.flags = 0;
4069  wrqu.ap_addr.sa_family = ARPHRD_ETHER;
4070  memset(wrqu.ap_addr.sa_data, 0, ETH_ALEN);
4071  wireless_send_event(priv->dev, SIOCGIWAP, &wrqu, NULL);
4072  }
4073 
4074  return 0;
4075 }
4076 
4077 static void atmel_send_command(struct atmel_private *priv, int command,
4078  void *cmd, int cmd_size)
4079 {
4080  if (cmd)
4081  atmel_copy_to_card(priv->dev, atmel_co(priv, CMD_BLOCK_PARAMETERS_OFFSET),
4082  cmd, cmd_size);
4083 
4084  atmel_wmem8(priv, atmel_co(priv, CMD_BLOCK_COMMAND_OFFSET), command);
4085  atmel_wmem8(priv, atmel_co(priv, CMD_BLOCK_STATUS_OFFSET), 0);
4086 }
4087 
4088 static int atmel_send_command_wait(struct atmel_private *priv, int command,
4089  void *cmd, int cmd_size)
4090 {
4091  int i, status;
4092 
4093  atmel_send_command(priv, command, cmd, cmd_size);
4094 
4095  for (i = 5000; i; i--) {
4096  status = atmel_rmem8(priv, atmel_co(priv, CMD_BLOCK_STATUS_OFFSET));
4097  if (status != CMD_STATUS_IDLE &&
4098  status != CMD_STATUS_IN_PROGRESS)
4099  break;
4100  udelay(20);
4101  }
4102 
4103  if (i == 0) {
4104  printk(KERN_ALERT "%s: failed to contact MAC.\n", priv->dev->name);
4105  status = CMD_STATUS_HOST_ERROR;
4106  } else {
4107  if (command != CMD_EnableRadio)
4108  status = CMD_STATUS_COMPLETE;
4109  }
4110 
4111  return status;
4112 }
4113 
4114 static u8 atmel_get_mib8(struct atmel_private *priv, u8 type, u8 index)
4115 {
4116  struct get_set_mib m;
4117  m.type = type;
4118  m.size = 1;
4119  m.index = index;
4120 
4121  atmel_send_command_wait(priv, CMD_Get_MIB_Vars, &m, MIB_HEADER_SIZE + 1);
4122  return atmel_rmem8(priv, atmel_co(priv, CMD_BLOCK_PARAMETERS_OFFSET + MIB_HEADER_SIZE));
4123 }
4124 
4125 static void atmel_set_mib8(struct atmel_private *priv, u8 type, u8 index, u8 data)
4126 {
4127  struct get_set_mib m;
4128  m.type = type;
4129  m.size = 1;
4130  m.index = index;
4131  m.data[0] = data;
4132 
4133  atmel_send_command_wait(priv, CMD_Set_MIB_Vars, &m, MIB_HEADER_SIZE + 1);
4134 }
4135 
4136 static void atmel_set_mib16(struct atmel_private *priv, u8 type, u8 index,
4137  u16 data)
4138 {
4139  struct get_set_mib m;
4140  m.type = type;
4141  m.size = 2;
4142  m.index = index;
4143  m.data[0] = data;
4144  m.data[1] = data >> 8;
4145 
4146  atmel_send_command_wait(priv, CMD_Set_MIB_Vars, &m, MIB_HEADER_SIZE + 2);
4147 }
4148 
4149 static void atmel_set_mib(struct atmel_private *priv, u8 type, u8 index,
4150  u8 *data, int data_len)
4151 {
4152  struct get_set_mib m;
4153  m.type = type;
4154  m.size = data_len;
4155  m.index = index;
4156 
4157  if (data_len > MIB_MAX_DATA_BYTES)
4158  printk(KERN_ALERT "%s: MIB buffer too small.\n", priv->dev->name);
4159 
4160  memcpy(m.data, data, data_len);
4161  atmel_send_command_wait(priv, CMD_Set_MIB_Vars, &m, MIB_HEADER_SIZE + data_len);
4162 }
4163 
4164 static void atmel_get_mib(struct atmel_private *priv, u8 type, u8 index,
4165  u8 *data, int data_len)
4166 {
4167  struct get_set_mib m;
4168  m.type = type;
4169  m.size = data_len;
4170  m.index = index;
4171 
4172  if (data_len > MIB_MAX_DATA_BYTES)
4173  printk(KERN_ALERT "%s: MIB buffer too small.\n", priv->dev->name);
4174 
4175  atmel_send_command_wait(priv, CMD_Get_MIB_Vars, &m, MIB_HEADER_SIZE + data_len);
4176  atmel_copy_to_host(priv->dev, data,
4177  atmel_co(priv, CMD_BLOCK_PARAMETERS_OFFSET + MIB_HEADER_SIZE), data_len);
4178 }
4179 
4180 static void atmel_writeAR(struct net_device *dev, u16 data)
4181 {
4182  int i;
4183  outw(data, dev->base_addr + AR);
4184  /* Address register appears to need some convincing..... */
4185  for (i = 0; data != inw(dev->base_addr + AR) && i < 10; i++)
4186  outw(data, dev->base_addr + AR);
4187 }
4188 
4189 static void atmel_copy_to_card(struct net_device *dev, u16 dest,
4190  const unsigned char *src, u16 len)
4191 {
4192  int i;
4193  atmel_writeAR(dev, dest);
4194  if (dest % 2) {
4195  atmel_write8(dev, DR, *src);
4196  src++; len--;
4197  }
4198  for (i = len; i > 1 ; i -= 2) {
4199  u8 lb = *src++;
4200  u8 hb = *src++;
4201  atmel_write16(dev, DR, lb | (hb << 8));
4202  }
4203  if (i)
4204  atmel_write8(dev, DR, *src);
4205 }
4206 
4207 static void atmel_copy_to_host(struct net_device *dev, unsigned char *dest,
4208  u16 src, u16 len)
4209 {
4210  int i;
4211  atmel_writeAR(dev, src);
4212  if (src % 2) {
4213  *dest = atmel_read8(dev, DR);
4214  dest++; len--;
4215  }
4216  for (i = len; i > 1 ; i -= 2) {
4217  u16 hw = atmel_read16(dev, DR);
4218  *dest++ = hw;
4219  *dest++ = hw >> 8;
4220  }
4221  if (i)
4222  *dest = atmel_read8(dev, DR);
4223 }
4224 
4225 static void atmel_set_gcr(struct net_device *dev, u16 mask)
4226 {
4227  outw(inw(dev->base_addr + GCR) | mask, dev->base_addr + GCR);
4228 }
4229 
4230 static void atmel_clear_gcr(struct net_device *dev, u16 mask)
4231 {
4232  outw(inw(dev->base_addr + GCR) & ~mask, dev->base_addr + GCR);
4233 }
4234 
4235 static int atmel_lock_mac(struct atmel_private *priv)
4236 {
4237  int i, j = 20;
4238  retry:
4239  for (i = 5000; i; i--) {
4240  if (!atmel_rmem8(priv, atmel_hi(priv, IFACE_LOCKOUT_HOST_OFFSET)))
4241  break;
4242  udelay(20);
4243  }
4244 
4245  if (!i)
4246  return 0; /* timed out */
4247 
4248  atmel_wmem8(priv, atmel_hi(priv, IFACE_LOCKOUT_MAC_OFFSET), 1);
4249  if (atmel_rmem8(priv, atmel_hi(priv, IFACE_LOCKOUT_HOST_OFFSET))) {
4250  atmel_wmem8(priv, atmel_hi(priv, IFACE_LOCKOUT_MAC_OFFSET), 0);
4251  if (!j--)
4252  return 0; /* timed out */
4253  goto retry;
4254  }
4255 
4256  return 1;
4257 }
4258 
4259 static void atmel_wmem32(struct atmel_private *priv, u16 pos, u32 data)
4260 {
4261  atmel_writeAR(priv->dev, pos);
4262  atmel_write16(priv->dev, DR, data); /* card is little-endian */
4263  atmel_write16(priv->dev, DR, data >> 16);
4264 }
4265 
4266 /***************************************************************************/
4267 /* There follows the source form of the MAC address reading firmware */
4268 /***************************************************************************/
4269 #if 0
4270 
4271 /* Copyright 2003 Matthew T. Russotto */
4272 /* But derived from the Atmel 76C502 firmware written by Atmel and */
4273 /* included in "atmel wireless lan drivers" package */
4292 /* This firmware should work on the 76C502 RFMD, RFMD_D, and RFMD_E */
4293 /* It will probably work on the 76C504 and 76C502 RFMD_3COM */
4294 /* It only works on SPI EEPROM versions of the card. */
4295 
4296 /* This firmware initializes the SPI controller and clock, reads the MAC */
4297 /* address from the EEPROM into SRAM, and puts the SRAM offset of the MAC */
4298 /* address in MR2, and sets MR3 to 0x10 to indicate it is done */
4299 /* It also puts a complete copy of the EEPROM in SRAM with the offset in */
4300 /* MR4, for investigational purposes (maybe we can determine chip type */
4301 /* from that?) */
4302 
4303  .org 0
4304  .set MRBASE, 0x8000000
4305  .set CPSR_INITIAL, 0xD3 /* IRQ/FIQ disabled, ARM mode, Supervisor state */
4306  .set CPSR_USER, 0xD1 /* IRQ/FIQ disabled, ARM mode, USER state */
4307  .set SRAM_BASE, 0x02000000
4308  .set SP_BASE, 0x0F300000
4309  .set UNK_BASE, 0x0F000000 /* Some internal device, but which one? */
4310  .set SPI_CGEN_BASE, 0x0E000000 /* Some internal device, but which one? */
4311  .set UNK3_BASE, 0x02014000 /* Some internal device, but which one? */
4312  .set STACK_BASE, 0x5600
4313  .set SP_SR, 0x10
4314  .set SP_TDRE, 2 /* status register bit -- TDR empty */
4315  .set SP_RDRF, 1 /* status register bit -- RDR full */
4316  .set SP_SWRST, 0x80
4317  .set SP_SPIEN, 0x1
4318  .set SP_CR, 0 /* control register */
4319  .set SP_MR, 4 /* mode register */
4320  .set SP_RDR, 0x08 /* Read Data Register */
4321  .set SP_TDR, 0x0C /* Transmit Data Register */
4322  .set SP_CSR0, 0x30 /* chip select registers */
4323  .set SP_CSR1, 0x34
4324  .set SP_CSR2, 0x38
4325  .set SP_CSR3, 0x3C
4326  .set NVRAM_CMD_RDSR, 5 /* read status register */
4327  .set NVRAM_CMD_READ, 3 /* read data */
4328  .set NVRAM_SR_RDY, 1 /* RDY bit. This bit is inverted */
4329  .set SPI_8CLOCKS, 0xFF /* Writing this to the TDR doesn't do anything to the
4330  serial output, since SO is normally high. But it
4331  does cause 8 clock cycles and thus 8 bits to be
4332  clocked in to the chip. See Atmel's SPI
4333  controller (e.g. AT91M55800) timing and 4K
4334  SPI EEPROM manuals */
4335 
4336  .set NVRAM_SCRATCH, 0x02000100 /* arbitrary area for scratchpad memory */
4337  .set NVRAM_IMAGE, 0x02000200
4338  .set NVRAM_LENGTH, 0x0200
4339  .set MAC_ADDRESS_MIB, SRAM_BASE
4340  .set MAC_ADDRESS_LENGTH, 6
4341  .set MAC_BOOT_FLAG, 0x10
4342  .set MR1, 0
4343  .set MR2, 4
4344  .set MR3, 8
4345  .set MR4, 0xC
4346 RESET_VECTOR:
4347  b RESET_HANDLER
4348 UNDEF_VECTOR:
4349  b HALT1
4350 SWI_VECTOR:
4351  b HALT1
4352 IABORT_VECTOR:
4353  b HALT1
4354 DABORT_VECTOR:
4355 RESERVED_VECTOR:
4356  b HALT1
4357 IRQ_VECTOR:
4358  b HALT1
4359 FIQ_VECTOR:
4360  b HALT1
4361 HALT1: b HALT1
4362 RESET_HANDLER:
4363  mov r0, #CPSR_INITIAL
4364  msr CPSR_c, r0 /* This is probably unnecessary */
4365 
4366 /* I'm guessing this is initializing clock generator electronics for SPI */
4367  ldr r0, =SPI_CGEN_BASE
4368  mov r1, #0
4369  mov r1, r1, lsl #3
4370  orr r1, r1, #0
4371  str r1, [r0]
4372  ldr r1, [r0, #28]
4373  bic r1, r1, #16
4374  str r1, [r0, #28]
4375  mov r1, #1
4376  str r1, [r0, #8]
4377 
4378  ldr r0, =MRBASE
4379  mov r1, #0
4380  strh r1, [r0, #MR1]
4381  strh r1, [r0, #MR2]
4382  strh r1, [r0, #MR3]
4383  strh r1, [r0, #MR4]
4384 
4385  mov sp, #STACK_BASE
4386  bl SP_INIT
4387  mov r0, #10
4388  bl DELAY9
4389  bl GET_MAC_ADDR
4390  bl GET_WHOLE_NVRAM
4391  ldr r0, =MRBASE
4392  ldr r1, =MAC_ADDRESS_MIB
4393  strh r1, [r0, #MR2]
4394  ldr r1, =NVRAM_IMAGE
4395  strh r1, [r0, #MR4]
4396  mov r1, #MAC_BOOT_FLAG
4397  strh r1, [r0, #MR3]
4398 HALT2: b HALT2
4399 .func Get_Whole_NVRAM, GET_WHOLE_NVRAM
4400 GET_WHOLE_NVRAM:
4401  stmdb sp!, {lr}
4402  mov r2, #0 /* 0th bytes of NVRAM */
4403  mov r3, #NVRAM_LENGTH
4404  mov r1, #0 /* not used in routine */
4405  ldr r0, =NVRAM_IMAGE
4406  bl NVRAM_XFER
4407  ldmia sp!, {lr}
4408  bx lr
4409 .endfunc
4410 
4411 .func Get_MAC_Addr, GET_MAC_ADDR
4412 GET_MAC_ADDR:
4413  stmdb sp!, {lr}
4414  mov r2, #0x120 /* address of MAC Address within NVRAM */
4415  mov r3, #MAC_ADDRESS_LENGTH
4416  mov r1, #0 /* not used in routine */
4417  ldr r0, =MAC_ADDRESS_MIB
4418  bl NVRAM_XFER
4419  ldmia sp!, {lr}
4420  bx lr
4421 .endfunc
4422 .ltorg
4423 .func Delay9, DELAY9
4424 DELAY9:
4425  adds r0, r0, r0, LSL #3 /* r0 = r0 * 9 */
4426 DELAYLOOP:
4427  beq DELAY9_done
4428  subs r0, r0, #1
4429  b DELAYLOOP
4430 DELAY9_done:
4431  bx lr
4432 .endfunc
4433 
4434 .func SP_Init, SP_INIT
4435 SP_INIT:
4436  mov r1, #SP_SWRST
4437  ldr r0, =SP_BASE
4438  str r1, [r0, #SP_CR] /* reset the SPI */
4439  mov r1, #0
4440  str r1, [r0, #SP_CR] /* release SPI from reset state */
4441  mov r1, #SP_SPIEN
4442  str r1, [r0, #SP_MR] /* set the SPI to MASTER mode*/
4443  str r1, [r0, #SP_CR] /* enable the SPI */
4444 
4445 /* My guess would be this turns on the SPI clock */
4446  ldr r3, =SPI_CGEN_BASE
4447  ldr r1, [r3, #28]
4448  orr r1, r1, #0x2000
4449  str r1, [r3, #28]
4450 
4451  ldr r1, =0x2000c01
4452  str r1, [r0, #SP_CSR0]
4453  ldr r1, =0x2000201
4454  str r1, [r0, #SP_CSR1]
4455  str r1, [r0, #SP_CSR2]
4456  str r1, [r0, #SP_CSR3]
4457  ldr r1, [r0, #SP_SR]
4458  ldr r0, [r0, #SP_RDR]
4459  bx lr
4460 .endfunc
4461 .func NVRAM_Init, NVRAM_INIT
4462 NVRAM_INIT:
4463  ldr r1, =SP_BASE
4464  ldr r0, [r1, #SP_RDR]
4465  mov r0, #NVRAM_CMD_RDSR
4466  str r0, [r1, #SP_TDR]
4467 SP_loop1:
4468  ldr r0, [r1, #SP_SR]
4469  tst r0, #SP_TDRE
4470  beq SP_loop1
4471 
4472  mov r0, #SPI_8CLOCKS
4473  str r0, [r1, #SP_TDR]
4474 SP_loop2:
4475  ldr r0, [r1, #SP_SR]
4476  tst r0, #SP_TDRE
4477  beq SP_loop2
4478 
4479  ldr r0, [r1, #SP_RDR]
4480 SP_loop3:
4481  ldr r0, [r1, #SP_SR]
4482  tst r0, #SP_RDRF
4483  beq SP_loop3
4484 
4485  ldr r0, [r1, #SP_RDR]
4486  and r0, r0, #255
4487  bx lr
4488 .endfunc
4489 
4490 .func NVRAM_Xfer, NVRAM_XFER
4491  /* r0 = dest address */
4492  /* r1 = not used */
4493  /* r2 = src address within NVRAM */
4494  /* r3 = length */
4495 NVRAM_XFER:
4496  stmdb sp!, {r4, r5, lr}
4497  mov r5, r0 /* save r0 (dest address) */
4498  mov r4, r3 /* save r3 (length) */
4499  mov r0, r2, LSR #5 /* SPI memories put A8 in the command field */
4500  and r0, r0, #8
4501  add r0, r0, #NVRAM_CMD_READ
4502  ldr r1, =NVRAM_SCRATCH
4503  strb r0, [r1, #0] /* save command in NVRAM_SCRATCH[0] */
4504  strb r2, [r1, #1] /* save low byte of source address in NVRAM_SCRATCH[1] */
4505 _local1:
4506  bl NVRAM_INIT
4507  tst r0, #NVRAM_SR_RDY
4508  bne _local1
4509  mov r0, #20
4510  bl DELAY9
4511  mov r2, r4 /* length */
4512  mov r1, r5 /* dest address */
4513  mov r0, #2 /* bytes to transfer in command */
4514  bl NVRAM_XFER2
4515  ldmia sp!, {r4, r5, lr}
4516  bx lr
4517 .endfunc
4518 
4519 .func NVRAM_Xfer2, NVRAM_XFER2
4520 NVRAM_XFER2:
4521  stmdb sp!, {r4, r5, r6, lr}
4522  ldr r4, =SP_BASE
4523  mov r3, #0
4524  cmp r0, #0
4525  bls _local2
4526  ldr r5, =NVRAM_SCRATCH
4527 _local4:
4528  ldrb r6, [r5, r3]
4529  str r6, [r4, #SP_TDR]
4530 _local3:
4531  ldr r6, [r4, #SP_SR]
4532  tst r6, #SP_TDRE
4533  beq _local3
4534  add r3, r3, #1
4535  cmp r3, r0 /* r0 is # of bytes to send out (command+addr) */
4536  blo _local4
4537 _local2:
4538  mov r3, #SPI_8CLOCKS
4539  str r3, [r4, #SP_TDR]
4540  ldr r0, [r4, #SP_RDR]
4541 _local5:
4542  ldr r0, [r4, #SP_SR]
4543  tst r0, #SP_RDRF
4544  beq _local5
4545  ldr r0, [r4, #SP_RDR] /* what's this byte? It's the byte read while writing the TDR -- nonsense, because the NVRAM doesn't read and write at the same time */
4546  mov r0, #0
4547  cmp r2, #0 /* r2 is # of bytes to copy in */
4548  bls _local6
4549 _local7:
4550  ldr r5, [r4, #SP_SR]
4551  tst r5, #SP_TDRE
4552  beq _local7
4553  str r3, [r4, #SP_TDR] /* r3 has SPI_8CLOCKS */
4554 _local8:
4555  ldr r5, [r4, #SP_SR]
4556  tst r5, #SP_RDRF
4557  beq _local8
4558  ldr r5, [r4, #SP_RDR] /* but didn't we read this byte above? */
4559  strb r5, [r1], #1 /* postindexed */
4560  add r0, r0, #1
4561  cmp r0, r2
4562  blo _local7 /* since we don't send another address, the NVRAM must be capable of sequential reads */
4563 _local6:
4564  mov r0, #200
4565  bl DELAY9
4566  ldmia sp!, {r4, r5, r6, lr}
4567  bx lr
4568 #endif
Generated on Thu Jan 10 2013 14:09:38 for Linux Kernel by   doxygen 1.8.2