Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
main.c
Go to the documentation of this file.
1 /*
2 
3  Broadcom B43 wireless driver
4 
5  Copyright (c) 2005 Martin Langer <[email protected]>
6  Copyright (c) 2005 Stefano Brivio <[email protected]>
7  Copyright (c) 2005-2009 Michael Buesch <[email protected]>
8  Copyright (c) 2005 Danny van Dyk <[email protected]>
9  Copyright (c) 2005 Andreas Jaggi <[email protected]>
10  Copyright (c) 2010-2011 Rafał Miłecki <[email protected]>
11 
12  SDIO support
13  Copyright (c) 2009 Albert Herranz <[email protected]>
14 
15  Some parts of the code in this file are derived from the ipw2200
16  driver Copyright(c) 2003 - 2004 Intel Corporation.
17 
18  This program is free software; you can redistribute it and/or modify
19  it under the terms of the GNU General Public License as published by
20  the Free Software Foundation; either version 2 of the License, or
21  (at your option) any later version.
22 
23  This program is distributed in the hope that it will be useful,
24  but WITHOUT ANY WARRANTY; without even the implied warranty of
25  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
26  GNU General Public License for more details.
27 
28  You should have received a copy of the GNU General Public License
29  along with this program; see the file COPYING. If not, write to
30  the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
31  Boston, MA 02110-1301, USA.
32 
33 */
34 
35 #include <linux/delay.h>
36 #include <linux/init.h>
37 #include <linux/module.h>
38 #include <linux/if_arp.h>
39 #include <linux/etherdevice.h>
40 #include <linux/firmware.h>
41 #include <linux/workqueue.h>
42 #include <linux/skbuff.h>
43 #include <linux/io.h>
44 #include <linux/dma-mapping.h>
45 #include <linux/slab.h>
46 #include <asm/unaligned.h>
47 
48 #include "b43.h"
49 #include "main.h"
50 #include "debugfs.h"
51 #include "phy_common.h"
52 #include "phy_g.h"
53 #include "phy_n.h"
54 #include "dma.h"
55 #include "pio.h"
56 #include "sysfs.h"
57 #include "xmit.h"
58 #include "lo.h"
59 #include "pcmcia.h"
60 #include "sdio.h"
61 #include <linux/mmc/sdio_func.h>
62 
63 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
64 MODULE_AUTHOR("Martin Langer");
65 MODULE_AUTHOR("Stefano Brivio");
66 MODULE_AUTHOR("Michael Buesch");
67 MODULE_AUTHOR("Gábor Stefanik");
68 MODULE_AUTHOR("Rafał Miłecki");
69 MODULE_LICENSE("GPL");
70 
71 MODULE_FIRMWARE("b43/ucode11.fw");
72 MODULE_FIRMWARE("b43/ucode13.fw");
73 MODULE_FIRMWARE("b43/ucode14.fw");
74 MODULE_FIRMWARE("b43/ucode15.fw");
75 MODULE_FIRMWARE("b43/ucode16_mimo.fw");
76 MODULE_FIRMWARE("b43/ucode5.fw");
77 MODULE_FIRMWARE("b43/ucode9.fw");
78 
79 static int modparam_bad_frames_preempt;
80 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
81 MODULE_PARM_DESC(bad_frames_preempt,
82  "enable(1) / disable(0) Bad Frames Preemption");
83 
84 static char modparam_fwpostfix[16];
85 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
86 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
87 
88 static int modparam_hwpctl;
89 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
90 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
91 
92 static int modparam_nohwcrypt;
93 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
94 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
95 
96 static int modparam_hwtkip;
97 module_param_named(hwtkip, modparam_hwtkip, int, 0444);
98 MODULE_PARM_DESC(hwtkip, "Enable hardware tkip.");
99 
100 static int modparam_qos = 1;
101 module_param_named(qos, modparam_qos, int, 0444);
102 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
103 
104 static int modparam_btcoex = 1;
105 module_param_named(btcoex, modparam_btcoex, int, 0444);
106 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistence (default on)");
107 
108 int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
109 module_param_named(verbose, b43_modparam_verbose, int, 0644);
110 MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
111 
112 static int b43_modparam_pio = 0;
113 module_param_named(pio, b43_modparam_pio, int, 0644);
114 MODULE_PARM_DESC(pio, "Use PIO accesses by default: 0=DMA, 1=PIO");
115 
116 #ifdef CONFIG_B43_BCMA
117 static const struct bcma_device_id b43_bcma_tbl[] = {
118  BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x11, BCMA_ANY_CLASS),
119 #ifdef CONFIG_B43_BCMA_EXTRA
120  BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x17, BCMA_ANY_CLASS),
121  BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x18, BCMA_ANY_CLASS),
122 #endif
123  BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1D, BCMA_ANY_CLASS),
124  BCMA_CORETABLE_END
125 };
126 MODULE_DEVICE_TABLE(bcma, b43_bcma_tbl);
127 #endif
128 
129 #ifdef CONFIG_B43_SSB
130 static const struct ssb_device_id b43_ssb_tbl[] = {
131  SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
132  SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
133  SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
134  SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
135  SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
136  SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
137  SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 12),
138  SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
139  SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
140  SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
141  SSB_DEVTABLE_END
142 };
143 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
144 #endif
145 
146 /* Channel and ratetables are shared for all devices.
147  * They can't be const, because ieee80211 puts some precalculated
148  * data in there. This data is the same for all devices, so we don't
149  * get concurrency issues */
150 #define RATETAB_ENT(_rateid, _flags) \
151  { \
152  .bitrate = B43_RATE_TO_BASE100KBPS(_rateid), \
153  .hw_value = (_rateid), \
154  .flags = (_flags), \
155  }
156 
157 /*
158  * NOTE: When changing this, sync with xmit.c's
159  * b43_plcp_get_bitrate_idx_* functions!
160  */
161 static struct ieee80211_rate __b43_ratetable[] = {
162  RATETAB_ENT(B43_CCK_RATE_1MB, 0),
163  RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
164  RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
165  RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
166  RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
167  RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
168  RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
169  RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
170  RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
171  RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
172  RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
173  RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
174 };
175 
176 #define b43_a_ratetable (__b43_ratetable + 4)
177 #define b43_a_ratetable_size 8
178 #define b43_b_ratetable (__b43_ratetable + 0)
179 #define b43_b_ratetable_size 4
180 #define b43_g_ratetable (__b43_ratetable + 0)
181 #define b43_g_ratetable_size 12
182 
183 #define CHAN4G(_channel, _freq, _flags) { \
184  .band = IEEE80211_BAND_2GHZ, \
185  .center_freq = (_freq), \
186  .hw_value = (_channel), \
187  .flags = (_flags), \
188  .max_antenna_gain = 0, \
189  .max_power = 30, \
190 }
191 static struct ieee80211_channel b43_2ghz_chantable[] = {
192  CHAN4G(1, 2412, 0),
193  CHAN4G(2, 2417, 0),
194  CHAN4G(3, 2422, 0),
195  CHAN4G(4, 2427, 0),
196  CHAN4G(5, 2432, 0),
197  CHAN4G(6, 2437, 0),
198  CHAN4G(7, 2442, 0),
199  CHAN4G(8, 2447, 0),
200  CHAN4G(9, 2452, 0),
201  CHAN4G(10, 2457, 0),
202  CHAN4G(11, 2462, 0),
203  CHAN4G(12, 2467, 0),
204  CHAN4G(13, 2472, 0),
205  CHAN4G(14, 2484, 0),
206 };
207 #undef CHAN4G
208 
209 #define CHAN5G(_channel, _flags) { \
210  .band = IEEE80211_BAND_5GHZ, \
211  .center_freq = 5000 + (5 * (_channel)), \
212  .hw_value = (_channel), \
213  .flags = (_flags), \
214  .max_antenna_gain = 0, \
215  .max_power = 30, \
216 }
217 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
218  CHAN5G(32, 0), CHAN5G(34, 0),
219  CHAN5G(36, 0), CHAN5G(38, 0),
220  CHAN5G(40, 0), CHAN5G(42, 0),
221  CHAN5G(44, 0), CHAN5G(46, 0),
222  CHAN5G(48, 0), CHAN5G(50, 0),
223  CHAN5G(52, 0), CHAN5G(54, 0),
224  CHAN5G(56, 0), CHAN5G(58, 0),
225  CHAN5G(60, 0), CHAN5G(62, 0),
226  CHAN5G(64, 0), CHAN5G(66, 0),
227  CHAN5G(68, 0), CHAN5G(70, 0),
228  CHAN5G(72, 0), CHAN5G(74, 0),
229  CHAN5G(76, 0), CHAN5G(78, 0),
230  CHAN5G(80, 0), CHAN5G(82, 0),
231  CHAN5G(84, 0), CHAN5G(86, 0),
232  CHAN5G(88, 0), CHAN5G(90, 0),
233  CHAN5G(92, 0), CHAN5G(94, 0),
234  CHAN5G(96, 0), CHAN5G(98, 0),
235  CHAN5G(100, 0), CHAN5G(102, 0),
236  CHAN5G(104, 0), CHAN5G(106, 0),
237  CHAN5G(108, 0), CHAN5G(110, 0),
238  CHAN5G(112, 0), CHAN5G(114, 0),
239  CHAN5G(116, 0), CHAN5G(118, 0),
240  CHAN5G(120, 0), CHAN5G(122, 0),
241  CHAN5G(124, 0), CHAN5G(126, 0),
242  CHAN5G(128, 0), CHAN5G(130, 0),
243  CHAN5G(132, 0), CHAN5G(134, 0),
244  CHAN5G(136, 0), CHAN5G(138, 0),
245  CHAN5G(140, 0), CHAN5G(142, 0),
246  CHAN5G(144, 0), CHAN5G(145, 0),
247  CHAN5G(146, 0), CHAN5G(147, 0),
248  CHAN5G(148, 0), CHAN5G(149, 0),
249  CHAN5G(150, 0), CHAN5G(151, 0),
250  CHAN5G(152, 0), CHAN5G(153, 0),
251  CHAN5G(154, 0), CHAN5G(155, 0),
252  CHAN5G(156, 0), CHAN5G(157, 0),
253  CHAN5G(158, 0), CHAN5G(159, 0),
254  CHAN5G(160, 0), CHAN5G(161, 0),
255  CHAN5G(162, 0), CHAN5G(163, 0),
256  CHAN5G(164, 0), CHAN5G(165, 0),
257  CHAN5G(166, 0), CHAN5G(168, 0),
258  CHAN5G(170, 0), CHAN5G(172, 0),
259  CHAN5G(174, 0), CHAN5G(176, 0),
260  CHAN5G(178, 0), CHAN5G(180, 0),
261  CHAN5G(182, 0), CHAN5G(184, 0),
262  CHAN5G(186, 0), CHAN5G(188, 0),
263  CHAN5G(190, 0), CHAN5G(192, 0),
264  CHAN5G(194, 0), CHAN5G(196, 0),
265  CHAN5G(198, 0), CHAN5G(200, 0),
266  CHAN5G(202, 0), CHAN5G(204, 0),
267  CHAN5G(206, 0), CHAN5G(208, 0),
268  CHAN5G(210, 0), CHAN5G(212, 0),
269  CHAN5G(214, 0), CHAN5G(216, 0),
270  CHAN5G(218, 0), CHAN5G(220, 0),
271  CHAN5G(222, 0), CHAN5G(224, 0),
272  CHAN5G(226, 0), CHAN5G(228, 0),
273 };
274 
275 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
276  CHAN5G(34, 0), CHAN5G(36, 0),
277  CHAN5G(38, 0), CHAN5G(40, 0),
278  CHAN5G(42, 0), CHAN5G(44, 0),
279  CHAN5G(46, 0), CHAN5G(48, 0),
280  CHAN5G(52, 0), CHAN5G(56, 0),
281  CHAN5G(60, 0), CHAN5G(64, 0),
282  CHAN5G(100, 0), CHAN5G(104, 0),
283  CHAN5G(108, 0), CHAN5G(112, 0),
284  CHAN5G(116, 0), CHAN5G(120, 0),
285  CHAN5G(124, 0), CHAN5G(128, 0),
286  CHAN5G(132, 0), CHAN5G(136, 0),
287  CHAN5G(140, 0), CHAN5G(149, 0),
288  CHAN5G(153, 0), CHAN5G(157, 0),
289  CHAN5G(161, 0), CHAN5G(165, 0),
290  CHAN5G(184, 0), CHAN5G(188, 0),
291  CHAN5G(192, 0), CHAN5G(196, 0),
292  CHAN5G(200, 0), CHAN5G(204, 0),
293  CHAN5G(208, 0), CHAN5G(212, 0),
294  CHAN5G(216, 0),
295 };
296 #undef CHAN5G
297 
298 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
299  .band = IEEE80211_BAND_5GHZ,
300  .channels = b43_5ghz_nphy_chantable,
301  .n_channels = ARRAY_SIZE(b43_5ghz_nphy_chantable),
302  .bitrates = b43_a_ratetable,
303  .n_bitrates = b43_a_ratetable_size,
304 };
305 
306 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
307  .band = IEEE80211_BAND_5GHZ,
308  .channels = b43_5ghz_aphy_chantable,
309  .n_channels = ARRAY_SIZE(b43_5ghz_aphy_chantable),
310  .bitrates = b43_a_ratetable,
311  .n_bitrates = b43_a_ratetable_size,
312 };
313 
314 static struct ieee80211_supported_band b43_band_2GHz = {
315  .band = IEEE80211_BAND_2GHZ,
316  .channels = b43_2ghz_chantable,
317  .n_channels = ARRAY_SIZE(b43_2ghz_chantable),
318  .bitrates = b43_g_ratetable,
319  .n_bitrates = b43_g_ratetable_size,
320 };
321 
322 static void b43_wireless_core_exit(struct b43_wldev *dev);
323 static int b43_wireless_core_init(struct b43_wldev *dev);
324 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev);
325 static int b43_wireless_core_start(struct b43_wldev *dev);
326 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
327  struct ieee80211_vif *vif,
328  struct ieee80211_bss_conf *conf,
329  u32 changed);
330 
331 static int b43_ratelimit(struct b43_wl *wl)
332 {
333  if (!wl || !wl->current_dev)
334  return 1;
335  if (b43_status(wl->current_dev) < B43_STAT_STARTED)
336  return 1;
337  /* We are up and running.
338  * Ratelimit the messages to avoid DoS over the net. */
339  return net_ratelimit();
340 }
341 
342 void b43info(struct b43_wl *wl, const char *fmt, ...)
343 {
344  struct va_format vaf;
345  va_list args;
346 
347  if (b43_modparam_verbose < B43_VERBOSITY_INFO)
348  return;
349  if (!b43_ratelimit(wl))
350  return;
351 
352  va_start(args, fmt);
353 
354  vaf.fmt = fmt;
355  vaf.va = &args;
356 
357  printk(KERN_INFO "b43-%s: %pV",
358  (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
359 
360  va_end(args);
361 }
362 
363 void b43err(struct b43_wl *wl, const char *fmt, ...)
364 {
365  struct va_format vaf;
366  va_list args;
367 
368  if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
369  return;
370  if (!b43_ratelimit(wl))
371  return;
372 
373  va_start(args, fmt);
374 
375  vaf.fmt = fmt;
376  vaf.va = &args;
377 
378  printk(KERN_ERR "b43-%s ERROR: %pV",
379  (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
380 
381  va_end(args);
382 }
383 
384 void b43warn(struct b43_wl *wl, const char *fmt, ...)
385 {
386  struct va_format vaf;
387  va_list args;
388 
389  if (b43_modparam_verbose < B43_VERBOSITY_WARN)
390  return;
391  if (!b43_ratelimit(wl))
392  return;
393 
394  va_start(args, fmt);
395 
396  vaf.fmt = fmt;
397  vaf.va = &args;
398 
399  printk(KERN_WARNING "b43-%s warning: %pV",
400  (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
401 
402  va_end(args);
403 }
404 
405 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
406 {
407  struct va_format vaf;
408  va_list args;
409 
410  if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
411  return;
412 
413  va_start(args, fmt);
414 
415  vaf.fmt = fmt;
416  vaf.va = &args;
417 
418  printk(KERN_DEBUG "b43-%s debug: %pV",
419  (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
420 
421  va_end(args);
422 }
423 
424 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
425 {
426  u32 macctl;
427 
428  B43_WARN_ON(offset % 4 != 0);
429 
430  macctl = b43_read32(dev, B43_MMIO_MACCTL);
431  if (macctl & B43_MACCTL_BE)
432  val = swab32(val);
433 
434  b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
435  mmiowb();
436  b43_write32(dev, B43_MMIO_RAM_DATA, val);
437 }
438 
439 static inline void b43_shm_control_word(struct b43_wldev *dev,
440  u16 routing, u16 offset)
441 {
442  u32 control;
443 
444  /* "offset" is the WORD offset. */
445  control = routing;
446  control <<= 16;
447  control |= offset;
448  b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
449 }
450 
451 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
452 {
453  u32 ret;
454 
455  if (routing == B43_SHM_SHARED) {
456  B43_WARN_ON(offset & 0x0001);
457  if (offset & 0x0003) {
458  /* Unaligned access */
459  b43_shm_control_word(dev, routing, offset >> 2);
460  ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
461  b43_shm_control_word(dev, routing, (offset >> 2) + 1);
462  ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
463 
464  goto out;
465  }
466  offset >>= 2;
467  }
468  b43_shm_control_word(dev, routing, offset);
469  ret = b43_read32(dev, B43_MMIO_SHM_DATA);
470 out:
471  return ret;
472 }
473 
474 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
475 {
476  u16 ret;
477 
478  if (routing == B43_SHM_SHARED) {
479  B43_WARN_ON(offset & 0x0001);
480  if (offset & 0x0003) {
481  /* Unaligned access */
482  b43_shm_control_word(dev, routing, offset >> 2);
483  ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
484 
485  goto out;
486  }
487  offset >>= 2;
488  }
489  b43_shm_control_word(dev, routing, offset);
490  ret = b43_read16(dev, B43_MMIO_SHM_DATA);
491 out:
492  return ret;
493 }
494 
495 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
496 {
497  if (routing == B43_SHM_SHARED) {
498  B43_WARN_ON(offset & 0x0001);
499  if (offset & 0x0003) {
500  /* Unaligned access */
501  b43_shm_control_word(dev, routing, offset >> 2);
502  b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
503  value & 0xFFFF);
504  b43_shm_control_word(dev, routing, (offset >> 2) + 1);
505  b43_write16(dev, B43_MMIO_SHM_DATA,
506  (value >> 16) & 0xFFFF);
507  return;
508  }
509  offset >>= 2;
510  }
511  b43_shm_control_word(dev, routing, offset);
512  b43_write32(dev, B43_MMIO_SHM_DATA, value);
513 }
514 
515 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
516 {
517  if (routing == B43_SHM_SHARED) {
518  B43_WARN_ON(offset & 0x0001);
519  if (offset & 0x0003) {
520  /* Unaligned access */
521  b43_shm_control_word(dev, routing, offset >> 2);
522  b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
523  return;
524  }
525  offset >>= 2;
526  }
527  b43_shm_control_word(dev, routing, offset);
528  b43_write16(dev, B43_MMIO_SHM_DATA, value);
529 }
530 
531 /* Read HostFlags */
532 u64 b43_hf_read(struct b43_wldev *dev)
533 {
534  u64 ret;
535 
536  ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3);
537  ret <<= 16;
538  ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2);
539  ret <<= 16;
540  ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1);
541 
542  return ret;
543 }
544 
545 /* Write HostFlags */
546 void b43_hf_write(struct b43_wldev *dev, u64 value)
547 {
548  u16 lo, mi, hi;
549 
550  lo = (value & 0x00000000FFFFULL);
551  mi = (value & 0x0000FFFF0000ULL) >> 16;
552  hi = (value & 0xFFFF00000000ULL) >> 32;
553  b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1, lo);
554  b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2, mi);
555  b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3, hi);
556 }
557 
558 /* Read the firmware capabilities bitmask (Opensource firmware only) */
559 static u16 b43_fwcapa_read(struct b43_wldev *dev)
560 {
561  B43_WARN_ON(!dev->fw.opensource);
562  return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
563 }
564 
565 void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
566 {
567  u32 low, high;
568 
569  B43_WARN_ON(dev->dev->core_rev < 3);
570 
571  /* The hardware guarantees us an atomic read, if we
572  * read the low register first. */
573  low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
574  high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
575 
576  *tsf = high;
577  *tsf <<= 32;
578  *tsf |= low;
579 }
580 
581 static void b43_time_lock(struct b43_wldev *dev)
582 {
583  b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_TBTTHOLD);
584  /* Commit the write */
585  b43_read32(dev, B43_MMIO_MACCTL);
586 }
587 
588 static void b43_time_unlock(struct b43_wldev *dev)
589 {
590  b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_TBTTHOLD, 0);
591  /* Commit the write */
592  b43_read32(dev, B43_MMIO_MACCTL);
593 }
594 
595 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
596 {
597  u32 low, high;
598 
599  B43_WARN_ON(dev->dev->core_rev < 3);
600 
601  low = tsf;
602  high = (tsf >> 32);
603  /* The hardware guarantees us an atomic write, if we
604  * write the low register first. */
605  b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
606  mmiowb();
607  b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
608  mmiowb();
609 }
610 
611 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
612 {
613  b43_time_lock(dev);
614  b43_tsf_write_locked(dev, tsf);
615  b43_time_unlock(dev);
616 }
617 
618 static
619 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
620 {
621  static const u8 zero_addr[ETH_ALEN] = { 0 };
622  u16 data;
623 
624  if (!mac)
625  mac = zero_addr;
626 
627  offset |= 0x0020;
628  b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
629 
630  data = mac[0];
631  data |= mac[1] << 8;
632  b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
633  data = mac[2];
634  data |= mac[3] << 8;
635  b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
636  data = mac[4];
637  data |= mac[5] << 8;
638  b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
639 }
640 
641 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
642 {
643  const u8 *mac;
644  const u8 *bssid;
645  u8 mac_bssid[ETH_ALEN * 2];
646  int i;
647  u32 tmp;
648 
649  bssid = dev->wl->bssid;
650  mac = dev->wl->mac_addr;
651 
652  b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
653 
654  memcpy(mac_bssid, mac, ETH_ALEN);
655  memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
656 
657  /* Write our MAC address and BSSID to template ram */
658  for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
659  tmp = (u32) (mac_bssid[i + 0]);
660  tmp |= (u32) (mac_bssid[i + 1]) << 8;
661  tmp |= (u32) (mac_bssid[i + 2]) << 16;
662  tmp |= (u32) (mac_bssid[i + 3]) << 24;
663  b43_ram_write(dev, 0x20 + i, tmp);
664  }
665 }
666 
667 static void b43_upload_card_macaddress(struct b43_wldev *dev)
668 {
669  b43_write_mac_bssid_templates(dev);
670  b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
671 }
672 
673 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
674 {
675  /* slot_time is in usec. */
676  /* This test used to exit for all but a G PHY. */
677  if (b43_current_band(dev->wl) == IEEE80211_BAND_5GHZ)
678  return;
679  b43_write16(dev, B43_MMIO_IFSSLOT, 510 + slot_time);
680  /* Shared memory location 0x0010 is the slot time and should be
681  * set to slot_time; however, this register is initially 0 and changing
682  * the value adversely affects the transmit rate for BCM4311
683  * devices. Until this behavior is unterstood, delete this step
684  *
685  * b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
686  */
687 }
688 
689 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
690 {
691  b43_set_slot_time(dev, 9);
692 }
693 
694 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
695 {
696  b43_set_slot_time(dev, 20);
697 }
698 
699 /* DummyTransmission function, as documented on
700  * http://bcm-v4.sipsolutions.net/802.11/DummyTransmission
701  */
702 void b43_dummy_transmission(struct b43_wldev *dev, bool ofdm, bool pa_on)
703 {
704  struct b43_phy *phy = &dev->phy;
705  unsigned int i, max_loop;
706  u16 value;
707  u32 buffer[5] = {
708  0x00000000,
709  0x00D40000,
710  0x00000000,
711  0x01000000,
712  0x00000000,
713  };
714 
715  if (ofdm) {
716  max_loop = 0x1E;
717  buffer[0] = 0x000201CC;
718  } else {
719  max_loop = 0xFA;
720  buffer[0] = 0x000B846E;
721  }
722 
723  for (i = 0; i < 5; i++)
724  b43_ram_write(dev, i * 4, buffer[i]);
725 
726  b43_write16(dev, B43_MMIO_XMTSEL, 0x0000);
727 
728  if (dev->dev->core_rev < 11)
729  b43_write16(dev, B43_MMIO_WEPCTL, 0x0000);
730  else
731  b43_write16(dev, B43_MMIO_WEPCTL, 0x0100);
732 
733  value = (ofdm ? 0x41 : 0x40);
734  b43_write16(dev, B43_MMIO_TXE0_PHYCTL, value);
735  if (phy->type == B43_PHYTYPE_N || phy->type == B43_PHYTYPE_LP ||
736  phy->type == B43_PHYTYPE_LCN)
737  b43_write16(dev, B43_MMIO_TXE0_PHYCTL1, 0x1A02);
738 
739  b43_write16(dev, B43_MMIO_TXE0_WM_0, 0x0000);
740  b43_write16(dev, B43_MMIO_TXE0_WM_1, 0x0000);
741 
742  b43_write16(dev, B43_MMIO_XMTTPLATETXPTR, 0x0000);
743  b43_write16(dev, B43_MMIO_XMTTXCNT, 0x0014);
744  b43_write16(dev, B43_MMIO_XMTSEL, 0x0826);
745  b43_write16(dev, B43_MMIO_TXE0_CTL, 0x0000);
746 
747  if (!pa_on && phy->type == B43_PHYTYPE_N)
748  ; /*b43_nphy_pa_override(dev, false) */
749 
750  switch (phy->type) {
751  case B43_PHYTYPE_N:
752  case B43_PHYTYPE_LCN:
753  b43_write16(dev, B43_MMIO_TXE0_AUX, 0x00D0);
754  break;
755  case B43_PHYTYPE_LP:
756  b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0050);
757  break;
758  default:
759  b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0030);
760  }
761  b43_read16(dev, B43_MMIO_TXE0_AUX);
762 
763  if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
764  b43_radio_write16(dev, 0x0051, 0x0017);
765  for (i = 0x00; i < max_loop; i++) {
766  value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
767  if (value & 0x0080)
768  break;
769  udelay(10);
770  }
771  for (i = 0x00; i < 0x0A; i++) {
772  value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
773  if (value & 0x0400)
774  break;
775  udelay(10);
776  }
777  for (i = 0x00; i < 0x19; i++) {
778  value = b43_read16(dev, B43_MMIO_IFSSTAT);
779  if (!(value & 0x0100))
780  break;
781  udelay(10);
782  }
783  if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
784  b43_radio_write16(dev, 0x0051, 0x0037);
785 }
786 
787 static void key_write(struct b43_wldev *dev,
788  u8 index, u8 algorithm, const u8 *key)
789 {
790  unsigned int i;
791  u32 offset;
792  u16 value;
793  u16 kidx;
794 
795  /* Key index/algo block */
796  kidx = b43_kidx_to_fw(dev, index);
797  value = ((kidx << 4) | algorithm);
798  b43_shm_write16(dev, B43_SHM_SHARED,
799  B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
800 
801  /* Write the key to the Key Table Pointer offset */
802  offset = dev->ktp + (index * B43_SEC_KEYSIZE);
803  for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
804  value = key[i];
805  value |= (u16) (key[i + 1]) << 8;
806  b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
807  }
808 }
809 
810 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
811 {
812  u32 addrtmp[2] = { 0, 0, };
813  u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
814 
815  if (b43_new_kidx_api(dev))
816  pairwise_keys_start = B43_NR_GROUP_KEYS;
817 
818  B43_WARN_ON(index < pairwise_keys_start);
819  /* We have four default TX keys and possibly four default RX keys.
820  * Physical mac 0 is mapped to physical key 4 or 8, depending
821  * on the firmware version.
822  * So we must adjust the index here.
823  */
824  index -= pairwise_keys_start;
825  B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
826 
827  if (addr) {
828  addrtmp[0] = addr[0];
829  addrtmp[0] |= ((u32) (addr[1]) << 8);
830  addrtmp[0] |= ((u32) (addr[2]) << 16);
831  addrtmp[0] |= ((u32) (addr[3]) << 24);
832  addrtmp[1] = addr[4];
833  addrtmp[1] |= ((u32) (addr[5]) << 8);
834  }
835 
836  /* Receive match transmitter address (RCMTA) mechanism */
837  b43_shm_write32(dev, B43_SHM_RCMTA,
838  (index * 2) + 0, addrtmp[0]);
839  b43_shm_write16(dev, B43_SHM_RCMTA,
840  (index * 2) + 1, addrtmp[1]);
841 }
842 
843 /* The ucode will use phase1 key with TEK key to decrypt rx packets.
844  * When a packet is received, the iv32 is checked.
845  * - if it doesn't the packet is returned without modification (and software
846  * decryption can be done). That's what happen when iv16 wrap.
847  * - if it does, the rc4 key is computed, and decryption is tried.
848  * Either it will success and B43_RX_MAC_DEC is returned,
849  * either it fails and B43_RX_MAC_DEC|B43_RX_MAC_DECERR is returned
850  * and the packet is not usable (it got modified by the ucode).
851  * So in order to never have B43_RX_MAC_DECERR, we should provide
852  * a iv32 and phase1key that match. Because we drop packets in case of
853  * B43_RX_MAC_DECERR, if we have a correct iv32 but a wrong phase1key, all
854  * packets will be lost without higher layer knowing (ie no resync possible
855  * until next wrap).
856  *
857  * NOTE : this should support 50 key like RCMTA because
858  * (B43_SHM_SH_KEYIDXBLOCK - B43_SHM_SH_TKIPTSCTTAK)/14 = 50
859  */
860 static void rx_tkip_phase1_write(struct b43_wldev *dev, u8 index, u32 iv32,
861  u16 *phase1key)
862 {
863  unsigned int i;
864  u32 offset;
865  u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
866 
867  if (!modparam_hwtkip)
868  return;
869 
870  if (b43_new_kidx_api(dev))
871  pairwise_keys_start = B43_NR_GROUP_KEYS;
872 
873  B43_WARN_ON(index < pairwise_keys_start);
874  /* We have four default TX keys and possibly four default RX keys.
875  * Physical mac 0 is mapped to physical key 4 or 8, depending
876  * on the firmware version.
877  * So we must adjust the index here.
878  */
879  index -= pairwise_keys_start;
880  B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
881 
882  if (b43_debug(dev, B43_DBG_KEYS)) {
883  b43dbg(dev->wl, "rx_tkip_phase1_write : idx 0x%x, iv32 0x%x\n",
884  index, iv32);
885  }
886  /* Write the key to the RX tkip shared mem */
887  offset = B43_SHM_SH_TKIPTSCTTAK + index * (10 + 4);
888  for (i = 0; i < 10; i += 2) {
889  b43_shm_write16(dev, B43_SHM_SHARED, offset + i,
890  phase1key ? phase1key[i / 2] : 0);
891  }
892  b43_shm_write16(dev, B43_SHM_SHARED, offset + i, iv32);
893  b43_shm_write16(dev, B43_SHM_SHARED, offset + i + 2, iv32 >> 16);
894 }
895 
896 static void b43_op_update_tkip_key(struct ieee80211_hw *hw,
897  struct ieee80211_vif *vif,
898  struct ieee80211_key_conf *keyconf,
899  struct ieee80211_sta *sta,
900  u32 iv32, u16 *phase1key)
901 {
902  struct b43_wl *wl = hw_to_b43_wl(hw);
903  struct b43_wldev *dev;
904  int index = keyconf->hw_key_idx;
905 
906  if (B43_WARN_ON(!modparam_hwtkip))
907  return;
908 
909  /* This is only called from the RX path through mac80211, where
910  * our mutex is already locked. */
911  B43_WARN_ON(!mutex_is_locked(&wl->mutex));
912  dev = wl->current_dev;
913  B43_WARN_ON(!dev || b43_status(dev) < B43_STAT_INITIALIZED);
914 
915  keymac_write(dev, index, NULL); /* First zero out mac to avoid race */
916 
917  rx_tkip_phase1_write(dev, index, iv32, phase1key);
918  /* only pairwise TKIP keys are supported right now */
919  if (WARN_ON(!sta))
920  return;
921  keymac_write(dev, index, sta->addr);
922 }
923 
924 static void do_key_write(struct b43_wldev *dev,
925  u8 index, u8 algorithm,
926  const u8 *key, size_t key_len, const u8 *mac_addr)
927 {
928  u8 buf[B43_SEC_KEYSIZE] = { 0, };
929  u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
930 
931  if (b43_new_kidx_api(dev))
932  pairwise_keys_start = B43_NR_GROUP_KEYS;
933 
934  B43_WARN_ON(index >= ARRAY_SIZE(dev->key));
935  B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
936 
937  if (index >= pairwise_keys_start)
938  keymac_write(dev, index, NULL); /* First zero out mac. */
939  if (algorithm == B43_SEC_ALGO_TKIP) {
940  /*
941  * We should provide an initial iv32, phase1key pair.
942  * We could start with iv32=0 and compute the corresponding
943  * phase1key, but this means calling ieee80211_get_tkip_key
944  * with a fake skb (or export other tkip function).
945  * Because we are lazy we hope iv32 won't start with
946  * 0xffffffff and let's b43_op_update_tkip_key provide a
947  * correct pair.
948  */
949  rx_tkip_phase1_write(dev, index, 0xffffffff, (u16*)buf);
950  } else if (index >= pairwise_keys_start) /* clear it */
951  rx_tkip_phase1_write(dev, index, 0, NULL);
952  if (key)
953  memcpy(buf, key, key_len);
954  key_write(dev, index, algorithm, buf);
955  if (index >= pairwise_keys_start)
956  keymac_write(dev, index, mac_addr);
957 
958  dev->key[index].algorithm = algorithm;
959 }
960 
961 static int b43_key_write(struct b43_wldev *dev,
962  int index, u8 algorithm,
963  const u8 *key, size_t key_len,
964  const u8 *mac_addr,
965  struct ieee80211_key_conf *keyconf)
966 {
967  int i;
968  int pairwise_keys_start;
969 
970  /* For ALG_TKIP the key is encoded as a 256-bit (32 byte) data block:
971  * - Temporal Encryption Key (128 bits)
972  * - Temporal Authenticator Tx MIC Key (64 bits)
973  * - Temporal Authenticator Rx MIC Key (64 bits)
974  *
975  * Hardware only store TEK
976  */
977  if (algorithm == B43_SEC_ALGO_TKIP && key_len == 32)
978  key_len = 16;
979  if (key_len > B43_SEC_KEYSIZE)
980  return -EINVAL;
981  for (i = 0; i < ARRAY_SIZE(dev->key); i++) {
982  /* Check that we don't already have this key. */
983  B43_WARN_ON(dev->key[i].keyconf == keyconf);
984  }
985  if (index < 0) {
986  /* Pairwise key. Get an empty slot for the key. */
987  if (b43_new_kidx_api(dev))
988  pairwise_keys_start = B43_NR_GROUP_KEYS;
989  else
990  pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
991  for (i = pairwise_keys_start;
992  i < pairwise_keys_start + B43_NR_PAIRWISE_KEYS;
993  i++) {
994  B43_WARN_ON(i >= ARRAY_SIZE(dev->key));
995  if (!dev->key[i].keyconf) {
996  /* found empty */
997  index = i;
998  break;
999  }
1000  }
1001  if (index < 0) {
1002  b43warn(dev->wl, "Out of hardware key memory\n");
1003  return -ENOSPC;
1004  }
1005  } else
1006  B43_WARN_ON(index > 3);
1007 
1008  do_key_write(dev, index, algorithm, key, key_len, mac_addr);
1009  if ((index <= 3) && !b43_new_kidx_api(dev)) {
1010  /* Default RX key */
1011  B43_WARN_ON(mac_addr);
1012  do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
1013  }
1014  keyconf->hw_key_idx = index;
1015  dev->key[index].keyconf = keyconf;
1016 
1017  return 0;
1018 }
1019 
1020 static int b43_key_clear(struct b43_wldev *dev, int index)
1021 {
1022  if (B43_WARN_ON((index < 0) || (index >= ARRAY_SIZE(dev->key))))
1023  return -EINVAL;
1024  do_key_write(dev, index, B43_SEC_ALGO_NONE,
1025  NULL, B43_SEC_KEYSIZE, NULL);
1026  if ((index <= 3) && !b43_new_kidx_api(dev)) {
1027  do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
1028  NULL, B43_SEC_KEYSIZE, NULL);
1029  }
1030  dev->key[index].keyconf = NULL;
1031 
1032  return 0;
1033 }
1034 
1035 static void b43_clear_keys(struct b43_wldev *dev)
1036 {
1037  int i, count;
1038 
1039  if (b43_new_kidx_api(dev))
1040  count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1041  else
1042  count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1043  for (i = 0; i < count; i++)
1044  b43_key_clear(dev, i);
1045 }
1046 
1047 static void b43_dump_keymemory(struct b43_wldev *dev)
1048 {
1049  unsigned int i, index, count, offset, pairwise_keys_start;
1050  u8 mac[ETH_ALEN];
1051  u16 algo;
1052  u32 rcmta0;
1053  u16 rcmta1;
1054  u64 hf;
1055  struct b43_key *key;
1056 
1057  if (!b43_debug(dev, B43_DBG_KEYS))
1058  return;
1059 
1060  hf = b43_hf_read(dev);
1061  b43dbg(dev->wl, "Hardware key memory dump: USEDEFKEYS=%u\n",
1062  !!(hf & B43_HF_USEDEFKEYS));
1063  if (b43_new_kidx_api(dev)) {
1064  pairwise_keys_start = B43_NR_GROUP_KEYS;
1065  count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1066  } else {
1067  pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1068  count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1069  }
1070  for (index = 0; index < count; index++) {
1071  key = &(dev->key[index]);
1072  printk(KERN_DEBUG "Key slot %02u: %s",
1073  index, (key->keyconf == NULL) ? " " : "*");
1074  offset = dev->ktp + (index * B43_SEC_KEYSIZE);
1075  for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
1076  u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1077  printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1078  }
1079 
1080  algo = b43_shm_read16(dev, B43_SHM_SHARED,
1081  B43_SHM_SH_KEYIDXBLOCK + (index * 2));
1082  printk(" Algo: %04X/%02X", algo, key->algorithm);
1083 
1084  if (index >= pairwise_keys_start) {
1085  if (key->algorithm == B43_SEC_ALGO_TKIP) {
1086  printk(" TKIP: ");
1087  offset = B43_SHM_SH_TKIPTSCTTAK + (index - 4) * (10 + 4);
1088  for (i = 0; i < 14; i += 2) {
1089  u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1090  printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1091  }
1092  }
1093  rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
1094  ((index - pairwise_keys_start) * 2) + 0);
1095  rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
1096  ((index - pairwise_keys_start) * 2) + 1);
1097  *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
1098  *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
1099  printk(" MAC: %pM", mac);
1100  } else
1101  printk(" DEFAULT KEY");
1102  printk("\n");
1103  }
1104 }
1105 
1106 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1107 {
1108  u32 macctl;
1109  u16 ucstat;
1110  bool hwps;
1111  bool awake;
1112  int i;
1113 
1114  B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1115  (ps_flags & B43_PS_DISABLED));
1116  B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1117 
1118  if (ps_flags & B43_PS_ENABLED) {
1119  hwps = true;
1120  } else if (ps_flags & B43_PS_DISABLED) {
1121  hwps = false;
1122  } else {
1123  //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1124  // and thus is not an AP and we are associated, set bit 25
1125  }
1126  if (ps_flags & B43_PS_AWAKE) {
1127  awake = true;
1128  } else if (ps_flags & B43_PS_ASLEEP) {
1129  awake = false;
1130  } else {
1131  //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1132  // or we are associated, or FIXME, or the latest PS-Poll packet sent was
1133  // successful, set bit26
1134  }
1135 
1136 /* FIXME: For now we force awake-on and hwps-off */
1137  hwps = false;
1138  awake = true;
1139 
1140  macctl = b43_read32(dev, B43_MMIO_MACCTL);
1141  if (hwps)
1142  macctl |= B43_MACCTL_HWPS;
1143  else
1144  macctl &= ~B43_MACCTL_HWPS;
1145  if (awake)
1146  macctl |= B43_MACCTL_AWAKE;
1147  else
1148  macctl &= ~B43_MACCTL_AWAKE;
1149  b43_write32(dev, B43_MMIO_MACCTL, macctl);
1150  /* Commit write */
1151  b43_read32(dev, B43_MMIO_MACCTL);
1152  if (awake && dev->dev->core_rev >= 5) {
1153  /* Wait for the microcode to wake up. */
1154  for (i = 0; i < 100; i++) {
1155  ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1156  B43_SHM_SH_UCODESTAT);
1157  if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1158  break;
1159  udelay(10);
1160  }
1161  }
1162 }
1163 
1164 #ifdef CONFIG_B43_BCMA
1165 static void b43_bcma_phy_reset(struct b43_wldev *dev)
1166 {
1167  u32 flags;
1168 
1169  /* Put PHY into reset */
1170  flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1171  flags |= B43_BCMA_IOCTL_PHY_RESET;
1172  flags |= B43_BCMA_IOCTL_PHY_BW_20MHZ; /* Make 20 MHz def */
1173  bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1174  udelay(2);
1175 
1176  /* Take PHY out of reset */
1177  flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1178  flags &= ~B43_BCMA_IOCTL_PHY_RESET;
1179  flags |= BCMA_IOCTL_FGC;
1180  bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1181  udelay(1);
1182 
1183  /* Do not force clock anymore */
1184  flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1185  flags &= ~BCMA_IOCTL_FGC;
1186  bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1187  udelay(1);
1188 }
1189 
1190 static void b43_bcma_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1191 {
1192  b43_device_enable(dev, B43_BCMA_IOCTL_PHY_CLKEN);
1193  bcma_core_set_clockmode(dev->dev->bdev, BCMA_CLKMODE_FAST);
1194  b43_bcma_phy_reset(dev);
1195  bcma_core_pll_ctl(dev->dev->bdev, 0x300, 0x3000000, true);
1196 }
1197 #endif
1198 
1199 static void b43_ssb_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1200 {
1201  struct ssb_device *sdev = dev->dev->sdev;
1202  u32 tmslow;
1203  u32 flags = 0;
1204 
1205  if (gmode)
1206  flags |= B43_TMSLOW_GMODE;
1207  flags |= B43_TMSLOW_PHYCLKEN;
1208  flags |= B43_TMSLOW_PHYRESET;
1209  if (dev->phy.type == B43_PHYTYPE_N)
1210  flags |= B43_TMSLOW_PHY_BANDWIDTH_20MHZ; /* Make 20 MHz def */
1211  b43_device_enable(dev, flags);
1212  msleep(2); /* Wait for the PLL to turn on. */
1213 
1214  /* Now take the PHY out of Reset again */
1215  tmslow = ssb_read32(sdev, SSB_TMSLOW);
1216  tmslow |= SSB_TMSLOW_FGC;
1217  tmslow &= ~B43_TMSLOW_PHYRESET;
1218  ssb_write32(sdev, SSB_TMSLOW, tmslow);
1219  ssb_read32(sdev, SSB_TMSLOW); /* flush */
1220  msleep(1);
1221  tmslow &= ~SSB_TMSLOW_FGC;
1222  ssb_write32(sdev, SSB_TMSLOW, tmslow);
1223  ssb_read32(sdev, SSB_TMSLOW); /* flush */
1224  msleep(1);
1225 }
1226 
1227 void b43_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1228 {
1229  u32 macctl;
1230 
1231  switch (dev->dev->bus_type) {
1232 #ifdef CONFIG_B43_BCMA
1233  case B43_BUS_BCMA:
1234  b43_bcma_wireless_core_reset(dev, gmode);
1235  break;
1236 #endif
1237 #ifdef CONFIG_B43_SSB
1238  case B43_BUS_SSB:
1239  b43_ssb_wireless_core_reset(dev, gmode);
1240  break;
1241 #endif
1242  }
1243 
1244  /* Turn Analog ON, but only if we already know the PHY-type.
1245  * This protects against very early setup where we don't know the
1246  * PHY-type, yet. wireless_core_reset will be called once again later,
1247  * when we know the PHY-type. */
1248  if (dev->phy.ops)
1249  dev->phy.ops->switch_analog(dev, 1);
1250 
1251  macctl = b43_read32(dev, B43_MMIO_MACCTL);
1252  macctl &= ~B43_MACCTL_GMODE;
1253  if (gmode)
1254  macctl |= B43_MACCTL_GMODE;
1255  macctl |= B43_MACCTL_IHR_ENABLED;
1256  b43_write32(dev, B43_MMIO_MACCTL, macctl);
1257 }
1258 
1259 static void handle_irq_transmit_status(struct b43_wldev *dev)
1260 {
1261  u32 v0, v1;
1262  u16 tmp;
1263  struct b43_txstatus stat;
1264 
1265  while (1) {
1266  v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1267  if (!(v0 & 0x00000001))
1268  break;
1269  v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1270 
1271  stat.cookie = (v0 >> 16);
1272  stat.seq = (v1 & 0x0000FFFF);
1273  stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1274  tmp = (v0 & 0x0000FFFF);
1275  stat.frame_count = ((tmp & 0xF000) >> 12);
1276  stat.rts_count = ((tmp & 0x0F00) >> 8);
1277  stat.supp_reason = ((tmp & 0x001C) >> 2);
1278  stat.pm_indicated = !!(tmp & 0x0080);
1279  stat.intermediate = !!(tmp & 0x0040);
1280  stat.for_ampdu = !!(tmp & 0x0020);
1281  stat.acked = !!(tmp & 0x0002);
1282 
1283  b43_handle_txstatus(dev, &stat);
1284  }
1285 }
1286 
1287 static void drain_txstatus_queue(struct b43_wldev *dev)
1288 {
1289  u32 dummy;
1290 
1291  if (dev->dev->core_rev < 5)
1292  return;
1293  /* Read all entries from the microcode TXstatus FIFO
1294  * and throw them away.
1295  */
1296  while (1) {
1297  dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1298  if (!(dummy & 0x00000001))
1299  break;
1300  dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1301  }
1302 }
1303 
1304 static u32 b43_jssi_read(struct b43_wldev *dev)
1305 {
1306  u32 val = 0;
1307 
1308  val = b43_shm_read16(dev, B43_SHM_SHARED, 0x08A);
1309  val <<= 16;
1310  val |= b43_shm_read16(dev, B43_SHM_SHARED, 0x088);
1311 
1312  return val;
1313 }
1314 
1315 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1316 {
1317  b43_shm_write16(dev, B43_SHM_SHARED, 0x088, (jssi & 0x0000FFFF));
1318  b43_shm_write16(dev, B43_SHM_SHARED, 0x08A, (jssi & 0xFFFF0000) >> 16);
1319 }
1320 
1321 static void b43_generate_noise_sample(struct b43_wldev *dev)
1322 {
1323  b43_jssi_write(dev, 0x7F7F7F7F);
1324  b43_write32(dev, B43_MMIO_MACCMD,
1325  b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1326 }
1327 
1328 static void b43_calculate_link_quality(struct b43_wldev *dev)
1329 {
1330  /* Top half of Link Quality calculation. */
1331 
1332  if (dev->phy.type != B43_PHYTYPE_G)
1333  return;
1334  if (dev->noisecalc.calculation_running)
1335  return;
1336  dev->noisecalc.calculation_running = true;
1337  dev->noisecalc.nr_samples = 0;
1338 
1339  b43_generate_noise_sample(dev);
1340 }
1341 
1342 static void handle_irq_noise(struct b43_wldev *dev)
1343 {
1344  struct b43_phy_g *phy = dev->phy.g;
1345  u16 tmp;
1346  u8 noise[4];
1347  u8 i, j;
1348  s32 average;
1349 
1350  /* Bottom half of Link Quality calculation. */
1351 
1352  if (dev->phy.type != B43_PHYTYPE_G)
1353  return;
1354 
1355  /* Possible race condition: It might be possible that the user
1356  * changed to a different channel in the meantime since we
1357  * started the calculation. We ignore that fact, since it's
1358  * not really that much of a problem. The background noise is
1359  * an estimation only anyway. Slightly wrong results will get damped
1360  * by the averaging of the 8 sample rounds. Additionally the
1361  * value is shortlived. So it will be replaced by the next noise
1362  * calculation round soon. */
1363 
1364  B43_WARN_ON(!dev->noisecalc.calculation_running);
1365  *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1366  if (noise[0] == 0x7F || noise[1] == 0x7F ||
1367  noise[2] == 0x7F || noise[3] == 0x7F)
1368  goto generate_new;
1369 
1370  /* Get the noise samples. */
1371  B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1372  i = dev->noisecalc.nr_samples;
1373  noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1374  noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1375  noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1376  noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1377  dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1378  dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1379  dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1380  dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1381  dev->noisecalc.nr_samples++;
1382  if (dev->noisecalc.nr_samples == 8) {
1383  /* Calculate the Link Quality by the noise samples. */
1384  average = 0;
1385  for (i = 0; i < 8; i++) {
1386  for (j = 0; j < 4; j++)
1387  average += dev->noisecalc.samples[i][j];
1388  }
1389  average /= (8 * 4);
1390  average *= 125;
1391  average += 64;
1392  average /= 128;
1393  tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1394  tmp = (tmp / 128) & 0x1F;
1395  if (tmp >= 8)
1396  average += 2;
1397  else
1398  average -= 25;
1399  if (tmp == 8)
1400  average -= 72;
1401  else
1402  average -= 48;
1403 
1404  dev->stats.link_noise = average;
1405  dev->noisecalc.calculation_running = false;
1406  return;
1407  }
1408 generate_new:
1409  b43_generate_noise_sample(dev);
1410 }
1411 
1412 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1413 {
1414  if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1416  } else {
1417  if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1418  b43_power_saving_ctl_bits(dev, 0);
1419  }
1420  if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1421  dev->dfq_valid = true;
1422 }
1423 
1424 static void handle_irq_atim_end(struct b43_wldev *dev)
1425 {
1426  if (dev->dfq_valid) {
1427  b43_write32(dev, B43_MMIO_MACCMD,
1428  b43_read32(dev, B43_MMIO_MACCMD)
1429  | B43_MACCMD_DFQ_VALID);
1430  dev->dfq_valid = false;
1431  }
1432 }
1433 
1434 static void handle_irq_pmq(struct b43_wldev *dev)
1435 {
1436  u32 tmp;
1437 
1438  //TODO: AP mode.
1439 
1440  while (1) {
1441  tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1442  if (!(tmp & 0x00000008))
1443  break;
1444  }
1445  /* 16bit write is odd, but correct. */
1446  b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1447 }
1448 
1449 static void b43_write_template_common(struct b43_wldev *dev,
1450  const u8 *data, u16 size,
1451  u16 ram_offset,
1452  u16 shm_size_offset, u8 rate)
1453 {
1454  u32 i, tmp;
1455  struct b43_plcp_hdr4 plcp;
1456 
1457  plcp.data = 0;
1458  b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1459  b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1460  ram_offset += sizeof(u32);
1461  /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1462  * So leave the first two bytes of the next write blank.
1463  */
1464  tmp = (u32) (data[0]) << 16;
1465  tmp |= (u32) (data[1]) << 24;
1466  b43_ram_write(dev, ram_offset, tmp);
1467  ram_offset += sizeof(u32);
1468  for (i = 2; i < size; i += sizeof(u32)) {
1469  tmp = (u32) (data[i + 0]);
1470  if (i + 1 < size)
1471  tmp |= (u32) (data[i + 1]) << 8;
1472  if (i + 2 < size)
1473  tmp |= (u32) (data[i + 2]) << 16;
1474  if (i + 3 < size)
1475  tmp |= (u32) (data[i + 3]) << 24;
1476  b43_ram_write(dev, ram_offset + i - 2, tmp);
1477  }
1478  b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1479  size + sizeof(struct b43_plcp_hdr6));
1480 }
1481 
1482 /* Check if the use of the antenna that ieee80211 told us to
1483  * use is possible. This will fall back to DEFAULT.
1484  * "antenna_nr" is the antenna identifier we got from ieee80211. */
1485 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1486  u8 antenna_nr)
1487 {
1488  u8 antenna_mask;
1489 
1490  if (antenna_nr == 0) {
1491  /* Zero means "use default antenna". That's always OK. */
1492  return 0;
1493  }
1494 
1495  /* Get the mask of available antennas. */
1496  if (dev->phy.gmode)
1497  antenna_mask = dev->dev->bus_sprom->ant_available_bg;
1498  else
1499  antenna_mask = dev->dev->bus_sprom->ant_available_a;
1500 
1501  if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1502  /* This antenna is not available. Fall back to default. */
1503  return 0;
1504  }
1505 
1506  return antenna_nr;
1507 }
1508 
1509 /* Convert a b43 antenna number value to the PHY TX control value. */
1510 static u16 b43_antenna_to_phyctl(int antenna)
1511 {
1512  switch (antenna) {
1513  case B43_ANTENNA0:
1514  return B43_TXH_PHY_ANT0;
1515  case B43_ANTENNA1:
1516  return B43_TXH_PHY_ANT1;
1517  case B43_ANTENNA2:
1518  return B43_TXH_PHY_ANT2;
1519  case B43_ANTENNA3:
1520  return B43_TXH_PHY_ANT3;
1521  case B43_ANTENNA_AUTO0:
1522  case B43_ANTENNA_AUTO1:
1523  return B43_TXH_PHY_ANT01AUTO;
1524  }
1525  B43_WARN_ON(1);
1526  return 0;
1527 }
1528 
1529 static void b43_write_beacon_template(struct b43_wldev *dev,
1530  u16 ram_offset,
1531  u16 shm_size_offset)
1532 {
1533  unsigned int i, len, variable_len;
1534  const struct ieee80211_mgmt *bcn;
1535  const u8 *ie;
1536  bool tim_found = false;
1537  unsigned int rate;
1538  u16 ctl;
1539  int antenna;
1540  struct ieee80211_tx_info *info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1541 
1542  bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1543  len = min((size_t) dev->wl->current_beacon->len,
1544  0x200 - sizeof(struct b43_plcp_hdr6));
1545  rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1546 
1547  b43_write_template_common(dev, (const u8 *)bcn,
1548  len, ram_offset, shm_size_offset, rate);
1549 
1550  /* Write the PHY TX control parameters. */
1551  antenna = B43_ANTENNA_DEFAULT;
1552  antenna = b43_antenna_to_phyctl(antenna);
1553  ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1554  /* We can't send beacons with short preamble. Would get PHY errors. */
1555  ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1556  ctl &= ~B43_TXH_PHY_ANT;
1557  ctl &= ~B43_TXH_PHY_ENC;
1558  ctl |= antenna;
1559  if (b43_is_cck_rate(rate))
1560  ctl |= B43_TXH_PHY_ENC_CCK;
1561  else
1562  ctl |= B43_TXH_PHY_ENC_OFDM;
1563  b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1564 
1565  /* Find the position of the TIM and the DTIM_period value
1566  * and write them to SHM. */
1567  ie = bcn->u.beacon.variable;
1568  variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1569  for (i = 0; i < variable_len - 2; ) {
1570  uint8_t ie_id, ie_len;
1571 
1572  ie_id = ie[i];
1573  ie_len = ie[i + 1];
1574  if (ie_id == 5) {
1575  u16 tim_position;
1576  u16 dtim_period;
1577  /* This is the TIM Information Element */
1578 
1579  /* Check whether the ie_len is in the beacon data range. */
1580  if (variable_len < ie_len + 2 + i)
1581  break;
1582  /* A valid TIM is at least 4 bytes long. */
1583  if (ie_len < 4)
1584  break;
1585  tim_found = true;
1586 
1587  tim_position = sizeof(struct b43_plcp_hdr6);
1588  tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1589  tim_position += i;
1590 
1591  dtim_period = ie[i + 3];
1592 
1593  b43_shm_write16(dev, B43_SHM_SHARED,
1594  B43_SHM_SH_TIMBPOS, tim_position);
1595  b43_shm_write16(dev, B43_SHM_SHARED,
1596  B43_SHM_SH_DTIMPER, dtim_period);
1597  break;
1598  }
1599  i += ie_len + 2;
1600  }
1601  if (!tim_found) {
1602  /*
1603  * If ucode wants to modify TIM do it behind the beacon, this
1604  * will happen, for example, when doing mesh networking.
1605  */
1606  b43_shm_write16(dev, B43_SHM_SHARED,
1607  B43_SHM_SH_TIMBPOS,
1608  len + sizeof(struct b43_plcp_hdr6));
1609  b43_shm_write16(dev, B43_SHM_SHARED,
1610  B43_SHM_SH_DTIMPER, 0);
1611  }
1612  b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1613 }
1614 
1615 static void b43_upload_beacon0(struct b43_wldev *dev)
1616 {
1617  struct b43_wl *wl = dev->wl;
1618 
1619  if (wl->beacon0_uploaded)
1620  return;
1621  b43_write_beacon_template(dev, 0x68, 0x18);
1622  wl->beacon0_uploaded = true;
1623 }
1624 
1625 static void b43_upload_beacon1(struct b43_wldev *dev)
1626 {
1627  struct b43_wl *wl = dev->wl;
1628 
1629  if (wl->beacon1_uploaded)
1630  return;
1631  b43_write_beacon_template(dev, 0x468, 0x1A);
1632  wl->beacon1_uploaded = true;
1633 }
1634 
1635 static void handle_irq_beacon(struct b43_wldev *dev)
1636 {
1637  struct b43_wl *wl = dev->wl;
1638  u32 cmd, beacon0_valid, beacon1_valid;
1639 
1640  if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1641  !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) &&
1642  !b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
1643  return;
1644 
1645  /* This is the bottom half of the asynchronous beacon update. */
1646 
1647  /* Ignore interrupt in the future. */
1648  dev->irq_mask &= ~B43_IRQ_BEACON;
1649 
1650  cmd = b43_read32(dev, B43_MMIO_MACCMD);
1651  beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1652  beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1653 
1654  /* Schedule interrupt manually, if busy. */
1655  if (beacon0_valid && beacon1_valid) {
1656  b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1657  dev->irq_mask |= B43_IRQ_BEACON;
1658  return;
1659  }
1660 
1661  if (unlikely(wl->beacon_templates_virgin)) {
1662  /* We never uploaded a beacon before.
1663  * Upload both templates now, but only mark one valid. */
1664  wl->beacon_templates_virgin = false;
1665  b43_upload_beacon0(dev);
1666  b43_upload_beacon1(dev);
1667  cmd = b43_read32(dev, B43_MMIO_MACCMD);
1668  cmd |= B43_MACCMD_BEACON0_VALID;
1669  b43_write32(dev, B43_MMIO_MACCMD, cmd);
1670  } else {
1671  if (!beacon0_valid) {
1672  b43_upload_beacon0(dev);
1673  cmd = b43_read32(dev, B43_MMIO_MACCMD);
1674  cmd |= B43_MACCMD_BEACON0_VALID;
1675  b43_write32(dev, B43_MMIO_MACCMD, cmd);
1676  } else if (!beacon1_valid) {
1677  b43_upload_beacon1(dev);
1678  cmd = b43_read32(dev, B43_MMIO_MACCMD);
1679  cmd |= B43_MACCMD_BEACON1_VALID;
1680  b43_write32(dev, B43_MMIO_MACCMD, cmd);
1681  }
1682  }
1683 }
1684 
1685 static void b43_do_beacon_update_trigger_work(struct b43_wldev *dev)
1686 {
1687  u32 old_irq_mask = dev->irq_mask;
1688 
1689  /* update beacon right away or defer to irq */
1690  handle_irq_beacon(dev);
1691  if (old_irq_mask != dev->irq_mask) {
1692  /* The handler updated the IRQ mask. */
1693  B43_WARN_ON(!dev->irq_mask);
1694  if (b43_read32(dev, B43_MMIO_GEN_IRQ_MASK)) {
1695  b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1696  } else {
1697  /* Device interrupts are currently disabled. That means
1698  * we just ran the hardirq handler and scheduled the
1699  * IRQ thread. The thread will write the IRQ mask when
1700  * it finished, so there's nothing to do here. Writing
1701  * the mask _here_ would incorrectly re-enable IRQs. */
1702  }
1703  }
1704 }
1705 
1706 static void b43_beacon_update_trigger_work(struct work_struct *work)
1707 {
1708  struct b43_wl *wl = container_of(work, struct b43_wl,
1709  beacon_update_trigger);
1710  struct b43_wldev *dev;
1711 
1712  mutex_lock(&wl->mutex);
1713  dev = wl->current_dev;
1714  if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1715  if (b43_bus_host_is_sdio(dev->dev)) {
1716  /* wl->mutex is enough. */
1717  b43_do_beacon_update_trigger_work(dev);
1718  mmiowb();
1719  } else {
1720  spin_lock_irq(&wl->hardirq_lock);
1721  b43_do_beacon_update_trigger_work(dev);
1722  mmiowb();
1723  spin_unlock_irq(&wl->hardirq_lock);
1724  }
1725  }
1726  mutex_unlock(&wl->mutex);
1727 }
1728 
1729 /* Asynchronously update the packet templates in template RAM.
1730  * Locking: Requires wl->mutex to be locked. */
1731 static void b43_update_templates(struct b43_wl *wl)
1732 {
1733  struct sk_buff *beacon;
1734 
1735  /* This is the top half of the ansynchronous beacon update.
1736  * The bottom half is the beacon IRQ.
1737  * Beacon update must be asynchronous to avoid sending an
1738  * invalid beacon. This can happen for example, if the firmware
1739  * transmits a beacon while we are updating it. */
1740 
1741  /* We could modify the existing beacon and set the aid bit in
1742  * the TIM field, but that would probably require resizing and
1743  * moving of data within the beacon template.
1744  * Simply request a new beacon and let mac80211 do the hard work. */
1745  beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1746  if (unlikely(!beacon))
1747  return;
1748 
1749  if (wl->current_beacon)
1750  dev_kfree_skb_any(wl->current_beacon);
1751  wl->current_beacon = beacon;
1752  wl->beacon0_uploaded = false;
1753  wl->beacon1_uploaded = false;
1754  ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1755 }
1756 
1757 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1758 {
1759  b43_time_lock(dev);
1760  if (dev->dev->core_rev >= 3) {
1761  b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1762  b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1763  } else {
1764  b43_write16(dev, 0x606, (beacon_int >> 6));
1765  b43_write16(dev, 0x610, beacon_int);
1766  }
1767  b43_time_unlock(dev);
1768  b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1769 }
1770 
1771 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1772 {
1773  u16 reason;
1774 
1775  /* Read the register that contains the reason code for the panic. */
1776  reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1777  b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1778 
1779  switch (reason) {
1780  default:
1781  b43dbg(dev->wl, "The panic reason is unknown.\n");
1782  /* fallthrough */
1783  case B43_FWPANIC_DIE:
1784  /* Do not restart the controller or firmware.
1785  * The device is nonfunctional from now on.
1786  * Restarting would result in this panic to trigger again,
1787  * so we avoid that recursion. */
1788  break;
1789  case B43_FWPANIC_RESTART:
1790  b43_controller_restart(dev, "Microcode panic");
1791  break;
1792  }
1793 }
1794 
1795 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1796 {
1797  unsigned int i, cnt;
1798  u16 reason, marker_id, marker_line;
1799  __le16 *buf;
1800 
1801  /* The proprietary firmware doesn't have this IRQ. */
1802  if (!dev->fw.opensource)
1803  return;
1804 
1805  /* Read the register that contains the reason code for this IRQ. */
1806  reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1807 
1808  switch (reason) {
1809  case B43_DEBUGIRQ_PANIC:
1810  b43_handle_firmware_panic(dev);
1811  break;
1812  case B43_DEBUGIRQ_DUMP_SHM:
1813  if (!B43_DEBUG)
1814  break; /* Only with driver debugging enabled. */
1815  buf = kmalloc(4096, GFP_ATOMIC);
1816  if (!buf) {
1817  b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1818  goto out;
1819  }
1820  for (i = 0; i < 4096; i += 2) {
1821  u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1822  buf[i / 2] = cpu_to_le16(tmp);
1823  }
1824  b43info(dev->wl, "Shared memory dump:\n");
1825  print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1826  16, 2, buf, 4096, 1);
1827  kfree(buf);
1828  break;
1829  case B43_DEBUGIRQ_DUMP_REGS:
1830  if (!B43_DEBUG)
1831  break; /* Only with driver debugging enabled. */
1832  b43info(dev->wl, "Microcode register dump:\n");
1833  for (i = 0, cnt = 0; i < 64; i++) {
1834  u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1835  if (cnt == 0)
1836  printk(KERN_INFO);
1837  printk("r%02u: 0x%04X ", i, tmp);
1838  cnt++;
1839  if (cnt == 6) {
1840  printk("\n");
1841  cnt = 0;
1842  }
1843  }
1844  printk("\n");
1845  break;
1846  case B43_DEBUGIRQ_MARKER:
1847  if (!B43_DEBUG)
1848  break; /* Only with driver debugging enabled. */
1849  marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1850  B43_MARKER_ID_REG);
1851  marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1852  B43_MARKER_LINE_REG);
1853  b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1854  "at line number %u\n",
1855  marker_id, marker_line);
1856  break;
1857  default:
1858  b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1859  reason);
1860  }
1861 out:
1862  /* Acknowledge the debug-IRQ, so the firmware can continue. */
1863  b43_shm_write16(dev, B43_SHM_SCRATCH,
1864  B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1865 }
1866 
1867 static void b43_do_interrupt_thread(struct b43_wldev *dev)
1868 {
1869  u32 reason;
1870  u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1871  u32 merged_dma_reason = 0;
1872  int i;
1873 
1874  if (unlikely(b43_status(dev) != B43_STAT_STARTED))
1875  return;
1876 
1877  reason = dev->irq_reason;
1878  for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1879  dma_reason[i] = dev->dma_reason[i];
1880  merged_dma_reason |= dma_reason[i];
1881  }
1882 
1883  if (unlikely(reason & B43_IRQ_MAC_TXERR))
1884  b43err(dev->wl, "MAC transmission error\n");
1885 
1886  if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1887  b43err(dev->wl, "PHY transmission error\n");
1888  rmb();
1889  if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1890  atomic_set(&dev->phy.txerr_cnt,
1891  B43_PHY_TX_BADNESS_LIMIT);
1892  b43err(dev->wl, "Too many PHY TX errors, "
1893  "restarting the controller\n");
1894  b43_controller_restart(dev, "PHY TX errors");
1895  }
1896  }
1897 
1898  if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK |
1899  B43_DMAIRQ_NONFATALMASK))) {
1900  if (merged_dma_reason & B43_DMAIRQ_FATALMASK) {
1901  b43err(dev->wl, "Fatal DMA error: "
1902  "0x%08X, 0x%08X, 0x%08X, "
1903  "0x%08X, 0x%08X, 0x%08X\n",
1904  dma_reason[0], dma_reason[1],
1905  dma_reason[2], dma_reason[3],
1906  dma_reason[4], dma_reason[5]);
1907  b43err(dev->wl, "This device does not support DMA "
1908  "on your system. It will now be switched to PIO.\n");
1909  /* Fall back to PIO transfers if we get fatal DMA errors! */
1910  dev->use_pio = true;
1911  b43_controller_restart(dev, "DMA error");
1912  return;
1913  }
1914  if (merged_dma_reason & B43_DMAIRQ_NONFATALMASK) {
1915  b43err(dev->wl, "DMA error: "
1916  "0x%08X, 0x%08X, 0x%08X, "
1917  "0x%08X, 0x%08X, 0x%08X\n",
1918  dma_reason[0], dma_reason[1],
1919  dma_reason[2], dma_reason[3],
1920  dma_reason[4], dma_reason[5]);
1921  }
1922  }
1923 
1924  if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1925  handle_irq_ucode_debug(dev);
1926  if (reason & B43_IRQ_TBTT_INDI)
1927  handle_irq_tbtt_indication(dev);
1928  if (reason & B43_IRQ_ATIM_END)
1929  handle_irq_atim_end(dev);
1930  if (reason & B43_IRQ_BEACON)
1931  handle_irq_beacon(dev);
1932  if (reason & B43_IRQ_PMQ)
1933  handle_irq_pmq(dev);
1934  if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1935  ;/* TODO */
1936  if (reason & B43_IRQ_NOISESAMPLE_OK)
1937  handle_irq_noise(dev);
1938 
1939  /* Check the DMA reason registers for received data. */
1940  if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
1941  if (b43_using_pio_transfers(dev))
1942  b43_pio_rx(dev->pio.rx_queue);
1943  else
1944  b43_dma_rx(dev->dma.rx_ring);
1945  }
1946  B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1947  B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
1948  B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
1949  B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1950  B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1951 
1952  if (reason & B43_IRQ_TX_OK)
1953  handle_irq_transmit_status(dev);
1954 
1955  /* Re-enable interrupts on the device by restoring the current interrupt mask. */
1956  b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1957 
1958 #if B43_DEBUG
1959  if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
1960  dev->irq_count++;
1961  for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
1962  if (reason & (1 << i))
1963  dev->irq_bit_count[i]++;
1964  }
1965  }
1966 #endif
1967 }
1968 
1969 /* Interrupt thread handler. Handles device interrupts in thread context. */
1970 static irqreturn_t b43_interrupt_thread_handler(int irq, void *dev_id)
1971 {
1972  struct b43_wldev *dev = dev_id;
1973 
1974  mutex_lock(&dev->wl->mutex);
1975  b43_do_interrupt_thread(dev);
1976  mmiowb();
1977  mutex_unlock(&dev->wl->mutex);
1978 
1979  return IRQ_HANDLED;
1980 }
1981 
1982 static irqreturn_t b43_do_interrupt(struct b43_wldev *dev)
1983 {
1984  u32 reason;
1985 
1986  /* This code runs under wl->hardirq_lock, but _only_ on non-SDIO busses.
1987  * On SDIO, this runs under wl->mutex. */
1988 
1989  reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1990  if (reason == 0xffffffff) /* shared IRQ */
1991  return IRQ_NONE;
1992  reason &= dev->irq_mask;
1993  if (!reason)
1994  return IRQ_NONE;
1995 
1996  dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
1997  & 0x0001DC00;
1998  dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
1999  & 0x0000DC00;
2000  dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
2001  & 0x0000DC00;
2002  dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
2003  & 0x0001DC00;
2004  dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
2005  & 0x0000DC00;
2006 /* Unused ring
2007  dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
2008  & 0x0000DC00;
2009 */
2010 
2011  /* ACK the interrupt. */
2012  b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
2013  b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
2014  b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
2015  b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
2016  b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
2017  b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
2018 /* Unused ring
2019  b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
2020 */
2021 
2022  /* Disable IRQs on the device. The IRQ thread handler will re-enable them. */
2023  b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
2024  /* Save the reason bitmasks for the IRQ thread handler. */
2025  dev->irq_reason = reason;
2026 
2027  return IRQ_WAKE_THREAD;
2028 }
2029 
2030 /* Interrupt handler top-half. This runs with interrupts disabled. */
2031 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
2032 {
2033  struct b43_wldev *dev = dev_id;
2034  irqreturn_t ret;
2035 
2036  if (unlikely(b43_status(dev) < B43_STAT_STARTED))
2037  return IRQ_NONE;
2038 
2039  spin_lock(&dev->wl->hardirq_lock);
2040  ret = b43_do_interrupt(dev);
2041  mmiowb();
2042  spin_unlock(&dev->wl->hardirq_lock);
2043 
2044  return ret;
2045 }
2046 
2047 /* SDIO interrupt handler. This runs in process context. */
2048 static void b43_sdio_interrupt_handler(struct b43_wldev *dev)
2049 {
2050  struct b43_wl *wl = dev->wl;
2051  irqreturn_t ret;
2052 
2053  mutex_lock(&wl->mutex);
2054 
2055  ret = b43_do_interrupt(dev);
2056  if (ret == IRQ_WAKE_THREAD)
2057  b43_do_interrupt_thread(dev);
2058 
2059  mutex_unlock(&wl->mutex);
2060 }
2061 
2062 void b43_do_release_fw(struct b43_firmware_file *fw)
2063 {
2064  release_firmware(fw->data);
2065  fw->data = NULL;
2066  fw->filename = NULL;
2067 }
2068 
2069 static void b43_release_firmware(struct b43_wldev *dev)
2070 {
2071  b43_do_release_fw(&dev->fw.ucode);
2072  b43_do_release_fw(&dev->fw.pcm);
2073  b43_do_release_fw(&dev->fw.initvals);
2074  b43_do_release_fw(&dev->fw.initvals_band);
2075 }
2076 
2077 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
2078 {
2079  const char text[] =
2080  "You must go to " \
2081  "http://wireless.kernel.org/en/users/Drivers/b43#devicefirmware " \
2082  "and download the correct firmware for this driver version. " \
2083  "Please carefully read all instructions on this website.\n";
2084 
2085  if (error)
2086  b43err(wl, text);
2087  else
2088  b43warn(wl, text);
2089 }
2090 
2091 int b43_do_request_fw(struct b43_request_fw_context *ctx,
2092  const char *name,
2093  struct b43_firmware_file *fw)
2094 {
2095  const struct firmware *blob;
2096  struct b43_fw_header *hdr;
2097  u32 size;
2098  int err;
2099 
2100  if (!name) {
2101  /* Don't fetch anything. Free possibly cached firmware. */
2102  /* FIXME: We should probably keep it anyway, to save some headache
2103  * on suspend/resume with multiband devices. */
2104  b43_do_release_fw(fw);
2105  return 0;
2106  }
2107  if (fw->filename) {
2108  if ((fw->type == ctx->req_type) &&
2109  (strcmp(fw->filename, name) == 0))
2110  return 0; /* Already have this fw. */
2111  /* Free the cached firmware first. */
2112  /* FIXME: We should probably do this later after we successfully
2113  * got the new fw. This could reduce headache with multiband devices.
2114  * We could also redesign this to cache the firmware for all possible
2115  * bands all the time. */
2116  b43_do_release_fw(fw);
2117  }
2118 
2119  switch (ctx->req_type) {
2120  case B43_FWTYPE_PROPRIETARY:
2121  snprintf(ctx->fwname, sizeof(ctx->fwname),
2122  "b43%s/%s.fw",
2123  modparam_fwpostfix, name);
2124  break;
2125  case B43_FWTYPE_OPENSOURCE:
2126  snprintf(ctx->fwname, sizeof(ctx->fwname),
2127  "b43-open%s/%s.fw",
2128  modparam_fwpostfix, name);
2129  break;
2130  default:
2131  B43_WARN_ON(1);
2132  return -ENOSYS;
2133  }
2134  err = request_firmware(&blob, ctx->fwname, ctx->dev->dev->dev);
2135  if (err == -ENOENT) {
2136  snprintf(ctx->errors[ctx->req_type],
2137  sizeof(ctx->errors[ctx->req_type]),
2138  "Firmware file \"%s\" not found\n", ctx->fwname);
2139  return err;
2140  } else if (err) {
2141  snprintf(ctx->errors[ctx->req_type],
2142  sizeof(ctx->errors[ctx->req_type]),
2143  "Firmware file \"%s\" request failed (err=%d)\n",
2144  ctx->fwname, err);
2145  return err;
2146  }
2147  if (blob->size < sizeof(struct b43_fw_header))
2148  goto err_format;
2149  hdr = (struct b43_fw_header *)(blob->data);
2150  switch (hdr->type) {
2151  case B43_FW_TYPE_UCODE:
2152  case B43_FW_TYPE_PCM:
2153  size = be32_to_cpu(hdr->size);
2154  if (size != blob->size - sizeof(struct b43_fw_header))
2155  goto err_format;
2156  /* fallthrough */
2157  case B43_FW_TYPE_IV:
2158  if (hdr->ver != 1)
2159  goto err_format;
2160  break;
2161  default:
2162  goto err_format;
2163  }
2164 
2165  fw->data = blob;
2166  fw->filename = name;
2167  fw->type = ctx->req_type;
2168 
2169  return 0;
2170 
2171 err_format:
2172  snprintf(ctx->errors[ctx->req_type],
2173  sizeof(ctx->errors[ctx->req_type]),
2174  "Firmware file \"%s\" format error.\n", ctx->fwname);
2175  release_firmware(blob);
2176 
2177  return -EPROTO;
2178 }
2179 
2180 static int b43_try_request_fw(struct b43_request_fw_context *ctx)
2181 {
2182  struct b43_wldev *dev = ctx->dev;
2183  struct b43_firmware *fw = &ctx->dev->fw;
2184  const u8 rev = ctx->dev->dev->core_rev;
2185  const char *filename;
2186  u32 tmshigh;
2187  int err;
2188 
2189  /* Files for HT and LCN were found by trying one by one */
2190 
2191  /* Get microcode */
2192  if ((rev >= 5) && (rev <= 10)) {
2193  filename = "ucode5";
2194  } else if ((rev >= 11) && (rev <= 12)) {
2195  filename = "ucode11";
2196  } else if (rev == 13) {
2197  filename = "ucode13";
2198  } else if (rev == 14) {
2199  filename = "ucode14";
2200  } else if (rev == 15) {
2201  filename = "ucode15";
2202  } else {
2203  switch (dev->phy.type) {
2204  case B43_PHYTYPE_N:
2205  if (rev >= 16)
2206  filename = "ucode16_mimo";
2207  else
2208  goto err_no_ucode;
2209  break;
2210  case B43_PHYTYPE_HT:
2211  if (rev == 29)
2212  filename = "ucode29_mimo";
2213  else
2214  goto err_no_ucode;
2215  break;
2216  case B43_PHYTYPE_LCN:
2217  if (rev == 24)
2218  filename = "ucode24_mimo";
2219  else
2220  goto err_no_ucode;
2221  break;
2222  default:
2223  goto err_no_ucode;
2224  }
2225  }
2226  err = b43_do_request_fw(ctx, filename, &fw->ucode);
2227  if (err)
2228  goto err_load;
2229 
2230  /* Get PCM code */
2231  if ((rev >= 5) && (rev <= 10))
2232  filename = "pcm5";
2233  else if (rev >= 11)
2234  filename = NULL;
2235  else
2236  goto err_no_pcm;
2237  fw->pcm_request_failed = false;
2238  err = b43_do_request_fw(ctx, filename, &fw->pcm);
2239  if (err == -ENOENT) {
2240  /* We did not find a PCM file? Not fatal, but
2241  * core rev <= 10 must do without hwcrypto then. */
2242  fw->pcm_request_failed = true;
2243  } else if (err)
2244  goto err_load;
2245 
2246  /* Get initvals */
2247  switch (dev->phy.type) {
2248  case B43_PHYTYPE_A:
2249  if ((rev >= 5) && (rev <= 10)) {
2250  tmshigh = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
2251  if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2252  filename = "a0g1initvals5";
2253  else
2254  filename = "a0g0initvals5";
2255  } else
2256  goto err_no_initvals;
2257  break;
2258  case B43_PHYTYPE_G:
2259  if ((rev >= 5) && (rev <= 10))
2260  filename = "b0g0initvals5";
2261  else if (rev >= 13)
2262  filename = "b0g0initvals13";
2263  else
2264  goto err_no_initvals;
2265  break;
2266  case B43_PHYTYPE_N:
2267  if (rev >= 16)
2268  filename = "n0initvals16";
2269  else if ((rev >= 11) && (rev <= 12))
2270  filename = "n0initvals11";
2271  else
2272  goto err_no_initvals;
2273  break;
2274  case B43_PHYTYPE_LP:
2275  if (rev == 13)
2276  filename = "lp0initvals13";
2277  else if (rev == 14)
2278  filename = "lp0initvals14";
2279  else if (rev >= 15)
2280  filename = "lp0initvals15";
2281  else
2282  goto err_no_initvals;
2283  break;
2284  case B43_PHYTYPE_HT:
2285  if (rev == 29)
2286  filename = "ht0initvals29";
2287  else
2288  goto err_no_initvals;
2289  break;
2290  case B43_PHYTYPE_LCN:
2291  if (rev == 24)
2292  filename = "lcn0initvals24";
2293  else
2294  goto err_no_initvals;
2295  break;
2296  default:
2297  goto err_no_initvals;
2298  }
2299  err = b43_do_request_fw(ctx, filename, &fw->initvals);
2300  if (err)
2301  goto err_load;
2302 
2303  /* Get bandswitch initvals */
2304  switch (dev->phy.type) {
2305  case B43_PHYTYPE_A:
2306  if ((rev >= 5) && (rev <= 10)) {
2307  tmshigh = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
2308  if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2309  filename = "a0g1bsinitvals5";
2310  else
2311  filename = "a0g0bsinitvals5";
2312  } else if (rev >= 11)
2313  filename = NULL;
2314  else
2315  goto err_no_initvals;
2316  break;
2317  case B43_PHYTYPE_G:
2318  if ((rev >= 5) && (rev <= 10))
2319  filename = "b0g0bsinitvals5";
2320  else if (rev >= 11)
2321  filename = NULL;
2322  else
2323  goto err_no_initvals;
2324  break;
2325  case B43_PHYTYPE_N:
2326  if (rev >= 16)
2327  filename = "n0bsinitvals16";
2328  else if ((rev >= 11) && (rev <= 12))
2329  filename = "n0bsinitvals11";
2330  else
2331  goto err_no_initvals;
2332  break;
2333  case B43_PHYTYPE_LP:
2334  if (rev == 13)
2335  filename = "lp0bsinitvals13";
2336  else if (rev == 14)
2337  filename = "lp0bsinitvals14";
2338  else if (rev >= 15)
2339  filename = "lp0bsinitvals15";
2340  else
2341  goto err_no_initvals;
2342  break;
2343  case B43_PHYTYPE_HT:
2344  if (rev == 29)
2345  filename = "ht0bsinitvals29";
2346  else
2347  goto err_no_initvals;
2348  break;
2349  case B43_PHYTYPE_LCN:
2350  if (rev == 24)
2351  filename = "lcn0bsinitvals24";
2352  else
2353  goto err_no_initvals;
2354  break;
2355  default:
2356  goto err_no_initvals;
2357  }
2358  err = b43_do_request_fw(ctx, filename, &fw->initvals_band);
2359  if (err)
2360  goto err_load;
2361 
2362  fw->opensource = (ctx->req_type == B43_FWTYPE_OPENSOURCE);
2363 
2364  return 0;
2365 
2366 err_no_ucode:
2367  err = ctx->fatal_failure = -EOPNOTSUPP;
2368  b43err(dev->wl, "The driver does not know which firmware (ucode) "
2369  "is required for your device (wl-core rev %u)\n", rev);
2370  goto error;
2371 
2372 err_no_pcm:
2373  err = ctx->fatal_failure = -EOPNOTSUPP;
2374  b43err(dev->wl, "The driver does not know which firmware (PCM) "
2375  "is required for your device (wl-core rev %u)\n", rev);
2376  goto error;
2377 
2378 err_no_initvals:
2379  err = ctx->fatal_failure = -EOPNOTSUPP;
2380  b43err(dev->wl, "The driver does not know which firmware (initvals) "
2381  "is required for your device (wl-core rev %u)\n", rev);
2382  goto error;
2383 
2384 err_load:
2385  /* We failed to load this firmware image. The error message
2386  * already is in ctx->errors. Return and let our caller decide
2387  * what to do. */
2388  goto error;
2389 
2390 error:
2391  b43_release_firmware(dev);
2392  return err;
2393 }
2394 
2395 static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl);
2396 static void b43_one_core_detach(struct b43_bus_dev *dev);
2397 
2398 static void b43_request_firmware(struct work_struct *work)
2399 {
2400  struct b43_wl *wl = container_of(work,
2401  struct b43_wl, firmware_load);
2402  struct b43_wldev *dev = wl->current_dev;
2403  struct b43_request_fw_context *ctx;
2404  unsigned int i;
2405  int err;
2406  const char *errmsg;
2407 
2408  ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2409  if (!ctx)
2410  return;
2411  ctx->dev = dev;
2412 
2413  ctx->req_type = B43_FWTYPE_PROPRIETARY;
2414  err = b43_try_request_fw(ctx);
2415  if (!err)
2416  goto start_ieee80211; /* Successfully loaded it. */
2417  /* Was fw version known? */
2418  if (ctx->fatal_failure)
2419  goto out;
2420 
2421  /* proprietary fw not found, try open source */
2422  ctx->req_type = B43_FWTYPE_OPENSOURCE;
2423  err = b43_try_request_fw(ctx);
2424  if (!err)
2425  goto start_ieee80211; /* Successfully loaded it. */
2426  if(ctx->fatal_failure)
2427  goto out;
2428 
2429  /* Could not find a usable firmware. Print the errors. */
2430  for (i = 0; i < B43_NR_FWTYPES; i++) {
2431  errmsg = ctx->errors[i];
2432  if (strlen(errmsg))
2433  b43err(dev->wl, errmsg);
2434  }
2435  b43_print_fw_helptext(dev->wl, 1);
2436  goto out;
2437 
2438 start_ieee80211:
2439  wl->hw->queues = B43_QOS_QUEUE_NUM;
2440  if (!modparam_qos || dev->fw.opensource)
2441  wl->hw->queues = 1;
2442 
2443  err = ieee80211_register_hw(wl->hw);
2444  if (err)
2445  goto err_one_core_detach;
2446  wl->hw_registred = true;
2447  b43_leds_register(wl->current_dev);
2448  goto out;
2449 
2450 err_one_core_detach:
2451  b43_one_core_detach(dev->dev);
2452 
2453 out:
2454  kfree(ctx);
2455 }
2456 
2457 static int b43_upload_microcode(struct b43_wldev *dev)
2458 {
2459  struct wiphy *wiphy = dev->wl->hw->wiphy;
2460  const size_t hdr_len = sizeof(struct b43_fw_header);
2461  const __be32 *data;
2462  unsigned int i, len;
2463  u16 fwrev, fwpatch, fwdate, fwtime;
2464  u32 tmp, macctl;
2465  int err = 0;
2466 
2467  /* Jump the microcode PSM to offset 0 */
2468  macctl = b43_read32(dev, B43_MMIO_MACCTL);
2469  B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2470  macctl |= B43_MACCTL_PSM_JMP0;
2471  b43_write32(dev, B43_MMIO_MACCTL, macctl);
2472  /* Zero out all microcode PSM registers and shared memory. */
2473  for (i = 0; i < 64; i++)
2474  b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2475  for (i = 0; i < 4096; i += 2)
2476  b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2477 
2478  /* Upload Microcode. */
2479  data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2480  len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2481  b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2482  for (i = 0; i < len; i++) {
2483  b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2484  udelay(10);
2485  }
2486 
2487  if (dev->fw.pcm.data) {
2488  /* Upload PCM data. */
2489  data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2490  len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2491  b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2492  b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2493  /* No need for autoinc bit in SHM_HW */
2494  b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2495  for (i = 0; i < len; i++) {
2496  b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2497  udelay(10);
2498  }
2499  }
2500 
2501  b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2502 
2503  /* Start the microcode PSM */
2504  b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_JMP0,
2505  B43_MACCTL_PSM_RUN);
2506 
2507  /* Wait for the microcode to load and respond */
2508  i = 0;
2509  while (1) {
2510  tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2511  if (tmp == B43_IRQ_MAC_SUSPENDED)
2512  break;
2513  i++;
2514  if (i >= 20) {
2515  b43err(dev->wl, "Microcode not responding\n");
2516  b43_print_fw_helptext(dev->wl, 1);
2517  err = -ENODEV;
2518  goto error;
2519  }
2520  msleep(50);
2521  }
2522  b43_read32(dev, B43_MMIO_GEN_IRQ_REASON); /* dummy read */
2523 
2524  /* Get and check the revisions. */
2525  fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2526  fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2527  fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2528  fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2529 
2530  if (fwrev <= 0x128) {
2531  b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2532  "binary drivers older than version 4.x is unsupported. "
2533  "You must upgrade your firmware files.\n");
2534  b43_print_fw_helptext(dev->wl, 1);
2535  err = -EOPNOTSUPP;
2536  goto error;
2537  }
2538  dev->fw.rev = fwrev;
2539  dev->fw.patch = fwpatch;
2540  if (dev->fw.rev >= 598)
2541  dev->fw.hdr_format = B43_FW_HDR_598;
2542  else if (dev->fw.rev >= 410)
2543  dev->fw.hdr_format = B43_FW_HDR_410;
2544  else
2545  dev->fw.hdr_format = B43_FW_HDR_351;
2546  WARN_ON(dev->fw.opensource != (fwdate == 0xFFFF));
2547 
2548  dev->qos_enabled = dev->wl->hw->queues > 1;
2549  /* Default to firmware/hardware crypto acceleration. */
2550  dev->hwcrypto_enabled = true;
2551 
2552  if (dev->fw.opensource) {
2553  u16 fwcapa;
2554 
2555  /* Patchlevel info is encoded in the "time" field. */
2556  dev->fw.patch = fwtime;
2557  b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2558  dev->fw.rev, dev->fw.patch);
2559 
2560  fwcapa = b43_fwcapa_read(dev);
2561  if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2562  b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2563  /* Disable hardware crypto and fall back to software crypto. */
2564  dev->hwcrypto_enabled = false;
2565  }
2566  /* adding QoS support should use an offline discovery mechanism */
2567  WARN(fwcapa & B43_FWCAPA_QOS, "QoS in OpenFW not supported\n");
2568  } else {
2569  b43info(dev->wl, "Loading firmware version %u.%u "
2570  "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2571  fwrev, fwpatch,
2572  (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2573  (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2574  if (dev->fw.pcm_request_failed) {
2575  b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2576  "Hardware accelerated cryptography is disabled.\n");
2577  b43_print_fw_helptext(dev->wl, 0);
2578  }
2579  }
2580 
2581  snprintf(wiphy->fw_version, sizeof(wiphy->fw_version), "%u.%u",
2582  dev->fw.rev, dev->fw.patch);
2583  wiphy->hw_version = dev->dev->core_id;
2584 
2585  if (dev->fw.hdr_format == B43_FW_HDR_351) {
2586  /* We're over the deadline, but we keep support for old fw
2587  * until it turns out to be in major conflict with something new. */
2588  b43warn(dev->wl, "You are using an old firmware image. "
2589  "Support for old firmware will be removed soon "
2590  "(official deadline was July 2008).\n");
2591  b43_print_fw_helptext(dev->wl, 0);
2592  }
2593 
2594  return 0;
2595 
2596 error:
2597  /* Stop the microcode PSM. */
2598  b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
2599  B43_MACCTL_PSM_JMP0);
2600 
2601  return err;
2602 }
2603 
2604 static int b43_write_initvals(struct b43_wldev *dev,
2605  const struct b43_iv *ivals,
2606  size_t count,
2607  size_t array_size)
2608 {
2609  const struct b43_iv *iv;
2610  u16 offset;
2611  size_t i;
2612  bool bit32;
2613 
2614  BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2615  iv = ivals;
2616  for (i = 0; i < count; i++) {
2617  if (array_size < sizeof(iv->offset_size))
2618  goto err_format;
2619  array_size -= sizeof(iv->offset_size);
2620  offset = be16_to_cpu(iv->offset_size);
2621  bit32 = !!(offset & B43_IV_32BIT);
2622  offset &= B43_IV_OFFSET_MASK;
2623  if (offset >= 0x1000)
2624  goto err_format;
2625  if (bit32) {
2626  u32 value;
2627 
2628  if (array_size < sizeof(iv->data.d32))
2629  goto err_format;
2630  array_size -= sizeof(iv->data.d32);
2631 
2632  value = get_unaligned_be32(&iv->data.d32);
2633  b43_write32(dev, offset, value);
2634 
2635  iv = (const struct b43_iv *)((const uint8_t *)iv +
2636  sizeof(__be16) +
2637  sizeof(__be32));
2638  } else {
2639  u16 value;
2640 
2641  if (array_size < sizeof(iv->data.d16))
2642  goto err_format;
2643  array_size -= sizeof(iv->data.d16);
2644 
2645  value = be16_to_cpu(iv->data.d16);
2646  b43_write16(dev, offset, value);
2647 
2648  iv = (const struct b43_iv *)((const uint8_t *)iv +
2649  sizeof(__be16) +
2650  sizeof(__be16));
2651  }
2652  }
2653  if (array_size)
2654  goto err_format;
2655 
2656  return 0;
2657 
2658 err_format:
2659  b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2660  b43_print_fw_helptext(dev->wl, 1);
2661 
2662  return -EPROTO;
2663 }
2664 
2665 static int b43_upload_initvals(struct b43_wldev *dev)
2666 {
2667  const size_t hdr_len = sizeof(struct b43_fw_header);
2668  const struct b43_fw_header *hdr;
2669  struct b43_firmware *fw = &dev->fw;
2670  const struct b43_iv *ivals;
2671  size_t count;
2672  int err;
2673 
2674  hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2675  ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2676  count = be32_to_cpu(hdr->size);
2677  err = b43_write_initvals(dev, ivals, count,
2678  fw->initvals.data->size - hdr_len);
2679  if (err)
2680  goto out;
2681  if (fw->initvals_band.data) {
2682  hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2683  ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2684  count = be32_to_cpu(hdr->size);
2685  err = b43_write_initvals(dev, ivals, count,
2686  fw->initvals_band.data->size - hdr_len);
2687  if (err)
2688  goto out;
2689  }
2690 out:
2691 
2692  return err;
2693 }
2694 
2695 /* Initialize the GPIOs
2696  * http://bcm-specs.sipsolutions.net/GPIO
2697  */
2698 static struct ssb_device *b43_ssb_gpio_dev(struct b43_wldev *dev)
2699 {
2700  struct ssb_bus *bus = dev->dev->sdev->bus;
2701 
2702 #ifdef CONFIG_SSB_DRIVER_PCICORE
2703  return (bus->chipco.dev ? bus->chipco.dev : bus->pcicore.dev);
2704 #else
2705  return bus->chipco.dev;
2706 #endif
2707 }
2708 
2709 static int b43_gpio_init(struct b43_wldev *dev)
2710 {
2711  struct ssb_device *gpiodev;
2712  u32 mask, set;
2713 
2714  b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_GPOUTSMSK, 0);
2715  b43_maskset16(dev, B43_MMIO_GPIO_MASK, ~0, 0xF);
2716 
2717  mask = 0x0000001F;
2718  set = 0x0000000F;
2719  if (dev->dev->chip_id == 0x4301) {
2720  mask |= 0x0060;
2721  set |= 0x0060;
2722  } else if (dev->dev->chip_id == 0x5354) {
2723  /* Don't allow overtaking buttons GPIOs */
2724  set &= 0x2; /* 0x2 is LED GPIO on BCM5354 */
2725  }
2726 
2727  if (0 /* FIXME: conditional unknown */ ) {
2728  b43_write16(dev, B43_MMIO_GPIO_MASK,
2729  b43_read16(dev, B43_MMIO_GPIO_MASK)
2730  | 0x0100);
2731  /* BT Coexistance Input */
2732  mask |= 0x0080;
2733  set |= 0x0080;
2734  /* BT Coexistance Out */
2735  mask |= 0x0100;
2736  set |= 0x0100;
2737  }
2738  if (dev->dev->bus_sprom->boardflags_lo & B43_BFL_PACTRL) {
2739  /* PA is controlled by gpio 9, let ucode handle it */
2740  b43_write16(dev, B43_MMIO_GPIO_MASK,
2741  b43_read16(dev, B43_MMIO_GPIO_MASK)
2742  | 0x0200);
2743  mask |= 0x0200;
2744  set |= 0x0200;
2745  }
2746 
2747  switch (dev->dev->bus_type) {
2748 #ifdef CONFIG_B43_BCMA
2749  case B43_BUS_BCMA:
2750  bcma_cc_write32(&dev->dev->bdev->bus->drv_cc, BCMA_CC_GPIOCTL,
2751  (bcma_cc_read32(&dev->dev->bdev->bus->drv_cc,
2752  BCMA_CC_GPIOCTL) & ~mask) | set);
2753  break;
2754 #endif
2755 #ifdef CONFIG_B43_SSB
2756  case B43_BUS_SSB:
2757  gpiodev = b43_ssb_gpio_dev(dev);
2758  if (gpiodev)
2759  ssb_write32(gpiodev, B43_GPIO_CONTROL,
2760  (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2761  & ~mask) | set);
2762  break;
2763 #endif
2764  }
2765 
2766  return 0;
2767 }
2768 
2769 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2770 static void b43_gpio_cleanup(struct b43_wldev *dev)
2771 {
2772  struct ssb_device *gpiodev;
2773 
2774  switch (dev->dev->bus_type) {
2775 #ifdef CONFIG_B43_BCMA
2776  case B43_BUS_BCMA:
2777  bcma_cc_write32(&dev->dev->bdev->bus->drv_cc, BCMA_CC_GPIOCTL,
2778  0);
2779  break;
2780 #endif
2781 #ifdef CONFIG_B43_SSB
2782  case B43_BUS_SSB:
2783  gpiodev = b43_ssb_gpio_dev(dev);
2784  if (gpiodev)
2785  ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2786  break;
2787 #endif
2788  }
2789 }
2790 
2791 /* http://bcm-specs.sipsolutions.net/EnableMac */
2792 void b43_mac_enable(struct b43_wldev *dev)
2793 {
2794  if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2795  u16 fwstate;
2796 
2797  fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2798  B43_SHM_SH_UCODESTAT);
2799  if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2800  (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2801  b43err(dev->wl, "b43_mac_enable(): The firmware "
2802  "should be suspended, but current state is %u\n",
2803  fwstate);
2804  }
2805  }
2806 
2807  dev->mac_suspended--;
2808  B43_WARN_ON(dev->mac_suspended < 0);
2809  if (dev->mac_suspended == 0) {
2810  b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_ENABLED);
2811  b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2812  B43_IRQ_MAC_SUSPENDED);
2813  /* Commit writes */
2814  b43_read32(dev, B43_MMIO_MACCTL);
2815  b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2816  b43_power_saving_ctl_bits(dev, 0);
2817  }
2818 }
2819 
2820 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2821 void b43_mac_suspend(struct b43_wldev *dev)
2822 {
2823  int i;
2824  u32 tmp;
2825 
2826  might_sleep();
2827  B43_WARN_ON(dev->mac_suspended < 0);
2828 
2829  if (dev->mac_suspended == 0) {
2830  b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2831  b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_ENABLED, 0);
2832  /* force pci to flush the write */
2833  b43_read32(dev, B43_MMIO_MACCTL);
2834  for (i = 35; i; i--) {
2835  tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2836  if (tmp & B43_IRQ_MAC_SUSPENDED)
2837  goto out;
2838  udelay(10);
2839  }
2840  /* Hm, it seems this will take some time. Use msleep(). */
2841  for (i = 40; i; i--) {
2842  tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2843  if (tmp & B43_IRQ_MAC_SUSPENDED)
2844  goto out;
2845  msleep(1);
2846  }
2847  b43err(dev->wl, "MAC suspend failed\n");
2848  }
2849 out:
2850  dev->mac_suspended++;
2851 }
2852 
2853 /* http://bcm-v4.sipsolutions.net/802.11/PHY/N/MacPhyClkSet */
2854 void b43_mac_phy_clock_set(struct b43_wldev *dev, bool on)
2855 {
2856  u32 tmp;
2857 
2858  switch (dev->dev->bus_type) {
2859 #ifdef CONFIG_B43_BCMA
2860  case B43_BUS_BCMA:
2861  tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
2862  if (on)
2863  tmp |= B43_BCMA_IOCTL_MACPHYCLKEN;
2864  else
2865  tmp &= ~B43_BCMA_IOCTL_MACPHYCLKEN;
2866  bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
2867  break;
2868 #endif
2869 #ifdef CONFIG_B43_SSB
2870  case B43_BUS_SSB:
2871  tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
2872  if (on)
2873  tmp |= B43_TMSLOW_MACPHYCLKEN;
2874  else
2875  tmp &= ~B43_TMSLOW_MACPHYCLKEN;
2876  ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
2877  break;
2878 #endif
2879  }
2880 }
2881 
2882 static void b43_adjust_opmode(struct b43_wldev *dev)
2883 {
2884  struct b43_wl *wl = dev->wl;
2885  u32 ctl;
2886  u16 cfp_pretbtt;
2887 
2888  ctl = b43_read32(dev, B43_MMIO_MACCTL);
2889  /* Reset status to STA infrastructure mode. */
2890  ctl &= ~B43_MACCTL_AP;
2891  ctl &= ~B43_MACCTL_KEEP_CTL;
2892  ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2893  ctl &= ~B43_MACCTL_KEEP_BAD;
2894  ctl &= ~B43_MACCTL_PROMISC;
2895  ctl &= ~B43_MACCTL_BEACPROMISC;
2896  ctl |= B43_MACCTL_INFRA;
2897 
2898  if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
2899  b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
2900  ctl |= B43_MACCTL_AP;
2901  else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
2902  ctl &= ~B43_MACCTL_INFRA;
2903 
2904  if (wl->filter_flags & FIF_CONTROL)
2905  ctl |= B43_MACCTL_KEEP_CTL;
2906  if (wl->filter_flags & FIF_FCSFAIL)
2907  ctl |= B43_MACCTL_KEEP_BAD;
2908  if (wl->filter_flags & FIF_PLCPFAIL)
2909  ctl |= B43_MACCTL_KEEP_BADPLCP;
2910  if (wl->filter_flags & FIF_PROMISC_IN_BSS)
2911  ctl |= B43_MACCTL_PROMISC;
2912  if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2913  ctl |= B43_MACCTL_BEACPROMISC;
2914 
2915  /* Workaround: On old hardware the HW-MAC-address-filter
2916  * doesn't work properly, so always run promisc in filter
2917  * it in software. */
2918  if (dev->dev->core_rev <= 4)
2919  ctl |= B43_MACCTL_PROMISC;
2920 
2921  b43_write32(dev, B43_MMIO_MACCTL, ctl);
2922 
2923  cfp_pretbtt = 2;
2924  if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2925  if (dev->dev->chip_id == 0x4306 &&
2926  dev->dev->chip_rev == 3)
2927  cfp_pretbtt = 100;
2928  else
2929  cfp_pretbtt = 50;
2930  }
2931  b43_write16(dev, 0x612, cfp_pretbtt);
2932 
2933  /* FIXME: We don't currently implement the PMQ mechanism,
2934  * so always disable it. If we want to implement PMQ,
2935  * we need to enable it here (clear DISCPMQ) in AP mode.
2936  */
2937  if (0 /* ctl & B43_MACCTL_AP */)
2938  b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_DISCPMQ, 0);
2939  else
2940  b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_DISCPMQ);
2941 }
2942 
2943 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
2944 {
2945  u16 offset;
2946 
2947  if (is_ofdm) {
2948  offset = 0x480;
2949  offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
2950  } else {
2951  offset = 0x4C0;
2952  offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
2953  }
2954  b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
2955  b43_shm_read16(dev, B43_SHM_SHARED, offset));
2956 }
2957 
2958 static void b43_rate_memory_init(struct b43_wldev *dev)
2959 {
2960  switch (dev->phy.type) {
2961  case B43_PHYTYPE_A:
2962  case B43_PHYTYPE_G:
2963  case B43_PHYTYPE_N:
2964  case B43_PHYTYPE_LP:
2965  case B43_PHYTYPE_HT:
2966  case B43_PHYTYPE_LCN:
2967  b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
2968  b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
2969  b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
2970  b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
2971  b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
2972  b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
2973  b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
2974  if (dev->phy.type == B43_PHYTYPE_A)
2975  break;
2976  /* fallthrough */
2977  case B43_PHYTYPE_B:
2978  b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
2979  b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
2980  b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
2981  b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
2982  break;
2983  default:
2984  B43_WARN_ON(1);
2985  }
2986 }
2987 
2988 /* Set the default values for the PHY TX Control Words. */
2989 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
2990 {
2991  u16 ctl = 0;
2992 
2993  ctl |= B43_TXH_PHY_ENC_CCK;
2994  ctl |= B43_TXH_PHY_ANT01AUTO;
2995  ctl |= B43_TXH_PHY_TXPWR;
2996 
2997  b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
2998  b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
2999  b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
3000 }
3001 
3002 /* Set the TX-Antenna for management frames sent by firmware. */
3003 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
3004 {
3005  u16 ant;
3006  u16 tmp;
3007 
3008  ant = b43_antenna_to_phyctl(antenna);
3009 
3010  /* For ACK/CTS */
3011  tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
3012  tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3013  b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
3014  /* For Probe Resposes */
3015  tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
3016  tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3017  b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
3018 }
3019 
3020 /* This is the opposite of b43_chip_init() */
3021 static void b43_chip_exit(struct b43_wldev *dev)
3022 {
3023  b43_phy_exit(dev);
3024  b43_gpio_cleanup(dev);
3025  /* firmware is released later */
3026 }
3027 
3028 /* Initialize the chip
3029  * http://bcm-specs.sipsolutions.net/ChipInit
3030  */
3031 static int b43_chip_init(struct b43_wldev *dev)
3032 {
3033  struct b43_phy *phy = &dev->phy;
3034  int err;
3035  u32 macctl;
3036  u16 value16;
3037 
3038  /* Initialize the MAC control */
3039  macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
3040  if (dev->phy.gmode)
3041  macctl |= B43_MACCTL_GMODE;
3042  macctl |= B43_MACCTL_INFRA;
3043  b43_write32(dev, B43_MMIO_MACCTL, macctl);
3044 
3045  err = b43_upload_microcode(dev);
3046  if (err)
3047  goto out; /* firmware is released later */
3048 
3049  err = b43_gpio_init(dev);
3050  if (err)
3051  goto out; /* firmware is released later */
3052 
3053  err = b43_upload_initvals(dev);
3054  if (err)
3055  goto err_gpio_clean;
3056 
3057  /* Turn the Analog on and initialize the PHY. */
3058  phy->ops->switch_analog(dev, 1);
3059  err = b43_phy_init(dev);
3060  if (err)
3061  goto err_gpio_clean;
3062 
3063  /* Disable Interference Mitigation. */
3064  if (phy->ops->interf_mitigation)
3065  phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
3066 
3067  /* Select the antennae */
3068  if (phy->ops->set_rx_antenna)
3069  phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
3070  b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
3071 
3072  if (phy->type == B43_PHYTYPE_B) {
3073  value16 = b43_read16(dev, 0x005E);
3074  value16 |= 0x0004;
3075  b43_write16(dev, 0x005E, value16);
3076  }
3077  b43_write32(dev, 0x0100, 0x01000000);
3078  if (dev->dev->core_rev < 5)
3079  b43_write32(dev, 0x010C, 0x01000000);
3080 
3081  b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_INFRA, 0);
3082  b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_INFRA);
3083 
3084  /* Probe Response Timeout value */
3085  /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
3086  b43_shm_write16(dev, B43_SHM_SHARED, 0x0074, 0x0000);
3087 
3088  /* Initially set the wireless operation mode. */
3089  b43_adjust_opmode(dev);
3090 
3091  if (dev->dev->core_rev < 3) {
3092  b43_write16(dev, 0x060E, 0x0000);
3093  b43_write16(dev, 0x0610, 0x8000);
3094  b43_write16(dev, 0x0604, 0x0000);
3095  b43_write16(dev, 0x0606, 0x0200);
3096  } else {
3097  b43_write32(dev, 0x0188, 0x80000000);
3098  b43_write32(dev, 0x018C, 0x02000000);
3099  }
3100  b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
3101  b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001DC00);
3102  b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
3103  b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
3104  b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
3105  b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
3106  b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
3107 
3108  b43_mac_phy_clock_set(dev, true);
3109 
3110  switch (dev->dev->bus_type) {
3111 #ifdef CONFIG_B43_BCMA
3112  case B43_BUS_BCMA:
3113  /* FIXME: 0xE74 is quite common, but should be read from CC */
3114  b43_write16(dev, B43_MMIO_POWERUP_DELAY, 0xE74);
3115  break;
3116 #endif
3117 #ifdef CONFIG_B43_SSB
3118  case B43_BUS_SSB:
3119  b43_write16(dev, B43_MMIO_POWERUP_DELAY,
3120  dev->dev->sdev->bus->chipco.fast_pwrup_delay);
3121  break;
3122 #endif
3123  }
3124 
3125  err = 0;
3126  b43dbg(dev->wl, "Chip initialized\n");
3127 out:
3128  return err;
3129 
3130 err_gpio_clean:
3131  b43_gpio_cleanup(dev);
3132  return err;
3133 }
3134 
3135 static void b43_periodic_every60sec(struct b43_wldev *dev)
3136 {
3137  const struct b43_phy_operations *ops = dev->phy.ops;
3138 
3139  if (ops->pwork_60sec)
3140  ops->pwork_60sec(dev);
3141 
3142  /* Force check the TX power emission now. */
3143  b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
3144 }
3145 
3146 static void b43_periodic_every30sec(struct b43_wldev *dev)
3147 {
3148  /* Update device statistics. */
3149  b43_calculate_link_quality(dev);
3150 }
3151 
3152 static void b43_periodic_every15sec(struct b43_wldev *dev)
3153 {
3154  struct b43_phy *phy = &dev->phy;
3155  u16 wdr;
3156 
3157  if (dev->fw.opensource) {
3158  /* Check if the firmware is still alive.
3159  * It will reset the watchdog counter to 0 in its idle loop. */
3160  wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
3161  if (unlikely(wdr)) {
3162  b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
3163  b43_controller_restart(dev, "Firmware watchdog");
3164  return;
3165  } else {
3166  b43_shm_write16(dev, B43_SHM_SCRATCH,
3167  B43_WATCHDOG_REG, 1);
3168  }
3169  }
3170 
3171  if (phy->ops->pwork_15sec)
3172  phy->ops->pwork_15sec(dev);
3173 
3174  atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3175  wmb();
3176 
3177 #if B43_DEBUG
3178  if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
3179  unsigned int i;
3180 
3181  b43dbg(dev->wl, "Stats: %7u IRQs/sec, %7u TX/sec, %7u RX/sec\n",
3182  dev->irq_count / 15,
3183  dev->tx_count / 15,
3184  dev->rx_count / 15);
3185  dev->irq_count = 0;
3186  dev->tx_count = 0;
3187  dev->rx_count = 0;
3188  for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
3189  if (dev->irq_bit_count[i]) {
3190  b43dbg(dev->wl, "Stats: %7u IRQ-%02u/sec (0x%08X)\n",
3191  dev->irq_bit_count[i] / 15, i, (1 << i));
3192  dev->irq_bit_count[i] = 0;
3193  }
3194  }
3195  }
3196 #endif
3197 }
3198 
3199 static void do_periodic_work(struct b43_wldev *dev)
3200 {
3201  unsigned int state;
3202 
3203  state = dev->periodic_state;
3204  if (state % 4 == 0)
3205  b43_periodic_every60sec(dev);
3206  if (state % 2 == 0)
3207  b43_periodic_every30sec(dev);
3208  b43_periodic_every15sec(dev);
3209 }
3210 
3211 /* Periodic work locking policy:
3212  * The whole periodic work handler is protected by
3213  * wl->mutex. If another lock is needed somewhere in the
3214  * pwork callchain, it's acquired in-place, where it's needed.
3215  */
3216 static void b43_periodic_work_handler(struct work_struct *work)
3217 {
3218  struct b43_wldev *dev = container_of(work, struct b43_wldev,
3219  periodic_work.work);
3220  struct b43_wl *wl = dev->wl;
3221  unsigned long delay;
3222 
3223  mutex_lock(&wl->mutex);
3224 
3225  if (unlikely(b43_status(dev) != B43_STAT_STARTED))
3226  goto out;
3227  if (b43_debug(dev, B43_DBG_PWORK_STOP))
3228  goto out_requeue;
3229 
3230  do_periodic_work(dev);
3231 
3232  dev->periodic_state++;
3233 out_requeue:
3234  if (b43_debug(dev, B43_DBG_PWORK_FAST))
3235  delay = msecs_to_jiffies(50);
3236  else
3237  delay = round_jiffies_relative(HZ * 15);
3238  ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
3239 out:
3240  mutex_unlock(&wl->mutex);
3241 }
3242 
3243 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
3244 {
3245  struct delayed_work *work = &dev->periodic_work;
3246 
3247  dev->periodic_state = 0;
3248  INIT_DELAYED_WORK(work, b43_periodic_work_handler);
3249  ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
3250 }
3251 
3252 /* Check if communication with the device works correctly. */
3253 static int b43_validate_chipaccess(struct b43_wldev *dev)
3254 {
3255  u32 v, backup0, backup4;
3256 
3257  backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
3258  backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
3259 
3260  /* Check for read/write and endianness problems. */
3261  b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
3262  if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
3263  goto error;
3264  b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
3265  if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
3266  goto error;
3267 
3268  /* Check if unaligned 32bit SHM_SHARED access works properly.
3269  * However, don't bail out on failure, because it's noncritical. */
3270  b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
3271  b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
3272  b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
3273  b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
3274  if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
3275  b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
3276  b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
3277  if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
3278  b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
3279  b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
3280  b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
3281  b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
3282 
3283  b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
3284  b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
3285 
3286  if ((dev->dev->core_rev >= 3) && (dev->dev->core_rev <= 10)) {
3287  /* The 32bit register shadows the two 16bit registers
3288  * with update sideeffects. Validate this. */
3289  b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
3290  b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
3291  if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
3292  goto error;
3293  if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
3294  goto error;
3295  }
3296  b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
3297 
3298  v = b43_read32(dev, B43_MMIO_MACCTL);
3299  v |= B43_MACCTL_GMODE;
3300  if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
3301  goto error;
3302 
3303  return 0;
3304 error:
3305  b43err(dev->wl, "Failed to validate the chipaccess\n");
3306  return -ENODEV;
3307 }
3308 
3309 static void b43_security_init(struct b43_wldev *dev)
3310 {
3311  dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
3312  /* KTP is a word address, but we address SHM bytewise.
3313  * So multiply by two.
3314  */
3315  dev->ktp *= 2;
3316  /* Number of RCMTA address slots */
3317  b43_write16(dev, B43_MMIO_RCMTA_COUNT, B43_NR_PAIRWISE_KEYS);
3318  /* Clear the key memory. */
3319  b43_clear_keys(dev);
3320 }
3321 
3322 #ifdef CONFIG_B43_HWRNG
3323 static int b43_rng_read(struct hwrng *rng, u32 *data)
3324 {
3325  struct b43_wl *wl = (struct b43_wl *)rng->priv;
3326  struct b43_wldev *dev;
3327  int count = -ENODEV;
3328 
3329  mutex_lock(&wl->mutex);
3330  dev = wl->current_dev;
3331  if (likely(dev && b43_status(dev) >= B43_STAT_INITIALIZED)) {
3332  *data = b43_read16(dev, B43_MMIO_RNG);
3333  count = sizeof(u16);
3334  }
3335  mutex_unlock(&wl->mutex);
3336 
3337  return count;
3338 }
3339 #endif /* CONFIG_B43_HWRNG */
3340 
3341 static void b43_rng_exit(struct b43_wl *wl)
3342 {
3343 #ifdef CONFIG_B43_HWRNG
3344  if (wl->rng_initialized)
3345  hwrng_unregister(&wl->rng);
3346 #endif /* CONFIG_B43_HWRNG */
3347 }
3348 
3349 static int b43_rng_init(struct b43_wl *wl)
3350 {
3351  int err = 0;
3352 
3353 #ifdef CONFIG_B43_HWRNG
3354  snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3355  "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3356  wl->rng.name = wl->rng_name;
3357  wl->rng.data_read = b43_rng_read;
3358  wl->rng.priv = (unsigned long)wl;
3359  wl->rng_initialized = true;
3360  err = hwrng_register(&wl->rng);
3361  if (err) {
3362  wl->rng_initialized = false;
3363  b43err(wl, "Failed to register the random "
3364  "number generator (%d)\n", err);
3365  }
3366 #endif /* CONFIG_B43_HWRNG */
3367 
3368  return err;
3369 }
3370 
3371 static void b43_tx_work(struct work_struct *work)
3372 {
3373  struct b43_wl *wl = container_of(work, struct b43_wl, tx_work);
3374  struct b43_wldev *dev;
3375  struct sk_buff *skb;
3376  int queue_num;
3377  int err = 0;
3378 
3379  mutex_lock(&wl->mutex);
3380  dev = wl->current_dev;
3381  if (unlikely(!dev || b43_status(dev) < B43_STAT_STARTED)) {
3382  mutex_unlock(&wl->mutex);
3383  return;
3384  }
3385 
3386  for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
3387  while (skb_queue_len(&wl->tx_queue[queue_num])) {
3388  skb = skb_dequeue(&wl->tx_queue[queue_num]);
3389  if (b43_using_pio_transfers(dev))
3390  err = b43_pio_tx(dev, skb);
3391  else
3392  err = b43_dma_tx(dev, skb);
3393  if (err == -ENOSPC) {
3394  wl->tx_queue_stopped[queue_num] = 1;
3395  ieee80211_stop_queue(wl->hw, queue_num);
3396  skb_queue_head(&wl->tx_queue[queue_num], skb);
3397  break;
3398  }
3399  if (unlikely(err))
3400  dev_kfree_skb(skb); /* Drop it */
3401  err = 0;
3402  }
3403 
3404  if (!err)
3405  wl->tx_queue_stopped[queue_num] = 0;
3406  }
3407 
3408 #if B43_DEBUG
3409  dev->tx_count++;
3410 #endif
3411  mutex_unlock(&wl->mutex);
3412 }
3413 
3414 static void b43_op_tx(struct ieee80211_hw *hw,
3415  struct ieee80211_tx_control *control,
3416  struct sk_buff *skb)
3417 {
3418  struct b43_wl *wl = hw_to_b43_wl(hw);
3419 
3420  if (unlikely(skb->len < 2 + 2 + 6)) {
3421  /* Too short, this can't be a valid frame. */
3422  dev_kfree_skb_any(skb);
3423  return;
3424  }
3425  B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3426 
3427  skb_queue_tail(&wl->tx_queue[skb->queue_mapping], skb);
3428  if (!wl->tx_queue_stopped[skb->queue_mapping]) {
3429  ieee80211_queue_work(wl->hw, &wl->tx_work);
3430  } else {
3431  ieee80211_stop_queue(wl->hw, skb->queue_mapping);
3432  }
3433 }
3434 
3435 static void b43_qos_params_upload(struct b43_wldev *dev,
3436  const struct ieee80211_tx_queue_params *p,
3437  u16 shm_offset)
3438 {
3439  u16 params[B43_NR_QOSPARAMS];
3440  int bslots, tmp;
3441  unsigned int i;
3442 
3443  if (!dev->qos_enabled)
3444  return;
3445 
3446  bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3447 
3448  memset(&params, 0, sizeof(params));
3449 
3450  params[B43_QOSPARAM_TXOP] = p->txop * 32;
3451  params[B43_QOSPARAM_CWMIN] = p->cw_min;
3452  params[B43_QOSPARAM_CWMAX] = p->cw_max;
3453  params[B43_QOSPARAM_CWCUR] = p->cw_min;
3454  params[B43_QOSPARAM_AIFS] = p->aifs;
3455  params[B43_QOSPARAM_BSLOTS] = bslots;
3456  params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3457 
3458  for (i = 0; i < ARRAY_SIZE(params); i++) {
3459  if (i == B43_QOSPARAM_STATUS) {
3460  tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3461  shm_offset + (i * 2));
3462  /* Mark the parameters as updated. */
3463  tmp |= 0x100;
3464  b43_shm_write16(dev, B43_SHM_SHARED,
3465  shm_offset + (i * 2),
3466  tmp);
3467  } else {
3468  b43_shm_write16(dev, B43_SHM_SHARED,
3469  shm_offset + (i * 2),
3470  params[i]);
3471  }
3472  }
3473 }
3474 
3475 /* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3476 static const u16 b43_qos_shm_offsets[] = {
3477  /* [mac80211-queue-nr] = SHM_OFFSET, */
3478  [0] = B43_QOS_VOICE,
3479  [1] = B43_QOS_VIDEO,
3480  [2] = B43_QOS_BESTEFFORT,
3481  [3] = B43_QOS_BACKGROUND,
3482 };
3483 
3484 /* Update all QOS parameters in hardware. */
3485 static void b43_qos_upload_all(struct b43_wldev *dev)
3486 {
3487  struct b43_wl *wl = dev->wl;
3488  struct b43_qos_params *params;
3489  unsigned int i;
3490 
3491  if (!dev->qos_enabled)
3492  return;
3493 
3494  BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3495  ARRAY_SIZE(wl->qos_params));
3496 
3497  b43_mac_suspend(dev);
3498  for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3499  params = &(wl->qos_params[i]);
3500  b43_qos_params_upload(dev, &(params->p),
3501  b43_qos_shm_offsets[i]);
3502  }
3503  b43_mac_enable(dev);
3504 }
3505 
3506 static void b43_qos_clear(struct b43_wl *wl)
3507 {
3508  struct b43_qos_params *params;
3509  unsigned int i;
3510 
3511  /* Initialize QoS parameters to sane defaults. */
3512 
3513  BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3514  ARRAY_SIZE(wl->qos_params));
3515 
3516  for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3517  params = &(wl->qos_params[i]);
3518 
3519  switch (b43_qos_shm_offsets[i]) {
3520  case B43_QOS_VOICE:
3521  params->p.txop = 0;
3522  params->p.aifs = 2;
3523  params->p.cw_min = 0x0001;
3524  params->p.cw_max = 0x0001;
3525  break;
3526  case B43_QOS_VIDEO:
3527  params->p.txop = 0;
3528  params->p.aifs = 2;
3529  params->p.cw_min = 0x0001;
3530  params->p.cw_max = 0x0001;
3531  break;
3532  case B43_QOS_BESTEFFORT:
3533  params->p.txop = 0;
3534  params->p.aifs = 3;
3535  params->p.cw_min = 0x0001;
3536  params->p.cw_max = 0x03FF;
3537  break;
3538  case B43_QOS_BACKGROUND:
3539  params->p.txop = 0;
3540  params->p.aifs = 7;
3541  params->p.cw_min = 0x0001;
3542  params->p.cw_max = 0x03FF;
3543  break;
3544  default:
3545  B43_WARN_ON(1);
3546  }
3547  }
3548 }
3549 
3550 /* Initialize the core's QOS capabilities */
3551 static void b43_qos_init(struct b43_wldev *dev)
3552 {
3553  if (!dev->qos_enabled) {
3554  /* Disable QOS support. */
3555  b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_EDCF);
3556  b43_write16(dev, B43_MMIO_IFSCTL,
3557  b43_read16(dev, B43_MMIO_IFSCTL)
3558  & ~B43_MMIO_IFSCTL_USE_EDCF);
3559  b43dbg(dev->wl, "QoS disabled\n");
3560  return;
3561  }
3562 
3563  /* Upload the current QOS parameters. */
3564  b43_qos_upload_all(dev);
3565 
3566  /* Enable QOS support. */
3567  b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3568  b43_write16(dev, B43_MMIO_IFSCTL,
3569  b43_read16(dev, B43_MMIO_IFSCTL)
3570  | B43_MMIO_IFSCTL_USE_EDCF);
3571  b43dbg(dev->wl, "QoS enabled\n");
3572 }
3573 
3574 static int b43_op_conf_tx(struct ieee80211_hw *hw,
3575  struct ieee80211_vif *vif, u16 _queue,
3576  const struct ieee80211_tx_queue_params *params)
3577 {
3578  struct b43_wl *wl = hw_to_b43_wl(hw);
3579  struct b43_wldev *dev;
3580  unsigned int queue = (unsigned int)_queue;
3581  int err = -ENODEV;
3582 
3583  if (queue >= ARRAY_SIZE(wl->qos_params)) {
3584  /* Queue not available or don't support setting
3585  * params on this queue. Return success to not
3586  * confuse mac80211. */
3587  return 0;
3588  }
3589  BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3590  ARRAY_SIZE(wl->qos_params));
3591 
3592  mutex_lock(&wl->mutex);
3593  dev = wl->current_dev;
3594  if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3595  goto out_unlock;
3596 
3597  memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3598  b43_mac_suspend(dev);
3599  b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3600  b43_qos_shm_offsets[queue]);
3601  b43_mac_enable(dev);
3602  err = 0;
3603 
3604 out_unlock:
3605  mutex_unlock(&wl->mutex);
3606 
3607  return err;
3608 }
3609 
3610 static int b43_op_get_stats(struct ieee80211_hw *hw,
3611  struct ieee80211_low_level_stats *stats)
3612 {
3613  struct b43_wl *wl = hw_to_b43_wl(hw);
3614 
3615  mutex_lock(&wl->mutex);
3616  memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3617  mutex_unlock(&wl->mutex);
3618 
3619  return 0;
3620 }
3621 
3622 static u64 b43_op_get_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
3623 {
3624  struct b43_wl *wl = hw_to_b43_wl(hw);
3625  struct b43_wldev *dev;
3626  u64 tsf;
3627 
3628  mutex_lock(&wl->mutex);
3629  dev = wl->current_dev;
3630 
3631  if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3632  b43_tsf_read(dev, &tsf);
3633  else
3634  tsf = 0;
3635 
3636  mutex_unlock(&wl->mutex);
3637 
3638  return tsf;
3639 }
3640 
3641 static void b43_op_set_tsf(struct ieee80211_hw *hw,
3642  struct ieee80211_vif *vif, u64 tsf)
3643 {
3644  struct b43_wl *wl = hw_to_b43_wl(hw);
3645  struct b43_wldev *dev;
3646 
3647  mutex_lock(&wl->mutex);
3648  dev = wl->current_dev;
3649 
3650  if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3651  b43_tsf_write(dev, tsf);
3652 
3653  mutex_unlock(&wl->mutex);
3654 }
3655 
3656 static void b43_put_phy_into_reset(struct b43_wldev *dev)
3657 {
3658  u32 tmp;
3659 
3660  switch (dev->dev->bus_type) {
3661 #ifdef CONFIG_B43_BCMA
3662  case B43_BUS_BCMA:
3663  b43err(dev->wl,
3664  "Putting PHY into reset not supported on BCMA\n");
3665  break;
3666 #endif
3667 #ifdef CONFIG_B43_SSB
3668  case B43_BUS_SSB:
3669  tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3670  tmp &= ~B43_TMSLOW_GMODE;
3671  tmp |= B43_TMSLOW_PHYRESET;
3672  tmp |= SSB_TMSLOW_FGC;
3673  ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3674  msleep(1);
3675 
3676  tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3677  tmp &= ~SSB_TMSLOW_FGC;
3678  tmp |= B43_TMSLOW_PHYRESET;
3679  ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3680  msleep(1);
3681 
3682  break;
3683 #endif
3684  }
3685 }
3686 
3687 static const char *band_to_string(enum ieee80211_band band)
3688 {
3689  switch (band) {
3690  case IEEE80211_BAND_5GHZ:
3691  return "5";
3692  case IEEE80211_BAND_2GHZ:
3693  return "2.4";
3694  default:
3695  break;
3696  }
3697  B43_WARN_ON(1);
3698  return "";
3699 }
3700 
3701 /* Expects wl->mutex locked */
3702 static int b43_switch_band(struct b43_wl *wl, struct ieee80211_channel *chan)
3703 {
3704  struct b43_wldev *up_dev = NULL;
3705  struct b43_wldev *down_dev;
3706  struct b43_wldev *d;
3707  int err;
3708  bool uninitialized_var(gmode);
3709  int prev_status;
3710 
3711  /* Find a device and PHY which supports the band. */
3712  list_for_each_entry(d, &wl->devlist, list) {
3713  switch (chan->band) {
3714  case IEEE80211_BAND_5GHZ:
3715  if (d->phy.supports_5ghz) {
3716  up_dev = d;
3717  gmode = false;
3718  }
3719  break;
3720  case IEEE80211_BAND_2GHZ:
3721  if (d->phy.supports_2ghz) {
3722  up_dev = d;
3723  gmode = true;
3724  }
3725  break;
3726  default:
3727  B43_WARN_ON(1);
3728  return -EINVAL;
3729  }
3730  if (up_dev)
3731  break;
3732  }
3733  if (!up_dev) {
3734  b43err(wl, "Could not find a device for %s-GHz band operation\n",
3735  band_to_string(chan->band));
3736  return -ENODEV;
3737  }
3738  if ((up_dev == wl->current_dev) &&
3739  (!!wl->current_dev->phy.gmode == !!gmode)) {
3740  /* This device is already running. */
3741  return 0;
3742  }
3743  b43dbg(wl, "Switching to %s-GHz band\n",
3744  band_to_string(chan->band));
3745  down_dev = wl->current_dev;
3746 
3747  prev_status = b43_status(down_dev);
3748  /* Shutdown the currently running core. */
3749  if (prev_status >= B43_STAT_STARTED)
3750  down_dev = b43_wireless_core_stop(down_dev);
3751  if (prev_status >= B43_STAT_INITIALIZED)
3752  b43_wireless_core_exit(down_dev);
3753 
3754  if (down_dev != up_dev) {
3755  /* We switch to a different core, so we put PHY into
3756  * RESET on the old core. */
3757  b43_put_phy_into_reset(down_dev);
3758  }
3759 
3760  /* Now start the new core. */
3761  up_dev->phy.gmode = gmode;
3762  if (prev_status >= B43_STAT_INITIALIZED) {
3763  err = b43_wireless_core_init(up_dev);
3764  if (err) {
3765  b43err(wl, "Fatal: Could not initialize device for "
3766  "selected %s-GHz band\n",
3767  band_to_string(chan->band));
3768  goto init_failure;
3769  }
3770  }
3771  if (prev_status >= B43_STAT_STARTED) {
3772  err = b43_wireless_core_start(up_dev);
3773  if (err) {
3774  b43err(wl, "Fatal: Could not start device for "
3775  "selected %s-GHz band\n",
3776  band_to_string(chan->band));
3777  b43_wireless_core_exit(up_dev);
3778  goto init_failure;
3779  }
3780  }
3781  B43_WARN_ON(b43_status(up_dev) != prev_status);
3782 
3783  wl->current_dev = up_dev;
3784 
3785  return 0;
3786 init_failure:
3787  /* Whoops, failed to init the new core. No core is operating now. */
3788  wl->current_dev = NULL;
3789  return err;
3790 }
3791 
3792 /* Write the short and long frame retry limit values. */
3793 static void b43_set_retry_limits(struct b43_wldev *dev,
3794  unsigned int short_retry,
3795  unsigned int long_retry)
3796 {
3797  /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3798  * the chip-internal counter. */
3799  short_retry = min(short_retry, (unsigned int)0xF);
3800  long_retry = min(long_retry, (unsigned int)0xF);
3801 
3802  b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3803  short_retry);
3804  b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3805  long_retry);
3806 }
3807 
3808 static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3809 {
3810  struct b43_wl *wl = hw_to_b43_wl(hw);
3811  struct b43_wldev *dev;
3812  struct b43_phy *phy;
3813  struct ieee80211_conf *conf = &hw->conf;
3814  int antenna;
3815  int err = 0;
3816  bool reload_bss = false;
3817 
3818  mutex_lock(&wl->mutex);
3819 
3820  dev = wl->current_dev;
3821 
3822  /* Switch the band (if necessary). This might change the active core. */
3823  err = b43_switch_band(wl, conf->channel);
3824  if (err)
3825  goto out_unlock_mutex;
3826 
3827  /* Need to reload all settings if the core changed */
3828  if (dev != wl->current_dev) {
3829  dev = wl->current_dev;
3830  changed = ~0;
3831  reload_bss = true;
3832  }
3833 
3834  phy = &dev->phy;
3835 
3836  if (conf_is_ht(conf))
3837  phy->is_40mhz =
3838  (conf_is_ht40_minus(conf) || conf_is_ht40_plus(conf));
3839  else
3840  phy->is_40mhz = false;
3841 
3842  b43_mac_suspend(dev);
3843 
3844  if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
3845  b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
3846  conf->long_frame_max_tx_count);
3847  changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
3848  if (!changed)
3849  goto out_mac_enable;
3850 
3851  /* Switch to the requested channel.
3852  * The firmware takes care of races with the TX handler. */
3853  if (conf->channel->hw_value != phy->channel)
3854  b43_switch_channel(dev, conf->channel->hw_value);
3855 
3856  dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_MONITOR);
3857 
3858  /* Adjust the desired TX power level. */
3859  if (conf->power_level != 0) {
3860  if (conf->power_level != phy->desired_txpower) {
3861  phy->desired_txpower = conf->power_level;
3862  b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
3863  B43_TXPWR_IGNORE_TSSI);
3864  }
3865  }
3866 
3867  /* Antennas for RX and management frame TX. */
3868  antenna = B43_ANTENNA_DEFAULT;
3869  b43_mgmtframe_txantenna(dev, antenna);
3870  antenna = B43_ANTENNA_DEFAULT;
3871  if (phy->ops->set_rx_antenna)
3872  phy->ops->set_rx_antenna(dev, antenna);
3873 
3874  if (wl->radio_enabled != phy->radio_on) {
3875  if (wl->radio_enabled) {
3876  b43_software_rfkill(dev, false);
3877  b43info(dev->wl, "Radio turned on by software\n");
3878  if (!dev->radio_hw_enable) {
3879  b43info(dev->wl, "The hardware RF-kill button "
3880  "still turns the radio physically off. "
3881  "Press the button to turn it on.\n");
3882  }
3883  } else {
3884  b43_software_rfkill(dev, true);
3885  b43info(dev->wl, "Radio turned off by software\n");
3886  }
3887  }
3888 
3889 out_mac_enable:
3890  b43_mac_enable(dev);
3891 out_unlock_mutex:
3892  mutex_unlock(&wl->mutex);
3893 
3894  if (wl->vif && reload_bss)
3895  b43_op_bss_info_changed(hw, wl->vif, &wl->vif->bss_conf, ~0);
3896 
3897  return err;
3898 }
3899 
3900 static void b43_update_basic_rates(struct b43_wldev *dev, u32 brates)
3901 {
3902  struct ieee80211_supported_band *sband =
3903  dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
3904  struct ieee80211_rate *rate;
3905  int i;
3906  u16 basic, direct, offset, basic_offset, rateptr;
3907 
3908  for (i = 0; i < sband->n_bitrates; i++) {
3909  rate = &sband->bitrates[i];
3910 
3911  if (b43_is_cck_rate(rate->hw_value)) {
3912  direct = B43_SHM_SH_CCKDIRECT;
3913  basic = B43_SHM_SH_CCKBASIC;
3914  offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3915  offset &= 0xF;
3916  } else {
3917  direct = B43_SHM_SH_OFDMDIRECT;
3918  basic = B43_SHM_SH_OFDMBASIC;
3919  offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3920  offset &= 0xF;
3921  }
3922 
3923  rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
3924 
3925  if (b43_is_cck_rate(rate->hw_value)) {
3926  basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3927  basic_offset &= 0xF;
3928  } else {
3929  basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3930  basic_offset &= 0xF;
3931  }
3932 
3933  /*
3934  * Get the pointer that we need to point to
3935  * from the direct map
3936  */
3937  rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
3938  direct + 2 * basic_offset);
3939  /* and write it to the basic map */
3940  b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
3941  rateptr);
3942  }
3943 }
3944 
3945 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
3946  struct ieee80211_vif *vif,
3947  struct ieee80211_bss_conf *conf,
3948  u32 changed)
3949 {
3950  struct b43_wl *wl = hw_to_b43_wl(hw);
3951  struct b43_wldev *dev;
3952 
3953  mutex_lock(&wl->mutex);
3954 
3955  dev = wl->current_dev;
3956  if (!dev || b43_status(dev) < B43_STAT_STARTED)
3957  goto out_unlock_mutex;
3958 
3959  B43_WARN_ON(wl->vif != vif);
3960 
3961  if (changed & BSS_CHANGED_BSSID) {
3962  if (conf->bssid)
3963  memcpy(wl->bssid, conf->bssid, ETH_ALEN);
3964  else
3965  memset(wl->bssid, 0, ETH_ALEN);
3966  }
3967 
3968  if (b43_status(dev) >= B43_STAT_INITIALIZED) {
3969  if (changed & BSS_CHANGED_BEACON &&
3970  (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3971  b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
3972  b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
3973  b43_update_templates(wl);
3974 
3975  if (changed & BSS_CHANGED_BSSID)
3976  b43_write_mac_bssid_templates(dev);
3977  }
3978 
3979  b43_mac_suspend(dev);
3980 
3981  /* Update templates for AP/mesh mode. */
3982  if (changed & BSS_CHANGED_BEACON_INT &&
3983  (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3984  b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
3985  b43_is_mode(wl, NL80211_IFTYPE_ADHOC)) &&
3986  conf->beacon_int)
3987  b43_set_beacon_int(dev, conf->beacon_int);
3988 
3989  if (changed & BSS_CHANGED_BASIC_RATES)
3990  b43_update_basic_rates(dev, conf->basic_rates);
3991 
3992  if (changed & BSS_CHANGED_ERP_SLOT) {
3993  if (conf->use_short_slot)
3994  b43_short_slot_timing_enable(dev);
3995  else
3996  b43_short_slot_timing_disable(dev);
3997  }
3998 
3999  b43_mac_enable(dev);
4000 out_unlock_mutex:
4001  mutex_unlock(&wl->mutex);
4002 }
4003 
4004 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
4005  struct ieee80211_vif *vif, struct ieee80211_sta *sta,
4006  struct ieee80211_key_conf *key)
4007 {
4008  struct b43_wl *wl = hw_to_b43_wl(hw);
4009  struct b43_wldev *dev;
4010  u8 algorithm;
4011  u8 index;
4012  int err;
4013  static const u8 bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
4014 
4015  if (modparam_nohwcrypt)
4016  return -ENOSPC; /* User disabled HW-crypto */
4017 
4018  if ((vif->type == NL80211_IFTYPE_ADHOC ||
4019  vif->type == NL80211_IFTYPE_MESH_POINT) &&
4020  (key->cipher == WLAN_CIPHER_SUITE_TKIP ||
4021  key->cipher == WLAN_CIPHER_SUITE_CCMP) &&
4022  !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
4023  /*
4024  * For now, disable hw crypto for the RSN IBSS group keys. This
4025  * could be optimized in the future, but until that gets
4026  * implemented, use of software crypto for group addressed
4027  * frames is a acceptable to allow RSN IBSS to be used.
4028  */
4029  return -EOPNOTSUPP;
4030  }
4031 
4032  mutex_lock(&wl->mutex);
4033 
4034  dev = wl->current_dev;
4035  err = -ENODEV;
4036  if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
4037  goto out_unlock;
4038 
4039  if (dev->fw.pcm_request_failed || !dev->hwcrypto_enabled) {
4040  /* We don't have firmware for the crypto engine.
4041  * Must use software-crypto. */
4042  err = -EOPNOTSUPP;
4043  goto out_unlock;
4044  }
4045 
4046  err = -EINVAL;
4047  switch (key->cipher) {
4048  case WLAN_CIPHER_SUITE_WEP40:
4049  algorithm = B43_SEC_ALGO_WEP40;
4050  break;
4051  case WLAN_CIPHER_SUITE_WEP104:
4052  algorithm = B43_SEC_ALGO_WEP104;
4053  break;
4054  case WLAN_CIPHER_SUITE_TKIP:
4055  algorithm = B43_SEC_ALGO_TKIP;
4056  break;
4057  case WLAN_CIPHER_SUITE_CCMP:
4058  algorithm = B43_SEC_ALGO_AES;
4059  break;
4060  default:
4061  B43_WARN_ON(1);
4062  goto out_unlock;
4063  }
4064  index = (u8) (key->keyidx);
4065  if (index > 3)
4066  goto out_unlock;
4067 
4068  switch (cmd) {
4069  case SET_KEY:
4070  if (algorithm == B43_SEC_ALGO_TKIP &&
4071  (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE) ||
4072  !modparam_hwtkip)) {
4073  /* We support only pairwise key */
4074  err = -EOPNOTSUPP;
4075  goto out_unlock;
4076  }
4077 
4078  if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
4079  if (WARN_ON(!sta)) {
4080  err = -EOPNOTSUPP;
4081  goto out_unlock;
4082  }
4083  /* Pairwise key with an assigned MAC address. */
4084  err = b43_key_write(dev, -1, algorithm,
4085  key->key, key->keylen,
4086  sta->addr, key);
4087  } else {
4088  /* Group key */
4089  err = b43_key_write(dev, index, algorithm,
4090  key->key, key->keylen, NULL, key);
4091  }
4092  if (err)
4093  goto out_unlock;
4094 
4095  if (algorithm == B43_SEC_ALGO_WEP40 ||
4096  algorithm == B43_SEC_ALGO_WEP104) {
4097  b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
4098  } else {
4099  b43_hf_write(dev,
4100  b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
4101  }
4102  key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
4103  if (algorithm == B43_SEC_ALGO_TKIP)
4104  key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
4105  break;
4106  case DISABLE_KEY: {
4107  err = b43_key_clear(dev, key->hw_key_idx);
4108  if (err)
4109  goto out_unlock;
4110  break;
4111  }
4112  default:
4113  B43_WARN_ON(1);
4114  }
4115 
4116 out_unlock:
4117  if (!err) {
4118  b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
4119  "mac: %pM\n",
4120  cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
4121  sta ? sta->addr : bcast_addr);
4122  b43_dump_keymemory(dev);
4123  }
4124  mutex_unlock(&wl->mutex);
4125 
4126  return err;
4127 }
4128 
4129 static void b43_op_configure_filter(struct ieee80211_hw *hw,
4130  unsigned int changed, unsigned int *fflags,
4131  u64 multicast)
4132 {
4133  struct b43_wl *wl = hw_to_b43_wl(hw);
4134  struct b43_wldev *dev;
4135 
4136  mutex_lock(&wl->mutex);
4137  dev = wl->current_dev;
4138  if (!dev) {
4139  *fflags = 0;
4140  goto out_unlock;
4141  }
4142 
4143  *fflags &= FIF_PROMISC_IN_BSS |
4144  FIF_ALLMULTI |
4145  FIF_FCSFAIL |
4146  FIF_PLCPFAIL |
4147  FIF_CONTROL |
4148  FIF_OTHER_BSS |
4149  FIF_BCN_PRBRESP_PROMISC;
4150 
4151  changed &= FIF_PROMISC_IN_BSS |
4152  FIF_ALLMULTI |
4153  FIF_FCSFAIL |
4154  FIF_PLCPFAIL |
4155  FIF_CONTROL |
4156  FIF_OTHER_BSS |
4157  FIF_BCN_PRBRESP_PROMISC;
4158 
4159  wl->filter_flags = *fflags;
4160 
4161  if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
4162  b43_adjust_opmode(dev);
4163 
4164 out_unlock:
4165  mutex_unlock(&wl->mutex);
4166 }
4167 
4168 /* Locking: wl->mutex
4169  * Returns the current dev. This might be different from the passed in dev,
4170  * because the core might be gone away while we unlocked the mutex. */
4171 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev)
4172 {
4173  struct b43_wl *wl;
4174  struct b43_wldev *orig_dev;
4175  u32 mask;
4176  int queue_num;
4177 
4178  if (!dev)
4179  return NULL;
4180  wl = dev->wl;
4181 redo:
4182  if (!dev || b43_status(dev) < B43_STAT_STARTED)
4183  return dev;
4184 
4185  /* Cancel work. Unlock to avoid deadlocks. */
4186  mutex_unlock(&wl->mutex);
4187  cancel_delayed_work_sync(&dev->periodic_work);
4188  cancel_work_sync(&wl->tx_work);
4189  cancel_work_sync(&wl->firmware_load);
4190  mutex_lock(&wl->mutex);
4191  dev = wl->current_dev;
4192  if (!dev || b43_status(dev) < B43_STAT_STARTED) {
4193  /* Whoops, aliens ate up the device while we were unlocked. */
4194  return dev;
4195  }
4196 
4197  /* Disable interrupts on the device. */
4198  b43_set_status(dev, B43_STAT_INITIALIZED);
4199  if (b43_bus_host_is_sdio(dev->dev)) {
4200  /* wl->mutex is locked. That is enough. */
4201  b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4202  b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4203  } else {
4204  spin_lock_irq(&wl->hardirq_lock);
4205  b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4206  b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4207  spin_unlock_irq(&wl->hardirq_lock);
4208  }
4209  /* Synchronize and free the interrupt handlers. Unlock to avoid deadlocks. */
4210  orig_dev = dev;
4211  mutex_unlock(&wl->mutex);
4212  if (b43_bus_host_is_sdio(dev->dev)) {
4213  b43_sdio_free_irq(dev);
4214  } else {
4215  synchronize_irq(dev->dev->irq);
4216  free_irq(dev->dev->irq, dev);
4217  }
4218  mutex_lock(&wl->mutex);
4219  dev = wl->current_dev;
4220  if (!dev)
4221  return dev;
4222  if (dev != orig_dev) {
4223  if (b43_status(dev) >= B43_STAT_STARTED)
4224  goto redo;
4225  return dev;
4226  }
4227  mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
4228  B43_WARN_ON(mask != 0xFFFFFFFF && mask);
4229 
4230  /* Drain all TX queues. */
4231  for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
4232  while (skb_queue_len(&wl->tx_queue[queue_num]))
4233  dev_kfree_skb(skb_dequeue(&wl->tx_queue[queue_num]));
4234  }
4235 
4236  b43_mac_suspend(dev);
4237  b43_leds_exit(dev);
4238  b43dbg(wl, "Wireless interface stopped\n");
4239 
4240  return dev;
4241 }
4242 
4243 /* Locking: wl->mutex */
4244 static int b43_wireless_core_start(struct b43_wldev *dev)
4245 {
4246  int err;
4247 
4248  B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
4249 
4250  drain_txstatus_queue(dev);
4251  if (b43_bus_host_is_sdio(dev->dev)) {
4252  err = b43_sdio_request_irq(dev, b43_sdio_interrupt_handler);
4253  if (err) {
4254  b43err(dev->wl, "Cannot request SDIO IRQ\n");
4255  goto out;
4256  }
4257  } else {
4258  err = request_threaded_irq(dev->dev->irq, b43_interrupt_handler,
4259  b43_interrupt_thread_handler,
4260  IRQF_SHARED, KBUILD_MODNAME, dev);
4261  if (err) {
4262  b43err(dev->wl, "Cannot request IRQ-%d\n",
4263  dev->dev->irq);
4264  goto out;
4265  }
4266  }
4267 
4268  /* We are ready to run. */
4269  ieee80211_wake_queues(dev->wl->hw);
4270  b43_set_status(dev, B43_STAT_STARTED);
4271 
4272  /* Start data flow (TX/RX). */
4273  b43_mac_enable(dev);
4274  b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
4275 
4276  /* Start maintenance work */
4277  b43_periodic_tasks_setup(dev);
4278 
4279  b43_leds_init(dev);
4280 
4281  b43dbg(dev->wl, "Wireless interface started\n");
4282 out:
4283  return err;
4284 }
4285 
4286 static char *b43_phy_name(struct b43_wldev *dev, u8 phy_type)
4287 {
4288  switch (phy_type) {
4289  case B43_PHYTYPE_A:
4290  return "A";
4291  case B43_PHYTYPE_B:
4292  return "B";
4293  case B43_PHYTYPE_G:
4294  return "G";
4295  case B43_PHYTYPE_N:
4296  return "N";
4297  case B43_PHYTYPE_LP:
4298  return "LP";
4299  case B43_PHYTYPE_SSLPN:
4300  return "SSLPN";
4301  case B43_PHYTYPE_HT:
4302  return "HT";
4303  case B43_PHYTYPE_LCN:
4304  return "LCN";
4305  case B43_PHYTYPE_LCNXN:
4306  return "LCNXN";
4307  case B43_PHYTYPE_LCN40:
4308  return "LCN40";
4309  case B43_PHYTYPE_AC:
4310  return "AC";
4311  }
4312  return "UNKNOWN";
4313 }
4314 
4315 /* Get PHY and RADIO versioning numbers */
4316 static int b43_phy_versioning(struct b43_wldev *dev)
4317 {
4318  struct b43_phy *phy = &dev->phy;
4319  u32 tmp;
4320  u8 analog_type;
4321  u8 phy_type;
4322  u8 phy_rev;
4323  u16 radio_manuf;
4324  u16 radio_ver;
4325  u16 radio_rev;
4326  int unsupported = 0;
4327 
4328  /* Get PHY versioning */
4329  tmp = b43_read16(dev, B43_MMIO_PHY_VER);
4330  analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
4331  phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
4332  phy_rev = (tmp & B43_PHYVER_VERSION);
4333  switch (phy_type) {
4334  case B43_PHYTYPE_A:
4335  if (phy_rev >= 4)
4336  unsupported = 1;
4337  break;
4338  case B43_PHYTYPE_B:
4339  if (phy_rev != 2 && phy_rev != 4 && phy_rev != 6
4340  && phy_rev != 7)
4341  unsupported = 1;
4342  break;
4343  case B43_PHYTYPE_G:
4344  if (phy_rev > 9)
4345  unsupported = 1;
4346  break;
4347 #ifdef CONFIG_B43_PHY_N
4348  case B43_PHYTYPE_N:
4349  if (phy_rev > 9)
4350  unsupported = 1;
4351  break;
4352 #endif
4353 #ifdef CONFIG_B43_PHY_LP
4354  case B43_PHYTYPE_LP:
4355  if (phy_rev > 2)
4356  unsupported = 1;
4357  break;
4358 #endif
4359 #ifdef CONFIG_B43_PHY_HT
4360  case B43_PHYTYPE_HT:
4361  if (phy_rev > 1)
4362  unsupported = 1;
4363  break;
4364 #endif
4365 #ifdef CONFIG_B43_PHY_LCN
4366  case B43_PHYTYPE_LCN:
4367  if (phy_rev > 1)
4368  unsupported = 1;
4369  break;
4370 #endif
4371  default:
4372  unsupported = 1;
4373  }
4374  if (unsupported) {
4375  b43err(dev->wl, "FOUND UNSUPPORTED PHY (Analog %u, Type %d (%s), Revision %u)\n",
4376  analog_type, phy_type, b43_phy_name(dev, phy_type),
4377  phy_rev);
4378  return -EOPNOTSUPP;
4379  }
4380  b43info(dev->wl, "Found PHY: Analog %u, Type %d (%s), Revision %u\n",
4381  analog_type, phy_type, b43_phy_name(dev, phy_type), phy_rev);
4382 
4383  /* Get RADIO versioning */
4384  if (dev->dev->core_rev >= 24) {
4385  u16 radio24[3];
4386 
4387  for (tmp = 0; tmp < 3; tmp++) {
4388  b43_write16(dev, B43_MMIO_RADIO24_CONTROL, tmp);
4389  radio24[tmp] = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4390  }
4391 
4392  /* Broadcom uses "id" for our "ver" and has separated "ver" */
4393  /* radio_ver = (radio24[0] & 0xF0) >> 4; */
4394 
4395  radio_manuf = 0x17F;
4396  radio_ver = (radio24[2] << 8) | radio24[1];
4397  radio_rev = (radio24[0] & 0xF);
4398  } else {
4399  if (dev->dev->chip_id == 0x4317) {
4400  if (dev->dev->chip_rev == 0)
4401  tmp = 0x3205017F;
4402  else if (dev->dev->chip_rev == 1)
4403  tmp = 0x4205017F;
4404  else
4405  tmp = 0x5205017F;
4406  } else {
4407  b43_write16(dev, B43_MMIO_RADIO_CONTROL,
4408  B43_RADIOCTL_ID);
4409  tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
4410  b43_write16(dev, B43_MMIO_RADIO_CONTROL,
4411  B43_RADIOCTL_ID);
4412  tmp |= (u32)b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH)
4413  << 16;
4414  }
4415  radio_manuf = (tmp & 0x00000FFF);
4416  radio_ver = (tmp & 0x0FFFF000) >> 12;
4417  radio_rev = (tmp & 0xF0000000) >> 28;
4418  }
4419 
4420  if (radio_manuf != 0x17F /* Broadcom */)
4421  unsupported = 1;
4422  switch (phy_type) {
4423  case B43_PHYTYPE_A:
4424  if (radio_ver != 0x2060)
4425  unsupported = 1;
4426  if (radio_rev != 1)
4427  unsupported = 1;
4428  if (radio_manuf != 0x17F)
4429  unsupported = 1;
4430  break;
4431  case B43_PHYTYPE_B:
4432  if ((radio_ver & 0xFFF0) != 0x2050)
4433  unsupported = 1;
4434  break;
4435  case B43_PHYTYPE_G:
4436  if (radio_ver != 0x2050)
4437  unsupported = 1;
4438  break;
4439  case B43_PHYTYPE_N:
4440  if (radio_ver != 0x2055 && radio_ver != 0x2056)
4441  unsupported = 1;
4442  break;
4443  case B43_PHYTYPE_LP:
4444  if (radio_ver != 0x2062 && radio_ver != 0x2063)
4445  unsupported = 1;
4446  break;
4447  case B43_PHYTYPE_HT:
4448  if (radio_ver != 0x2059)
4449  unsupported = 1;
4450  break;
4451  case B43_PHYTYPE_LCN:
4452  if (radio_ver != 0x2064)
4453  unsupported = 1;
4454  break;
4455  default:
4456  B43_WARN_ON(1);
4457  }
4458  if (unsupported) {
4459  b43err(dev->wl, "FOUND UNSUPPORTED RADIO "
4460  "(Manuf 0x%X, Version 0x%X, Revision %u)\n",
4461  radio_manuf, radio_ver, radio_rev);
4462  return -EOPNOTSUPP;
4463  }
4464  b43dbg(dev->wl, "Found Radio: Manuf 0x%X, Version 0x%X, Revision %u\n",
4465  radio_manuf, radio_ver, radio_rev);
4466 
4467  phy->radio_manuf = radio_manuf;
4468  phy->radio_ver = radio_ver;
4469  phy->radio_rev = radio_rev;
4470 
4471  phy->analog = analog_type;
4472  phy->type = phy_type;
4473  phy->rev = phy_rev;
4474 
4475  return 0;
4476 }
4477 
4478 static void setup_struct_phy_for_init(struct b43_wldev *dev,
4479  struct b43_phy *phy)
4480 {
4481  phy->hardware_power_control = !!modparam_hwpctl;
4482  phy->next_txpwr_check_time = jiffies;
4483  /* PHY TX errors counter. */
4484  atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
4485 
4486 #if B43_DEBUG
4487  phy->phy_locked = false;
4488  phy->radio_locked = false;
4489 #endif
4490 }
4491 
4492 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
4493 {
4494  dev->dfq_valid = false;
4495 
4496  /* Assume the radio is enabled. If it's not enabled, the state will
4497  * immediately get fixed on the first periodic work run. */
4498  dev->radio_hw_enable = true;
4499 
4500  /* Stats */
4501  memset(&dev->stats, 0, sizeof(dev->stats));
4502 
4503  setup_struct_phy_for_init(dev, &dev->phy);
4504 
4505  /* IRQ related flags */
4506  dev->irq_reason = 0;
4507  memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
4508  dev->irq_mask = B43_IRQ_MASKTEMPLATE;
4509  if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
4510  dev->irq_mask &= ~B43_IRQ_PHY_TXERR;
4511 
4512  dev->mac_suspended = 1;
4513 
4514  /* Noise calculation context */
4515  memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
4516 }
4517 
4518 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
4519 {
4520  struct ssb_sprom *sprom = dev->dev->bus_sprom;
4521  u64 hf;
4522 
4523  if (!modparam_btcoex)
4524  return;
4525  if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
4526  return;
4527  if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
4528  return;
4529 
4530  hf = b43_hf_read(dev);
4531  if (sprom->boardflags_lo & B43_BFL_BTCMOD)
4532  hf |= B43_HF_BTCOEXALT;
4533  else
4534  hf |= B43_HF_BTCOEX;
4535  b43_hf_write(dev, hf);
4536 }
4537 
4538 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
4539 {
4540  if (!modparam_btcoex)
4541  return;
4542  //TODO
4543 }
4544 
4545 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
4546 {
4547  struct ssb_bus *bus;
4548  u32 tmp;
4549 
4550  if (dev->dev->bus_type != B43_BUS_SSB)
4551  return;
4552 
4553  bus = dev->dev->sdev->bus;
4554 
4555  if ((bus->chip_id == 0x4311 && bus->chip_rev == 2) ||
4556  (bus->chip_id == 0x4312)) {
4557  tmp = ssb_read32(dev->dev->sdev, SSB_IMCFGLO);
4558  tmp &= ~SSB_IMCFGLO_REQTO;
4559  tmp &= ~SSB_IMCFGLO_SERTO;
4560  tmp |= 0x3;
4561  ssb_write32(dev->dev->sdev, SSB_IMCFGLO, tmp);
4562  ssb_commit_settings(bus);
4563  }
4564 }
4565 
4566 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
4567 {
4568  u16 pu_delay;
4569 
4570  /* The time value is in microseconds. */
4571  if (dev->phy.type == B43_PHYTYPE_A)
4572  pu_delay = 3700;
4573  else
4574  pu_delay = 1050;
4575  if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
4576  pu_delay = 500;
4577  if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
4578  pu_delay = max(pu_delay, (u16)2400);
4579 
4580  b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
4581 }
4582 
4583 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
4584 static void b43_set_pretbtt(struct b43_wldev *dev)
4585 {
4586  u16 pretbtt;
4587 
4588  /* The time value is in microseconds. */
4589  if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC)) {
4590  pretbtt = 2;
4591  } else {
4592  if (dev->phy.type == B43_PHYTYPE_A)
4593  pretbtt = 120;
4594  else
4595  pretbtt = 250;
4596  }
4597  b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
4598  b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
4599 }
4600 
4601 /* Shutdown a wireless core */
4602 /* Locking: wl->mutex */
4603 static void b43_wireless_core_exit(struct b43_wldev *dev)
4604 {
4605  B43_WARN_ON(dev && b43_status(dev) > B43_STAT_INITIALIZED);
4606  if (!dev || b43_status(dev) != B43_STAT_INITIALIZED)
4607  return;
4608 
4609  /* Unregister HW RNG driver */
4610  b43_rng_exit(dev->wl);
4611 
4612  b43_set_status(dev, B43_STAT_UNINIT);
4613 
4614  /* Stop the microcode PSM. */
4615  b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
4616  B43_MACCTL_PSM_JMP0);
4617 
4618  b43_dma_free(dev);
4619  b43_pio_free(dev);
4620  b43_chip_exit(dev);
4621  dev->phy.ops->switch_analog(dev, 0);
4622  if (dev->wl->current_beacon) {
4623  dev_kfree_skb_any(dev->wl->current_beacon);
4624  dev->wl->current_beacon = NULL;
4625  }
4626 
4627  b43_device_disable(dev, 0);
4628  b43_bus_may_powerdown(dev);
4629 }
4630 
4631 /* Initialize a wireless core */
4632 static int b43_wireless_core_init(struct b43_wldev *dev)
4633 {
4634  struct ssb_sprom *sprom = dev->dev->bus_sprom;
4635  struct b43_phy *phy = &dev->phy;
4636  int err;
4637  u64 hf;
4638 
4639  B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4640 
4641  err = b43_bus_powerup(dev, 0);
4642  if (err)
4643  goto out;
4644  if (!b43_device_is_enabled(dev))
4645  b43_wireless_core_reset(dev, phy->gmode);
4646 
4647  /* Reset all data structures. */
4648  setup_struct_wldev_for_init(dev);
4649  phy->ops->prepare_structs(dev);
4650 
4651  /* Enable IRQ routing to this device. */
4652  switch (dev->dev->bus_type) {
4653 #ifdef CONFIG_B43_BCMA
4654  case B43_BUS_BCMA:
4655  bcma_core_pci_irq_ctl(&dev->dev->bdev->bus->drv_pci,
4656  dev->dev->bdev, true);
4657  break;
4658 #endif
4659 #ifdef CONFIG_B43_SSB
4660  case B43_BUS_SSB:
4661  ssb_pcicore_dev_irqvecs_enable(&dev->dev->sdev->bus->pcicore,
4662  dev->dev->sdev);
4663  break;
4664 #endif
4665  }
4666 
4667  b43_imcfglo_timeouts_workaround(dev);
4668  b43_bluetooth_coext_disable(dev);
4669  if (phy->ops->prepare_hardware) {
4670  err = phy->ops->prepare_hardware(dev);
4671  if (err)
4672  goto err_busdown;
4673  }
4674  err = b43_chip_init(dev);
4675  if (err)
4676  goto err_busdown;
4677  b43_shm_write16(dev, B43_SHM_SHARED,
4678  B43_SHM_SH_WLCOREREV, dev->dev->core_rev);
4679  hf = b43_hf_read(dev);
4680  if (phy->type == B43_PHYTYPE_G) {
4681  hf |= B43_HF_SYMW;
4682  if (phy->rev == 1)
4683  hf |= B43_HF_GDCW;
4684  if (sprom->boardflags_lo & B43_BFL_PACTRL)
4685  hf |= B43_HF_OFDMPABOOST;
4686  }
4687  if (phy->radio_ver == 0x2050) {
4688  if (phy->radio_rev == 6)
4689  hf |= B43_HF_4318TSSI;
4690  if (phy->radio_rev < 6)
4691  hf |= B43_HF_VCORECALC;
4692  }
4693  if (sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW)
4694  hf |= B43_HF_DSCRQ; /* Disable slowclock requests from ucode. */
4695 #ifdef CONFIG_SSB_DRIVER_PCICORE
4696  if (dev->dev->bus_type == B43_BUS_SSB &&
4697  dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI &&
4698  dev->dev->sdev->bus->pcicore.dev->id.revision <= 10)
4699  hf |= B43_HF_PCISCW; /* PCI slow clock workaround. */
4700 #endif
4701  hf &= ~B43_HF_SKCFPUP;
4702  b43_hf_write(dev, hf);
4703 
4704  b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4705  B43_DEFAULT_LONG_RETRY_LIMIT);
4706  b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4707  b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4708 
4709  /* Disable sending probe responses from firmware.
4710  * Setting the MaxTime to one usec will always trigger
4711  * a timeout, so we never send any probe resp.
4712  * A timeout of zero is infinite. */
4713  b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4714 
4715  b43_rate_memory_init(dev);
4716  b43_set_phytxctl_defaults(dev);
4717 
4718  /* Minimum Contention Window */
4719  if (phy->type == B43_PHYTYPE_B)
4720  b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4721  else
4722  b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4723  /* Maximum Contention Window */
4724  b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4725 
4726  if (b43_bus_host_is_pcmcia(dev->dev) ||
4727  b43_bus_host_is_sdio(dev->dev)) {
4728  dev->__using_pio_transfers = true;
4729  err = b43_pio_init(dev);
4730  } else if (dev->use_pio) {
4731  b43warn(dev->wl, "Forced PIO by use_pio module parameter. "
4732  "This should not be needed and will result in lower "
4733  "performance.\n");
4734  dev->__using_pio_transfers = true;
4735  err = b43_pio_init(dev);
4736  } else {
4737  dev->__using_pio_transfers = false;
4738  err = b43_dma_init(dev);
4739  }
4740  if (err)
4741  goto err_chip_exit;
4742  b43_qos_init(dev);
4743  b43_set_synth_pu_delay(dev, 1);
4744  b43_bluetooth_coext_enable(dev);
4745 
4746  b43_bus_powerup(dev, !(sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW));
4747  b43_upload_card_macaddress(dev);
4748  b43_security_init(dev);
4749 
4750  ieee80211_wake_queues(dev->wl->hw);
4751 
4752  b43_set_status(dev, B43_STAT_INITIALIZED);
4753 
4754  /* Register HW RNG driver */
4755  b43_rng_init(dev->wl);
4756 
4757 out:
4758  return err;
4759 
4760 err_chip_exit:
4761  b43_chip_exit(dev);
4762 err_busdown:
4763  b43_bus_may_powerdown(dev);
4764  B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4765  return err;
4766 }
4767 
4768 static int b43_op_add_interface(struct ieee80211_hw *hw,
4769  struct ieee80211_vif *vif)
4770 {
4771  struct b43_wl *wl = hw_to_b43_wl(hw);
4772  struct b43_wldev *dev;
4773  int err = -EOPNOTSUPP;
4774 
4775  /* TODO: allow WDS/AP devices to coexist */
4776 
4777  if (vif->type != NL80211_IFTYPE_AP &&
4778  vif->type != NL80211_IFTYPE_MESH_POINT &&
4779  vif->type != NL80211_IFTYPE_STATION &&
4780  vif->type != NL80211_IFTYPE_WDS &&
4781  vif->type != NL80211_IFTYPE_ADHOC)
4782  return -EOPNOTSUPP;
4783 
4784  mutex_lock(&wl->mutex);
4785  if (wl->operating)
4786  goto out_mutex_unlock;
4787 
4788  b43dbg(wl, "Adding Interface type %d\n", vif->type);
4789 
4790  dev = wl->current_dev;
4791  wl->operating = true;
4792  wl->vif = vif;
4793  wl->if_type = vif->type;
4794  memcpy(wl->mac_addr, vif->addr, ETH_ALEN);
4795 
4796  b43_adjust_opmode(dev);
4797  b43_set_pretbtt(dev);
4798  b43_set_synth_pu_delay(dev, 0);
4799  b43_upload_card_macaddress(dev);
4800 
4801  err = 0;
4802  out_mutex_unlock:
4803  mutex_unlock(&wl->mutex);
4804 
4805  if (err == 0)
4806  b43_op_bss_info_changed(hw, vif, &vif->bss_conf, ~0);
4807 
4808  return err;
4809 }
4810 
4811 static void b43_op_remove_interface(struct ieee80211_hw *hw,
4812  struct ieee80211_vif *vif)
4813 {
4814  struct b43_wl *wl = hw_to_b43_wl(hw);
4815  struct b43_wldev *dev = wl->current_dev;
4816 
4817  b43dbg(wl, "Removing Interface type %d\n", vif->type);
4818 
4819  mutex_lock(&wl->mutex);
4820 
4821  B43_WARN_ON(!wl->operating);
4822  B43_WARN_ON(wl->vif != vif);
4823  wl->vif = NULL;
4824 
4825  wl->operating = false;
4826 
4827  b43_adjust_opmode(dev);
4828  memset(wl->mac_addr, 0, ETH_ALEN);
4829  b43_upload_card_macaddress(dev);
4830 
4831  mutex_unlock(&wl->mutex);
4832 }
4833 
4834 static int b43_op_start(struct ieee80211_hw *hw)
4835 {
4836  struct b43_wl *wl = hw_to_b43_wl(hw);
4837  struct b43_wldev *dev = wl->current_dev;
4838  int did_init = 0;
4839  int err = 0;
4840 
4841  /* Kill all old instance specific information to make sure
4842  * the card won't use it in the short timeframe between start
4843  * and mac80211 reconfiguring it. */
4844  memset(wl->bssid, 0, ETH_ALEN);
4845  memset(wl->mac_addr, 0, ETH_ALEN);
4846  wl->filter_flags = 0;
4847  wl->radiotap_enabled = false;
4848  b43_qos_clear(wl);
4849  wl->beacon0_uploaded = false;
4850  wl->beacon1_uploaded = false;
4851  wl->beacon_templates_virgin = true;
4852  wl->radio_enabled = true;
4853 
4854  mutex_lock(&wl->mutex);
4855 
4856  if (b43_status(dev) < B43_STAT_INITIALIZED) {
4857  err = b43_wireless_core_init(dev);
4858  if (err)
4859  goto out_mutex_unlock;
4860  did_init = 1;
4861  }
4862 
4863  if (b43_status(dev) < B43_STAT_STARTED) {
4864  err = b43_wireless_core_start(dev);
4865  if (err) {
4866  if (did_init)
4867  b43_wireless_core_exit(dev);
4868  goto out_mutex_unlock;
4869  }
4870  }
4871 
4872  /* XXX: only do if device doesn't support rfkill irq */
4873  wiphy_rfkill_start_polling(hw->wiphy);
4874 
4875  out_mutex_unlock:
4876  mutex_unlock(&wl->mutex);
4877 
4878  /*
4879  * Configuration may have been overwritten during initialization.
4880  * Reload the configuration, but only if initialization was
4881  * successful. Reloading the configuration after a failed init
4882  * may hang the system.
4883  */
4884  if (!err)
4885  b43_op_config(hw, ~0);
4886 
4887  return err;
4888 }
4889 
4890 static void b43_op_stop(struct ieee80211_hw *hw)
4891 {
4892  struct b43_wl *wl = hw_to_b43_wl(hw);
4893  struct b43_wldev *dev = wl->current_dev;
4894 
4895  cancel_work_sync(&(wl->beacon_update_trigger));
4896 
4897  if (!dev)
4898  goto out;
4899 
4900  mutex_lock(&wl->mutex);
4901  if (b43_status(dev) >= B43_STAT_STARTED) {
4902  dev = b43_wireless_core_stop(dev);
4903  if (!dev)
4904  goto out_unlock;
4905  }
4906  b43_wireless_core_exit(dev);
4907  wl->radio_enabled = false;
4908 
4909 out_unlock:
4910  mutex_unlock(&wl->mutex);
4911 out:
4912  cancel_work_sync(&(wl->txpower_adjust_work));
4913 }
4914 
4915 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
4916  struct ieee80211_sta *sta, bool set)
4917 {
4918  struct b43_wl *wl = hw_to_b43_wl(hw);
4919 
4920  /* FIXME: add locking */
4921  b43_update_templates(wl);
4922 
4923  return 0;
4924 }
4925 
4926 static void b43_op_sta_notify(struct ieee80211_hw *hw,
4927  struct ieee80211_vif *vif,
4928  enum sta_notify_cmd notify_cmd,
4929  struct ieee80211_sta *sta)
4930 {
4931  struct b43_wl *wl = hw_to_b43_wl(hw);
4932 
4933  B43_WARN_ON(!vif || wl->vif != vif);
4934 }
4935 
4936 static void b43_op_sw_scan_start_notifier(struct ieee80211_hw *hw)
4937 {
4938  struct b43_wl *wl = hw_to_b43_wl(hw);
4939  struct b43_wldev *dev;
4940 
4941  mutex_lock(&wl->mutex);
4942  dev = wl->current_dev;
4943  if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4944  /* Disable CFP update during scan on other channels. */
4945  b43_hf_write(dev, b43_hf_read(dev) | B43_HF_SKCFPUP);
4946  }
4947  mutex_unlock(&wl->mutex);
4948 }
4949 
4950 static void b43_op_sw_scan_complete_notifier(struct ieee80211_hw *hw)
4951 {
4952  struct b43_wl *wl = hw_to_b43_wl(hw);
4953  struct b43_wldev *dev;
4954 
4955  mutex_lock(&wl->mutex);
4956  dev = wl->current_dev;
4957  if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4958  /* Re-enable CFP update. */
4959  b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_SKCFPUP);
4960  }
4961  mutex_unlock(&wl->mutex);
4962 }
4963 
4964 static int b43_op_get_survey(struct ieee80211_hw *hw, int idx,
4965  struct survey_info *survey)
4966 {
4967  struct b43_wl *wl = hw_to_b43_wl(hw);
4968  struct b43_wldev *dev = wl->current_dev;
4969  struct ieee80211_conf *conf = &hw->conf;
4970 
4971  if (idx != 0)
4972  return -ENOENT;
4973 
4974  survey->channel = conf->channel;
4975  survey->filled = SURVEY_INFO_NOISE_DBM;
4976  survey->noise = dev->stats.link_noise;
4977 
4978  return 0;
4979 }
4980 
4981 static const struct ieee80211_ops b43_hw_ops = {
4982  .tx = b43_op_tx,
4983  .conf_tx = b43_op_conf_tx,
4984  .add_interface = b43_op_add_interface,
4985  .remove_interface = b43_op_remove_interface,
4986  .config = b43_op_config,
4987  .bss_info_changed = b43_op_bss_info_changed,
4988  .configure_filter = b43_op_configure_filter,
4989  .set_key = b43_op_set_key,
4990  .update_tkip_key = b43_op_update_tkip_key,
4991  .get_stats = b43_op_get_stats,
4992  .get_tsf = b43_op_get_tsf,
4993  .set_tsf = b43_op_set_tsf,
4994  .start = b43_op_start,
4995  .stop = b43_op_stop,
4996  .set_tim = b43_op_beacon_set_tim,
4997  .sta_notify = b43_op_sta_notify,
4998  .sw_scan_start = b43_op_sw_scan_start_notifier,
4999  .sw_scan_complete = b43_op_sw_scan_complete_notifier,
5000  .get_survey = b43_op_get_survey,
5001  .rfkill_poll = b43_rfkill_poll,
5002 };
5003 
5004 /* Hard-reset the chip. Do not call this directly.
5005  * Use b43_controller_restart()
5006  */
5007 static void b43_chip_reset(struct work_struct *work)
5008 {
5009  struct b43_wldev *dev =
5010  container_of(work, struct b43_wldev, restart_work);
5011  struct b43_wl *wl = dev->wl;
5012  int err = 0;
5013  int prev_status;
5014 
5015  mutex_lock(&wl->mutex);
5016 
5017  prev_status = b43_status(dev);
5018  /* Bring the device down... */
5019  if (prev_status >= B43_STAT_STARTED) {
5020  dev = b43_wireless_core_stop(dev);
5021  if (!dev) {
5022  err = -ENODEV;
5023  goto out;
5024  }
5025  }
5026  if (prev_status >= B43_STAT_INITIALIZED)
5027  b43_wireless_core_exit(dev);
5028 
5029  /* ...and up again. */
5030  if (prev_status >= B43_STAT_INITIALIZED) {
5031  err = b43_wireless_core_init(dev);
5032  if (err)
5033  goto out;
5034  }
5035  if (prev_status >= B43_STAT_STARTED) {
5036  err = b43_wireless_core_start(dev);
5037  if (err) {
5038  b43_wireless_core_exit(dev);
5039  goto out;
5040  }
5041  }
5042 out:
5043  if (err)
5044  wl->current_dev = NULL; /* Failed to init the dev. */
5045  mutex_unlock(&wl->mutex);
5046 
5047  if (err) {
5048  b43err(wl, "Controller restart FAILED\n");
5049  return;
5050  }
5051 
5052  /* reload configuration */
5053  b43_op_config(wl->hw, ~0);
5054  if (wl->vif)
5055  b43_op_bss_info_changed(wl->hw, wl->vif, &wl->vif->bss_conf, ~0);
5056 
5057  b43info(wl, "Controller restarted\n");
5058 }
5059 
5060 static int b43_setup_bands(struct b43_wldev *dev,
5061  bool have_2ghz_phy, bool have_5ghz_phy)
5062 {
5063  struct ieee80211_hw *hw = dev->wl->hw;
5064 
5065  if (have_2ghz_phy)
5066  hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &b43_band_2GHz;
5067  if (dev->phy.type == B43_PHYTYPE_N) {
5068  if (have_5ghz_phy)
5069  hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_nphy;
5070  } else {
5071  if (have_5ghz_phy)
5072  hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
5073  }
5074 
5075  dev->phy.supports_2ghz = have_2ghz_phy;
5076  dev->phy.supports_5ghz = have_5ghz_phy;
5077 
5078  return 0;
5079 }
5080 
5081 static void b43_wireless_core_detach(struct b43_wldev *dev)
5082 {
5083  /* We release firmware that late to not be required to re-request
5084  * is all the time when we reinit the core. */
5085  b43_release_firmware(dev);
5086  b43_phy_free(dev);
5087 }
5088 
5089 static int b43_wireless_core_attach(struct b43_wldev *dev)
5090 {
5091  struct b43_wl *wl = dev->wl;
5092  struct pci_dev *pdev = NULL;
5093  int err;
5094  u32 tmp;
5095  bool have_2ghz_phy = false, have_5ghz_phy = false;
5096 
5097  /* Do NOT do any device initialization here.
5098  * Do it in wireless_core_init() instead.
5099  * This function is for gathering basic information about the HW, only.
5100  * Also some structs may be set up here. But most likely you want to have
5101  * that in core_init(), too.
5102  */
5103 
5104 #ifdef CONFIG_B43_SSB
5105  if (dev->dev->bus_type == B43_BUS_SSB &&
5106  dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI)
5107  pdev = dev->dev->sdev->bus->host_pci;
5108 #endif
5109 
5110  err = b43_bus_powerup(dev, 0);
5111  if (err) {
5112  b43err(wl, "Bus powerup failed\n");
5113  goto out;
5114  }
5115 
5116  /* Get the PHY type. */
5117  switch (dev->dev->bus_type) {
5118 #ifdef CONFIG_B43_BCMA
5119  case B43_BUS_BCMA:
5120  tmp = bcma_aread32(dev->dev->bdev, BCMA_IOST);
5121  have_2ghz_phy = !!(tmp & B43_BCMA_IOST_2G_PHY);
5122  have_5ghz_phy = !!(tmp & B43_BCMA_IOST_5G_PHY);
5123  break;
5124 #endif
5125 #ifdef CONFIG_B43_SSB
5126  case B43_BUS_SSB:
5127  if (dev->dev->core_rev >= 5) {
5128  tmp = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
5129  have_2ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_2GHZ_PHY);
5130  have_5ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_5GHZ_PHY);
5131  } else
5132  B43_WARN_ON(1);
5133  break;
5134 #endif
5135  }
5136 
5137  dev->phy.gmode = have_2ghz_phy;
5138  dev->phy.radio_on = true;
5139  b43_wireless_core_reset(dev, dev->phy.gmode);
5140 
5141  err = b43_phy_versioning(dev);
5142  if (err)
5143  goto err_powerdown;
5144  /* Check if this device supports multiband. */
5145  if (!pdev ||
5146  (pdev->device != 0x4312 &&
5147  pdev->device != 0x4319 && pdev->device != 0x4324)) {
5148  /* No multiband support. */
5149  have_2ghz_phy = false;
5150  have_5ghz_phy = false;
5151  switch (dev->phy.type) {
5152  case B43_PHYTYPE_A:
5153  have_5ghz_phy = true;
5154  break;
5155  case B43_PHYTYPE_LP: //FIXME not always!
5156 #if 0 //FIXME enabling 5GHz causes a NULL pointer dereference
5157  have_5ghz_phy = 1;
5158 #endif
5159  case B43_PHYTYPE_G:
5160  case B43_PHYTYPE_N:
5161  case B43_PHYTYPE_HT:
5162  case B43_PHYTYPE_LCN:
5163  have_2ghz_phy = true;
5164  break;
5165  default:
5166  B43_WARN_ON(1);
5167  }
5168  }
5169  if (dev->phy.type == B43_PHYTYPE_A) {
5170  /* FIXME */
5171  b43err(wl, "IEEE 802.11a devices are unsupported\n");
5172  err = -EOPNOTSUPP;
5173  goto err_powerdown;
5174  }
5175  if (1 /* disable A-PHY */) {
5176  /* FIXME: For now we disable the A-PHY on multi-PHY devices. */
5177  if (dev->phy.type != B43_PHYTYPE_N &&
5178  dev->phy.type != B43_PHYTYPE_LP) {
5179  have_2ghz_phy = true;
5180  have_5ghz_phy = false;
5181  }
5182  }
5183 
5184  err = b43_phy_allocate(dev);
5185  if (err)
5186  goto err_powerdown;
5187 
5188  dev->phy.gmode = have_2ghz_phy;
5189  b43_wireless_core_reset(dev, dev->phy.gmode);
5190 
5191  err = b43_validate_chipaccess(dev);
5192  if (err)
5193  goto err_phy_free;
5194  err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
5195  if (err)
5196  goto err_phy_free;
5197 
5198  /* Now set some default "current_dev" */
5199  if (!wl->current_dev)
5200  wl->current_dev = dev;
5201  INIT_WORK(&dev->restart_work, b43_chip_reset);
5202 
5203  dev->phy.ops->switch_analog(dev, 0);
5204  b43_device_disable(dev, 0);
5205  b43_bus_may_powerdown(dev);
5206 
5207 out:
5208  return err;
5209 
5210 err_phy_free:
5211  b43_phy_free(dev);
5212 err_powerdown:
5213  b43_bus_may_powerdown(dev);
5214  return err;
5215 }
5216 
5217 static void b43_one_core_detach(struct b43_bus_dev *dev)
5218 {
5219  struct b43_wldev *wldev;
5220  struct b43_wl *wl;
5221 
5222  /* Do not cancel ieee80211-workqueue based work here.
5223  * See comment in b43_remove(). */
5224 
5225  wldev = b43_bus_get_wldev(dev);
5226  wl = wldev->wl;
5227  b43_debugfs_remove_device(wldev);
5228  b43_wireless_core_detach(wldev);
5229  list_del(&wldev->list);
5230  wl->nr_devs--;
5231  b43_bus_set_wldev(dev, NULL);
5232  kfree(wldev);
5233 }
5234 
5235 static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl)
5236 {
5237  struct b43_wldev *wldev;
5238  int err = -ENOMEM;
5239 
5240  wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
5241  if (!wldev)
5242  goto out;
5243 
5244  wldev->use_pio = b43_modparam_pio;
5245  wldev->dev = dev;
5246  wldev->wl = wl;
5247  b43_set_status(wldev, B43_STAT_UNINIT);
5248  wldev->bad_frames_preempt = modparam_bad_frames_preempt;
5249  INIT_LIST_HEAD(&wldev->list);
5250 
5251  err = b43_wireless_core_attach(wldev);
5252  if (err)
5253  goto err_kfree_wldev;
5254 
5255  list_add(&wldev->list, &wl->devlist);
5256  wl->nr_devs++;
5257  b43_bus_set_wldev(dev, wldev);
5258  b43_debugfs_add_device(wldev);
5259 
5260  out:
5261  return err;
5262 
5263  err_kfree_wldev:
5264  kfree(wldev);
5265  return err;
5266 }
5267 
5268 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice) ( \
5269  (pdev->vendor == PCI_VENDOR_ID_##_vendor) && \
5270  (pdev->device == _device) && \
5271  (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) && \
5272  (pdev->subsystem_device == _subdevice) )
5273 
5274 static void b43_sprom_fixup(struct ssb_bus *bus)
5275 {
5276  struct pci_dev *pdev;
5277 
5278  /* boardflags workarounds */
5279  if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
5280  bus->chip_id == 0x4301 && bus->sprom.board_rev == 0x74)
5281  bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
5282  if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
5283  bus->boardinfo.type == 0x4E && bus->sprom.board_rev > 0x40)
5284  bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
5285  if (bus->bustype == SSB_BUSTYPE_PCI) {
5286  pdev = bus->host_pci;
5287  if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
5288  IS_PDEV(pdev, BROADCOM, 0x4320, DELL, 0x0003) ||
5289  IS_PDEV(pdev, BROADCOM, 0x4320, HP, 0x12f8) ||
5290  IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
5291  IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
5292  IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
5293  IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
5294  bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
5295  }
5296 }
5297 
5298 static void b43_wireless_exit(struct b43_bus_dev *dev, struct b43_wl *wl)
5299 {
5300  struct ieee80211_hw *hw = wl->hw;
5301 
5302  ssb_set_devtypedata(dev->sdev, NULL);
5303  ieee80211_free_hw(hw);
5304 }
5305 
5306 static struct b43_wl *b43_wireless_init(struct b43_bus_dev *dev)
5307 {
5308  struct ssb_sprom *sprom = dev->bus_sprom;
5309  struct ieee80211_hw *hw;
5310  struct b43_wl *wl;
5311  char chip_name[6];
5312  int queue_num;
5313 
5314  hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
5315  if (!hw) {
5316  b43err(NULL, "Could not allocate ieee80211 device\n");
5317  return ERR_PTR(-ENOMEM);
5318  }
5319  wl = hw_to_b43_wl(hw);
5320 
5321  /* fill hw info */
5322  hw->flags = IEEE80211_HW_RX_INCLUDES_FCS |
5323  IEEE80211_HW_SIGNAL_DBM;
5324 
5325  hw->wiphy->interface_modes =
5326  BIT(NL80211_IFTYPE_AP) |
5327  BIT(NL80211_IFTYPE_MESH_POINT) |
5328  BIT(NL80211_IFTYPE_STATION) |
5329  BIT(NL80211_IFTYPE_WDS) |
5330  BIT(NL80211_IFTYPE_ADHOC);
5331 
5332  hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
5333 
5334  wl->hw_registred = false;
5335  hw->max_rates = 2;
5336  SET_IEEE80211_DEV(hw, dev->dev);
5337  if (is_valid_ether_addr(sprom->et1mac))
5338  SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
5339  else
5340  SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
5341 
5342  /* Initialize struct b43_wl */
5343  wl->hw = hw;
5344  mutex_init(&wl->mutex);
5345  spin_lock_init(&wl->hardirq_lock);
5346  INIT_LIST_HEAD(&wl->devlist);
5347  INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
5348  INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
5349  INIT_WORK(&wl->tx_work, b43_tx_work);
5350 
5351  /* Initialize queues and flags. */
5352  for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
5353  skb_queue_head_init(&wl->tx_queue[queue_num]);
5354  wl->tx_queue_stopped[queue_num] = 0;
5355  }
5356 
5357  snprintf(chip_name, ARRAY_SIZE(chip_name),
5358  (dev->chip_id > 0x9999) ? "%d" : "%04X", dev->chip_id);
5359  b43info(wl, "Broadcom %s WLAN found (core revision %u)\n", chip_name,
5360  dev->core_rev);
5361  return wl;
5362 }
5363 
5364 #ifdef CONFIG_B43_BCMA
5365 static int b43_bcma_probe(struct bcma_device *core)
5366 {
5367  struct b43_bus_dev *dev;
5368  struct b43_wl *wl;
5369  int err;
5370 
5371  dev = b43_bus_dev_bcma_init(core);
5372  if (!dev)
5373  return -ENODEV;
5374 
5375  wl = b43_wireless_init(dev);
5376  if (IS_ERR(wl)) {
5377  err = PTR_ERR(wl);
5378  goto bcma_out;
5379  }
5380 
5381  err = b43_one_core_attach(dev, wl);
5382  if (err)
5383  goto bcma_err_wireless_exit;
5384 
5385  /* setup and start work to load firmware */
5386  INIT_WORK(&wl->firmware_load, b43_request_firmware);
5387  schedule_work(&wl->firmware_load);
5388 
5389 bcma_out:
5390  return err;
5391 
5392 bcma_err_wireless_exit:
5393  ieee80211_free_hw(wl->hw);
5394  return err;
5395 }
5396 
5397 static void b43_bcma_remove(struct bcma_device *core)
5398 {
5399  struct b43_wldev *wldev = bcma_get_drvdata(core);
5400  struct b43_wl *wl = wldev->wl;
5401 
5402  /* We must cancel any work here before unregistering from ieee80211,
5403  * as the ieee80211 unreg will destroy the workqueue. */
5404  cancel_work_sync(&wldev->restart_work);
5405 
5406  B43_WARN_ON(!wl);
5407  if (!wldev->fw.ucode.data)
5408  return; /* NULL if firmware never loaded */
5409  if (wl->current_dev == wldev && wl->hw_registred) {
5410  b43_leds_stop(wldev);
5411  ieee80211_unregister_hw(wl->hw);
5412  }
5413 
5414  b43_one_core_detach(wldev->dev);
5415 
5416  b43_leds_unregister(wl);
5417 
5418  ieee80211_free_hw(wl->hw);
5419 }
5420 
5421 static struct bcma_driver b43_bcma_driver = {
5422  .name = KBUILD_MODNAME,
5423  .id_table = b43_bcma_tbl,
5424  .probe = b43_bcma_probe,
5425  .remove = b43_bcma_remove,
5426 };
5427 #endif
5428 
5429 #ifdef CONFIG_B43_SSB
5430 static
5431 int b43_ssb_probe(struct ssb_device *sdev, const struct ssb_device_id *id)
5432 {
5433  struct b43_bus_dev *dev;
5434  struct b43_wl *wl;
5435  int err;
5436  int first = 0;
5437 
5438  dev = b43_bus_dev_ssb_init(sdev);
5439  if (!dev)
5440  return -ENOMEM;
5441 
5442  wl = ssb_get_devtypedata(sdev);
5443  if (!wl) {
5444  /* Probing the first core. Must setup common struct b43_wl */
5445  first = 1;
5446  b43_sprom_fixup(sdev->bus);
5447  wl = b43_wireless_init(dev);
5448  if (IS_ERR(wl)) {
5449  err = PTR_ERR(wl);
5450  goto out;
5451  }
5452  ssb_set_devtypedata(sdev, wl);
5453  B43_WARN_ON(ssb_get_devtypedata(sdev) != wl);
5454  }
5455  err = b43_one_core_attach(dev, wl);
5456  if (err)
5457  goto err_wireless_exit;
5458 
5459  /* setup and start work to load firmware */
5460  INIT_WORK(&wl->firmware_load, b43_request_firmware);
5461  schedule_work(&wl->firmware_load);
5462 
5463  out:
5464  return err;
5465 
5466  err_wireless_exit:
5467  if (first)
5468  b43_wireless_exit(dev, wl);
5469  return err;
5470 }
5471 
5472 static void b43_ssb_remove(struct ssb_device *sdev)
5473 {
5474  struct b43_wl *wl = ssb_get_devtypedata(sdev);
5475  struct b43_wldev *wldev = ssb_get_drvdata(sdev);
5476  struct b43_bus_dev *dev = wldev->dev;
5477 
5478  /* We must cancel any work here before unregistering from ieee80211,
5479  * as the ieee80211 unreg will destroy the workqueue. */
5480  cancel_work_sync(&wldev->restart_work);
5481 
5482  B43_WARN_ON(!wl);
5483  if (!wldev->fw.ucode.data)
5484  return; /* NULL if firmware never loaded */
5485  if (wl->current_dev == wldev && wl->hw_registred) {
5486  b43_leds_stop(wldev);
5487  ieee80211_unregister_hw(wl->hw);
5488  }
5489 
5490  b43_one_core_detach(dev);
5491 
5492  if (list_empty(&wl->devlist)) {
5493  b43_leds_unregister(wl);
5494  /* Last core on the chip unregistered.
5495  * We can destroy common struct b43_wl.
5496  */
5497  b43_wireless_exit(dev, wl);
5498  }
5499 }
5500 
5501 static struct ssb_driver b43_ssb_driver = {
5502  .name = KBUILD_MODNAME,
5503  .id_table = b43_ssb_tbl,
5504  .probe = b43_ssb_probe,
5505  .remove = b43_ssb_remove,
5506 };
5507 #endif /* CONFIG_B43_SSB */
5508 
5509 /* Perform a hardware reset. This can be called from any context. */
5510 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
5511 {
5512  /* Must avoid requeueing, if we are in shutdown. */
5513  if (b43_status(dev) < B43_STAT_INITIALIZED)
5514  return;
5515  b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
5516  ieee80211_queue_work(dev->wl->hw, &dev->restart_work);
5517 }
5518 
5519 static void b43_print_driverinfo(void)
5520 {
5521  const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
5522  *feat_leds = "", *feat_sdio = "";
5523 
5524 #ifdef CONFIG_B43_PCI_AUTOSELECT
5525  feat_pci = "P";
5526 #endif
5527 #ifdef CONFIG_B43_PCMCIA
5528  feat_pcmcia = "M";
5529 #endif
5530 #ifdef CONFIG_B43_PHY_N
5531  feat_nphy = "N";
5532 #endif
5533 #ifdef CONFIG_B43_LEDS
5534  feat_leds = "L";
5535 #endif
5536 #ifdef CONFIG_B43_SDIO
5537  feat_sdio = "S";
5538 #endif
5539  printk(KERN_INFO "Broadcom 43xx driver loaded "
5540  "[ Features: %s%s%s%s%s ]\n",
5541  feat_pci, feat_pcmcia, feat_nphy,
5542  feat_leds, feat_sdio);
5543 }
5544 
5545 static int __init b43_init(void)
5546 {
5547  int err;
5548 
5549  b43_debugfs_init();
5550  err = b43_pcmcia_init();
5551  if (err)
5552  goto err_dfs_exit;
5553  err = b43_sdio_init();
5554  if (err)
5555  goto err_pcmcia_exit;
5556 #ifdef CONFIG_B43_BCMA
5557  err = bcma_driver_register(&b43_bcma_driver);
5558  if (err)
5559  goto err_sdio_exit;
5560 #endif
5561 #ifdef CONFIG_B43_SSB
5562  err = ssb_driver_register(&b43_ssb_driver);
5563  if (err)
5564  goto err_bcma_driver_exit;
5565 #endif
5566  b43_print_driverinfo();
5567 
5568  return err;
5569 
5570 #ifdef CONFIG_B43_SSB
5571 err_bcma_driver_exit:
5572 #endif
5573 #ifdef CONFIG_B43_BCMA
5574  bcma_driver_unregister(&b43_bcma_driver);
5575 err_sdio_exit:
5576 #endif
5577  b43_sdio_exit();
5578 err_pcmcia_exit:
5579  b43_pcmcia_exit();
5580 err_dfs_exit:
5581  b43_debugfs_exit();
5582  return err;
5583 }
5584 
5585 static void __exit b43_exit(void)
5586 {
5587 #ifdef CONFIG_B43_SSB
5588  ssb_driver_unregister(&b43_ssb_driver);
5589 #endif
5590 #ifdef CONFIG_B43_BCMA
5591  bcma_driver_unregister(&b43_bcma_driver);
5592 #endif
5593  b43_sdio_exit();
5594  b43_pcmcia_exit();
5595  b43_debugfs_exit();
5596 }
5597 
5598 module_init(b43_init)
5599 module_exit(b43_exit)
Generated on Thu Jan 10 2013 12:48:19 for Linux Kernel by   doxygen 1.8.2