]> rtime.felk.cvut.cz Git - linux-imx.git/blob - drivers/net/wireless/b43/main.c
projects / linux-imx.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
af_unix: use freezable blocking calls in read
[linux-imx.git] / drivers / net / wireless / b43 / main.c
1 /*
2
3   Broadcom B43 wireless driver
4
5   Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6   Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7   Copyright (c) 2005-2009 Michael Buesch <m@bues.ch>
8   Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9   Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
10   Copyright (c) 2010-2011 Rafał Miłecki <zajec5@gmail.com>
11
12   SDIO support
13   Copyright (c) 2009 Albert Herranz <albert_herranz@yahoo.es>
14
15   Some parts of the code in this file are derived from the ipw2200
16   driver  Copyright(c) 2003 - 2004 Intel Corporation.
17
18   This program is free software; you can redistribute it and/or modify
19   it under the terms of the GNU General Public License as published by
20   the Free Software Foundation; either version 2 of the License, or
21   (at your option) any later version.
22
23   This program is distributed in the hope that it will be useful,
24   but WITHOUT ANY WARRANTY; without even the implied warranty of
25   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
26   GNU General Public License for more details.
27
28   You should have received a copy of the GNU General Public License
29   along with this program; see the file COPYING.  If not, write to
30   the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
31   Boston, MA 02110-1301, USA.
32
33 */
34
35 #include <linux/delay.h>
36 #include <linux/init.h>
37 #include <linux/module.h>
38 #include <linux/if_arp.h>
39 #include <linux/etherdevice.h>
40 #include <linux/firmware.h>
41 #include <linux/workqueue.h>
42 #include <linux/skbuff.h>
43 #include <linux/io.h>
44 #include <linux/dma-mapping.h>
45 #include <linux/slab.h>
46 #include <asm/unaligned.h>
47
48 #include "b43.h"
49 #include "main.h"
50 #include "debugfs.h"
51 #include "phy_common.h"
52 #include "phy_g.h"
53 #include "phy_n.h"
54 #include "dma.h"
55 #include "pio.h"
56 #include "sysfs.h"
57 #include "xmit.h"
58 #include "lo.h"
59 #include "pcmcia.h"
60 #include "sdio.h"
61 #include <linux/mmc/sdio_func.h>
62
63 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
64 MODULE_AUTHOR("Martin Langer");
65 MODULE_AUTHOR("Stefano Brivio");
66 MODULE_AUTHOR("Michael Buesch");
67 MODULE_AUTHOR("Gábor Stefanik");
68 MODULE_AUTHOR("Rafał Miłecki");
69 MODULE_LICENSE("GPL");
70
71 MODULE_FIRMWARE("b43/ucode11.fw");
72 MODULE_FIRMWARE("b43/ucode13.fw");
73 MODULE_FIRMWARE("b43/ucode14.fw");
74 MODULE_FIRMWARE("b43/ucode15.fw");
75 MODULE_FIRMWARE("b43/ucode16_mimo.fw");
76 MODULE_FIRMWARE("b43/ucode5.fw");
77 MODULE_FIRMWARE("b43/ucode9.fw");
78
79 static int modparam_bad_frames_preempt;
80 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
81 MODULE_PARM_DESC(bad_frames_preempt,
82                  "enable(1) / disable(0) Bad Frames Preemption");
83
84 static char modparam_fwpostfix[16];
85 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
86 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
87
88 static int modparam_hwpctl;
89 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
90 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
91
92 static int modparam_nohwcrypt;
93 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
94 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
95
96 static int modparam_hwtkip;
97 module_param_named(hwtkip, modparam_hwtkip, int, 0444);
98 MODULE_PARM_DESC(hwtkip, "Enable hardware tkip.");
99
100 static int modparam_qos = 1;
101 module_param_named(qos, modparam_qos, int, 0444);
102 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
103
104 static int modparam_btcoex = 1;
105 module_param_named(btcoex, modparam_btcoex, int, 0444);
106 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistence (default on)");
107
108 int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
109 module_param_named(verbose, b43_modparam_verbose, int, 0644);
110 MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
111
112 static int b43_modparam_pio = 0;
113 module_param_named(pio, b43_modparam_pio, int, 0644);
114 MODULE_PARM_DESC(pio, "Use PIO accesses by default: 0=DMA, 1=PIO");
115
116 #ifdef CONFIG_B43_BCMA
117 static const struct bcma_device_id b43_bcma_tbl[] = {
118         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x11, BCMA_ANY_CLASS),
119 #ifdef CONFIG_B43_BCMA_EXTRA
120         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x17, BCMA_ANY_CLASS),
121         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x18, BCMA_ANY_CLASS),
122 #endif
123         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1D, BCMA_ANY_CLASS),
124         BCMA_CORETABLE_END
125 };
126 MODULE_DEVICE_TABLE(bcma, b43_bcma_tbl);
127 #endif
128
129 #ifdef CONFIG_B43_SSB
130 static const struct ssb_device_id b43_ssb_tbl[] = {
131         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
132         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
133         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
134         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
135         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
136         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
137         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 12),
138         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
139         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
140         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
141         SSB_DEVTABLE_END
142 };
143 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
144 #endif
145
146 /* Channel and ratetables are shared for all devices.
147  * They can't be const, because ieee80211 puts some precalculated
148  * data in there. This data is the same for all devices, so we don't
149  * get concurrency issues */
150 #define RATETAB_ENT(_rateid, _flags) \
151         {                                                               \
152                 .bitrate        = B43_RATE_TO_BASE100KBPS(_rateid),     \
153                 .hw_value       = (_rateid),                            \
154                 .flags          = (_flags),                             \
155         }
156
157 /*
158  * NOTE: When changing this, sync with xmit.c's
159  *       b43_plcp_get_bitrate_idx_* functions!
160  */
161 static struct ieee80211_rate __b43_ratetable[] = {
162         RATETAB_ENT(B43_CCK_RATE_1MB, 0),
163         RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
164         RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
165         RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
166         RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
167         RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
168         RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
169         RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
170         RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
171         RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
172         RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
173         RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
174 };
175
176 #define b43_a_ratetable         (__b43_ratetable + 4)
177 #define b43_a_ratetable_size    8
178 #define b43_b_ratetable         (__b43_ratetable + 0)
179 #define b43_b_ratetable_size    4
180 #define b43_g_ratetable         (__b43_ratetable + 0)
181 #define b43_g_ratetable_size    12
182
183 #define CHAN4G(_channel, _freq, _flags) {                       \
184         .band                   = IEEE80211_BAND_2GHZ,          \
185         .center_freq            = (_freq),                      \
186         .hw_value               = (_channel),                   \
187         .flags                  = (_flags),                     \
188         .max_antenna_gain       = 0,                            \
189         .max_power              = 30,                           \
190 }
191 static struct ieee80211_channel b43_2ghz_chantable[] = {
192         CHAN4G(1, 2412, 0),
193         CHAN4G(2, 2417, 0),
194         CHAN4G(3, 2422, 0),
195         CHAN4G(4, 2427, 0),
196         CHAN4G(5, 2432, 0),
197         CHAN4G(6, 2437, 0),
198         CHAN4G(7, 2442, 0),
199         CHAN4G(8, 2447, 0),
200         CHAN4G(9, 2452, 0),
201         CHAN4G(10, 2457, 0),
202         CHAN4G(11, 2462, 0),
203         CHAN4G(12, 2467, 0),
204         CHAN4G(13, 2472, 0),
205         CHAN4G(14, 2484, 0),
206 };
207 #undef CHAN4G
208
209 #define CHAN5G(_channel, _flags) {                              \
210         .band                   = IEEE80211_BAND_5GHZ,          \
211         .center_freq            = 5000 + (5 * (_channel)),      \
212         .hw_value               = (_channel),                   \
213         .flags                  = (_flags),                     \
214         .max_antenna_gain       = 0,                            \
215         .max_power              = 30,                           \
216 }
217 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
218         CHAN5G(32, 0),          CHAN5G(34, 0),
219         CHAN5G(36, 0),          CHAN5G(38, 0),
220         CHAN5G(40, 0),          CHAN5G(42, 0),
221         CHAN5G(44, 0),          CHAN5G(46, 0),
222         CHAN5G(48, 0),          CHAN5G(50, 0),
223         CHAN5G(52, 0),          CHAN5G(54, 0),
224         CHAN5G(56, 0),          CHAN5G(58, 0),
225         CHAN5G(60, 0),          CHAN5G(62, 0),
226         CHAN5G(64, 0),          CHAN5G(66, 0),
227         CHAN5G(68, 0),          CHAN5G(70, 0),
228         CHAN5G(72, 0),          CHAN5G(74, 0),
229         CHAN5G(76, 0),          CHAN5G(78, 0),
230         CHAN5G(80, 0),          CHAN5G(82, 0),
231         CHAN5G(84, 0),          CHAN5G(86, 0),
232         CHAN5G(88, 0),          CHAN5G(90, 0),
233         CHAN5G(92, 0),          CHAN5G(94, 0),
234         CHAN5G(96, 0),          CHAN5G(98, 0),
235         CHAN5G(100, 0),         CHAN5G(102, 0),
236         CHAN5G(104, 0),         CHAN5G(106, 0),
237         CHAN5G(108, 0),         CHAN5G(110, 0),
238         CHAN5G(112, 0),         CHAN5G(114, 0),
239         CHAN5G(116, 0),         CHAN5G(118, 0),
240         CHAN5G(120, 0),         CHAN5G(122, 0),
241         CHAN5G(124, 0),         CHAN5G(126, 0),
242         CHAN5G(128, 0),         CHAN5G(130, 0),
243         CHAN5G(132, 0),         CHAN5G(134, 0),
244         CHAN5G(136, 0),         CHAN5G(138, 0),
245         CHAN5G(140, 0),         CHAN5G(142, 0),
246         CHAN5G(144, 0),         CHAN5G(145, 0),
247         CHAN5G(146, 0),         CHAN5G(147, 0),
248         CHAN5G(148, 0),         CHAN5G(149, 0),
249         CHAN5G(150, 0),         CHAN5G(151, 0),
250         CHAN5G(152, 0),         CHAN5G(153, 0),
251         CHAN5G(154, 0),         CHAN5G(155, 0),
252         CHAN5G(156, 0),         CHAN5G(157, 0),
253         CHAN5G(158, 0),         CHAN5G(159, 0),
254         CHAN5G(160, 0),         CHAN5G(161, 0),
255         CHAN5G(162, 0),         CHAN5G(163, 0),
256         CHAN5G(164, 0),         CHAN5G(165, 0),
257         CHAN5G(166, 0),         CHAN5G(168, 0),
258         CHAN5G(170, 0),         CHAN5G(172, 0),
259         CHAN5G(174, 0),         CHAN5G(176, 0),
260         CHAN5G(178, 0),         CHAN5G(180, 0),
261         CHAN5G(182, 0),         CHAN5G(184, 0),
262         CHAN5G(186, 0),         CHAN5G(188, 0),
263         CHAN5G(190, 0),         CHAN5G(192, 0),
264         CHAN5G(194, 0),         CHAN5G(196, 0),
265         CHAN5G(198, 0),         CHAN5G(200, 0),
266         CHAN5G(202, 0),         CHAN5G(204, 0),
267         CHAN5G(206, 0),         CHAN5G(208, 0),
268         CHAN5G(210, 0),         CHAN5G(212, 0),
269         CHAN5G(214, 0),         CHAN5G(216, 0),
270         CHAN5G(218, 0),         CHAN5G(220, 0),
271         CHAN5G(222, 0),         CHAN5G(224, 0),
272         CHAN5G(226, 0),         CHAN5G(228, 0),
273 };
274
275 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
276         CHAN5G(34, 0),          CHAN5G(36, 0),
277         CHAN5G(38, 0),          CHAN5G(40, 0),
278         CHAN5G(42, 0),          CHAN5G(44, 0),
279         CHAN5G(46, 0),          CHAN5G(48, 0),
280         CHAN5G(52, 0),          CHAN5G(56, 0),
281         CHAN5G(60, 0),          CHAN5G(64, 0),
282         CHAN5G(100, 0),         CHAN5G(104, 0),
283         CHAN5G(108, 0),         CHAN5G(112, 0),
284         CHAN5G(116, 0),         CHAN5G(120, 0),
285         CHAN5G(124, 0),         CHAN5G(128, 0),
286         CHAN5G(132, 0),         CHAN5G(136, 0),
287         CHAN5G(140, 0),         CHAN5G(149, 0),
288         CHAN5G(153, 0),         CHAN5G(157, 0),
289         CHAN5G(161, 0),         CHAN5G(165, 0),
290         CHAN5G(184, 0),         CHAN5G(188, 0),
291         CHAN5G(192, 0),         CHAN5G(196, 0),
292         CHAN5G(200, 0),         CHAN5G(204, 0),
293         CHAN5G(208, 0),         CHAN5G(212, 0),
294         CHAN5G(216, 0),
295 };
296 #undef CHAN5G
297
298 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
299         .band           = IEEE80211_BAND_5GHZ,
300         .channels       = b43_5ghz_nphy_chantable,
301         .n_channels     = ARRAY_SIZE(b43_5ghz_nphy_chantable),
302         .bitrates       = b43_a_ratetable,
303         .n_bitrates     = b43_a_ratetable_size,
304 };
305
306 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
307         .band           = IEEE80211_BAND_5GHZ,
308         .channels       = b43_5ghz_aphy_chantable,
309         .n_channels     = ARRAY_SIZE(b43_5ghz_aphy_chantable),
310         .bitrates       = b43_a_ratetable,
311         .n_bitrates     = b43_a_ratetable_size,
312 };
313
314 static struct ieee80211_supported_band b43_band_2GHz = {
315         .band           = IEEE80211_BAND_2GHZ,
316         .channels       = b43_2ghz_chantable,
317         .n_channels     = ARRAY_SIZE(b43_2ghz_chantable),
318         .bitrates       = b43_g_ratetable,
319         .n_bitrates     = b43_g_ratetable_size,
320 };
321
322 static void b43_wireless_core_exit(struct b43_wldev *dev);
323 static int b43_wireless_core_init(struct b43_wldev *dev);
324 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev);
325 static int b43_wireless_core_start(struct b43_wldev *dev);
326 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
327                                     struct ieee80211_vif *vif,
328                                     struct ieee80211_bss_conf *conf,
329                                     u32 changed);
330
331 static int b43_ratelimit(struct b43_wl *wl)
332 {
333         if (!wl || !wl->current_dev)
334                 return 1;
335         if (b43_status(wl->current_dev) < B43_STAT_STARTED)
336                 return 1;
337         /* We are up and running.
338          * Ratelimit the messages to avoid DoS over the net. */
339         return net_ratelimit();
340 }
341
342 void b43info(struct b43_wl *wl, const char *fmt, ...)
343 {
344         struct va_format vaf;
345         va_list args;
346
347         if (b43_modparam_verbose < B43_VERBOSITY_INFO)
348                 return;
349         if (!b43_ratelimit(wl))
350                 return;
351
352         va_start(args, fmt);
353
354         vaf.fmt = fmt;
355         vaf.va = &args;
356
357         printk(KERN_INFO "b43-%s: %pV",
358                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
359
360         va_end(args);
361 }
362
363 void b43err(struct b43_wl *wl, const char *fmt, ...)
364 {
365         struct va_format vaf;
366         va_list args;
367
368         if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
369                 return;
370         if (!b43_ratelimit(wl))
371                 return;
372
373         va_start(args, fmt);
374
375         vaf.fmt = fmt;
376         vaf.va = &args;
377
378         printk(KERN_ERR "b43-%s ERROR: %pV",
379                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
380
381         va_end(args);
382 }
383
384 void b43warn(struct b43_wl *wl, const char *fmt, ...)
385 {
386         struct va_format vaf;
387         va_list args;
388
389         if (b43_modparam_verbose < B43_VERBOSITY_WARN)
390                 return;
391         if (!b43_ratelimit(wl))
392                 return;
393
394         va_start(args, fmt);
395
396         vaf.fmt = fmt;
397         vaf.va = &args;
398
399         printk(KERN_WARNING "b43-%s warning: %pV",
400                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
401
402         va_end(args);
403 }
404
405 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
406 {
407         struct va_format vaf;
408         va_list args;
409
410         if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
411                 return;
412
413         va_start(args, fmt);
414
415         vaf.fmt = fmt;
416         vaf.va = &args;
417
418         printk(KERN_DEBUG "b43-%s debug: %pV",
419                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
420
421         va_end(args);
422 }
423
424 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
425 {
426         u32 macctl;
427
428         B43_WARN_ON(offset % 4 != 0);
429
430         macctl = b43_read32(dev, B43_MMIO_MACCTL);
431         if (macctl & B43_MACCTL_BE)
432                 val = swab32(val);
433
434         b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
435         mmiowb();
436         b43_write32(dev, B43_MMIO_RAM_DATA, val);
437 }
438
439 static inline void b43_shm_control_word(struct b43_wldev *dev,
440                                         u16 routing, u16 offset)
441 {
442         u32 control;
443
444         /* "offset" is the WORD offset. */
445         control = routing;
446         control <<= 16;
447         control |= offset;
448         b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
449 }
450
451 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
452 {
453         u32 ret;
454
455         if (routing == B43_SHM_SHARED) {
456                 B43_WARN_ON(offset & 0x0001);
457                 if (offset & 0x0003) {
458                         /* Unaligned access */
459                         b43_shm_control_word(dev, routing, offset >> 2);
460                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
461                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
462                         ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
463
464                         goto out;
465                 }
466                 offset >>= 2;
467         }
468         b43_shm_control_word(dev, routing, offset);
469         ret = b43_read32(dev, B43_MMIO_SHM_DATA);
470 out:
471         return ret;
472 }
473
474 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
475 {
476         u16 ret;
477
478         if (routing == B43_SHM_SHARED) {
479                 B43_WARN_ON(offset & 0x0001);
480                 if (offset & 0x0003) {
481                         /* Unaligned access */
482                         b43_shm_control_word(dev, routing, offset >> 2);
483                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
484
485                         goto out;
486                 }
487                 offset >>= 2;
488         }
489         b43_shm_control_word(dev, routing, offset);
490         ret = b43_read16(dev, B43_MMIO_SHM_DATA);
491 out:
492         return ret;
493 }
494
495 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
496 {
497         if (routing == B43_SHM_SHARED) {
498                 B43_WARN_ON(offset & 0x0001);
499                 if (offset & 0x0003) {
500                         /* Unaligned access */
501                         b43_shm_control_word(dev, routing, offset >> 2);
502                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
503                                     value & 0xFFFF);
504                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
505                         b43_write16(dev, B43_MMIO_SHM_DATA,
506                                     (value >> 16) & 0xFFFF);
507                         return;
508                 }
509                 offset >>= 2;
510         }
511         b43_shm_control_word(dev, routing, offset);
512         b43_write32(dev, B43_MMIO_SHM_DATA, value);
513 }
514
515 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
516 {
517         if (routing == B43_SHM_SHARED) {
518                 B43_WARN_ON(offset & 0x0001);
519                 if (offset & 0x0003) {
520                         /* Unaligned access */
521                         b43_shm_control_word(dev, routing, offset >> 2);
522                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
523                         return;
524                 }
525                 offset >>= 2;
526         }
527         b43_shm_control_word(dev, routing, offset);
528         b43_write16(dev, B43_MMIO_SHM_DATA, value);
529 }
530
531 /* Read HostFlags */
532 u64 b43_hf_read(struct b43_wldev *dev)
533 {
534         u64 ret;
535
536         ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3);
537         ret <<= 16;
538         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2);
539         ret <<= 16;
540         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1);
541
542         return ret;
543 }
544
545 /* Write HostFlags */
546 void b43_hf_write(struct b43_wldev *dev, u64 value)
547 {
548         u16 lo, mi, hi;
549
550         lo = (value & 0x00000000FFFFULL);
551         mi = (value & 0x0000FFFF0000ULL) >> 16;
552         hi = (value & 0xFFFF00000000ULL) >> 32;
553         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1, lo);
554         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2, mi);
555         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3, hi);
556 }
557
558 /* Read the firmware capabilities bitmask (Opensource firmware only) */
559 static u16 b43_fwcapa_read(struct b43_wldev *dev)
560 {
561         B43_WARN_ON(!dev->fw.opensource);
562         return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
563 }
564
565 void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
566 {
567         u32 low, high;
568
569         B43_WARN_ON(dev->dev->core_rev < 3);
570
571         /* The hardware guarantees us an atomic read, if we
572          * read the low register first. */
573         low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
574         high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
575
576         *tsf = high;
577         *tsf <<= 32;
578         *tsf |= low;
579 }
580
581 static void b43_time_lock(struct b43_wldev *dev)
582 {
583         b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_TBTTHOLD);
584         /* Commit the write */
585         b43_read32(dev, B43_MMIO_MACCTL);
586 }
587
588 static void b43_time_unlock(struct b43_wldev *dev)
589 {
590         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_TBTTHOLD, 0);
591         /* Commit the write */
592         b43_read32(dev, B43_MMIO_MACCTL);
593 }
594
595 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
596 {
597         u32 low, high;
598
599         B43_WARN_ON(dev->dev->core_rev < 3);
600
601         low = tsf;
602         high = (tsf >> 32);
603         /* The hardware guarantees us an atomic write, if we
604          * write the low register first. */
605         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
606         mmiowb();
607         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
608         mmiowb();
609 }
610
611 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
612 {
613         b43_time_lock(dev);
614         b43_tsf_write_locked(dev, tsf);
615         b43_time_unlock(dev);
616 }
617
618 static
619 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
620 {
621         static const u8 zero_addr[ETH_ALEN] = { 0 };
622         u16 data;
623
624         if (!mac)
625                 mac = zero_addr;
626
627         offset |= 0x0020;
628         b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
629
630         data = mac[0];
631         data |= mac[1] << 8;
632         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
633         data = mac[2];
634         data |= mac[3] << 8;
635         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
636         data = mac[4];
637         data |= mac[5] << 8;
638         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
639 }
640
641 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
642 {
643         const u8 *mac;
644         const u8 *bssid;
645         u8 mac_bssid[ETH_ALEN * 2];
646         int i;
647         u32 tmp;
648
649         bssid = dev->wl->bssid;
650         mac = dev->wl->mac_addr;
651
652         b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
653
654         memcpy(mac_bssid, mac, ETH_ALEN);
655         memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
656
657         /* Write our MAC address and BSSID to template ram */
658         for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
659                 tmp = (u32) (mac_bssid[i + 0]);
660                 tmp |= (u32) (mac_bssid[i + 1]) << 8;
661                 tmp |= (u32) (mac_bssid[i + 2]) << 16;
662                 tmp |= (u32) (mac_bssid[i + 3]) << 24;
663                 b43_ram_write(dev, 0x20 + i, tmp);
664         }
665 }
666
667 static void b43_upload_card_macaddress(struct b43_wldev *dev)
668 {
669         b43_write_mac_bssid_templates(dev);
670         b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
671 }
672
673 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
674 {
675         /* slot_time is in usec. */
676         /* This test used to exit for all but a G PHY. */
677         if (b43_current_band(dev->wl) == IEEE80211_BAND_5GHZ)
678                 return;
679         b43_write16(dev, B43_MMIO_IFSSLOT, 510 + slot_time);
680         /* Shared memory location 0x0010 is the slot time and should be
681          * set to slot_time; however, this register is initially 0 and changing
682          * the value adversely affects the transmit rate for BCM4311
683          * devices. Until this behavior is unterstood, delete this step
684          *
685          * b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
686          */
687 }
688
689 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
690 {
691         b43_set_slot_time(dev, 9);
692 }
693
694 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
695 {
696         b43_set_slot_time(dev, 20);
697 }
698
699 /* DummyTransmission function, as documented on
700  * http://bcm-v4.sipsolutions.net/802.11/DummyTransmission
701  */
702 void b43_dummy_transmission(struct b43_wldev *dev, bool ofdm, bool pa_on)
703 {
704         struct b43_phy *phy = &dev->phy;
705         unsigned int i, max_loop;
706         u16 value;
707         u32 buffer[5] = {
708                 0x00000000,
709                 0x00D40000,
710                 0x00000000,
711                 0x01000000,
712                 0x00000000,
713         };
714
715         if (ofdm) {
716                 max_loop = 0x1E;
717                 buffer[0] = 0x000201CC;
718         } else {
719                 max_loop = 0xFA;
720                 buffer[0] = 0x000B846E;
721         }
722
723         for (i = 0; i < 5; i++)
724                 b43_ram_write(dev, i * 4, buffer[i]);
725
726         b43_write16(dev, B43_MMIO_XMTSEL, 0x0000);
727
728         if (dev->dev->core_rev < 11)
729                 b43_write16(dev, B43_MMIO_WEPCTL, 0x0000);
730         else
731                 b43_write16(dev, B43_MMIO_WEPCTL, 0x0100);
732
733         value = (ofdm ? 0x41 : 0x40);
734         b43_write16(dev, B43_MMIO_TXE0_PHYCTL, value);
735         if (phy->type == B43_PHYTYPE_N || phy->type == B43_PHYTYPE_LP ||
736             phy->type == B43_PHYTYPE_LCN)
737                 b43_write16(dev, B43_MMIO_TXE0_PHYCTL1, 0x1A02);
738
739         b43_write16(dev, B43_MMIO_TXE0_WM_0, 0x0000);
740         b43_write16(dev, B43_MMIO_TXE0_WM_1, 0x0000);
741
742         b43_write16(dev, B43_MMIO_XMTTPLATETXPTR, 0x0000);
743         b43_write16(dev, B43_MMIO_XMTTXCNT, 0x0014);
744         b43_write16(dev, B43_MMIO_XMTSEL, 0x0826);
745         b43_write16(dev, B43_MMIO_TXE0_CTL, 0x0000);
746
747         if (!pa_on && phy->type == B43_PHYTYPE_N)
748                 ; /*b43_nphy_pa_override(dev, false) */
749
750         switch (phy->type) {
751         case B43_PHYTYPE_N:
752         case B43_PHYTYPE_LCN:
753                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x00D0);
754                 break;
755         case B43_PHYTYPE_LP:
756                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0050);
757                 break;
758         default:
759                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0030);
760         }
761         b43_read16(dev, B43_MMIO_TXE0_AUX);
762
763         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
764                 b43_radio_write16(dev, 0x0051, 0x0017);
765         for (i = 0x00; i < max_loop; i++) {
766                 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
767                 if (value & 0x0080)
768                         break;
769                 udelay(10);
770         }
771         for (i = 0x00; i < 0x0A; i++) {
772                 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
773                 if (value & 0x0400)
774                         break;
775                 udelay(10);
776         }
777         for (i = 0x00; i < 0x19; i++) {
778                 value = b43_read16(dev, B43_MMIO_IFSSTAT);
779                 if (!(value & 0x0100))
780                         break;
781                 udelay(10);
782         }
783         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
784                 b43_radio_write16(dev, 0x0051, 0x0037);
785 }
786
787 static void key_write(struct b43_wldev *dev,
788                       u8 index, u8 algorithm, const u8 *key)
789 {
790         unsigned int i;
791         u32 offset;
792         u16 value;
793         u16 kidx;
794
795         /* Key index/algo block */
796         kidx = b43_kidx_to_fw(dev, index);
797         value = ((kidx << 4) | algorithm);
798         b43_shm_write16(dev, B43_SHM_SHARED,
799                         B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
800
801         /* Write the key to the Key Table Pointer offset */
802         offset = dev->ktp + (index * B43_SEC_KEYSIZE);
803         for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
804                 value = key[i];
805                 value |= (u16) (key[i + 1]) << 8;
806                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
807         }
808 }
809
810 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
811 {
812         u32 addrtmp[2] = { 0, 0, };
813         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
814
815         if (b43_new_kidx_api(dev))
816                 pairwise_keys_start = B43_NR_GROUP_KEYS;
817
818         B43_WARN_ON(index < pairwise_keys_start);
819         /* We have four default TX keys and possibly four default RX keys.
820          * Physical mac 0 is mapped to physical key 4 or 8, depending
821          * on the firmware version.
822          * So we must adjust the index here.
823          */
824         index -= pairwise_keys_start;
825         B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
826
827         if (addr) {
828                 addrtmp[0] = addr[0];
829                 addrtmp[0] |= ((u32) (addr[1]) << 8);
830                 addrtmp[0] |= ((u32) (addr[2]) << 16);
831                 addrtmp[0] |= ((u32) (addr[3]) << 24);
832                 addrtmp[1] = addr[4];
833                 addrtmp[1] |= ((u32) (addr[5]) << 8);
834         }
835
836         /* Receive match transmitter address (RCMTA) mechanism */
837         b43_shm_write32(dev, B43_SHM_RCMTA,
838                         (index * 2) + 0, addrtmp[0]);
839         b43_shm_write16(dev, B43_SHM_RCMTA,
840                         (index * 2) + 1, addrtmp[1]);
841 }
842
843 /* The ucode will use phase1 key with TEK key to decrypt rx packets.
844  * When a packet is received, the iv32 is checked.
845  * - if it doesn't the packet is returned without modification (and software
846  *   decryption can be done). That's what happen when iv16 wrap.
847  * - if it does, the rc4 key is computed, and decryption is tried.
848  *   Either it will success and B43_RX_MAC_DEC is returned,
849  *   either it fails and B43_RX_MAC_DEC|B43_RX_MAC_DECERR is returned
850  *   and the packet is not usable (it got modified by the ucode).
851  * So in order to never have B43_RX_MAC_DECERR, we should provide
852  * a iv32 and phase1key that match. Because we drop packets in case of
853  * B43_RX_MAC_DECERR, if we have a correct iv32 but a wrong phase1key, all
854  * packets will be lost without higher layer knowing (ie no resync possible
855  * until next wrap).
856  *
857  * NOTE : this should support 50 key like RCMTA because
858  * (B43_SHM_SH_KEYIDXBLOCK - B43_SHM_SH_TKIPTSCTTAK)/14 = 50
859  */
860 static void rx_tkip_phase1_write(struct b43_wldev *dev, u8 index, u32 iv32,
861                 u16 *phase1key)
862 {
863         unsigned int i;
864         u32 offset;
865         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
866
867         if (!modparam_hwtkip)
868                 return;
869
870         if (b43_new_kidx_api(dev))
871                 pairwise_keys_start = B43_NR_GROUP_KEYS;
872
873         B43_WARN_ON(index < pairwise_keys_start);
874         /* We have four default TX keys and possibly four default RX keys.
875          * Physical mac 0 is mapped to physical key 4 or 8, depending
876          * on the firmware version.
877          * So we must adjust the index here.
878          */
879         index -= pairwise_keys_start;
880         B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
881
882         if (b43_debug(dev, B43_DBG_KEYS)) {
883                 b43dbg(dev->wl, "rx_tkip_phase1_write : idx 0x%x, iv32 0x%x\n",
884                                 index, iv32);
885         }
886         /* Write the key to the  RX tkip shared mem */
887         offset = B43_SHM_SH_TKIPTSCTTAK + index * (10 + 4);
888         for (i = 0; i < 10; i += 2) {
889                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i,
890                                 phase1key ? phase1key[i / 2] : 0);
891         }
892         b43_shm_write16(dev, B43_SHM_SHARED, offset + i, iv32);
893         b43_shm_write16(dev, B43_SHM_SHARED, offset + i + 2, iv32 >> 16);
894 }
895
896 static void b43_op_update_tkip_key(struct ieee80211_hw *hw,
897                                    struct ieee80211_vif *vif,
898                                    struct ieee80211_key_conf *keyconf,
899                                    struct ieee80211_sta *sta,
900                                    u32 iv32, u16 *phase1key)
901 {
902         struct b43_wl *wl = hw_to_b43_wl(hw);
903         struct b43_wldev *dev;
904         int index = keyconf->hw_key_idx;
905
906         if (B43_WARN_ON(!modparam_hwtkip))
907                 return;
908
909         /* This is only called from the RX path through mac80211, where
910          * our mutex is already locked. */
911         B43_WARN_ON(!mutex_is_locked(&wl->mutex));
912         dev = wl->current_dev;
913         B43_WARN_ON(!dev || b43_status(dev) < B43_STAT_INITIALIZED);
914
915         keymac_write(dev, index, NULL); /* First zero out mac to avoid race */
916
917         rx_tkip_phase1_write(dev, index, iv32, phase1key);
918         /* only pairwise TKIP keys are supported right now */
919         if (WARN_ON(!sta))
920                 return;
921         keymac_write(dev, index, sta->addr);
922 }
923
924 static void do_key_write(struct b43_wldev *dev,
925                          u8 index, u8 algorithm,
926                          const u8 *key, size_t key_len, const u8 *mac_addr)
927 {
928         u8 buf[B43_SEC_KEYSIZE] = { 0, };
929         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
930
931         if (b43_new_kidx_api(dev))
932                 pairwise_keys_start = B43_NR_GROUP_KEYS;
933
934         B43_WARN_ON(index >= ARRAY_SIZE(dev->key));
935         B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
936
937         if (index >= pairwise_keys_start)
938                 keymac_write(dev, index, NULL); /* First zero out mac. */
939         if (algorithm == B43_SEC_ALGO_TKIP) {
940                 /*
941                  * We should provide an initial iv32, phase1key pair.
942                  * We could start with iv32=0 and compute the corresponding
943                  * phase1key, but this means calling ieee80211_get_tkip_key
944                  * with a fake skb (or export other tkip function).
945                  * Because we are lazy we hope iv32 won't start with
946                  * 0xffffffff and let's b43_op_update_tkip_key provide a
947                  * correct pair.
948                  */
949                 rx_tkip_phase1_write(dev, index, 0xffffffff, (u16*)buf);
950         } else if (index >= pairwise_keys_start) /* clear it */
951                 rx_tkip_phase1_write(dev, index, 0, NULL);
952         if (key)
953                 memcpy(buf, key, key_len);
954         key_write(dev, index, algorithm, buf);
955         if (index >= pairwise_keys_start)
956                 keymac_write(dev, index, mac_addr);
957
958         dev->key[index].algorithm = algorithm;
959 }
960
961 static int b43_key_write(struct b43_wldev *dev,
962                          int index, u8 algorithm,
963                          const u8 *key, size_t key_len,
964                          const u8 *mac_addr,
965                          struct ieee80211_key_conf *keyconf)
966 {
967         int i;
968         int pairwise_keys_start;
969
970         /* For ALG_TKIP the key is encoded as a 256-bit (32 byte) data block:
971          *      - Temporal Encryption Key (128 bits)
972          *      - Temporal Authenticator Tx MIC Key (64 bits)
973          *      - Temporal Authenticator Rx MIC Key (64 bits)
974          *
975          *      Hardware only store TEK
976          */
977         if (algorithm == B43_SEC_ALGO_TKIP && key_len == 32)
978                 key_len = 16;
979         if (key_len > B43_SEC_KEYSIZE)
980                 return -EINVAL;
981         for (i = 0; i < ARRAY_SIZE(dev->key); i++) {
982                 /* Check that we don't already have this key. */
983                 B43_WARN_ON(dev->key[i].keyconf == keyconf);
984         }
985         if (index < 0) {
986                 /* Pairwise key. Get an empty slot for the key. */
987                 if (b43_new_kidx_api(dev))
988                         pairwise_keys_start = B43_NR_GROUP_KEYS;
989                 else
990                         pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
991                 for (i = pairwise_keys_start;
992                      i < pairwise_keys_start + B43_NR_PAIRWISE_KEYS;
993                      i++) {
994                         B43_WARN_ON(i >= ARRAY_SIZE(dev->key));
995                         if (!dev->key[i].keyconf) {
996                                 /* found empty */
997                                 index = i;
998                                 break;
999                         }
1000                 }
1001                 if (index < 0) {
1002                         b43warn(dev->wl, "Out of hardware key memory\n");
1003                         return -ENOSPC;
1004                 }
1005         } else
1006                 B43_WARN_ON(index > 3);
1007
1008         do_key_write(dev, index, algorithm, key, key_len, mac_addr);
1009         if ((index <= 3) && !b43_new_kidx_api(dev)) {
1010                 /* Default RX key */
1011                 B43_WARN_ON(mac_addr);
1012                 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
1013         }
1014         keyconf->hw_key_idx = index;
1015         dev->key[index].keyconf = keyconf;
1016
1017         return 0;
1018 }
1019
1020 static int b43_key_clear(struct b43_wldev *dev, int index)
1021 {
1022         if (B43_WARN_ON((index < 0) || (index >= ARRAY_SIZE(dev->key))))
1023                 return -EINVAL;
1024         do_key_write(dev, index, B43_SEC_ALGO_NONE,
1025                      NULL, B43_SEC_KEYSIZE, NULL);
1026         if ((index <= 3) && !b43_new_kidx_api(dev)) {
1027                 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
1028                              NULL, B43_SEC_KEYSIZE, NULL);
1029         }
1030         dev->key[index].keyconf = NULL;
1031
1032         return 0;
1033 }
1034
1035 static void b43_clear_keys(struct b43_wldev *dev)
1036 {
1037         int i, count;
1038
1039         if (b43_new_kidx_api(dev))
1040                 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1041         else
1042                 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1043         for (i = 0; i < count; i++)
1044                 b43_key_clear(dev, i);
1045 }
1046
1047 static void b43_dump_keymemory(struct b43_wldev *dev)
1048 {
1049         unsigned int i, index, count, offset, pairwise_keys_start;
1050         u8 mac[ETH_ALEN];
1051         u16 algo;
1052         u32 rcmta0;
1053         u16 rcmta1;
1054         u64 hf;
1055         struct b43_key *key;
1056
1057         if (!b43_debug(dev, B43_DBG_KEYS))
1058                 return;
1059
1060         hf = b43_hf_read(dev);
1061         b43dbg(dev->wl, "Hardware key memory dump:  USEDEFKEYS=%u\n",
1062                !!(hf & B43_HF_USEDEFKEYS));
1063         if (b43_new_kidx_api(dev)) {
1064                 pairwise_keys_start = B43_NR_GROUP_KEYS;
1065                 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1066         } else {
1067                 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1068                 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1069         }
1070         for (index = 0; index < count; index++) {
1071                 key = &(dev->key[index]);
1072                 printk(KERN_DEBUG "Key slot %02u: %s",
1073                        index, (key->keyconf == NULL) ? " " : "*");
1074                 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
1075                 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
1076                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1077                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1078                 }
1079
1080                 algo = b43_shm_read16(dev, B43_SHM_SHARED,
1081                                       B43_SHM_SH_KEYIDXBLOCK + (index * 2));
1082                 printk("   Algo: %04X/%02X", algo, key->algorithm);
1083
1084                 if (index >= pairwise_keys_start) {
1085                         if (key->algorithm == B43_SEC_ALGO_TKIP) {
1086                                 printk("   TKIP: ");
1087                                 offset = B43_SHM_SH_TKIPTSCTTAK + (index - 4) * (10 + 4);
1088                                 for (i = 0; i < 14; i += 2) {
1089                                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1090                                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1091                                 }
1092                         }
1093                         rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
1094                                                 ((index - pairwise_keys_start) * 2) + 0);
1095                         rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
1096                                                 ((index - pairwise_keys_start) * 2) + 1);
1097                         *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
1098                         *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
1099                         printk("   MAC: %pM", mac);
1100                 } else
1101                         printk("   DEFAULT KEY");
1102                 printk("\n");
1103         }
1104 }
1105
1106 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1107 {
1108         u32 macctl;
1109         u16 ucstat;
1110         bool hwps;
1111         bool awake;
1112         int i;
1113
1114         B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1115                     (ps_flags & B43_PS_DISABLED));
1116         B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1117
1118         if (ps_flags & B43_PS_ENABLED) {
1119                 hwps = true;
1120         } else if (ps_flags & B43_PS_DISABLED) {
1121                 hwps = false;
1122         } else {
1123                 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1124                 //      and thus is not an AP and we are associated, set bit 25
1125         }
1126         if (ps_flags & B43_PS_AWAKE) {
1127                 awake = true;
1128         } else if (ps_flags & B43_PS_ASLEEP) {
1129                 awake = false;
1130         } else {
1131                 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1132                 //      or we are associated, or FIXME, or the latest PS-Poll packet sent was
1133                 //      successful, set bit26
1134         }
1135
1136 /* FIXME: For now we force awake-on and hwps-off */
1137         hwps = false;
1138         awake = true;
1139
1140         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1141         if (hwps)
1142                 macctl |= B43_MACCTL_HWPS;
1143         else
1144                 macctl &= ~B43_MACCTL_HWPS;
1145         if (awake)
1146                 macctl |= B43_MACCTL_AWAKE;
1147         else
1148                 macctl &= ~B43_MACCTL_AWAKE;
1149         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1150         /* Commit write */
1151         b43_read32(dev, B43_MMIO_MACCTL);
1152         if (awake && dev->dev->core_rev >= 5) {
1153                 /* Wait for the microcode to wake up. */
1154                 for (i = 0; i < 100; i++) {
1155                         ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1156                                                 B43_SHM_SH_UCODESTAT);
1157                         if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1158                                 break;
1159                         udelay(10);
1160                 }
1161         }
1162 }
1163
1164 #ifdef CONFIG_B43_BCMA
1165 static void b43_bcma_phy_reset(struct b43_wldev *dev)
1166 {
1167         u32 flags;
1168
1169         /* Put PHY into reset */
1170         flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1171         flags |= B43_BCMA_IOCTL_PHY_RESET;
1172         flags |= B43_BCMA_IOCTL_PHY_BW_20MHZ; /* Make 20 MHz def */
1173         bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1174         udelay(2);
1175
1176         /* Take PHY out of reset */
1177         flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1178         flags &= ~B43_BCMA_IOCTL_PHY_RESET;
1179         flags |= BCMA_IOCTL_FGC;
1180         bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1181         udelay(1);
1182
1183         /* Do not force clock anymore */
1184         flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1185         flags &= ~BCMA_IOCTL_FGC;
1186         bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1187         udelay(1);
1188 }
1189
1190 static void b43_bcma_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1191 {
1192         u32 req = B43_BCMA_CLKCTLST_80211_PLL_REQ |
1193                   B43_BCMA_CLKCTLST_PHY_PLL_REQ;
1194         u32 status = B43_BCMA_CLKCTLST_80211_PLL_ST |
1195                      B43_BCMA_CLKCTLST_PHY_PLL_ST;
1196
1197         b43_device_enable(dev, B43_BCMA_IOCTL_PHY_CLKEN);
1198         bcma_core_set_clockmode(dev->dev->bdev, BCMA_CLKMODE_FAST);
1199         b43_bcma_phy_reset(dev);
1200         bcma_core_pll_ctl(dev->dev->bdev, req, status, true);
1201 }
1202 #endif
1203
1204 static void b43_ssb_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1205 {
1206         struct ssb_device *sdev = dev->dev->sdev;
1207         u32 tmslow;
1208         u32 flags = 0;
1209
1210         if (gmode)
1211                 flags |= B43_TMSLOW_GMODE;
1212         flags |= B43_TMSLOW_PHYCLKEN;
1213         flags |= B43_TMSLOW_PHYRESET;
1214         if (dev->phy.type == B43_PHYTYPE_N)
1215                 flags |= B43_TMSLOW_PHY_BANDWIDTH_20MHZ; /* Make 20 MHz def */
1216         b43_device_enable(dev, flags);
1217         msleep(2);              /* Wait for the PLL to turn on. */
1218
1219         /* Now take the PHY out of Reset again */
1220         tmslow = ssb_read32(sdev, SSB_TMSLOW);
1221         tmslow |= SSB_TMSLOW_FGC;
1222         tmslow &= ~B43_TMSLOW_PHYRESET;
1223         ssb_write32(sdev, SSB_TMSLOW, tmslow);
1224         ssb_read32(sdev, SSB_TMSLOW);   /* flush */
1225         msleep(1);
1226         tmslow &= ~SSB_TMSLOW_FGC;
1227         ssb_write32(sdev, SSB_TMSLOW, tmslow);
1228         ssb_read32(sdev, SSB_TMSLOW);   /* flush */
1229         msleep(1);
1230 }
1231
1232 void b43_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1233 {
1234         u32 macctl;
1235
1236         switch (dev->dev->bus_type) {
1237 #ifdef CONFIG_B43_BCMA
1238         case B43_BUS_BCMA:
1239                 b43_bcma_wireless_core_reset(dev, gmode);
1240                 break;
1241 #endif
1242 #ifdef CONFIG_B43_SSB
1243         case B43_BUS_SSB:
1244                 b43_ssb_wireless_core_reset(dev, gmode);
1245                 break;
1246 #endif
1247         }
1248
1249         /* Turn Analog ON, but only if we already know the PHY-type.
1250          * This protects against very early setup where we don't know the
1251          * PHY-type, yet. wireless_core_reset will be called once again later,
1252          * when we know the PHY-type. */
1253         if (dev->phy.ops)
1254                 dev->phy.ops->switch_analog(dev, 1);
1255
1256         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1257         macctl &= ~B43_MACCTL_GMODE;
1258         if (gmode)
1259                 macctl |= B43_MACCTL_GMODE;
1260         macctl |= B43_MACCTL_IHR_ENABLED;
1261         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1262 }
1263
1264 static void handle_irq_transmit_status(struct b43_wldev *dev)
1265 {
1266         u32 v0, v1;
1267         u16 tmp;
1268         struct b43_txstatus stat;
1269
1270         while (1) {
1271                 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1272                 if (!(v0 & 0x00000001))
1273                         break;
1274                 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1275
1276                 stat.cookie = (v0 >> 16);
1277                 stat.seq = (v1 & 0x0000FFFF);
1278                 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1279                 tmp = (v0 & 0x0000FFFF);
1280                 stat.frame_count = ((tmp & 0xF000) >> 12);
1281                 stat.rts_count = ((tmp & 0x0F00) >> 8);
1282                 stat.supp_reason = ((tmp & 0x001C) >> 2);
1283                 stat.pm_indicated = !!(tmp & 0x0080);
1284                 stat.intermediate = !!(tmp & 0x0040);
1285                 stat.for_ampdu = !!(tmp & 0x0020);
1286                 stat.acked = !!(tmp & 0x0002);
1287
1288                 b43_handle_txstatus(dev, &stat);
1289         }
1290 }
1291
1292 static void drain_txstatus_queue(struct b43_wldev *dev)
1293 {
1294         u32 dummy;
1295
1296         if (dev->dev->core_rev < 5)
1297                 return;
1298         /* Read all entries from the microcode TXstatus FIFO
1299          * and throw them away.
1300          */
1301         while (1) {
1302                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1303                 if (!(dummy & 0x00000001))
1304                         break;
1305                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1306         }
1307 }
1308
1309 static u32 b43_jssi_read(struct b43_wldev *dev)
1310 {
1311         u32 val = 0;
1312
1313         val = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1);
1314         val <<= 16;
1315         val |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0);
1316
1317         return val;
1318 }
1319
1320 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1321 {
1322         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0,
1323                         (jssi & 0x0000FFFF));
1324         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1,
1325                         (jssi & 0xFFFF0000) >> 16);
1326 }
1327
1328 static void b43_generate_noise_sample(struct b43_wldev *dev)
1329 {
1330         b43_jssi_write(dev, 0x7F7F7F7F);
1331         b43_write32(dev, B43_MMIO_MACCMD,
1332                     b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1333 }
1334
1335 static void b43_calculate_link_quality(struct b43_wldev *dev)
1336 {
1337         /* Top half of Link Quality calculation. */
1338
1339         if (dev->phy.type != B43_PHYTYPE_G)
1340                 return;
1341         if (dev->noisecalc.calculation_running)
1342                 return;
1343         dev->noisecalc.calculation_running = true;
1344         dev->noisecalc.nr_samples = 0;
1345
1346         b43_generate_noise_sample(dev);
1347 }
1348
1349 static void handle_irq_noise(struct b43_wldev *dev)
1350 {
1351         struct b43_phy_g *phy = dev->phy.g;
1352         u16 tmp;
1353         u8 noise[4];
1354         u8 i, j;
1355         s32 average;
1356
1357         /* Bottom half of Link Quality calculation. */
1358
1359         if (dev->phy.type != B43_PHYTYPE_G)
1360                 return;
1361
1362         /* Possible race condition: It might be possible that the user
1363          * changed to a different channel in the meantime since we
1364          * started the calculation. We ignore that fact, since it's
1365          * not really that much of a problem. The background noise is
1366          * an estimation only anyway. Slightly wrong results will get damped
1367          * by the averaging of the 8 sample rounds. Additionally the
1368          * value is shortlived. So it will be replaced by the next noise
1369          * calculation round soon. */
1370
1371         B43_WARN_ON(!dev->noisecalc.calculation_running);
1372         *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1373         if (noise[0] == 0x7F || noise[1] == 0x7F ||
1374             noise[2] == 0x7F || noise[3] == 0x7F)
1375                 goto generate_new;
1376
1377         /* Get the noise samples. */
1378         B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1379         i = dev->noisecalc.nr_samples;
1380         noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1381         noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1382         noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1383         noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1384         dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1385         dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1386         dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1387         dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1388         dev->noisecalc.nr_samples++;
1389         if (dev->noisecalc.nr_samples == 8) {
1390                 /* Calculate the Link Quality by the noise samples. */
1391                 average = 0;
1392                 for (i = 0; i < 8; i++) {
1393                         for (j = 0; j < 4; j++)
1394                                 average += dev->noisecalc.samples[i][j];
1395                 }
1396                 average /= (8 * 4);
1397                 average *= 125;
1398                 average += 64;
1399                 average /= 128;
1400                 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1401                 tmp = (tmp / 128) & 0x1F;
1402                 if (tmp >= 8)
1403                         average += 2;
1404                 else
1405                         average -= 25;
1406                 if (tmp == 8)
1407                         average -= 72;
1408                 else
1409                         average -= 48;
1410
1411                 dev->stats.link_noise = average;
1412                 dev->noisecalc.calculation_running = false;
1413                 return;
1414         }
1415 generate_new:
1416         b43_generate_noise_sample(dev);
1417 }
1418
1419 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1420 {
1421         if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1422                 ///TODO: PS TBTT
1423         } else {
1424                 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1425                         b43_power_saving_ctl_bits(dev, 0);
1426         }
1427         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1428                 dev->dfq_valid = true;
1429 }
1430
1431 static void handle_irq_atim_end(struct b43_wldev *dev)
1432 {
1433         if (dev->dfq_valid) {
1434                 b43_write32(dev, B43_MMIO_MACCMD,
1435                             b43_read32(dev, B43_MMIO_MACCMD)
1436                             | B43_MACCMD_DFQ_VALID);
1437                 dev->dfq_valid = false;
1438         }
1439 }
1440
1441 static void handle_irq_pmq(struct b43_wldev *dev)
1442 {
1443         u32 tmp;
1444
1445         //TODO: AP mode.
1446
1447         while (1) {
1448                 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1449                 if (!(tmp & 0x00000008))
1450                         break;
1451         }
1452         /* 16bit write is odd, but correct. */
1453         b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1454 }
1455
1456 static void b43_write_template_common(struct b43_wldev *dev,
1457                                       const u8 *data, u16 size,
1458                                       u16 ram_offset,
1459                                       u16 shm_size_offset, u8 rate)
1460 {
1461         u32 i, tmp;
1462         struct b43_plcp_hdr4 plcp;
1463
1464         plcp.data = 0;
1465         b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1466         b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1467         ram_offset += sizeof(u32);
1468         /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1469          * So leave the first two bytes of the next write blank.
1470          */
1471         tmp = (u32) (data[0]) << 16;
1472         tmp |= (u32) (data[1]) << 24;
1473         b43_ram_write(dev, ram_offset, tmp);
1474         ram_offset += sizeof(u32);
1475         for (i = 2; i < size; i += sizeof(u32)) {
1476                 tmp = (u32) (data[i + 0]);
1477                 if (i + 1 < size)
1478                         tmp |= (u32) (data[i + 1]) << 8;
1479                 if (i + 2 < size)
1480                         tmp |= (u32) (data[i + 2]) << 16;
1481                 if (i + 3 < size)
1482                         tmp |= (u32) (data[i + 3]) << 24;
1483                 b43_ram_write(dev, ram_offset + i - 2, tmp);
1484         }
1485         b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1486                         size + sizeof(struct b43_plcp_hdr6));
1487 }
1488
1489 /* Check if the use of the antenna that ieee80211 told us to
1490  * use is possible. This will fall back to DEFAULT.
1491  * "antenna_nr" is the antenna identifier we got from ieee80211. */
1492 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1493                                   u8 antenna_nr)
1494 {
1495         u8 antenna_mask;
1496
1497         if (antenna_nr == 0) {
1498                 /* Zero means "use default antenna". That's always OK. */
1499                 return 0;
1500         }
1501
1502         /* Get the mask of available antennas. */
1503         if (dev->phy.gmode)
1504                 antenna_mask = dev->dev->bus_sprom->ant_available_bg;
1505         else
1506                 antenna_mask = dev->dev->bus_sprom->ant_available_a;
1507
1508         if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1509                 /* This antenna is not available. Fall back to default. */
1510                 return 0;
1511         }
1512
1513         return antenna_nr;
1514 }
1515
1516 /* Convert a b43 antenna number value to the PHY TX control value. */
1517 static u16 b43_antenna_to_phyctl(int antenna)
1518 {
1519         switch (antenna) {
1520         case B43_ANTENNA0:
1521                 return B43_TXH_PHY_ANT0;
1522         case B43_ANTENNA1:
1523                 return B43_TXH_PHY_ANT1;
1524         case B43_ANTENNA2:
1525                 return B43_TXH_PHY_ANT2;
1526         case B43_ANTENNA3:
1527                 return B43_TXH_PHY_ANT3;
1528         case B43_ANTENNA_AUTO0:
1529         case B43_ANTENNA_AUTO1:
1530                 return B43_TXH_PHY_ANT01AUTO;
1531         }
1532         B43_WARN_ON(1);
1533         return 0;
1534 }
1535
1536 static void b43_write_beacon_template(struct b43_wldev *dev,
1537                                       u16 ram_offset,
1538                                       u16 shm_size_offset)
1539 {
1540         unsigned int i, len, variable_len;
1541         const struct ieee80211_mgmt *bcn;
1542         const u8 *ie;
1543         bool tim_found = false;
1544         unsigned int rate;
1545         u16 ctl;
1546         int antenna;
1547         struct ieee80211_tx_info *info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1548
1549         bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1550         len = min((size_t) dev->wl->current_beacon->len,
1551                   0x200 - sizeof(struct b43_plcp_hdr6));
1552         rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1553
1554         b43_write_template_common(dev, (const u8 *)bcn,
1555                                   len, ram_offset, shm_size_offset, rate);
1556
1557         /* Write the PHY TX control parameters. */
1558         antenna = B43_ANTENNA_DEFAULT;
1559         antenna = b43_antenna_to_phyctl(antenna);
1560         ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1561         /* We can't send beacons with short preamble. Would get PHY errors. */
1562         ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1563         ctl &= ~B43_TXH_PHY_ANT;
1564         ctl &= ~B43_TXH_PHY_ENC;
1565         ctl |= antenna;
1566         if (b43_is_cck_rate(rate))
1567                 ctl |= B43_TXH_PHY_ENC_CCK;
1568         else
1569                 ctl |= B43_TXH_PHY_ENC_OFDM;
1570         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1571
1572         /* Find the position of the TIM and the DTIM_period value
1573          * and write them to SHM. */
1574         ie = bcn->u.beacon.variable;
1575         variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1576         for (i = 0; i < variable_len - 2; ) {
1577                 uint8_t ie_id, ie_len;
1578
1579                 ie_id = ie[i];
1580                 ie_len = ie[i + 1];
1581                 if (ie_id == 5) {
1582                         u16 tim_position;
1583                         u16 dtim_period;
1584                         /* This is the TIM Information Element */
1585
1586                         /* Check whether the ie_len is in the beacon data range. */
1587                         if (variable_len < ie_len + 2 + i)
1588                                 break;
1589                         /* A valid TIM is at least 4 bytes long. */
1590                         if (ie_len < 4)
1591                                 break;
1592                         tim_found = true;
1593
1594                         tim_position = sizeof(struct b43_plcp_hdr6);
1595                         tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1596                         tim_position += i;
1597
1598                         dtim_period = ie[i + 3];
1599
1600                         b43_shm_write16(dev, B43_SHM_SHARED,
1601                                         B43_SHM_SH_TIMBPOS, tim_position);
1602                         b43_shm_write16(dev, B43_SHM_SHARED,
1603                                         B43_SHM_SH_DTIMPER, dtim_period);
1604                         break;
1605                 }
1606                 i += ie_len + 2;
1607         }
1608         if (!tim_found) {
1609                 /*
1610                  * If ucode wants to modify TIM do it behind the beacon, this
1611                  * will happen, for example, when doing mesh networking.
1612                  */
1613                 b43_shm_write16(dev, B43_SHM_SHARED,
1614                                 B43_SHM_SH_TIMBPOS,
1615                                 len + sizeof(struct b43_plcp_hdr6));
1616                 b43_shm_write16(dev, B43_SHM_SHARED,
1617                                 B43_SHM_SH_DTIMPER, 0);
1618         }
1619         b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1620 }
1621
1622 static void b43_upload_beacon0(struct b43_wldev *dev)
1623 {
1624         struct b43_wl *wl = dev->wl;
1625
1626         if (wl->beacon0_uploaded)
1627                 return;
1628         b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE0, B43_SHM_SH_BTL0);
1629         wl->beacon0_uploaded = true;
1630 }
1631
1632 static void b43_upload_beacon1(struct b43_wldev *dev)
1633 {
1634         struct b43_wl *wl = dev->wl;
1635
1636         if (wl->beacon1_uploaded)
1637                 return;
1638         b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE1, B43_SHM_SH_BTL1);
1639         wl->beacon1_uploaded = true;
1640 }
1641
1642 static void handle_irq_beacon(struct b43_wldev *dev)
1643 {
1644         struct b43_wl *wl = dev->wl;
1645         u32 cmd, beacon0_valid, beacon1_valid;
1646
1647         if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1648             !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) &&
1649             !b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
1650                 return;
1651
1652         /* This is the bottom half of the asynchronous beacon update. */
1653
1654         /* Ignore interrupt in the future. */
1655         dev->irq_mask &= ~B43_IRQ_BEACON;
1656
1657         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1658         beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1659         beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1660
1661         /* Schedule interrupt manually, if busy. */
1662         if (beacon0_valid && beacon1_valid) {
1663                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1664                 dev->irq_mask |= B43_IRQ_BEACON;
1665                 return;
1666         }
1667
1668         if (unlikely(wl->beacon_templates_virgin)) {
1669                 /* We never uploaded a beacon before.
1670                  * Upload both templates now, but only mark one valid. */
1671                 wl->beacon_templates_virgin = false;
1672                 b43_upload_beacon0(dev);
1673                 b43_upload_beacon1(dev);
1674                 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1675                 cmd |= B43_MACCMD_BEACON0_VALID;
1676                 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1677         } else {
1678                 if (!beacon0_valid) {
1679                         b43_upload_beacon0(dev);
1680                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1681                         cmd |= B43_MACCMD_BEACON0_VALID;
1682                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1683                 } else if (!beacon1_valid) {
1684                         b43_upload_beacon1(dev);
1685                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1686                         cmd |= B43_MACCMD_BEACON1_VALID;
1687                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1688                 }
1689         }
1690 }
1691
1692 static void b43_do_beacon_update_trigger_work(struct b43_wldev *dev)
1693 {
1694         u32 old_irq_mask = dev->irq_mask;
1695
1696         /* update beacon right away or defer to irq */
1697         handle_irq_beacon(dev);
1698         if (old_irq_mask != dev->irq_mask) {
1699                 /* The handler updated the IRQ mask. */
1700                 B43_WARN_ON(!dev->irq_mask);
1701                 if (b43_read32(dev, B43_MMIO_GEN_IRQ_MASK)) {
1702                         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1703                 } else {
1704                         /* Device interrupts are currently disabled. That means
1705                          * we just ran the hardirq handler and scheduled the
1706                          * IRQ thread. The thread will write the IRQ mask when
1707                          * it finished, so there's nothing to do here. Writing
1708                          * the mask _here_ would incorrectly re-enable IRQs. */
1709                 }
1710         }
1711 }
1712
1713 static void b43_beacon_update_trigger_work(struct work_struct *work)
1714 {
1715         struct b43_wl *wl = container_of(work, struct b43_wl,
1716                                          beacon_update_trigger);
1717         struct b43_wldev *dev;
1718
1719         mutex_lock(&wl->mutex);
1720         dev = wl->current_dev;
1721         if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1722                 if (b43_bus_host_is_sdio(dev->dev)) {
1723                         /* wl->mutex is enough. */
1724                         b43_do_beacon_update_trigger_work(dev);
1725                         mmiowb();
1726                 } else {
1727                         spin_lock_irq(&wl->hardirq_lock);
1728                         b43_do_beacon_update_trigger_work(dev);
1729                         mmiowb();
1730                         spin_unlock_irq(&wl->hardirq_lock);
1731                 }
1732         }
1733         mutex_unlock(&wl->mutex);
1734 }
1735
1736 /* Asynchronously update the packet templates in template RAM.
1737  * Locking: Requires wl->mutex to be locked. */
1738 static void b43_update_templates(struct b43_wl *wl)
1739 {
1740         struct sk_buff *beacon;
1741
1742         /* This is the top half of the ansynchronous beacon update.
1743          * The bottom half is the beacon IRQ.
1744          * Beacon update must be asynchronous to avoid sending an
1745          * invalid beacon. This can happen for example, if the firmware
1746          * transmits a beacon while we are updating it. */
1747
1748         /* We could modify the existing beacon and set the aid bit in
1749          * the TIM field, but that would probably require resizing and
1750          * moving of data within the beacon template.
1751          * Simply request a new beacon and let mac80211 do the hard work. */
1752         beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1753         if (unlikely(!beacon))
1754                 return;
1755
1756         if (wl->current_beacon)
1757                 dev_kfree_skb_any(wl->current_beacon);
1758         wl->current_beacon = beacon;
1759         wl->beacon0_uploaded = false;
1760         wl->beacon1_uploaded = false;
1761         ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1762 }
1763
1764 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1765 {
1766         b43_time_lock(dev);
1767         if (dev->dev->core_rev >= 3) {
1768                 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1769                 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1770         } else {
1771                 b43_write16(dev, 0x606, (beacon_int >> 6));
1772                 b43_write16(dev, 0x610, beacon_int);
1773         }
1774         b43_time_unlock(dev);
1775         b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1776 }
1777
1778 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1779 {
1780         u16 reason;
1781
1782         /* Read the register that contains the reason code for the panic. */
1783         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1784         b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1785
1786         switch (reason) {
1787         default:
1788                 b43dbg(dev->wl, "The panic reason is unknown.\n");
1789                 /* fallthrough */
1790         case B43_FWPANIC_DIE:
1791                 /* Do not restart the controller or firmware.
1792                  * The device is nonfunctional from now on.
1793                  * Restarting would result in this panic to trigger again,
1794                  * so we avoid that recursion. */
1795                 break;
1796         case B43_FWPANIC_RESTART:
1797                 b43_controller_restart(dev, "Microcode panic");
1798                 break;
1799         }
1800 }
1801
1802 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1803 {
1804         unsigned int i, cnt;
1805         u16 reason, marker_id, marker_line;
1806         __le16 *buf;
1807
1808         /* The proprietary firmware doesn't have this IRQ. */
1809         if (!dev->fw.opensource)
1810                 return;
1811
1812         /* Read the register that contains the reason code for this IRQ. */
1813         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1814
1815         switch (reason) {
1816         case B43_DEBUGIRQ_PANIC:
1817                 b43_handle_firmware_panic(dev);
1818                 break;
1819         case B43_DEBUGIRQ_DUMP_SHM:
1820                 if (!B43_DEBUG)
1821                         break; /* Only with driver debugging enabled. */
1822                 buf = kmalloc(4096, GFP_ATOMIC);
1823                 if (!buf) {
1824                         b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1825                         goto out;
1826                 }
1827                 for (i = 0; i < 4096; i += 2) {
1828                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1829                         buf[i / 2] = cpu_to_le16(tmp);
1830                 }
1831                 b43info(dev->wl, "Shared memory dump:\n");
1832                 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1833                                16, 2, buf, 4096, 1);
1834                 kfree(buf);
1835                 break;
1836         case B43_DEBUGIRQ_DUMP_REGS:
1837                 if (!B43_DEBUG)
1838                         break; /* Only with driver debugging enabled. */
1839                 b43info(dev->wl, "Microcode register dump:\n");
1840                 for (i = 0, cnt = 0; i < 64; i++) {
1841                         u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1842                         if (cnt == 0)
1843                                 printk(KERN_INFO);
1844                         printk("r%02u: 0x%04X  ", i, tmp);
1845                         cnt++;
1846                         if (cnt == 6) {
1847                                 printk("\n");
1848                                 cnt = 0;
1849                         }
1850                 }
1851                 printk("\n");
1852                 break;
1853         case B43_DEBUGIRQ_MARKER:
1854                 if (!B43_DEBUG)
1855                         break; /* Only with driver debugging enabled. */
1856                 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1857                                            B43_MARKER_ID_REG);
1858                 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1859                                              B43_MARKER_LINE_REG);
1860                 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1861                         "at line number %u\n",
1862                         marker_id, marker_line);
1863                 break;
1864         default:
1865                 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1866                        reason);
1867         }
1868 out:
1869         /* Acknowledge the debug-IRQ, so the firmware can continue. */
1870         b43_shm_write16(dev, B43_SHM_SCRATCH,
1871                         B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1872 }
1873
1874 static void b43_do_interrupt_thread(struct b43_wldev *dev)
1875 {
1876         u32 reason;
1877         u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1878         u32 merged_dma_reason = 0;
1879         int i;
1880
1881         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
1882                 return;
1883
1884         reason = dev->irq_reason;
1885         for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1886                 dma_reason[i] = dev->dma_reason[i];
1887                 merged_dma_reason |= dma_reason[i];
1888         }
1889
1890         if (unlikely(reason & B43_IRQ_MAC_TXERR))
1891                 b43err(dev->wl, "MAC transmission error\n");
1892
1893         if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1894                 b43err(dev->wl, "PHY transmission error\n");
1895                 rmb();
1896                 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1897                         atomic_set(&dev->phy.txerr_cnt,
1898                                    B43_PHY_TX_BADNESS_LIMIT);
1899                         b43err(dev->wl, "Too many PHY TX errors, "
1900                                         "restarting the controller\n");
1901                         b43_controller_restart(dev, "PHY TX errors");
1902                 }
1903         }
1904
1905         if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK |
1906                                           B43_DMAIRQ_NONFATALMASK))) {
1907                 if (merged_dma_reason & B43_DMAIRQ_FATALMASK) {
1908                         b43err(dev->wl, "Fatal DMA error: "
1909                                "0x%08X, 0x%08X, 0x%08X, "
1910                                "0x%08X, 0x%08X, 0x%08X\n",
1911                                dma_reason[0], dma_reason[1],
1912                                dma_reason[2], dma_reason[3],
1913                                dma_reason[4], dma_reason[5]);
1914                         b43err(dev->wl, "This device does not support DMA "
1915                                "on your system. It will now be switched to PIO.\n");
1916                         /* Fall back to PIO transfers if we get fatal DMA errors! */
1917                         dev->use_pio = true;
1918                         b43_controller_restart(dev, "DMA error");
1919                         return;
1920                 }
1921                 if (merged_dma_reason & B43_DMAIRQ_NONFATALMASK) {
1922                         b43err(dev->wl, "DMA error: "
1923                                "0x%08X, 0x%08X, 0x%08X, "
1924                                "0x%08X, 0x%08X, 0x%08X\n",
1925                                dma_reason[0], dma_reason[1],
1926                                dma_reason[2], dma_reason[3],
1927                                dma_reason[4], dma_reason[5]);
1928                 }
1929         }
1930
1931         if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1932                 handle_irq_ucode_debug(dev);
1933         if (reason & B43_IRQ_TBTT_INDI)
1934                 handle_irq_tbtt_indication(dev);
1935         if (reason & B43_IRQ_ATIM_END)
1936                 handle_irq_atim_end(dev);
1937         if (reason & B43_IRQ_BEACON)
1938                 handle_irq_beacon(dev);
1939         if (reason & B43_IRQ_PMQ)
1940                 handle_irq_pmq(dev);
1941         if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1942                 ;/* TODO */
1943         if (reason & B43_IRQ_NOISESAMPLE_OK)
1944                 handle_irq_noise(dev);
1945
1946         /* Check the DMA reason registers for received data. */
1947         if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
1948                 if (b43_using_pio_transfers(dev))
1949                         b43_pio_rx(dev->pio.rx_queue);
1950                 else
1951                         b43_dma_rx(dev->dma.rx_ring);
1952         }
1953         B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1954         B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
1955         B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
1956         B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1957         B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1958
1959         if (reason & B43_IRQ_TX_OK)
1960                 handle_irq_transmit_status(dev);
1961
1962         /* Re-enable interrupts on the device by restoring the current interrupt mask. */
1963         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1964
1965 #if B43_DEBUG
1966         if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
1967                 dev->irq_count++;
1968                 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
1969                         if (reason & (1 << i))
1970                                 dev->irq_bit_count[i]++;
1971                 }
1972         }
1973 #endif
1974 }
1975
1976 /* Interrupt thread handler. Handles device interrupts in thread context. */
1977 static irqreturn_t b43_interrupt_thread_handler(int irq, void *dev_id)
1978 {
1979         struct b43_wldev *dev = dev_id;
1980
1981         mutex_lock(&dev->wl->mutex);
1982         b43_do_interrupt_thread(dev);
1983         mmiowb();
1984         mutex_unlock(&dev->wl->mutex);
1985
1986         return IRQ_HANDLED;
1987 }
1988
1989 static irqreturn_t b43_do_interrupt(struct b43_wldev *dev)
1990 {
1991         u32 reason;
1992
1993         /* This code runs under wl->hardirq_lock, but _only_ on non-SDIO busses.
1994          * On SDIO, this runs under wl->mutex. */
1995
1996         reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1997         if (reason == 0xffffffff)       /* shared IRQ */
1998                 return IRQ_NONE;
1999         reason &= dev->irq_mask;
2000         if (!reason)
2001                 return IRQ_NONE;
2002
2003         dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
2004             & 0x0001DC00;
2005         dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
2006             & 0x0000DC00;
2007         dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
2008             & 0x0000DC00;
2009         dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
2010             & 0x0001DC00;
2011         dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
2012             & 0x0000DC00;
2013 /* Unused ring
2014         dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
2015             & 0x0000DC00;
2016 */
2017
2018         /* ACK the interrupt. */
2019         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
2020         b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
2021         b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
2022         b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
2023         b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
2024         b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
2025 /* Unused ring
2026         b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
2027 */
2028
2029         /* Disable IRQs on the device. The IRQ thread handler will re-enable them. */
2030         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
2031         /* Save the reason bitmasks for the IRQ thread handler. */
2032         dev->irq_reason = reason;
2033
2034         return IRQ_WAKE_THREAD;
2035 }
2036
2037 /* Interrupt handler top-half. This runs with interrupts disabled. */
2038 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
2039 {
2040         struct b43_wldev *dev = dev_id;
2041         irqreturn_t ret;
2042
2043         if (unlikely(b43_status(dev) < B43_STAT_STARTED))
2044                 return IRQ_NONE;
2045
2046         spin_lock(&dev->wl->hardirq_lock);
2047         ret = b43_do_interrupt(dev);
2048         mmiowb();
2049         spin_unlock(&dev->wl->hardirq_lock);
2050
2051         return ret;
2052 }
2053
2054 /* SDIO interrupt handler. This runs in process context. */
2055 static void b43_sdio_interrupt_handler(struct b43_wldev *dev)
2056 {
2057         struct b43_wl *wl = dev->wl;
2058         irqreturn_t ret;
2059
2060         mutex_lock(&wl->mutex);
2061
2062         ret = b43_do_interrupt(dev);
2063         if (ret == IRQ_WAKE_THREAD)
2064                 b43_do_interrupt_thread(dev);
2065
2066         mutex_unlock(&wl->mutex);
2067 }
2068
2069 void b43_do_release_fw(struct b43_firmware_file *fw)
2070 {
2071         release_firmware(fw->data);
2072         fw->data = NULL;
2073         fw->filename = NULL;
2074 }
2075
2076 static void b43_release_firmware(struct b43_wldev *dev)
2077 {
2078         b43_do_release_fw(&dev->fw.ucode);
2079         b43_do_release_fw(&dev->fw.pcm);
2080         b43_do_release_fw(&dev->fw.initvals);
2081         b43_do_release_fw(&dev->fw.initvals_band);
2082 }
2083
2084 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
2085 {
2086         const char text[] =
2087                 "You must go to " \
2088                 "http://wireless.kernel.org/en/users/Drivers/b43#devicefirmware " \
2089                 "and download the correct firmware for this driver version. " \
2090                 "Please carefully read all instructions on this website.\n";
2091
2092         if (error)
2093                 b43err(wl, text);
2094         else
2095                 b43warn(wl, text);
2096 }
2097
2098 static void b43_fw_cb(const struct firmware *firmware, void *context)
2099 {
2100         struct b43_request_fw_context *ctx = context;
2101
2102         ctx->blob = firmware;
2103         complete(&ctx->fw_load_complete);
2104 }
2105
2106 int b43_do_request_fw(struct b43_request_fw_context *ctx,
2107                       const char *name,
2108                       struct b43_firmware_file *fw, bool async)
2109 {
2110         struct b43_fw_header *hdr;
2111         u32 size;
2112         int err;
2113
2114         if (!name) {
2115                 /* Don't fetch anything. Free possibly cached firmware. */
2116                 /* FIXME: We should probably keep it anyway, to save some headache
2117                  * on suspend/resume with multiband devices. */
2118                 b43_do_release_fw(fw);
2119                 return 0;
2120         }
2121         if (fw->filename) {
2122                 if ((fw->type == ctx->req_type) &&
2123                     (strcmp(fw->filename, name) == 0))
2124                         return 0; /* Already have this fw. */
2125                 /* Free the cached firmware first. */
2126                 /* FIXME: We should probably do this later after we successfully
2127                  * got the new fw. This could reduce headache with multiband devices.
2128                  * We could also redesign this to cache the firmware for all possible
2129                  * bands all the time. */
2130                 b43_do_release_fw(fw);
2131         }
2132
2133         switch (ctx->req_type) {
2134         case B43_FWTYPE_PROPRIETARY:
2135                 snprintf(ctx->fwname, sizeof(ctx->fwname),
2136                          "b43%s/%s.fw",
2137                          modparam_fwpostfix, name);
2138                 break;
2139         case B43_FWTYPE_OPENSOURCE:
2140                 snprintf(ctx->fwname, sizeof(ctx->fwname),
2141                          "b43-open%s/%s.fw",
2142                          modparam_fwpostfix, name);
2143                 break;
2144         default:
2145                 B43_WARN_ON(1);
2146                 return -ENOSYS;
2147         }
2148         if (async) {
2149                 /* do this part asynchronously */
2150                 init_completion(&ctx->fw_load_complete);
2151                 err = request_firmware_nowait(THIS_MODULE, 1, ctx->fwname,
2152                                               ctx->dev->dev->dev, GFP_KERNEL,
2153                                               ctx, b43_fw_cb);
2154                 if (err < 0) {
2155                         pr_err("Unable to load firmware\n");
2156                         return err;
2157                 }
2158                 /* stall here until fw ready */
2159                 wait_for_completion(&ctx->fw_load_complete);
2160                 if (ctx->blob)
2161                         goto fw_ready;
2162         /* On some ARM systems, the async request will fail, but the next sync
2163          * request works. For this reason, we dall through here
2164          */
2165         }
2166         err = request_firmware(&ctx->blob, ctx->fwname,
2167                                ctx->dev->dev->dev);
2168         if (err == -ENOENT) {
2169                 snprintf(ctx->errors[ctx->req_type],
2170                          sizeof(ctx->errors[ctx->req_type]),
2171                          "Firmware file \"%s\" not found\n",
2172                          ctx->fwname);
2173                 return err;
2174         } else if (err) {
2175                 snprintf(ctx->errors[ctx->req_type],
2176                          sizeof(ctx->errors[ctx->req_type]),
2177                          "Firmware file \"%s\" request failed (err=%d)\n",
2178                          ctx->fwname, err);
2179                 return err;
2180         }
2181 fw_ready:
2182         if (ctx->blob->size < sizeof(struct b43_fw_header))
2183                 goto err_format;
2184         hdr = (struct b43_fw_header *)(ctx->blob->data);
2185         switch (hdr->type) {
2186         case B43_FW_TYPE_UCODE:
2187         case B43_FW_TYPE_PCM:
2188                 size = be32_to_cpu(hdr->size);
2189                 if (size != ctx->blob->size - sizeof(struct b43_fw_header))
2190                         goto err_format;
2191                 /* fallthrough */
2192         case B43_FW_TYPE_IV:
2193                 if (hdr->ver != 1)
2194                         goto err_format;
2195                 break;
2196         default:
2197                 goto err_format;
2198         }
2199
2200         fw->data = ctx->blob;
2201         fw->filename = name;
2202         fw->type = ctx->req_type;
2203
2204         return 0;
2205
2206 err_format:
2207         snprintf(ctx->errors[ctx->req_type],
2208                  sizeof(ctx->errors[ctx->req_type]),
2209                  "Firmware file \"%s\" format error.\n", ctx->fwname);
2210         release_firmware(ctx->blob);
2211
2212         return -EPROTO;
2213 }
2214
2215 static int b43_try_request_fw(struct b43_request_fw_context *ctx)
2216 {
2217         struct b43_wldev *dev = ctx->dev;
2218         struct b43_firmware *fw = &ctx->dev->fw;
2219         const u8 rev = ctx->dev->dev->core_rev;
2220         const char *filename;
2221         u32 tmshigh;
2222         int err;
2223
2224         /* Files for HT and LCN were found by trying one by one */
2225
2226         /* Get microcode */
2227         if ((rev >= 5) && (rev <= 10)) {
2228                 filename = "ucode5";
2229         } else if ((rev >= 11) && (rev <= 12)) {
2230                 filename = "ucode11";
2231         } else if (rev == 13) {
2232                 filename = "ucode13";
2233         } else if (rev == 14) {
2234                 filename = "ucode14";
2235         } else if (rev == 15) {
2236                 filename = "ucode15";
2237         } else {
2238                 switch (dev->phy.type) {
2239                 case B43_PHYTYPE_N:
2240                         if (rev >= 16)
2241                                 filename = "ucode16_mimo";
2242                         else
2243                                 goto err_no_ucode;
2244                         break;
2245                 case B43_PHYTYPE_HT:
2246                         if (rev == 29)
2247                                 filename = "ucode29_mimo";
2248                         else
2249                                 goto err_no_ucode;
2250                         break;
2251                 case B43_PHYTYPE_LCN:
2252                         if (rev == 24)
2253                                 filename = "ucode24_mimo";
2254                         else
2255                                 goto err_no_ucode;
2256                         break;
2257                 default:
2258                         goto err_no_ucode;
2259                 }
2260         }
2261         err = b43_do_request_fw(ctx, filename, &fw->ucode, true);
2262         if (err)
2263                 goto err_load;
2264
2265         /* Get PCM code */
2266         if ((rev >= 5) && (rev <= 10))
2267                 filename = "pcm5";
2268         else if (rev >= 11)
2269                 filename = NULL;
2270         else
2271                 goto err_no_pcm;
2272         fw->pcm_request_failed = false;
2273         err = b43_do_request_fw(ctx, filename, &fw->pcm, false);
2274         if (err == -ENOENT) {
2275                 /* We did not find a PCM file? Not fatal, but
2276                  * core rev <= 10 must do without hwcrypto then. */
2277                 fw->pcm_request_failed = true;
2278         } else if (err)
2279                 goto err_load;
2280
2281         /* Get initvals */
2282         switch (dev->phy.type) {
2283         case B43_PHYTYPE_A:
2284                 if ((rev >= 5) && (rev <= 10)) {
2285                         tmshigh = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
2286                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2287                                 filename = "a0g1initvals5";
2288                         else
2289                                 filename = "a0g0initvals5";
2290                 } else
2291                         goto err_no_initvals;
2292                 break;
2293         case B43_PHYTYPE_G:
2294                 if ((rev >= 5) && (rev <= 10))
2295                         filename = "b0g0initvals5";
2296                 else if (rev >= 13)
2297                         filename = "b0g0initvals13";
2298                 else
2299                         goto err_no_initvals;
2300                 break;
2301         case B43_PHYTYPE_N:
2302                 if (rev >= 16)
2303                         filename = "n0initvals16";
2304                 else if ((rev >= 11) && (rev <= 12))
2305                         filename = "n0initvals11";
2306                 else
2307                         goto err_no_initvals;
2308                 break;
2309         case B43_PHYTYPE_LP:
2310                 if (rev == 13)
2311                         filename = "lp0initvals13";
2312                 else if (rev == 14)
2313                         filename = "lp0initvals14";
2314                 else if (rev >= 15)
2315                         filename = "lp0initvals15";
2316                 else
2317                         goto err_no_initvals;
2318                 break;
2319         case B43_PHYTYPE_HT:
2320                 if (rev == 29)
2321                         filename = "ht0initvals29";
2322                 else
2323                         goto err_no_initvals;
2324                 break;
2325         case B43_PHYTYPE_LCN:
2326                 if (rev == 24)
2327                         filename = "lcn0initvals24";
2328                 else
2329                         goto err_no_initvals;
2330                 break;
2331         default:
2332                 goto err_no_initvals;
2333         }
2334         err = b43_do_request_fw(ctx, filename, &fw->initvals, false);
2335         if (err)
2336                 goto err_load;
2337
2338         /* Get bandswitch initvals */
2339         switch (dev->phy.type) {
2340         case B43_PHYTYPE_A:
2341                 if ((rev >= 5) && (rev <= 10)) {
2342                         tmshigh = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
2343                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2344                                 filename = "a0g1bsinitvals5";
2345                         else
2346                                 filename = "a0g0bsinitvals5";
2347                 } else if (rev >= 11)
2348                         filename = NULL;
2349                 else
2350                         goto err_no_initvals;
2351                 break;
2352         case B43_PHYTYPE_G:
2353                 if ((rev >= 5) && (rev <= 10))
2354                         filename = "b0g0bsinitvals5";
2355                 else if (rev >= 11)
2356                         filename = NULL;
2357                 else
2358                         goto err_no_initvals;
2359                 break;
2360         case B43_PHYTYPE_N:
2361                 if (rev >= 16)
2362                         filename = "n0bsinitvals16";
2363                 else if ((rev >= 11) && (rev <= 12))
2364                         filename = "n0bsinitvals11";
2365                 else
2366                         goto err_no_initvals;
2367                 break;
2368         case B43_PHYTYPE_LP:
2369                 if (rev == 13)
2370                         filename = "lp0bsinitvals13";
2371                 else if (rev == 14)
2372                         filename = "lp0bsinitvals14";
2373                 else if (rev >= 15)
2374                         filename = "lp0bsinitvals15";
2375                 else
2376                         goto err_no_initvals;
2377                 break;
2378         case B43_PHYTYPE_HT:
2379                 if (rev == 29)
2380                         filename = "ht0bsinitvals29";
2381                 else
2382                         goto err_no_initvals;
2383                 break;
2384         case B43_PHYTYPE_LCN:
2385                 if (rev == 24)
2386                         filename = "lcn0bsinitvals24";
2387                 else
2388                         goto err_no_initvals;
2389                 break;
2390         default:
2391                 goto err_no_initvals;
2392         }
2393         err = b43_do_request_fw(ctx, filename, &fw->initvals_band, false);
2394         if (err)
2395                 goto err_load;
2396
2397         fw->opensource = (ctx->req_type == B43_FWTYPE_OPENSOURCE);
2398
2399         return 0;
2400
2401 err_no_ucode:
2402         err = ctx->fatal_failure = -EOPNOTSUPP;
2403         b43err(dev->wl, "The driver does not know which firmware (ucode) "
2404                "is required for your device (wl-core rev %u)\n", rev);
2405         goto error;
2406
2407 err_no_pcm:
2408         err = ctx->fatal_failure = -EOPNOTSUPP;
2409         b43err(dev->wl, "The driver does not know which firmware (PCM) "
2410                "is required for your device (wl-core rev %u)\n", rev);
2411         goto error;
2412
2413 err_no_initvals:
2414         err = ctx->fatal_failure = -EOPNOTSUPP;
2415         b43err(dev->wl, "The driver does not know which firmware (initvals) "
2416                "is required for your device (wl-core rev %u)\n", rev);
2417         goto error;
2418
2419 err_load:
2420         /* We failed to load this firmware image. The error message
2421          * already is in ctx->errors. Return and let our caller decide
2422          * what to do. */
2423         goto error;
2424
2425 error:
2426         b43_release_firmware(dev);
2427         return err;
2428 }
2429
2430 static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl);
2431 static void b43_one_core_detach(struct b43_bus_dev *dev);
2432
2433 static void b43_request_firmware(struct work_struct *work)
2434 {
2435         struct b43_wl *wl = container_of(work,
2436                             struct b43_wl, firmware_load);
2437         struct b43_wldev *dev = wl->current_dev;
2438         struct b43_request_fw_context *ctx;
2439         unsigned int i;
2440         int err;
2441         const char *errmsg;
2442
2443         ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2444         if (!ctx)
2445                 return;
2446         ctx->dev = dev;
2447
2448         ctx->req_type = B43_FWTYPE_PROPRIETARY;
2449         err = b43_try_request_fw(ctx);
2450         if (!err)
2451                 goto start_ieee80211; /* Successfully loaded it. */
2452         /* Was fw version known? */
2453         if (ctx->fatal_failure)
2454                 goto out;
2455
2456         /* proprietary fw not found, try open source */
2457         ctx->req_type = B43_FWTYPE_OPENSOURCE;
2458         err = b43_try_request_fw(ctx);
2459         if (!err)
2460                 goto start_ieee80211; /* Successfully loaded it. */
2461         if(ctx->fatal_failure)
2462                 goto out;
2463
2464         /* Could not find a usable firmware. Print the errors. */
2465         for (i = 0; i < B43_NR_FWTYPES; i++) {
2466                 errmsg = ctx->errors[i];
2467                 if (strlen(errmsg))
2468                         b43err(dev->wl, errmsg);
2469         }
2470         b43_print_fw_helptext(dev->wl, 1);
2471         goto out;
2472
2473 start_ieee80211:
2474         wl->hw->queues = B43_QOS_QUEUE_NUM;
2475         if (!modparam_qos || dev->fw.opensource)
2476                 wl->hw->queues = 1;
2477
2478         err = ieee80211_register_hw(wl->hw);
2479         if (err)
2480                 goto err_one_core_detach;
2481         wl->hw_registred = true;
2482         b43_leds_register(wl->current_dev);
2483         goto out;
2484
2485 err_one_core_detach:
2486         b43_one_core_detach(dev->dev);
2487
2488 out:
2489         kfree(ctx);
2490 }
2491
2492 static int b43_upload_microcode(struct b43_wldev *dev)
2493 {
2494         struct wiphy *wiphy = dev->wl->hw->wiphy;
2495         const size_t hdr_len = sizeof(struct b43_fw_header);
2496         const __be32 *data;
2497         unsigned int i, len;
2498         u16 fwrev, fwpatch, fwdate, fwtime;
2499         u32 tmp, macctl;
2500         int err = 0;
2501
2502         /* Jump the microcode PSM to offset 0 */
2503         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2504         B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2505         macctl |= B43_MACCTL_PSM_JMP0;
2506         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2507         /* Zero out all microcode PSM registers and shared memory. */
2508         for (i = 0; i < 64; i++)
2509                 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2510         for (i = 0; i < 4096; i += 2)
2511                 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2512
2513         /* Upload Microcode. */
2514         data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2515         len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2516         b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2517         for (i = 0; i < len; i++) {
2518                 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2519                 udelay(10);
2520         }
2521
2522         if (dev->fw.pcm.data) {
2523                 /* Upload PCM data. */
2524                 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2525                 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2526                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2527                 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2528                 /* No need for autoinc bit in SHM_HW */
2529                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2530                 for (i = 0; i < len; i++) {
2531                         b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2532                         udelay(10);
2533                 }
2534         }
2535
2536         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2537
2538         /* Start the microcode PSM */
2539         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_JMP0,
2540                       B43_MACCTL_PSM_RUN);
2541
2542         /* Wait for the microcode to load and respond */
2543         i = 0;
2544         while (1) {
2545                 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2546                 if (tmp == B43_IRQ_MAC_SUSPENDED)
2547                         break;
2548                 i++;
2549                 if (i >= 20) {
2550                         b43err(dev->wl, "Microcode not responding\n");
2551                         b43_print_fw_helptext(dev->wl, 1);
2552                         err = -ENODEV;
2553                         goto error;
2554                 }
2555                 msleep(50);
2556         }
2557         b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);       /* dummy read */
2558
2559         /* Get and check the revisions. */
2560         fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2561         fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2562         fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2563         fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2564
2565         if (fwrev <= 0x128) {
2566                 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2567                        "binary drivers older than version 4.x is unsupported. "
2568                        "You must upgrade your firmware files.\n");
2569                 b43_print_fw_helptext(dev->wl, 1);
2570                 err = -EOPNOTSUPP;
2571                 goto error;
2572         }
2573         dev->fw.rev = fwrev;
2574         dev->fw.patch = fwpatch;
2575         if (dev->fw.rev >= 598)
2576                 dev->fw.hdr_format = B43_FW_HDR_598;
2577         else if (dev->fw.rev >= 410)
2578                 dev->fw.hdr_format = B43_FW_HDR_410;
2579         else
2580                 dev->fw.hdr_format = B43_FW_HDR_351;
2581         WARN_ON(dev->fw.opensource != (fwdate == 0xFFFF));
2582
2583         dev->qos_enabled = dev->wl->hw->queues > 1;
2584         /* Default to firmware/hardware crypto acceleration. */
2585         dev->hwcrypto_enabled = true;
2586
2587         if (dev->fw.opensource) {
2588                 u16 fwcapa;
2589
2590                 /* Patchlevel info is encoded in the "time" field. */
2591                 dev->fw.patch = fwtime;
2592                 b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2593                         dev->fw.rev, dev->fw.patch);
2594
2595                 fwcapa = b43_fwcapa_read(dev);
2596                 if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2597                         b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2598                         /* Disable hardware crypto and fall back to software crypto. */
2599                         dev->hwcrypto_enabled = false;
2600                 }
2601                 /* adding QoS support should use an offline discovery mechanism */
2602                 WARN(fwcapa & B43_FWCAPA_QOS, "QoS in OpenFW not supported\n");
2603         } else {
2604                 b43info(dev->wl, "Loading firmware version %u.%u "
2605                         "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2606                         fwrev, fwpatch,
2607                         (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2608                         (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2609                 if (dev->fw.pcm_request_failed) {
2610                         b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2611                                 "Hardware accelerated cryptography is disabled.\n");
2612                         b43_print_fw_helptext(dev->wl, 0);
2613                 }
2614         }
2615
2616         snprintf(wiphy->fw_version, sizeof(wiphy->fw_version), "%u.%u",
2617                         dev->fw.rev, dev->fw.patch);
2618         wiphy->hw_version = dev->dev->core_id;
2619
2620         if (dev->fw.hdr_format == B43_FW_HDR_351) {
2621                 /* We're over the deadline, but we keep support for old fw
2622                  * until it turns out to be in major conflict with something new. */
2623                 b43warn(dev->wl, "You are using an old firmware image. "
2624                         "Support for old firmware will be removed soon "
2625                         "(official deadline was July 2008).\n");
2626                 b43_print_fw_helptext(dev->wl, 0);
2627         }
2628
2629         return 0;
2630
2631 error:
2632         /* Stop the microcode PSM. */
2633         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
2634                       B43_MACCTL_PSM_JMP0);
2635
2636         return err;
2637 }
2638
2639 static int b43_write_initvals(struct b43_wldev *dev,
2640                               const struct b43_iv *ivals,
2641                               size_t count,
2642                               size_t array_size)
2643 {
2644         const struct b43_iv *iv;
2645         u16 offset;
2646         size_t i;
2647         bool bit32;
2648
2649         BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2650         iv = ivals;
2651         for (i = 0; i < count; i++) {
2652                 if (array_size < sizeof(iv->offset_size))
2653                         goto err_format;
2654                 array_size -= sizeof(iv->offset_size);
2655                 offset = be16_to_cpu(iv->offset_size);
2656                 bit32 = !!(offset & B43_IV_32BIT);
2657                 offset &= B43_IV_OFFSET_MASK;
2658                 if (offset >= 0x1000)
2659                         goto err_format;
2660                 if (bit32) {
2661                         u32 value;
2662
2663                         if (array_size < sizeof(iv->data.d32))
2664                                 goto err_format;
2665                         array_size -= sizeof(iv->data.d32);
2666
2667                         value = get_unaligned_be32(&iv->data.d32);
2668                         b43_write32(dev, offset, value);
2669
2670                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2671                                                         sizeof(__be16) +
2672                                                         sizeof(__be32));
2673                 } else {
2674                         u16 value;
2675
2676                         if (array_size < sizeof(iv->data.d16))
2677                                 goto err_format;
2678                         array_size -= sizeof(iv->data.d16);
2679
2680                         value = be16_to_cpu(iv->data.d16);
2681                         b43_write16(dev, offset, value);
2682
2683                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2684                                                         sizeof(__be16) +
2685                                                         sizeof(__be16));
2686                 }
2687         }
2688         if (array_size)
2689                 goto err_format;
2690
2691         return 0;
2692
2693 err_format:
2694         b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2695         b43_print_fw_helptext(dev->wl, 1);
2696
2697         return -EPROTO;
2698 }
2699
2700 static int b43_upload_initvals(struct b43_wldev *dev)
2701 {
2702         const size_t hdr_len = sizeof(struct b43_fw_header);
2703         const struct b43_fw_header *hdr;
2704         struct b43_firmware *fw = &dev->fw;
2705         const struct b43_iv *ivals;
2706         size_t count;
2707         int err;
2708
2709         hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2710         ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2711         count = be32_to_cpu(hdr->size);
2712         err = b43_write_initvals(dev, ivals, count,
2713                                  fw->initvals.data->size - hdr_len);
2714         if (err)
2715                 goto out;
2716         if (fw->initvals_band.data) {
2717                 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2718                 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2719                 count = be32_to_cpu(hdr->size);
2720                 err = b43_write_initvals(dev, ivals, count,
2721                                          fw->initvals_band.data->size - hdr_len);
2722                 if (err)
2723                         goto out;
2724         }
2725 out:
2726
2727         return err;
2728 }
2729
2730 /* Initialize the GPIOs
2731  * http://bcm-specs.sipsolutions.net/GPIO
2732  */
2733 static struct ssb_device *b43_ssb_gpio_dev(struct b43_wldev *dev)
2734 {
2735         struct ssb_bus *bus = dev->dev->sdev->bus;
2736
2737 #ifdef CONFIG_SSB_DRIVER_PCICORE
2738         return (bus->chipco.dev ? bus->chipco.dev : bus->pcicore.dev);
2739 #else
2740         return bus->chipco.dev;
2741 #endif
2742 }
2743
2744 static int b43_gpio_init(struct b43_wldev *dev)
2745 {
2746         struct ssb_device *gpiodev;
2747         u32 mask, set;
2748
2749         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_GPOUTSMSK, 0);
2750         b43_maskset16(dev, B43_MMIO_GPIO_MASK, ~0, 0xF);
2751
2752         mask = 0x0000001F;
2753         set = 0x0000000F;
2754         if (dev->dev->chip_id == 0x4301) {
2755                 mask |= 0x0060;
2756                 set |= 0x0060;
2757         } else if (dev->dev->chip_id == 0x5354) {
2758                 /* Don't allow overtaking buttons GPIOs */
2759                 set &= 0x2; /* 0x2 is LED GPIO on BCM5354 */
2760         }
2761
2762         if (0 /* FIXME: conditional unknown */ ) {
2763                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2764                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2765                             | 0x0100);
2766                 /* BT Coexistance Input */
2767                 mask |= 0x0080;
2768                 set |= 0x0080;
2769                 /* BT Coexistance Out */
2770                 mask |= 0x0100;
2771                 set |= 0x0100;
2772         }
2773         if (dev->dev->bus_sprom->boardflags_lo & B43_BFL_PACTRL) {
2774                 /* PA is controlled by gpio 9, let ucode handle it */
2775                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2776                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2777                             | 0x0200);
2778                 mask |= 0x0200;
2779                 set |= 0x0200;
2780         }
2781
2782         switch (dev->dev->bus_type) {
2783 #ifdef CONFIG_B43_BCMA
2784         case B43_BUS_BCMA:
2785                 bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, mask, set);
2786                 break;
2787 #endif
2788 #ifdef CONFIG_B43_SSB
2789         case B43_BUS_SSB:
2790                 gpiodev = b43_ssb_gpio_dev(dev);
2791                 if (gpiodev)
2792                         ssb_write32(gpiodev, B43_GPIO_CONTROL,
2793                                     (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2794                                     & ~mask) | set);
2795                 break;
2796 #endif
2797         }
2798
2799         return 0;
2800 }
2801
2802 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2803 static void b43_gpio_cleanup(struct b43_wldev *dev)
2804 {
2805         struct ssb_device *gpiodev;
2806
2807         switch (dev->dev->bus_type) {
2808 #ifdef CONFIG_B43_BCMA
2809         case B43_BUS_BCMA:
2810                 bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, ~0, 0);
2811                 break;
2812 #endif
2813 #ifdef CONFIG_B43_SSB
2814         case B43_BUS_SSB:
2815                 gpiodev = b43_ssb_gpio_dev(dev);
2816                 if (gpiodev)
2817                         ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2818                 break;
2819 #endif
2820         }
2821 }
2822
2823 /* http://bcm-specs.sipsolutions.net/EnableMac */
2824 void b43_mac_enable(struct b43_wldev *dev)
2825 {
2826         if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2827                 u16 fwstate;
2828
2829                 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2830                                          B43_SHM_SH_UCODESTAT);
2831                 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2832                     (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2833                         b43err(dev->wl, "b43_mac_enable(): The firmware "
2834                                "should be suspended, but current state is %u\n",
2835                                fwstate);
2836                 }
2837         }
2838
2839         dev->mac_suspended--;
2840         B43_WARN_ON(dev->mac_suspended < 0);
2841         if (dev->mac_suspended == 0) {
2842                 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_ENABLED);
2843                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2844                             B43_IRQ_MAC_SUSPENDED);
2845                 /* Commit writes */
2846                 b43_read32(dev, B43_MMIO_MACCTL);
2847                 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2848                 b43_power_saving_ctl_bits(dev, 0);
2849         }
2850 }
2851
2852 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2853 void b43_mac_suspend(struct b43_wldev *dev)
2854 {
2855         int i;
2856         u32 tmp;
2857
2858         might_sleep();
2859         B43_WARN_ON(dev->mac_suspended < 0);
2860
2861         if (dev->mac_suspended == 0) {
2862                 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2863                 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_ENABLED, 0);
2864                 /* force pci to flush the write */
2865                 b43_read32(dev, B43_MMIO_MACCTL);
2866                 for (i = 35; i; i--) {
2867                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2868                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2869                                 goto out;
2870                         udelay(10);
2871                 }
2872                 /* Hm, it seems this will take some time. Use msleep(). */
2873                 for (i = 40; i; i--) {
2874                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2875                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2876                                 goto out;
2877                         msleep(1);
2878                 }
2879                 b43err(dev->wl, "MAC suspend failed\n");
2880         }
2881 out:
2882         dev->mac_suspended++;
2883 }
2884
2885 /* http://bcm-v4.sipsolutions.net/802.11/PHY/N/MacPhyClkSet */
2886 void b43_mac_phy_clock_set(struct b43_wldev *dev, bool on)
2887 {
2888         u32 tmp;
2889
2890         switch (dev->dev->bus_type) {
2891 #ifdef CONFIG_B43_BCMA
2892         case B43_BUS_BCMA:
2893                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
2894                 if (on)
2895                         tmp |= B43_BCMA_IOCTL_MACPHYCLKEN;
2896                 else
2897                         tmp &= ~B43_BCMA_IOCTL_MACPHYCLKEN;
2898                 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
2899                 break;
2900 #endif
2901 #ifdef CONFIG_B43_SSB
2902         case B43_BUS_SSB:
2903                 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
2904                 if (on)
2905                         tmp |= B43_TMSLOW_MACPHYCLKEN;
2906                 else
2907                         tmp &= ~B43_TMSLOW_MACPHYCLKEN;
2908                 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
2909                 break;
2910 #endif
2911         }
2912 }
2913
2914 static void b43_adjust_opmode(struct b43_wldev *dev)
2915 {
2916         struct b43_wl *wl = dev->wl;
2917         u32 ctl;
2918         u16 cfp_pretbtt;
2919
2920         ctl = b43_read32(dev, B43_MMIO_MACCTL);
2921         /* Reset status to STA infrastructure mode. */
2922         ctl &= ~B43_MACCTL_AP;
2923         ctl &= ~B43_MACCTL_KEEP_CTL;
2924         ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2925         ctl &= ~B43_MACCTL_KEEP_BAD;
2926         ctl &= ~B43_MACCTL_PROMISC;
2927         ctl &= ~B43_MACCTL_BEACPROMISC;
2928         ctl |= B43_MACCTL_INFRA;
2929
2930         if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
2931             b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
2932                 ctl |= B43_MACCTL_AP;
2933         else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
2934                 ctl &= ~B43_MACCTL_INFRA;
2935
2936         if (wl->filter_flags & FIF_CONTROL)
2937                 ctl |= B43_MACCTL_KEEP_CTL;
2938         if (wl->filter_flags & FIF_FCSFAIL)
2939                 ctl |= B43_MACCTL_KEEP_BAD;
2940         if (wl->filter_flags & FIF_PLCPFAIL)
2941                 ctl |= B43_MACCTL_KEEP_BADPLCP;
2942         if (wl->filter_flags & FIF_PROMISC_IN_BSS)
2943                 ctl |= B43_MACCTL_PROMISC;
2944         if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2945                 ctl |= B43_MACCTL_BEACPROMISC;
2946
2947         /* Workaround: On old hardware the HW-MAC-address-filter
2948          * doesn't work properly, so always run promisc in filter
2949          * it in software. */
2950         if (dev->dev->core_rev <= 4)
2951                 ctl |= B43_MACCTL_PROMISC;
2952
2953         b43_write32(dev, B43_MMIO_MACCTL, ctl);
2954
2955         cfp_pretbtt = 2;
2956         if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2957                 if (dev->dev->chip_id == 0x4306 &&
2958                     dev->dev->chip_rev == 3)
2959                         cfp_pretbtt = 100;
2960                 else
2961                         cfp_pretbtt = 50;
2962         }
2963         b43_write16(dev, 0x612, cfp_pretbtt);
2964
2965         /* FIXME: We don't currently implement the PMQ mechanism,
2966          *        so always disable it. If we want to implement PMQ,
2967          *        we need to enable it here (clear DISCPMQ) in AP mode.
2968          */
2969         if (0  /* ctl & B43_MACCTL_AP */)
2970                 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_DISCPMQ, 0);
2971         else
2972                 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_DISCPMQ);
2973 }
2974
2975 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
2976 {
2977         u16 offset;
2978
2979         if (is_ofdm) {
2980                 offset = 0x480;
2981                 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
2982         } else {
2983                 offset = 0x4C0;
2984                 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
2985         }
2986         b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
2987                         b43_shm_read16(dev, B43_SHM_SHARED, offset));
2988 }
2989
2990 static void b43_rate_memory_init(struct b43_wldev *dev)
2991 {
2992         switch (dev->phy.type) {
2993         case B43_PHYTYPE_A:
2994         case B43_PHYTYPE_G:
2995         case B43_PHYTYPE_N:
2996         case B43_PHYTYPE_LP:
2997         case B43_PHYTYPE_HT:
2998         case B43_PHYTYPE_LCN:
2999                 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
3000                 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
3001                 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
3002                 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
3003                 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
3004                 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
3005                 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
3006                 if (dev->phy.type == B43_PHYTYPE_A)
3007                         break;
3008                 /* fallthrough */
3009         case B43_PHYTYPE_B:
3010                 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
3011                 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
3012                 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
3013                 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
3014                 break;
3015         default:
3016                 B43_WARN_ON(1);
3017         }
3018 }
3019
3020 /* Set the default values for the PHY TX Control Words. */
3021 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
3022 {
3023         u16 ctl = 0;
3024
3025         ctl |= B43_TXH_PHY_ENC_CCK;
3026         ctl |= B43_TXH_PHY_ANT01AUTO;
3027         ctl |= B43_TXH_PHY_TXPWR;
3028
3029         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
3030         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
3031         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
3032 }
3033
3034 /* Set the TX-Antenna for management frames sent by firmware. */
3035 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
3036 {
3037         u16 ant;
3038         u16 tmp;
3039
3040         ant = b43_antenna_to_phyctl(antenna);
3041
3042         /* For ACK/CTS */
3043         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
3044         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3045         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
3046         /* For Probe Resposes */
3047         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
3048         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3049         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
3050 }
3051
3052 /* This is the opposite of b43_chip_init() */
3053 static void b43_chip_exit(struct b43_wldev *dev)
3054 {
3055         b43_phy_exit(dev);
3056         b43_gpio_cleanup(dev);
3057         /* firmware is released later */
3058 }
3059
3060 /* Initialize the chip
3061  * http://bcm-specs.sipsolutions.net/ChipInit
3062  */
3063 static int b43_chip_init(struct b43_wldev *dev)
3064 {
3065         struct b43_phy *phy = &dev->phy;
3066         int err;
3067         u32 macctl;
3068         u16 value16;
3069
3070         /* Initialize the MAC control */
3071         macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
3072         if (dev->phy.gmode)
3073                 macctl |= B43_MACCTL_GMODE;
3074         macctl |= B43_MACCTL_INFRA;
3075         b43_write32(dev, B43_MMIO_MACCTL, macctl);
3076
3077         err = b43_upload_microcode(dev);
3078         if (err)
3079                 goto out;       /* firmware is released later */
3080
3081         err = b43_gpio_init(dev);
3082         if (err)
3083                 goto out;       /* firmware is released later */
3084
3085         err = b43_upload_initvals(dev);
3086         if (err)
3087                 goto err_gpio_clean;
3088
3089         /* Turn the Analog on and initialize the PHY. */
3090         phy->ops->switch_analog(dev, 1);
3091         err = b43_phy_init(dev);
3092         if (err)
3093                 goto err_gpio_clean;
3094
3095         /* Disable Interference Mitigation. */
3096         if (phy->ops->interf_mitigation)
3097                 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
3098
3099         /* Select the antennae */
3100         if (phy->ops->set_rx_antenna)
3101                 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
3102         b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
3103
3104         if (phy->type == B43_PHYTYPE_B) {
3105                 value16 = b43_read16(dev, 0x005E);
3106                 value16 |= 0x0004;
3107                 b43_write16(dev, 0x005E, value16);
3108         }
3109         b43_write32(dev, 0x0100, 0x01000000);
3110         if (dev->dev->core_rev < 5)
3111                 b43_write32(dev, 0x010C, 0x01000000);
3112
3113         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_INFRA, 0);
3114         b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_INFRA);
3115
3116         /* Probe Response Timeout value */
3117         /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
3118         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 0);
3119
3120         /* Initially set the wireless operation mode. */
3121         b43_adjust_opmode(dev);
3122
3123         if (dev->dev->core_rev < 3) {
3124                 b43_write16(dev, 0x060E, 0x0000);
3125                 b43_write16(dev, 0x0610, 0x8000);
3126                 b43_write16(dev, 0x0604, 0x0000);
3127                 b43_write16(dev, 0x0606, 0x0200);
3128         } else {
3129                 b43_write32(dev, 0x0188, 0x80000000);
3130                 b43_write32(dev, 0x018C, 0x02000000);
3131         }
3132         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
3133         b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001DC00);
3134         b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
3135         b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
3136         b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
3137         b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
3138         b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
3139
3140         b43_mac_phy_clock_set(dev, true);
3141
3142         switch (dev->dev->bus_type) {
3143 #ifdef CONFIG_B43_BCMA
3144         case B43_BUS_BCMA:
3145                 /* FIXME: 0xE74 is quite common, but should be read from CC */
3146                 b43_write16(dev, B43_MMIO_POWERUP_DELAY, 0xE74);
3147                 break;
3148 #endif
3149 #ifdef CONFIG_B43_SSB
3150         case B43_BUS_SSB:
3151                 b43_write16(dev, B43_MMIO_POWERUP_DELAY,
3152                             dev->dev->sdev->bus->chipco.fast_pwrup_delay);
3153                 break;
3154 #endif
3155         }
3156
3157         err = 0;
3158         b43dbg(dev->wl, "Chip initialized\n");
3159 out:
3160         return err;
3161
3162 err_gpio_clean:
3163         b43_gpio_cleanup(dev);
3164         return err;
3165 }
3166
3167 static void b43_periodic_every60sec(struct b43_wldev *dev)
3168 {
3169         const struct b43_phy_operations *ops = dev->phy.ops;
3170
3171         if (ops->pwork_60sec)
3172                 ops->pwork_60sec(dev);
3173
3174         /* Force check the TX power emission now. */
3175         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
3176 }
3177
3178 static void b43_periodic_every30sec(struct b43_wldev *dev)
3179 {
3180         /* Update device statistics. */
3181         b43_calculate_link_quality(dev);
3182 }
3183
3184 static void b43_periodic_every15sec(struct b43_wldev *dev)
3185 {
3186         struct b43_phy *phy = &dev->phy;
3187         u16 wdr;
3188
3189         if (dev->fw.opensource) {
3190                 /* Check if the firmware is still alive.
3191                  * It will reset the watchdog counter to 0 in its idle loop. */
3192                 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
3193                 if (unlikely(wdr)) {
3194                         b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
3195                         b43_controller_restart(dev, "Firmware watchdog");
3196                         return;
3197                 } else {
3198                         b43_shm_write16(dev, B43_SHM_SCRATCH,
3199                                         B43_WATCHDOG_REG, 1);
3200                 }
3201         }
3202
3203         if (phy->ops->pwork_15sec)
3204                 phy->ops->pwork_15sec(dev);
3205
3206         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3207         wmb();
3208
3209 #if B43_DEBUG
3210         if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
3211                 unsigned int i;
3212
3213                 b43dbg(dev->wl, "Stats: %7u IRQs/sec, %7u TX/sec, %7u RX/sec\n",
3214                        dev->irq_count / 15,
3215                        dev->tx_count / 15,
3216                        dev->rx_count / 15);
3217                 dev->irq_count = 0;
3218                 dev->tx_count = 0;
3219                 dev->rx_count = 0;
3220                 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
3221                         if (dev->irq_bit_count[i]) {
3222                                 b43dbg(dev->wl, "Stats: %7u IRQ-%02u/sec (0x%08X)\n",
3223                                        dev->irq_bit_count[i] / 15, i, (1 << i));
3224                                 dev->irq_bit_count[i] = 0;
3225                         }
3226                 }
3227         }
3228 #endif
3229 }
3230
3231 static void do_periodic_work(struct b43_wldev *dev)
3232 {
3233         unsigned int state;
3234
3235         state = dev->periodic_state;
3236         if (state % 4 == 0)
3237                 b43_periodic_every60sec(dev);
3238         if (state % 2 == 0)
3239                 b43_periodic_every30sec(dev);
3240         b43_periodic_every15sec(dev);
3241 }
3242
3243 /* Periodic work locking policy:
3244  *      The whole periodic work handler is protected by
3245  *      wl->mutex. If another lock is needed somewhere in the
3246  *      pwork callchain, it's acquired in-place, where it's needed.
3247  */
3248 static void b43_periodic_work_handler(struct work_struct *work)
3249 {
3250         struct b43_wldev *dev = container_of(work, struct b43_wldev,
3251                                              periodic_work.work);
3252         struct b43_wl *wl = dev->wl;
3253         unsigned long delay;
3254
3255         mutex_lock(&wl->mutex);
3256
3257         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
3258                 goto out;
3259         if (b43_debug(dev, B43_DBG_PWORK_STOP))
3260                 goto out_requeue;
3261
3262         do_periodic_work(dev);
3263
3264         dev->periodic_state++;
3265 out_requeue:
3266         if (b43_debug(dev, B43_DBG_PWORK_FAST))
3267                 delay = msecs_to_jiffies(50);
3268         else
3269                 delay = round_jiffies_relative(HZ * 15);
3270         ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
3271 out:
3272         mutex_unlock(&wl->mutex);
3273 }
3274
3275 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
3276 {
3277         struct delayed_work *work = &dev->periodic_work;
3278
3279         dev->periodic_state = 0;
3280         INIT_DELAYED_WORK(work, b43_periodic_work_handler);
3281         ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
3282 }
3283
3284 /* Check if communication with the device works correctly. */
3285 static int b43_validate_chipaccess(struct b43_wldev *dev)
3286 {
3287         u32 v, backup0, backup4;
3288
3289         backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
3290         backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
3291
3292         /* Check for read/write and endianness problems. */
3293         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
3294         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
3295                 goto error;
3296         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
3297         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
3298                 goto error;
3299
3300         /* Check if unaligned 32bit SHM_SHARED access works properly.
3301          * However, don't bail out on failure, because it's noncritical. */
3302         b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
3303         b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
3304         b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
3305         b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
3306         if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
3307                 b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
3308         b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
3309         if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
3310             b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
3311             b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
3312             b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
3313                 b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
3314
3315         b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
3316         b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
3317
3318         if ((dev->dev->core_rev >= 3) && (dev->dev->core_rev <= 10)) {
3319                 /* The 32bit register shadows the two 16bit registers
3320                  * with update sideeffects. Validate this. */
3321                 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
3322                 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
3323                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
3324                         goto error;
3325                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
3326                         goto error;
3327         }
3328         b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
3329
3330         v = b43_read32(dev, B43_MMIO_MACCTL);
3331         v |= B43_MACCTL_GMODE;
3332         if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
3333                 goto error;
3334
3335         return 0;
3336 error:
3337         b43err(dev->wl, "Failed to validate the chipaccess\n");
3338         return -ENODEV;
3339 }
3340
3341 static void b43_security_init(struct b43_wldev *dev)
3342 {
3343         dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
3344         /* KTP is a word address, but we address SHM bytewise.
3345          * So multiply by two.
3346          */
3347         dev->ktp *= 2;
3348         /* Number of RCMTA address slots */
3349         b43_write16(dev, B43_MMIO_RCMTA_COUNT, B43_NR_PAIRWISE_KEYS);
3350         /* Clear the key memory. */
3351         b43_clear_keys(dev);
3352 }
3353
3354 #ifdef CONFIG_B43_HWRNG
3355 static int b43_rng_read(struct hwrng *rng, u32 *data)
3356 {
3357         struct b43_wl *wl = (struct b43_wl *)rng->priv;
3358         struct b43_wldev *dev;
3359         int count = -ENODEV;
3360
3361         mutex_lock(&wl->mutex);
3362         dev = wl->current_dev;
3363         if (likely(dev && b43_status(dev) >= B43_STAT_INITIALIZED)) {
3364                 *data = b43_read16(dev, B43_MMIO_RNG);
3365                 count = sizeof(u16);
3366         }
3367         mutex_unlock(&wl->mutex);
3368
3369         return count;
3370 }
3371 #endif /* CONFIG_B43_HWRNG */
3372
3373 static void b43_rng_exit(struct b43_wl *wl)
3374 {
3375 #ifdef CONFIG_B43_HWRNG
3376         if (wl->rng_initialized)
3377                 hwrng_unregister(&wl->rng);
3378 #endif /* CONFIG_B43_HWRNG */
3379 }
3380
3381 static int b43_rng_init(struct b43_wl *wl)
3382 {
3383         int err = 0;
3384
3385 #ifdef CONFIG_B43_HWRNG
3386         snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3387                  "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3388         wl->rng.name = wl->rng_name;
3389         wl->rng.data_read = b43_rng_read;
3390         wl->rng.priv = (unsigned long)wl;
3391         wl->rng_initialized = true;
3392         err = hwrng_register(&wl->rng);
3393         if (err) {
3394                 wl->rng_initialized = false;
3395                 b43err(wl, "Failed to register the random "
3396                        "number generator (%d)\n", err);
3397         }
3398 #endif /* CONFIG_B43_HWRNG */
3399
3400         return err;
3401 }
3402
3403 static void b43_tx_work(struct work_struct *work)
3404 {
3405         struct b43_wl *wl = container_of(work, struct b43_wl, tx_work);
3406         struct b43_wldev *dev;
3407         struct sk_buff *skb;
3408         int queue_num;
3409         int err = 0;
3410
3411         mutex_lock(&wl->mutex);
3412         dev = wl->current_dev;
3413         if (unlikely(!dev || b43_status(dev) < B43_STAT_STARTED)) {
3414                 mutex_unlock(&wl->mutex);
3415                 return;
3416         }
3417
3418         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
3419                 while (skb_queue_len(&wl->tx_queue[queue_num])) {
3420                         skb = skb_dequeue(&wl->tx_queue[queue_num]);
3421                         if (b43_using_pio_transfers(dev))
3422                                 err = b43_pio_tx(dev, skb);
3423                         else
3424                                 err = b43_dma_tx(dev, skb);
3425                         if (err == -ENOSPC) {
3426                                 wl->tx_queue_stopped[queue_num] = 1;
3427                                 ieee80211_stop_queue(wl->hw, queue_num);
3428                                 skb_queue_head(&wl->tx_queue[queue_num], skb);
3429                                 break;
3430                         }
3431                         if (unlikely(err))
3432                                 ieee80211_free_txskb(wl->hw, skb);
3433                         err = 0;
3434                 }
3435
3436                 if (!err)
3437                         wl->tx_queue_stopped[queue_num] = 0;
3438         }
3439
3440 #if B43_DEBUG
3441         dev->tx_count++;
3442 #endif
3443         mutex_unlock(&wl->mutex);
3444 }
3445
3446 static void b43_op_tx(struct ieee80211_hw *hw,
3447                       struct ieee80211_tx_control *control,
3448                       struct sk_buff *skb)
3449 {
3450         struct b43_wl *wl = hw_to_b43_wl(hw);
3451
3452         if (unlikely(skb->len < 2 + 2 + 6)) {
3453                 /* Too short, this can't be a valid frame. */
3454                 ieee80211_free_txskb(hw, skb);
3455                 return;
3456         }
3457         B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3458
3459         skb_queue_tail(&wl->tx_queue[skb->queue_mapping], skb);
3460         if (!wl->tx_queue_stopped[skb->queue_mapping]) {
3461                 ieee80211_queue_work(wl->hw, &wl->tx_work);
3462         } else {
3463                 ieee80211_stop_queue(wl->hw, skb->queue_mapping);
3464         }
3465 }
3466
3467 static void b43_qos_params_upload(struct b43_wldev *dev,
3468                                   const struct ieee80211_tx_queue_params *p,
3469                                   u16 shm_offset)
3470 {
3471         u16 params[B43_NR_QOSPARAMS];
3472         int bslots, tmp;
3473         unsigned int i;
3474
3475         if (!dev->qos_enabled)
3476                 return;
3477
3478         bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3479
3480         memset(&params, 0, sizeof(params));
3481
3482         params[B43_QOSPARAM_TXOP] = p->txop * 32;
3483         params[B43_QOSPARAM_CWMIN] = p->cw_min;
3484         params[B43_QOSPARAM_CWMAX] = p->cw_max;
3485         params[B43_QOSPARAM_CWCUR] = p->cw_min;
3486         params[B43_QOSPARAM_AIFS] = p->aifs;
3487         params[B43_QOSPARAM_BSLOTS] = bslots;
3488         params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3489
3490         for (i = 0; i < ARRAY_SIZE(params); i++) {
3491                 if (i == B43_QOSPARAM_STATUS) {
3492                         tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3493                                              shm_offset + (i * 2));
3494                         /* Mark the parameters as updated. */
3495                         tmp |= 0x100;
3496                         b43_shm_write16(dev, B43_SHM_SHARED,
3497                                         shm_offset + (i * 2),
3498                                         tmp);
3499                 } else {
3500                         b43_shm_write16(dev, B43_SHM_SHARED,
3501                                         shm_offset + (i * 2),
3502                                         params[i]);
3503                 }
3504         }
3505 }
3506
3507 /* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3508 static const u16 b43_qos_shm_offsets[] = {
3509         /* [mac80211-queue-nr] = SHM_OFFSET, */
3510         [0] = B43_QOS_VOICE,
3511         [1] = B43_QOS_VIDEO,
3512         [2] = B43_QOS_BESTEFFORT,
3513         [3] = B43_QOS_BACKGROUND,
3514 };
3515
3516 /* Update all QOS parameters in hardware. */
3517 static void b43_qos_upload_all(struct b43_wldev *dev)
3518 {
3519         struct b43_wl *wl = dev->wl;
3520         struct b43_qos_params *params;
3521         unsigned int i;
3522
3523         if (!dev->qos_enabled)
3524                 return;
3525
3526         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3527                      ARRAY_SIZE(wl->qos_params));
3528
3529         b43_mac_suspend(dev);
3530         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3531                 params = &(wl->qos_params[i]);
3532                 b43_qos_params_upload(dev, &(params->p),
3533                                       b43_qos_shm_offsets[i]);
3534         }
3535         b43_mac_enable(dev);
3536 }
3537
3538 static void b43_qos_clear(struct b43_wl *wl)
3539 {
3540         struct b43_qos_params *params;
3541         unsigned int i;
3542
3543         /* Initialize QoS parameters to sane defaults. */
3544
3545         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3546                      ARRAY_SIZE(wl->qos_params));
3547
3548         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3549                 params = &(wl->qos_params[i]);
3550
3551                 switch (b43_qos_shm_offsets[i]) {
3552                 case B43_QOS_VOICE:
3553                         params->p.txop = 0;
3554                         params->p.aifs = 2;
3555                         params->p.cw_min = 0x0001;
3556                         params->p.cw_max = 0x0001;
3557                         break;
3558                 case B43_QOS_VIDEO:
3559                         params->p.txop = 0;
3560                         params->p.aifs = 2;
3561                         params->p.cw_min = 0x0001;
3562                         params->p.cw_max = 0x0001;
3563                         break;
3564                 case B43_QOS_BESTEFFORT:
3565                         params->p.txop = 0;
3566                         params->p.aifs = 3;
3567                         params->p.cw_min = 0x0001;
3568                         params->p.cw_max = 0x03FF;
3569                         break;
3570                 case B43_QOS_BACKGROUND:
3571                         params->p.txop = 0;
3572                         params->p.aifs = 7;
3573                         params->p.cw_min = 0x0001;
3574                         params->p.cw_max = 0x03FF;
3575                         break;
3576                 default:
3577                         B43_WARN_ON(1);
3578                 }
3579         }
3580 }
3581
3582 /* Initialize the core's QOS capabilities */
3583 static void b43_qos_init(struct b43_wldev *dev)
3584 {
3585         if (!dev->qos_enabled) {
3586                 /* Disable QOS support. */
3587                 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_EDCF);
3588                 b43_write16(dev, B43_MMIO_IFSCTL,
3589                             b43_read16(dev, B43_MMIO_IFSCTL)
3590                             & ~B43_MMIO_IFSCTL_USE_EDCF);
3591                 b43dbg(dev->wl, "QoS disabled\n");
3592                 return;
3593         }
3594
3595         /* Upload the current QOS parameters. */
3596         b43_qos_upload_all(dev);
3597
3598         /* Enable QOS support. */
3599         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3600         b43_write16(dev, B43_MMIO_IFSCTL,
3601                     b43_read16(dev, B43_MMIO_IFSCTL)
3602                     | B43_MMIO_IFSCTL_USE_EDCF);
3603         b43dbg(dev->wl, "QoS enabled\n");
3604 }
3605
3606 static int b43_op_conf_tx(struct ieee80211_hw *hw,
3607                           struct ieee80211_vif *vif, u16 _queue,
3608                           const struct ieee80211_tx_queue_params *params)
3609 {
3610         struct b43_wl *wl = hw_to_b43_wl(hw);
3611         struct b43_wldev *dev;
3612         unsigned int queue = (unsigned int)_queue;
3613         int err = -ENODEV;
3614
3615         if (queue >= ARRAY_SIZE(wl->qos_params)) {
3616                 /* Queue not available or don't support setting
3617                  * params on this queue. Return success to not
3618                  * confuse mac80211. */
3619                 return 0;
3620         }
3621         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3622                      ARRAY_SIZE(wl->qos_params));
3623
3624         mutex_lock(&wl->mutex);
3625         dev = wl->current_dev;
3626         if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3627                 goto out_unlock;
3628
3629         memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3630         b43_mac_suspend(dev);
3631         b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3632                               b43_qos_shm_offsets[queue]);
3633         b43_mac_enable(dev);
3634         err = 0;
3635
3636 out_unlock:
3637         mutex_unlock(&wl->mutex);
3638
3639         return err;
3640 }
3641
3642 static int b43_op_get_stats(struct ieee80211_hw *hw,
3643                             struct ieee80211_low_level_stats *stats)
3644 {
3645         struct b43_wl *wl = hw_to_b43_wl(hw);
3646
3647         mutex_lock(&wl->mutex);
3648         memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3649         mutex_unlock(&wl->mutex);
3650
3651         return 0;
3652 }
3653
3654 static u64 b43_op_get_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
3655 {
3656         struct b43_wl *wl = hw_to_b43_wl(hw);
3657         struct b43_wldev *dev;
3658         u64 tsf;
3659
3660         mutex_lock(&wl->mutex);
3661         dev = wl->current_dev;
3662
3663         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3664                 b43_tsf_read(dev, &tsf);
3665         else
3666                 tsf = 0;
3667
3668         mutex_unlock(&wl->mutex);
3669
3670         return tsf;
3671 }
3672
3673 static void b43_op_set_tsf(struct ieee80211_hw *hw,
3674                            struct ieee80211_vif *vif, u64 tsf)
3675 {
3676         struct b43_wl *wl = hw_to_b43_wl(hw);
3677         struct b43_wldev *dev;
3678
3679         mutex_lock(&wl->mutex);
3680         dev = wl->current_dev;
3681
3682         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3683                 b43_tsf_write(dev, tsf);
3684
3685         mutex_unlock(&wl->mutex);
3686 }
3687
3688 static void b43_put_phy_into_reset(struct b43_wldev *dev)
3689 {
3690         u32 tmp;
3691
3692         switch (dev->dev->bus_type) {
3693 #ifdef CONFIG_B43_BCMA
3694         case B43_BUS_BCMA:
3695                 b43err(dev->wl,
3696                        "Putting PHY into reset not supported on BCMA\n");
3697                 break;
3698 #endif
3699 #ifdef CONFIG_B43_SSB
3700         case B43_BUS_SSB:
3701                 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3702                 tmp &= ~B43_TMSLOW_GMODE;
3703                 tmp |= B43_TMSLOW_PHYRESET;
3704                 tmp |= SSB_TMSLOW_FGC;
3705                 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3706                 msleep(1);
3707
3708                 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3709                 tmp &= ~SSB_TMSLOW_FGC;
3710                 tmp |= B43_TMSLOW_PHYRESET;
3711                 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3712                 msleep(1);
3713
3714                 break;
3715 #endif
3716         }
3717 }
3718
3719 static const char *band_to_string(enum ieee80211_band band)
3720 {
3721         switch (band) {
3722         case IEEE80211_BAND_5GHZ:
3723                 return "5";
3724         case IEEE80211_BAND_2GHZ:
3725                 return "2.4";
3726         default:
3727                 break;
3728         }
3729         B43_WARN_ON(1);
3730         return "";
3731 }
3732
3733 /* Expects wl->mutex locked */
3734 static int b43_switch_band(struct b43_wl *wl, struct ieee80211_channel *chan)
3735 {
3736         struct b43_wldev *up_dev = NULL;
3737         struct b43_wldev *down_dev;
3738         struct b43_wldev *d;
3739         int err;
3740         bool uninitialized_var(gmode);
3741         int prev_status;
3742
3743         /* Find a device and PHY which supports the band. */
3744         list_for_each_entry(d, &wl->devlist, list) {
3745                 switch (chan->band) {
3746                 case IEEE80211_BAND_5GHZ:
3747                         if (d->phy.supports_5ghz) {
3748                                 up_dev = d;
3749                                 gmode = false;
3750                         }
3751                         break;
3752                 case IEEE80211_BAND_2GHZ:
3753                         if (d->phy.supports_2ghz) {
3754                                 up_dev = d;
3755                                 gmode = true;
3756                         }
3757                         break;
3758                 default:
3759                         B43_WARN_ON(1);
3760                         return -EINVAL;
3761                 }
3762                 if (up_dev)
3763                         break;
3764         }
3765         if (!up_dev) {
3766                 b43err(wl, "Could not find a device for %s-GHz band operation\n",
3767                        band_to_string(chan->band));
3768                 return -ENODEV;
3769         }
3770         if ((up_dev == wl->current_dev) &&
3771             (!!wl->current_dev->phy.gmode == !!gmode)) {
3772                 /* This device is already running. */
3773                 return 0;
3774         }
3775         b43dbg(wl, "Switching to %s-GHz band\n",
3776                band_to_string(chan->band));
3777         down_dev = wl->current_dev;
3778
3779         prev_status = b43_status(down_dev);
3780         /* Shutdown the currently running core. */
3781         if (prev_status >= B43_STAT_STARTED)
3782                 down_dev = b43_wireless_core_stop(down_dev);
3783         if (prev_status >= B43_STAT_INITIALIZED)
3784                 b43_wireless_core_exit(down_dev);
3785
3786         if (down_dev != up_dev) {
3787                 /* We switch to a different core, so we put PHY into
3788                  * RESET on the old core. */
3789                 b43_put_phy_into_reset(down_dev);
3790         }
3791
3792         /* Now start the new core. */
3793         up_dev->phy.gmode = gmode;
3794         if (prev_status >= B43_STAT_INITIALIZED) {
3795                 err = b43_wireless_core_init(up_dev);
3796                 if (err) {
3797                         b43err(wl, "Fatal: Could not initialize device for "
3798                                "selected %s-GHz band\n",
3799                                band_to_string(chan->band));
3800                         goto init_failure;
3801                 }
3802         }
3803         if (prev_status >= B43_STAT_STARTED) {
3804                 err = b43_wireless_core_start(up_dev);
3805                 if (err) {
3806                         b43err(wl, "Fatal: Could not start device for "
3807                                "selected %s-GHz band\n",
3808                                band_to_string(chan->band));
3809                         b43_wireless_core_exit(up_dev);
3810                         goto init_failure;
3811                 }
3812         }
3813         B43_WARN_ON(b43_status(up_dev) != prev_status);
3814
3815         wl->current_dev = up_dev;
3816
3817         return 0;
3818 init_failure:
3819         /* Whoops, failed to init the new core. No core is operating now. */
3820         wl->current_dev = NULL;
3821         return err;
3822 }
3823
3824 /* Write the short and long frame retry limit values. */
3825 static void b43_set_retry_limits(struct b43_wldev *dev,
3826                                  unsigned int short_retry,
3827                                  unsigned int long_retry)
3828 {
3829         /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3830          * the chip-internal counter. */
3831         short_retry = min(short_retry, (unsigned int)0xF);
3832         long_retry = min(long_retry, (unsigned int)0xF);
3833
3834         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3835                         short_retry);
3836         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3837                         long_retry);
3838 }
3839
3840 static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3841 {
3842         struct b43_wl *wl = hw_to_b43_wl(hw);
3843         struct b43_wldev *dev;
3844         struct b43_phy *phy;
3845         struct ieee80211_conf *conf = &hw->conf;
3846         int antenna;
3847         int err = 0;
3848         bool reload_bss = false;
3849
3850         mutex_lock(&wl->mutex);
3851
3852         dev = wl->current_dev;
3853
3854         /* Switch the band (if necessary). This might change the active core. */
3855         err = b43_switch_band(wl, conf->chandef.chan);
3856         if (err)
3857                 goto out_unlock_mutex;
3858
3859         /* Need to reload all settings if the core changed */
3860         if (dev != wl->current_dev) {
3861                 dev = wl->current_dev;
3862                 changed = ~0;
3863                 reload_bss = true;
3864         }
3865
3866         phy = &dev->phy;
3867
3868         if (conf_is_ht(conf))
3869                 phy->is_40mhz =
3870                         (conf_is_ht40_minus(conf) || conf_is_ht40_plus(conf));
3871         else
3872                 phy->is_40mhz = false;
3873
3874         b43_mac_suspend(dev);
3875
3876         if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
3877                 b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
3878                                           conf->long_frame_max_tx_count);
3879         changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
3880         if (!changed)
3881                 goto out_mac_enable;
3882
3883         /* Switch to the requested channel.
3884          * The firmware takes care of races with the TX handler. */
3885         if (conf->chandef.chan->hw_value != phy->channel)
3886                 b43_switch_channel(dev, conf->chandef.chan->hw_value);
3887
3888         dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_MONITOR);
3889
3890         /* Adjust the desired TX power level. */
3891         if (conf->power_level != 0) {
3892                 if (conf->power_level != phy->desired_txpower) {
3893                         phy->desired_txpower = conf->power_level;
3894                         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
3895                                                    B43_TXPWR_IGNORE_TSSI);
3896                 }
3897         }
3898
3899         /* Antennas for RX and management frame TX. */
3900         antenna = B43_ANTENNA_DEFAULT;
3901         b43_mgmtframe_txantenna(dev, antenna);
3902         antenna = B43_ANTENNA_DEFAULT;
3903         if (phy->ops->set_rx_antenna)
3904                 phy->ops->set_rx_antenna(dev, antenna);
3905
3906         if (wl->radio_enabled != phy->radio_on) {
3907                 if (wl->radio_enabled) {
3908                         b43_software_rfkill(dev, false);
3909                         b43info(dev->wl, "Radio turned on by software\n");
3910                         if (!dev->radio_hw_enable) {
3911                                 b43info(dev->wl, "The hardware RF-kill button "
3912                                         "still turns the radio physically off. "
3913                                         "Press the button to turn it on.\n");
3914                         }
3915                 } else {
3916                         b43_software_rfkill(dev, true);
3917                         b43info(dev->wl, "Radio turned off by software\n");
3918                 }
3919         }
3920
3921 out_mac_enable:
3922         b43_mac_enable(dev);
3923 out_unlock_mutex:
3924         mutex_unlock(&wl->mutex);
3925
3926         if (wl->vif && reload_bss)
3927                 b43_op_bss_info_changed(hw, wl->vif, &wl->vif->bss_conf, ~0);
3928
3929         return err;
3930 }
3931
3932 static void b43_update_basic_rates(struct b43_wldev *dev, u32 brates)
3933 {
3934         struct ieee80211_supported_band *sband =
3935                 dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
3936         struct ieee80211_rate *rate;
3937         int i;
3938         u16 basic, direct, offset, basic_offset, rateptr;
3939
3940         for (i = 0; i < sband->n_bitrates; i++) {
3941                 rate = &sband->bitrates[i];
3942
3943                 if (b43_is_cck_rate(rate->hw_value)) {
3944                         direct = B43_SHM_SH_CCKDIRECT;
3945                         basic = B43_SHM_SH_CCKBASIC;
3946                         offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3947                         offset &= 0xF;
3948                 } else {
3949                         direct = B43_SHM_SH_OFDMDIRECT;
3950                         basic = B43_SHM_SH_OFDMBASIC;
3951                         offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3952                         offset &= 0xF;
3953                 }
3954
3955                 rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
3956
3957                 if (b43_is_cck_rate(rate->hw_value)) {
3958                         basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3959                         basic_offset &= 0xF;
3960                 } else {
3961                         basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3962                         basic_offset &= 0xF;
3963                 }
3964
3965                 /*
3966                  * Get the pointer that we need to point to
3967                  * from the direct map
3968                  */
3969                 rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
3970                                          direct + 2 * basic_offset);
3971                 /* and write it to the basic map */
3972                 b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
3973                                 rateptr);
3974         }
3975 }
3976
3977 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
3978                                     struct ieee80211_vif *vif,
3979                                     struct ieee80211_bss_conf *conf,
3980                                     u32 changed)
3981 {
3982         struct b43_wl *wl = hw_to_b43_wl(hw);
3983         struct b43_wldev *dev;
3984
3985         mutex_lock(&wl->mutex);
3986
3987         dev = wl->current_dev;
3988         if (!dev || b43_status(dev) < B43_STAT_STARTED)
3989                 goto out_unlock_mutex;
3990
3991         B43_WARN_ON(wl->vif != vif);
3992
3993         if (changed & BSS_CHANGED_BSSID) {
3994                 if (conf->bssid)
3995                         memcpy(wl->bssid, conf->bssid, ETH_ALEN);
3996                 else
3997                         memset(wl->bssid, 0, ETH_ALEN);
3998         }
3999
4000         if (b43_status(dev) >= B43_STAT_INITIALIZED) {
4001                 if (changed & BSS_CHANGED_BEACON &&
4002                     (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
4003                      b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
4004                      b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
4005                         b43_update_templates(wl);
4006
4007                 if (changed & BSS_CHANGED_BSSID)
4008                         b43_write_mac_bssid_templates(dev);
4009         }
4010
4011         b43_mac_suspend(dev);
4012
4013         /* Update templates for AP/mesh mode. */
4014         if (changed & BSS_CHANGED_BEACON_INT &&
4015             (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
4016              b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
4017              b43_is_mode(wl, NL80211_IFTYPE_ADHOC)) &&
4018             conf->beacon_int)
4019                 b43_set_beacon_int(dev, conf->beacon_int);
4020
4021         if (changed & BSS_CHANGED_BASIC_RATES)
4022                 b43_update_basic_rates(dev, conf->basic_rates);
4023
4024         if (changed & BSS_CHANGED_ERP_SLOT) {
4025                 if (conf->use_short_slot)
4026                         b43_short_slot_timing_enable(dev);
4027                 else
4028                         b43_short_slot_timing_disable(dev);
4029         }
4030
4031         b43_mac_enable(dev);
4032 out_unlock_mutex:
4033         mutex_unlock(&wl->mutex);
4034 }
4035
4036 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
4037                           struct ieee80211_vif *vif, struct ieee80211_sta *sta,
4038                           struct ieee80211_key_conf *key)
4039 {
4040         struct b43_wl *wl = hw_to_b43_wl(hw);
4041         struct b43_wldev *dev;
4042         u8 algorithm;
4043         u8 index;
4044         int err;
4045         static const u8 bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
4046
4047         if (modparam_nohwcrypt)
4048                 return -ENOSPC; /* User disabled HW-crypto */
4049
4050         if ((vif->type == NL80211_IFTYPE_ADHOC ||
4051              vif->type == NL80211_IFTYPE_MESH_POINT) &&
4052             (key->cipher == WLAN_CIPHER_SUITE_TKIP ||
4053              key->cipher == WLAN_CIPHER_SUITE_CCMP) &&
4054             !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
4055                 /*
4056                  * For now, disable hw crypto for the RSN IBSS group keys. This
4057                  * could be optimized in the future, but until that gets
4058                  * implemented, use of software crypto for group addressed
4059                  * frames is a acceptable to allow RSN IBSS to be used.
4060                  */
4061                 return -EOPNOTSUPP;
4062         }
4063
4064         mutex_lock(&wl->mutex);
4065
4066         dev = wl->current_dev;
4067         err = -ENODEV;
4068         if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
4069                 goto out_unlock;
4070
4071         if (dev->fw.pcm_request_failed || !dev->hwcrypto_enabled) {
4072                 /* We don't have firmware for the crypto engine.
4073                  * Must use software-crypto. */
4074                 err = -EOPNOTSUPP;
4075                 goto out_unlock;
4076         }
4077
4078         err = -EINVAL;
4079         switch (key->cipher) {
4080         case WLAN_CIPHER_SUITE_WEP40:
4081                 algorithm = B43_SEC_ALGO_WEP40;
4082                 break;
4083         case WLAN_CIPHER_SUITE_WEP104:
4084                 algorithm = B43_SEC_ALGO_WEP104;
4085                 break;
4086         case WLAN_CIPHER_SUITE_TKIP:
4087                 algorithm = B43_SEC_ALGO_TKIP;
4088                 break;
4089         case WLAN_CIPHER_SUITE_CCMP:
4090                 algorithm = B43_SEC_ALGO_AES;
4091                 break;
4092         default:
4093                 B43_WARN_ON(1);
4094                 goto out_unlock;
4095         }
4096         index = (u8) (key->keyidx);
4097         if (index > 3)
4098                 goto out_unlock;
4099
4100         switch (cmd) {
4101         case SET_KEY:
4102                 if (algorithm == B43_SEC_ALGO_TKIP &&
4103                     (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE) ||
4104                     !modparam_hwtkip)) {
4105                         /* We support only pairwise key */
4106                         err = -EOPNOTSUPP;
4107                         goto out_unlock;
4108                 }
4109
4110                 if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
4111                         if (WARN_ON(!sta)) {
4112                                 err = -EOPNOTSUPP;
4113                                 goto out_unlock;
4114                         }
4115                         /* Pairwise key with an assigned MAC address. */
4116                         err = b43_key_write(dev, -1, algorithm,
4117                                             key->key, key->keylen,
4118                                             sta->addr, key);
4119                 } else {
4120                         /* Group key */
4121                         err = b43_key_write(dev, index, algorithm,
4122                                             key->key, key->keylen, NULL, key);
4123                 }
4124                 if (err)
4125                         goto out_unlock;
4126
4127                 if (algorithm == B43_SEC_ALGO_WEP40 ||
4128                     algorithm == B43_SEC_ALGO_WEP104) {
4129                         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
4130                 } else {
4131                         b43_hf_write(dev,
4132                                      b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
4133                 }
4134                 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
4135                 if (algorithm == B43_SEC_ALGO_TKIP)
4136                         key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
4137                 break;
4138         case DISABLE_KEY: {
4139                 err = b43_key_clear(dev, key->hw_key_idx);
4140                 if (err)
4141                         goto out_unlock;
4142                 break;
4143         }
4144         default:
4145                 B43_WARN_ON(1);
4146         }
4147
4148 out_unlock:
4149         if (!err) {
4150                 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
4151                        "mac: %pM\n",
4152                        cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
4153                        sta ? sta->addr : bcast_addr);
4154                 b43_dump_keymemory(dev);
4155         }
4156         mutex_unlock(&wl->mutex);
4157
4158         return err;
4159 }
4160
4161 static void b43_op_configure_filter(struct ieee80211_hw *hw,
4162                                     unsigned int changed, unsigned int *fflags,
4163                                     u64 multicast)
4164 {
4165         struct b43_wl *wl = hw_to_b43_wl(hw);
4166         struct b43_wldev *dev;
4167
4168         mutex_lock(&wl->mutex);
4169         dev = wl->current_dev;
4170         if (!dev) {
4171                 *fflags = 0;
4172                 goto out_unlock;
4173         }
4174
4175         *fflags &= FIF_PROMISC_IN_BSS |
4176                   FIF_ALLMULTI |
4177                   FIF_FCSFAIL |
4178                   FIF_PLCPFAIL |
4179                   FIF_CONTROL |
4180                   FIF_OTHER_BSS |
4181                   FIF_BCN_PRBRESP_PROMISC;
4182
4183         changed &= FIF_PROMISC_IN_BSS |
4184                    FIF_ALLMULTI |
4185                    FIF_FCSFAIL |
4186                    FIF_PLCPFAIL |
4187                    FIF_CONTROL |
4188                    FIF_OTHER_BSS |
4189                    FIF_BCN_PRBRESP_PROMISC;
4190
4191         wl->filter_flags = *fflags;
4192
4193         if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
4194                 b43_adjust_opmode(dev);
4195
4196 out_unlock:
4197         mutex_unlock(&wl->mutex);
4198 }
4199
4200 /* Locking: wl->mutex
4201  * Returns the current dev. This might be different from the passed in dev,
4202  * because the core might be gone away while we unlocked the mutex. */
4203 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev)
4204 {
4205         struct b43_wl *wl;
4206         struct b43_wldev *orig_dev;
4207         u32 mask;
4208         int queue_num;
4209
4210         if (!dev)
4211                 return NULL;
4212         wl = dev->wl;
4213 redo:
4214         if (!dev || b43_status(dev) < B43_STAT_STARTED)
4215                 return dev;
4216
4217         /* Cancel work. Unlock to avoid deadlocks. */
4218         mutex_unlock(&wl->mutex);
4219         cancel_delayed_work_sync(&dev->periodic_work);
4220         cancel_work_sync(&wl->tx_work);
4221         mutex_lock(&wl->mutex);
4222         dev = wl->current_dev;
4223         if (!dev || b43_status(dev) < B43_STAT_STARTED) {
4224                 /* Whoops, aliens ate up the device while we were unlocked. */
4225                 return dev;
4226         }
4227
4228         /* Disable interrupts on the device. */
4229         b43_set_status(dev, B43_STAT_INITIALIZED);
4230         if (b43_bus_host_is_sdio(dev->dev)) {
4231                 /* wl->mutex is locked. That is enough. */
4232                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4233                 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4234         } else {
4235                 spin_lock_irq(&wl->hardirq_lock);
4236                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4237                 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4238                 spin_unlock_irq(&wl->hardirq_lock);
4239         }
4240         /* Synchronize and free the interrupt handlers. Unlock to avoid deadlocks. */
4241         orig_dev = dev;
4242         mutex_unlock(&wl->mutex);
4243         if (b43_bus_host_is_sdio(dev->dev)) {
4244                 b43_sdio_free_irq(dev);
4245         } else {
4246                 synchronize_irq(dev->dev->irq);
4247                 free_irq(dev->dev->irq, dev);
4248         }
4249         mutex_lock(&wl->mutex);
4250         dev = wl->current_dev;
4251         if (!dev)
4252                 return dev;
4253         if (dev != orig_dev) {
4254                 if (b43_status(dev) >= B43_STAT_STARTED)
4255                         goto redo;
4256                 return dev;
4257         }
4258         mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
4259         B43_WARN_ON(mask != 0xFFFFFFFF && mask);
4260
4261         /* Drain all TX queues. */
4262         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
4263                 while (skb_queue_len(&wl->tx_queue[queue_num])) {
4264                         struct sk_buff *skb;
4265
4266                         skb = skb_dequeue(&wl->tx_queue[queue_num]);
4267                         ieee80211_free_txskb(wl->hw, skb);
4268                 }
4269         }
4270
4271         b43_mac_suspend(dev);
4272         b43_leds_exit(dev);
4273         b43dbg(wl, "Wireless interface stopped\n");
4274
4275         return dev;
4276 }
4277
4278 /* Locking: wl->mutex */
4279 static int b43_wireless_core_start(struct b43_wldev *dev)
4280 {
4281         int err;
4282
4283         B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
4284
4285         drain_txstatus_queue(dev);
4286         if (b43_bus_host_is_sdio(dev->dev)) {
4287                 err = b43_sdio_request_irq(dev, b43_sdio_interrupt_handler);
4288                 if (err) {
4289                         b43err(dev->wl, "Cannot request SDIO IRQ\n");
4290                         goto out;
4291                 }
4292         } else {
4293                 err = request_threaded_irq(dev->dev->irq, b43_interrupt_handler,
4294                                            b43_interrupt_thread_handler,
4295                                            IRQF_SHARED, KBUILD_MODNAME, dev);
4296                 if (err) {
4297                         b43err(dev->wl, "Cannot request IRQ-%d\n",
4298                                dev->dev->irq);
4299                         goto out;
4300                 }
4301         }
4302
4303         /* We are ready to run. */
4304         ieee80211_wake_queues(dev->wl->hw);
4305         b43_set_status(dev, B43_STAT_STARTED);
4306
4307         /* Start data flow (TX/RX). */
4308         b43_mac_enable(dev);
4309         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
4310
4311         /* Start maintenance work */
4312         b43_periodic_tasks_setup(dev);
4313
4314         b43_leds_init(dev);
4315
4316         b43dbg(dev->wl, "Wireless interface started\n");
4317 out:
4318         return err;
4319 }
4320
4321 static char *b43_phy_name(struct b43_wldev *dev, u8 phy_type)
4322 {
4323         switch (phy_type) {
4324         case B43_PHYTYPE_A:
4325                 return "A";
4326         case B43_PHYTYPE_B:
4327                 return "B";
4328         case B43_PHYTYPE_G:
4329                 return "G";
4330         case B43_PHYTYPE_N:
4331                 return "N";
4332         case B43_PHYTYPE_LP:
4333                 return "LP";
4334         case B43_PHYTYPE_SSLPN:
4335                 return "SSLPN";
4336         case B43_PHYTYPE_HT:
4337                 return "HT";
4338         case B43_PHYTYPE_LCN:
4339                 return "LCN";
4340         case B43_PHYTYPE_LCNXN:
4341                 return "LCNXN";
4342         case B43_PHYTYPE_LCN40:
4343                 return "LCN40";
4344         case B43_PHYTYPE_AC:
4345                 return "AC";
4346         }
4347         return "UNKNOWN";
4348 }
4349
4350 /* Get PHY and RADIO versioning numbers */
4351 static int b43_phy_versioning(struct b43_wldev *dev)
4352 {
4353         struct b43_phy *phy = &dev->phy;
4354         u32 tmp;
4355         u8 analog_type;
4356         u8 phy_type;
4357         u8 phy_rev;
4358         u16 radio_manuf;
4359         u16 radio_ver;
4360         u16 radio_rev;
4361         int unsupported = 0;
4362
4363         /* Get PHY versioning */
4364         tmp = b43_read16(dev, B43_MMIO_PHY_VER);
4365         analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
4366         phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
4367         phy_rev = (tmp & B43_PHYVER_VERSION);
4368         switch (phy_type) {
4369         case B43_PHYTYPE_A:
4370                 if (phy_rev >= 4)
4371                         unsupported = 1;
4372                 break;
4373         case B43_PHYTYPE_B:
4374                 if (phy_rev != 2 && phy_rev != 4 && phy_rev != 6
4375                     && phy_rev != 7)
4376                         unsupported = 1;
4377                 break;
4378         case B43_PHYTYPE_G:
4379                 if (phy_rev > 9)
4380                         unsupported = 1;
4381                 break;
4382 #ifdef CONFIG_B43_PHY_N
4383         case B43_PHYTYPE_N:
4384                 if (phy_rev > 9)
4385                         unsupported = 1;
4386                 break;
4387 #endif
4388 #ifdef CONFIG_B43_PHY_LP
4389         case B43_PHYTYPE_LP:
4390                 if (phy_rev > 2)
4391                         unsupported = 1;
4392                 break;
4393 #endif
4394 #ifdef CONFIG_B43_PHY_HT
4395         case B43_PHYTYPE_HT:
4396                 if (phy_rev > 1)
4397                         unsupported = 1;
4398                 break;
4399 #endif
4400 #ifdef CONFIG_B43_PHY_LCN
4401         case B43_PHYTYPE_LCN:
4402                 if (phy_rev > 1)
4403                         unsupported = 1;
4404                 break;
4405 #endif
4406         default:
4407                 unsupported = 1;
4408         }
4409         if (unsupported) {
4410                 b43err(dev->wl, "FOUND UNSUPPORTED PHY (Analog %u, Type %d (%s), Revision %u)\n",
4411                        analog_type, phy_type, b43_phy_name(dev, phy_type),
4412                        phy_rev);
4413                 return -EOPNOTSUPP;
4414         }
4415         b43info(dev->wl, "Found PHY: Analog %u, Type %d (%s), Revision %u\n",
4416                 analog_type, phy_type, b43_phy_name(dev, phy_type), phy_rev);
4417
4418         /* Get RADIO versioning */
4419         if (dev->dev->core_rev >= 24) {
4420                 u16 radio24[3];
4421
4422                 for (tmp = 0; tmp < 3; tmp++) {
4423                         b43_write16(dev, B43_MMIO_RADIO24_CONTROL, tmp);
4424                         radio24[tmp] = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4425                 }
4426
4427                 /* Broadcom uses "id" for our "ver" and has separated "ver" */
4428                 /* radio_ver = (radio24[0] & 0xF0) >> 4; */
4429
4430                 radio_manuf = 0x17F;
4431                 radio_ver = (radio24[2] << 8) | radio24[1];
4432                 radio_rev = (radio24[0] & 0xF);
4433         } else {
4434                 if (dev->dev->chip_id == 0x4317) {
4435                         if (dev->dev->chip_rev == 0)
4436                                 tmp = 0x3205017F;
4437                         else if (dev->dev->chip_rev == 1)
4438                                 tmp = 0x4205017F;
4439                         else
4440                                 tmp = 0x5205017F;
4441                 } else {
4442                         b43_write16(dev, B43_MMIO_RADIO_CONTROL,
4443                                     B43_RADIOCTL_ID);
4444                         tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
4445                         b43_write16(dev, B43_MMIO_RADIO_CONTROL,
4446                                     B43_RADIOCTL_ID);
4447                         tmp |= (u32)b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH)
4448                                 << 16;
4449                 }
4450                 radio_manuf = (tmp & 0x00000FFF);
4451                 radio_ver = (tmp & 0x0FFFF000) >> 12;
4452                 radio_rev = (tmp & 0xF0000000) >> 28;
4453         }
4454
4455         if (radio_manuf != 0x17F /* Broadcom */)
4456                 unsupported = 1;
4457         switch (phy_type) {
4458         case B43_PHYTYPE_A:
4459                 if (radio_ver != 0x2060)
4460                         unsupported = 1;
4461                 if (radio_rev != 1)
4462                         unsupported = 1;
4463                 if (radio_manuf != 0x17F)
4464                         unsupported = 1;
4465                 break;
4466         case B43_PHYTYPE_B:
4467                 if ((radio_ver & 0xFFF0) != 0x2050)
4468                         unsupported = 1;
4469                 break;
4470         case B43_PHYTYPE_G:
4471                 if (radio_ver != 0x2050)
4472                         unsupported = 1;
4473                 break;
4474         case B43_PHYTYPE_N:
4475                 if (radio_ver != 0x2055 && radio_ver != 0x2056)
4476                         unsupported = 1;
4477                 break;
4478         case B43_PHYTYPE_LP:
4479                 if (radio_ver != 0x2062 && radio_ver != 0x2063)
4480                         unsupported = 1;
4481                 break;
4482         case B43_PHYTYPE_HT:
4483                 if (radio_ver != 0x2059)
4484                         unsupported = 1;
4485                 break;
4486         case B43_PHYTYPE_LCN:
4487                 if (radio_ver != 0x2064)
4488                         unsupported = 1;
4489                 break;
4490         default:
4491                 B43_WARN_ON(1);
4492         }
4493         if (unsupported) {
4494                 b43err(dev->wl, "FOUND UNSUPPORTED RADIO "
4495                        "(Manuf 0x%X, Version 0x%X, Revision %u)\n",
4496                        radio_manuf, radio_ver, radio_rev);
4497                 return -EOPNOTSUPP;
4498         }
4499         b43dbg(dev->wl, "Found Radio: Manuf 0x%X, Version 0x%X, Revision %u\n",
4500                radio_manuf, radio_ver, radio_rev);
4501
4502         phy->radio_manuf = radio_manuf;
4503         phy->radio_ver = radio_ver;
4504         phy->radio_rev = radio_rev;
4505
4506         phy->analog = analog_type;
4507         phy->type = phy_type;
4508         phy->rev = phy_rev;
4509
4510         return 0;
4511 }
4512
4513 static void setup_struct_phy_for_init(struct b43_wldev *dev,
4514                                       struct b43_phy *phy)
4515 {
4516         phy->hardware_power_control = !!modparam_hwpctl;
4517         phy->next_txpwr_check_time = jiffies;
4518         /* PHY TX errors counter. */
4519         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
4520
4521 #if B43_DEBUG
4522         phy->phy_locked = false;
4523         phy->radio_locked = false;
4524 #endif
4525 }
4526
4527 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
4528 {
4529         dev->dfq_valid = false;
4530
4531         /* Assume the radio is enabled. If it's not enabled, the state will
4532          * immediately get fixed on the first periodic work run. */
4533         dev->radio_hw_enable = true;
4534
4535         /* Stats */
4536         memset(&dev->stats, 0, sizeof(dev->stats));
4537
4538         setup_struct_phy_for_init(dev, &dev->phy);
4539
4540         /* IRQ related flags */
4541         dev->irq_reason = 0;
4542         memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
4543         dev->irq_mask = B43_IRQ_MASKTEMPLATE;
4544         if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
4545                 dev->irq_mask &= ~B43_IRQ_PHY_TXERR;
4546
4547         dev->mac_suspended = 1;
4548
4549         /* Noise calculation context */
4550         memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
4551 }
4552
4553 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
4554 {
4555         struct ssb_sprom *sprom = dev->dev->bus_sprom;
4556         u64 hf;
4557
4558         if (!modparam_btcoex)
4559                 return;
4560         if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
4561                 return;
4562         if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
4563                 return;
4564
4565         hf = b43_hf_read(dev);
4566         if (sprom->boardflags_lo & B43_BFL_BTCMOD)
4567                 hf |= B43_HF_BTCOEXALT;
4568         else
4569                 hf |= B43_HF_BTCOEX;
4570         b43_hf_write(dev, hf);
4571 }
4572
4573 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
4574 {
4575         if (!modparam_btcoex)
4576                 return;
4577         //TODO
4578 }
4579
4580 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
4581 {
4582         struct ssb_bus *bus;
4583         u32 tmp;
4584
4585         if (dev->dev->bus_type != B43_BUS_SSB)
4586                 return;
4587
4588         bus = dev->dev->sdev->bus;
4589
4590         if ((bus->chip_id == 0x4311 && bus->chip_rev == 2) ||
4591             (bus->chip_id == 0x4312)) {
4592                 tmp = ssb_read32(dev->dev->sdev, SSB_IMCFGLO);
4593                 tmp &= ~SSB_IMCFGLO_REQTO;
4594                 tmp &= ~SSB_IMCFGLO_SERTO;
4595                 tmp |= 0x3;
4596                 ssb_write32(dev->dev->sdev, SSB_IMCFGLO, tmp);
4597                 ssb_commit_settings(bus);
4598         }
4599 }
4600
4601 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
4602 {
4603         u16 pu_delay;
4604
4605         /* The time value is in microseconds. */
4606         if (dev->phy.type == B43_PHYTYPE_A)
4607                 pu_delay = 3700;
4608         else
4609                 pu_delay = 1050;
4610         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
4611                 pu_delay = 500;
4612         if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
4613                 pu_delay = max(pu_delay, (u16)2400);
4614
4615         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
4616 }
4617
4618 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
4619 static void b43_set_pretbtt(struct b43_wldev *dev)
4620 {
4621         u16 pretbtt;
4622
4623         /* The time value is in microseconds. */
4624         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC)) {
4625                 pretbtt = 2;
4626         } else {
4627                 if (dev->phy.type == B43_PHYTYPE_A)
4628                         pretbtt = 120;
4629                 else
4630                         pretbtt = 250;
4631         }
4632         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
4633         b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
4634 }
4635
4636 /* Shutdown a wireless core */
4637 /* Locking: wl->mutex */
4638 static void b43_wireless_core_exit(struct b43_wldev *dev)
4639 {
4640         B43_WARN_ON(dev && b43_status(dev) > B43_STAT_INITIALIZED);
4641         if (!dev || b43_status(dev) != B43_STAT_INITIALIZED)
4642                 return;
4643
4644         /* Unregister HW RNG driver */
4645         b43_rng_exit(dev->wl);
4646
4647         b43_set_status(dev, B43_STAT_UNINIT);
4648
4649         /* Stop the microcode PSM. */
4650         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
4651                       B43_MACCTL_PSM_JMP0);
4652
4653         b43_dma_free(dev);
4654         b43_pio_free(dev);
4655         b43_chip_exit(dev);
4656         dev->phy.ops->switch_analog(dev, 0);
4657         if (dev->wl->current_beacon) {
4658                 dev_kfree_skb_any(dev->wl->current_beacon);
4659                 dev->wl->current_beacon = NULL;
4660         }
4661
4662         b43_device_disable(dev, 0);
4663         b43_bus_may_powerdown(dev);
4664 }
4665
4666 /* Initialize a wireless core */
4667 static int b43_wireless_core_init(struct b43_wldev *dev)
4668 {
4669         struct ssb_sprom *sprom = dev->dev->bus_sprom;
4670         struct b43_phy *phy = &dev->phy;
4671         int err;
4672         u64 hf;
4673
4674         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4675
4676         err = b43_bus_powerup(dev, 0);
4677         if (err)
4678                 goto out;
4679         if (!b43_device_is_enabled(dev))
4680                 b43_wireless_core_reset(dev, phy->gmode);
4681
4682         /* Reset all data structures. */
4683         setup_struct_wldev_for_init(dev);
4684         phy->ops->prepare_structs(dev);
4685
4686         /* Enable IRQ routing to this device. */
4687         switch (dev->dev->bus_type) {
4688 #ifdef CONFIG_B43_BCMA
4689         case B43_BUS_BCMA:
4690                 bcma_core_pci_irq_ctl(&dev->dev->bdev->bus->drv_pci[0],
4691                                       dev->dev->bdev, true);
4692                 break;
4693 #endif
4694 #ifdef CONFIG_B43_SSB
4695         case B43_BUS_SSB:
4696                 ssb_pcicore_dev_irqvecs_enable(&dev->dev->sdev->bus->pcicore,
4697                                                dev->dev->sdev);
4698                 break;
4699 #endif
4700         }
4701
4702         b43_imcfglo_timeouts_workaround(dev);
4703         b43_bluetooth_coext_disable(dev);
4704         if (phy->ops->prepare_hardware) {
4705                 err = phy->ops->prepare_hardware(dev);
4706                 if (err)
4707                         goto err_busdown;
4708         }
4709         err = b43_chip_init(dev);
4710         if (err)
4711                 goto err_busdown;
4712         b43_shm_write16(dev, B43_SHM_SHARED,
4713                         B43_SHM_SH_WLCOREREV, dev->dev->core_rev);
4714         hf = b43_hf_read(dev);
4715         if (phy->type == B43_PHYTYPE_G) {
4716                 hf |= B43_HF_SYMW;
4717                 if (phy->rev == 1)
4718                         hf |= B43_HF_GDCW;
4719                 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4720                         hf |= B43_HF_OFDMPABOOST;
4721         }
4722         if (phy->radio_ver == 0x2050) {
4723                 if (phy->radio_rev == 6)
4724                         hf |= B43_HF_4318TSSI;
4725                 if (phy->radio_rev < 6)
4726                         hf |= B43_HF_VCORECALC;
4727         }
4728         if (sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW)
4729                 hf |= B43_HF_DSCRQ; /* Disable slowclock requests from ucode. */
4730 #ifdef CONFIG_SSB_DRIVER_PCICORE
4731         if (dev->dev->bus_type == B43_BUS_SSB &&
4732             dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI &&
4733             dev->dev->sdev->bus->pcicore.dev->id.revision <= 10)
4734                 hf |= B43_HF_PCISCW; /* PCI slow clock workaround. */
4735 #endif
4736         hf &= ~B43_HF_SKCFPUP;
4737         b43_hf_write(dev, hf);
4738
4739         b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4740                              B43_DEFAULT_LONG_RETRY_LIMIT);
4741         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4742         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4743
4744         /* Disable sending probe responses from firmware.
4745          * Setting the MaxTime to one usec will always trigger
4746          * a timeout, so we never send any probe resp.
4747          * A timeout of zero is infinite. */
4748         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4749
4750         b43_rate_memory_init(dev);
4751         b43_set_phytxctl_defaults(dev);
4752
4753         /* Minimum Contention Window */
4754         if (phy->type == B43_PHYTYPE_B)
4755                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4756         else
4757                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4758         /* Maximum Contention Window */
4759         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4760
4761         if (b43_bus_host_is_pcmcia(dev->dev) ||
4762             b43_bus_host_is_sdio(dev->dev)) {
4763                 dev->__using_pio_transfers = true;
4764                 err = b43_pio_init(dev);
4765         } else if (dev->use_pio) {
4766                 b43warn(dev->wl, "Forced PIO by use_pio module parameter. "
4767                         "This should not be needed and will result in lower "
4768                         "performance.\n");
4769                 dev->__using_pio_transfers = true;
4770                 err = b43_pio_init(dev);
4771         } else {
4772                 dev->__using_pio_transfers = false;
4773                 err = b43_dma_init(dev);
4774         }
4775         if (err)
4776                 goto err_chip_exit;
4777         b43_qos_init(dev);
4778         b43_set_synth_pu_delay(dev, 1);
4779         b43_bluetooth_coext_enable(dev);
4780
4781         b43_bus_powerup(dev, !(sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW));
4782         b43_upload_card_macaddress(dev);
4783         b43_security_init(dev);
4784
4785         ieee80211_wake_queues(dev->wl->hw);
4786
4787         b43_set_status(dev, B43_STAT_INITIALIZED);
4788
4789         /* Register HW RNG driver */
4790         b43_rng_init(dev->wl);
4791
4792 out:
4793         return err;
4794
4795 err_chip_exit:
4796         b43_chip_exit(dev);
4797 err_busdown:
4798         b43_bus_may_powerdown(dev);
4799         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4800         return err;
4801 }
4802
4803 static int b43_op_add_interface(struct ieee80211_hw *hw,
4804                                 struct ieee80211_vif *vif)
4805 {
4806         struct b43_wl *wl = hw_to_b43_wl(hw);
4807         struct b43_wldev *dev;
4808         int err = -EOPNOTSUPP;
4809
4810         /* TODO: allow WDS/AP devices to coexist */
4811
4812         if (vif->type != NL80211_IFTYPE_AP &&
4813             vif->type != NL80211_IFTYPE_MESH_POINT &&
4814             vif->type != NL80211_IFTYPE_STATION &&
4815             vif->type != NL80211_IFTYPE_WDS &&
4816             vif->type != NL80211_IFTYPE_ADHOC)
4817                 return -EOPNOTSUPP;
4818
4819         mutex_lock(&wl->mutex);
4820         if (wl->operating)
4821                 goto out_mutex_unlock;
4822
4823         b43dbg(wl, "Adding Interface type %d\n", vif->type);
4824
4825         dev = wl->current_dev;
4826         wl->operating = true;
4827         wl->vif = vif;
4828         wl->if_type = vif->type;
4829         memcpy(wl->mac_addr, vif->addr, ETH_ALEN);
4830
4831         b43_adjust_opmode(dev);
4832         b43_set_pretbtt(dev);
4833         b43_set_synth_pu_delay(dev, 0);
4834         b43_upload_card_macaddress(dev);
4835
4836         err = 0;
4837  out_mutex_unlock:
4838         mutex_unlock(&wl->mutex);
4839
4840         if (err == 0)
4841                 b43_op_bss_info_changed(hw, vif, &vif->bss_conf, ~0);
4842
4843         return err;
4844 }
4845
4846 static void b43_op_remove_interface(struct ieee80211_hw *hw,
4847                                     struct ieee80211_vif *vif)
4848 {
4849         struct b43_wl *wl = hw_to_b43_wl(hw);
4850         struct b43_wldev *dev = wl->current_dev;
4851
4852         b43dbg(wl, "Removing Interface type %d\n", vif->type);
4853
4854         mutex_lock(&wl->mutex);
4855
4856         B43_WARN_ON(!wl->operating);
4857         B43_WARN_ON(wl->vif != vif);
4858         wl->vif = NULL;
4859
4860         wl->operating = false;
4861
4862         b43_adjust_opmode(dev);
4863         memset(wl->mac_addr, 0, ETH_ALEN);
4864         b43_upload_card_macaddress(dev);
4865
4866         mutex_unlock(&wl->mutex);
4867 }
4868
4869 static int b43_op_start(struct ieee80211_hw *hw)
4870 {
4871         struct b43_wl *wl = hw_to_b43_wl(hw);
4872         struct b43_wldev *dev = wl->current_dev;
4873         int did_init = 0;
4874         int err = 0;
4875
4876         /* Kill all old instance specific information to make sure
4877          * the card won't use it in the short timeframe between start
4878          * and mac80211 reconfiguring it. */
4879         memset(wl->bssid, 0, ETH_ALEN);
4880         memset(wl->mac_addr, 0, ETH_ALEN);
4881         wl->filter_flags = 0;
4882         wl->radiotap_enabled = false;
4883         b43_qos_clear(wl);
4884         wl->beacon0_uploaded = false;
4885         wl->beacon1_uploaded = false;
4886         wl->beacon_templates_virgin = true;
4887         wl->radio_enabled = true;
4888
4889         mutex_lock(&wl->mutex);
4890
4891         if (b43_status(dev) < B43_STAT_INITIALIZED) {
4892                 err = b43_wireless_core_init(dev);
4893                 if (err)
4894                         goto out_mutex_unlock;
4895                 did_init = 1;
4896         }
4897
4898         if (b43_status(dev) < B43_STAT_STARTED) {
4899                 err = b43_wireless_core_start(dev);
4900                 if (err) {
4901                         if (did_init)
4902                                 b43_wireless_core_exit(dev);
4903                         goto out_mutex_unlock;
4904                 }
4905         }
4906
4907         /* XXX: only do if device doesn't support rfkill irq */
4908         wiphy_rfkill_start_polling(hw->wiphy);
4909
4910  out_mutex_unlock:
4911         mutex_unlock(&wl->mutex);
4912
4913         /*
4914          * Configuration may have been overwritten during initialization.
4915          * Reload the configuration, but only if initialization was
4916          * successful. Reloading the configuration after a failed init
4917          * may hang the system.
4918          */
4919         if (!err)
4920                 b43_op_config(hw, ~0);
4921
4922         return err;
4923 }
4924
4925 static void b43_op_stop(struct ieee80211_hw *hw)
4926 {
4927         struct b43_wl *wl = hw_to_b43_wl(hw);
4928         struct b43_wldev *dev = wl->current_dev;
4929
4930         cancel_work_sync(&(wl->beacon_update_trigger));
4931
4932         if (!dev)
4933                 goto out;
4934
4935         mutex_lock(&wl->mutex);
4936         if (b43_status(dev) >= B43_STAT_STARTED) {
4937                 dev = b43_wireless_core_stop(dev);
4938                 if (!dev)
4939                         goto out_unlock;
4940         }
4941         b43_wireless_core_exit(dev);
4942         wl->radio_enabled = false;
4943
4944 out_unlock:
4945         mutex_unlock(&wl->mutex);
4946 out:
4947         cancel_work_sync(&(wl->txpower_adjust_work));
4948 }
4949
4950 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
4951                                  struct ieee80211_sta *sta, bool set)
4952 {
4953         struct b43_wl *wl = hw_to_b43_wl(hw);
4954
4955         /* FIXME: add locking */
4956         b43_update_templates(wl);
4957
4958         return 0;
4959 }
4960
4961 static void b43_op_sta_notify(struct ieee80211_hw *hw,
4962                               struct ieee80211_vif *vif,
4963                               enum sta_notify_cmd notify_cmd,
4964                               struct ieee80211_sta *sta)
4965 {
4966         struct b43_wl *wl = hw_to_b43_wl(hw);
4967
4968         B43_WARN_ON(!vif || wl->vif != vif);
4969 }
4970
4971 static void b43_op_sw_scan_start_notifier(struct ieee80211_hw *hw)
4972 {
4973         struct b43_wl *wl = hw_to_b43_wl(hw);
4974         struct b43_wldev *dev;
4975
4976         mutex_lock(&wl->mutex);
4977         dev = wl->current_dev;
4978         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4979                 /* Disable CFP update during scan on other channels. */
4980                 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_SKCFPUP);
4981         }
4982         mutex_unlock(&wl->mutex);
4983 }
4984
4985 static void b43_op_sw_scan_complete_notifier(struct ieee80211_hw *hw)
4986 {
4987         struct b43_wl *wl = hw_to_b43_wl(hw);
4988         struct b43_wldev *dev;
4989
4990         mutex_lock(&wl->mutex);
4991         dev = wl->current_dev;
4992         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4993                 /* Re-enable CFP update. */
4994                 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_SKCFPUP);
4995         }
4996         mutex_unlock(&wl->mutex);
4997 }
4998
4999 static int b43_op_get_survey(struct ieee80211_hw *hw, int idx,
5000                              struct survey_info *survey)
5001 {
5002         struct b43_wl *wl = hw_to_b43_wl(hw);
5003         struct b43_wldev *dev = wl->current_dev;
5004         struct ieee80211_conf *conf = &hw->conf;
5005
5006         if (idx != 0)
5007                 return -ENOENT;
5008
5009         survey->channel = conf->chandef.chan;
5010         survey->filled = SURVEY_INFO_NOISE_DBM;
5011         survey->noise = dev->stats.link_noise;
5012
5013         return 0;
5014 }
5015
5016 static const struct ieee80211_ops b43_hw_ops = {
5017         .tx                     = b43_op_tx,
5018         .conf_tx                = b43_op_conf_tx,
5019         .add_interface          = b43_op_add_interface,
5020         .remove_interface       = b43_op_remove_interface,
5021         .config                 = b43_op_config,
5022         .bss_info_changed       = b43_op_bss_info_changed,
5023         .configure_filter       = b43_op_configure_filter,
5024         .set_key                = b43_op_set_key,
5025         .update_tkip_key        = b43_op_update_tkip_key,
5026         .get_stats              = b43_op_get_stats,
5027         .get_tsf                = b43_op_get_tsf,
5028         .set_tsf                = b43_op_set_tsf,
5029         .start                  = b43_op_start,
5030         .stop                   = b43_op_stop,
5031         .set_tim                = b43_op_beacon_set_tim,
5032         .sta_notify             = b43_op_sta_notify,
5033         .sw_scan_start          = b43_op_sw_scan_start_notifier,
5034         .sw_scan_complete       = b43_op_sw_scan_complete_notifier,
5035         .get_survey             = b43_op_get_survey,
5036         .rfkill_poll            = b43_rfkill_poll,
5037 };
5038
5039 /* Hard-reset the chip. Do not call this directly.
5040  * Use b43_controller_restart()
5041  */
5042 static void b43_chip_reset(struct work_struct *work)
5043 {
5044         struct b43_wldev *dev =
5045             container_of(work, struct b43_wldev, restart_work);
5046         struct b43_wl *wl = dev->wl;
5047         int err = 0;
5048         int prev_status;
5049
5050         mutex_lock(&wl->mutex);
5051
5052         prev_status = b43_status(dev);
5053         /* Bring the device down... */
5054         if (prev_status >= B43_STAT_STARTED) {
5055                 dev = b43_wireless_core_stop(dev);
5056                 if (!dev) {
5057                         err = -ENODEV;
5058                         goto out;
5059                 }
5060         }
5061         if (prev_status >= B43_STAT_INITIALIZED)
5062                 b43_wireless_core_exit(dev);
5063
5064         /* ...and up again. */
5065         if (prev_status >= B43_STAT_INITIALIZED) {
5066                 err = b43_wireless_core_init(dev);
5067                 if (err)
5068                         goto out;
5069         }
5070         if (prev_status >= B43_STAT_STARTED) {
5071                 err = b43_wireless_core_start(dev);
5072                 if (err) {
5073                         b43_wireless_core_exit(dev);
5074                         goto out;
5075                 }
5076         }
5077 out:
5078         if (err)
5079                 wl->current_dev = NULL; /* Failed to init the dev. */
5080         mutex_unlock(&wl->mutex);
5081
5082         if (err) {
5083                 b43err(wl, "Controller restart FAILED\n");
5084                 return;
5085         }
5086
5087         /* reload configuration */
5088         b43_op_config(wl->hw, ~0);
5089         if (wl->vif)
5090                 b43_op_bss_info_changed(wl->hw, wl->vif, &wl->vif->bss_conf, ~0);
5091
5092         b43info(wl, "Controller restarted\n");
5093 }
5094
5095 static int b43_setup_bands(struct b43_wldev *dev,
5096                            bool have_2ghz_phy, bool have_5ghz_phy)
5097 {
5098         struct ieee80211_hw *hw = dev->wl->hw;
5099
5100         if (have_2ghz_phy)
5101                 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &b43_band_2GHz;
5102         if (dev->phy.type == B43_PHYTYPE_N) {
5103                 if (have_5ghz_phy)
5104                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_nphy;
5105         } else {
5106                 if (have_5ghz_phy)
5107                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
5108         }
5109
5110         dev->phy.supports_2ghz = have_2ghz_phy;
5111         dev->phy.supports_5ghz = have_5ghz_phy;
5112
5113         return 0;
5114 }
5115
5116 static void b43_wireless_core_detach(struct b43_wldev *dev)
5117 {
5118         /* We release firmware that late to not be required to re-request
5119          * is all the time when we reinit the core. */
5120         b43_release_firmware(dev);
5121         b43_phy_free(dev);
5122 }
5123
5124 static int b43_wireless_core_attach(struct b43_wldev *dev)
5125 {
5126         struct b43_wl *wl = dev->wl;
5127         struct pci_dev *pdev = NULL;
5128         int err;
5129         u32 tmp;
5130         bool have_2ghz_phy = false, have_5ghz_phy = false;
5131
5132         /* Do NOT do any device initialization here.
5133          * Do it in wireless_core_init() instead.
5134          * This function is for gathering basic information about the HW, only.
5135          * Also some structs may be set up here. But most likely you want to have
5136          * that in core_init(), too.
5137          */
5138
5139 #ifdef CONFIG_B43_SSB
5140         if (dev->dev->bus_type == B43_BUS_SSB &&
5141             dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI)
5142                 pdev = dev->dev->sdev->bus->host_pci;
5143 #endif
5144
5145         err = b43_bus_powerup(dev, 0);
5146         if (err) {
5147                 b43err(wl, "Bus powerup failed\n");
5148                 goto out;
5149         }
5150
5151         /* Get the PHY type. */
5152         switch (dev->dev->bus_type) {
5153 #ifdef CONFIG_B43_BCMA
5154         case B43_BUS_BCMA:
5155                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOST);
5156                 have_2ghz_phy = !!(tmp & B43_BCMA_IOST_2G_PHY);
5157                 have_5ghz_phy = !!(tmp & B43_BCMA_IOST_5G_PHY);
5158                 break;
5159 #endif
5160 #ifdef CONFIG_B43_SSB
5161         case B43_BUS_SSB:
5162                 if (dev->dev->core_rev >= 5) {
5163                         tmp = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
5164                         have_2ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_2GHZ_PHY);
5165                         have_5ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_5GHZ_PHY);
5166                 } else
5167                         B43_WARN_ON(1);
5168                 break;
5169 #endif
5170         }
5171
5172         dev->phy.gmode = have_2ghz_phy;
5173         dev->phy.radio_on = true;
5174         b43_wireless_core_reset(dev, dev->phy.gmode);
5175
5176         err = b43_phy_versioning(dev);
5177         if (err)
5178                 goto err_powerdown;
5179         /* Check if this device supports multiband. */
5180         if (!pdev ||
5181             (pdev->device != 0x4312 &&
5182              pdev->device != 0x4319 && pdev->device != 0x4324)) {
5183                 /* No multiband support. */
5184                 have_2ghz_phy = false;
5185                 have_5ghz_phy = false;
5186                 switch (dev->phy.type) {
5187                 case B43_PHYTYPE_A:
5188                         have_5ghz_phy = true;
5189                         break;
5190                 case B43_PHYTYPE_LP: //FIXME not always!
5191 #if 0 //FIXME enabling 5GHz causes a NULL pointer dereference
5192                         have_5ghz_phy = 1;
5193 #endif
5194                 case B43_PHYTYPE_G:
5195                 case B43_PHYTYPE_N:
5196                 case B43_PHYTYPE_HT:
5197                 case B43_PHYTYPE_LCN:
5198                         have_2ghz_phy = true;
5199                         break;
5200                 default:
5201                         B43_WARN_ON(1);
5202                 }
5203         }
5204         if (dev->phy.type == B43_PHYTYPE_A) {
5205                 /* FIXME */
5206                 b43err(wl, "IEEE 802.11a devices are unsupported\n");
5207                 err = -EOPNOTSUPP;
5208                 goto err_powerdown;
5209         }
5210         if (1 /* disable A-PHY */) {
5211                 /* FIXME: For now we disable the A-PHY on multi-PHY devices. */
5212                 if (dev->phy.type != B43_PHYTYPE_N &&
5213                     dev->phy.type != B43_PHYTYPE_LP) {
5214                         have_2ghz_phy = true;
5215                         have_5ghz_phy = false;
5216                 }
5217         }
5218
5219         err = b43_phy_allocate(dev);
5220         if (err)
5221                 goto err_powerdown;
5222
5223         dev->phy.gmode = have_2ghz_phy;
5224         b43_wireless_core_reset(dev, dev->phy.gmode);
5225
5226         err = b43_validate_chipaccess(dev);
5227         if (err)
5228                 goto err_phy_free;
5229         err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
5230         if (err)
5231                 goto err_phy_free;
5232
5233         /* Now set some default "current_dev" */
5234         if (!wl->current_dev)
5235                 wl->current_dev = dev;
5236         INIT_WORK(&dev->restart_work, b43_chip_reset);
5237
5238         dev->phy.ops->switch_analog(dev, 0);
5239         b43_device_disable(dev, 0);
5240         b43_bus_may_powerdown(dev);
5241
5242 out:
5243         return err;
5244
5245 err_phy_free:
5246         b43_phy_free(dev);
5247 err_powerdown:
5248         b43_bus_may_powerdown(dev);
5249         return err;
5250 }
5251
5252 static void b43_one_core_detach(struct b43_bus_dev *dev)
5253 {
5254         struct b43_wldev *wldev;
5255         struct b43_wl *wl;
5256
5257         /* Do not cancel ieee80211-workqueue based work here.
5258          * See comment in b43_remove(). */
5259
5260         wldev = b43_bus_get_wldev(dev);
5261         wl = wldev->wl;
5262         b43_debugfs_remove_device(wldev);
5263         b43_wireless_core_detach(wldev);
5264         list_del(&wldev->list);
5265         wl->nr_devs--;
5266         b43_bus_set_wldev(dev, NULL);
5267         kfree(wldev);
5268 }
5269
5270 static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl)
5271 {
5272         struct b43_wldev *wldev;
5273         int err = -ENOMEM;
5274
5275         wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
5276         if (!wldev)
5277                 goto out;
5278
5279         wldev->use_pio = b43_modparam_pio;
5280         wldev->dev = dev;
5281         wldev->wl = wl;
5282         b43_set_status(wldev, B43_STAT_UNINIT);
5283         wldev->bad_frames_preempt = modparam_bad_frames_preempt;
5284         INIT_LIST_HEAD(&wldev->list);
5285
5286         err = b43_wireless_core_attach(wldev);
5287         if (err)
5288                 goto err_kfree_wldev;
5289
5290         list_add(&wldev->list, &wl->devlist);
5291         wl->nr_devs++;
5292         b43_bus_set_wldev(dev, wldev);
5293         b43_debugfs_add_device(wldev);
5294
5295       out:
5296         return err;
5297
5298       err_kfree_wldev:
5299         kfree(wldev);
5300         return err;
5301 }
5302
5303 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice)         ( \
5304         (pdev->vendor == PCI_VENDOR_ID_##_vendor) &&                    \
5305         (pdev->device == _device) &&                                    \
5306         (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) &&       \
5307         (pdev->subsystem_device == _subdevice)                          )
5308
5309 static void b43_sprom_fixup(struct ssb_bus *bus)
5310 {
5311         struct pci_dev *pdev;
5312
5313         /* boardflags workarounds */
5314         if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
5315             bus->chip_id == 0x4301 && bus->sprom.board_rev == 0x74)
5316                 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
5317         if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
5318             bus->boardinfo.type == 0x4E && bus->sprom.board_rev > 0x40)
5319                 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
5320         if (bus->bustype == SSB_BUSTYPE_PCI) {
5321                 pdev = bus->host_pci;
5322                 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
5323                     IS_PDEV(pdev, BROADCOM, 0x4320,    DELL, 0x0003) ||
5324                     IS_PDEV(pdev, BROADCOM, 0x4320,      HP, 0x12f8) ||
5325                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
5326                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
5327                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
5328                     IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
5329                         bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
5330         }
5331 }
5332
5333 static void b43_wireless_exit(struct b43_bus_dev *dev, struct b43_wl *wl)
5334 {
5335         struct ieee80211_hw *hw = wl->hw;
5336
5337         ssb_set_devtypedata(dev->sdev, NULL);
5338         ieee80211_free_hw(hw);
5339 }
5340
5341 static struct b43_wl *b43_wireless_init(struct b43_bus_dev *dev)
5342 {
5343         struct ssb_sprom *sprom = dev->bus_sprom;
5344         struct ieee80211_hw *hw;
5345         struct b43_wl *wl;
5346         char chip_name[6];
5347         int queue_num;
5348
5349         hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
5350         if (!hw) {
5351                 b43err(NULL, "Could not allocate ieee80211 device\n");
5352                 return ERR_PTR(-ENOMEM);
5353         }
5354         wl = hw_to_b43_wl(hw);
5355
5356         /* fill hw info */
5357         hw->flags = IEEE80211_HW_RX_INCLUDES_FCS |
5358                     IEEE80211_HW_SIGNAL_DBM;
5359
5360         hw->wiphy->interface_modes =
5361                 BIT(NL80211_IFTYPE_AP) |
5362                 BIT(NL80211_IFTYPE_MESH_POINT) |
5363                 BIT(NL80211_IFTYPE_STATION) |
5364                 BIT(NL80211_IFTYPE_WDS) |
5365                 BIT(NL80211_IFTYPE_ADHOC);
5366
5367         hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
5368
5369         wl->hw_registred = false;
5370         hw->max_rates = 2;
5371         SET_IEEE80211_DEV(hw, dev->dev);
5372         if (is_valid_ether_addr(sprom->et1mac))
5373                 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
5374         else
5375                 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
5376
5377         /* Initialize struct b43_wl */
5378         wl->hw = hw;
5379         mutex_init(&wl->mutex);
5380         spin_lock_init(&wl->hardirq_lock);
5381         INIT_LIST_HEAD(&wl->devlist);
5382         INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
5383         INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
5384         INIT_WORK(&wl->tx_work, b43_tx_work);
5385
5386         /* Initialize queues and flags. */
5387         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
5388                 skb_queue_head_init(&wl->tx_queue[queue_num]);
5389                 wl->tx_queue_stopped[queue_num] = 0;
5390         }
5391
5392         snprintf(chip_name, ARRAY_SIZE(chip_name),
5393                  (dev->chip_id > 0x9999) ? "%d" : "%04X", dev->chip_id);
5394         b43info(wl, "Broadcom %s WLAN found (core revision %u)\n", chip_name,
5395                 dev->core_rev);
5396         return wl;
5397 }
5398
5399 #ifdef CONFIG_B43_BCMA
5400 static int b43_bcma_probe(struct bcma_device *core)
5401 {
5402         struct b43_bus_dev *dev;
5403         struct b43_wl *wl;
5404         int err;
5405
5406         dev = b43_bus_dev_bcma_init(core);
5407         if (!dev)
5408                 return -ENODEV;
5409
5410         wl = b43_wireless_init(dev);
5411         if (IS_ERR(wl)) {
5412                 err = PTR_ERR(wl);
5413                 goto bcma_out;
5414         }
5415
5416         err = b43_one_core_attach(dev, wl);
5417         if (err)
5418                 goto bcma_err_wireless_exit;
5419
5420         /* setup and start work to load firmware */
5421         INIT_WORK(&wl->firmware_load, b43_request_firmware);
5422         schedule_work(&wl->firmware_load);
5423
5424 bcma_out:
5425         return err;
5426
5427 bcma_err_wireless_exit:
5428         ieee80211_free_hw(wl->hw);
5429         return err;
5430 }
5431
5432 static void b43_bcma_remove(struct bcma_device *core)
5433 {
5434         struct b43_wldev *wldev = bcma_get_drvdata(core);
5435         struct b43_wl *wl = wldev->wl;
5436
5437         /* We must cancel any work here before unregistering from ieee80211,
5438          * as the ieee80211 unreg will destroy the workqueue. */
5439         cancel_work_sync(&wldev->restart_work);
5440         cancel_work_sync(&wl->firmware_load);
5441
5442         B43_WARN_ON(!wl);
5443         if (!wldev->fw.ucode.data)
5444                 return;                 /* NULL if firmware never loaded */
5445         if (wl->current_dev == wldev && wl->hw_registred) {
5446                 b43_leds_stop(wldev);
5447                 ieee80211_unregister_hw(wl->hw);
5448         }
5449
5450         b43_one_core_detach(wldev->dev);
5451
5452         b43_leds_unregister(wl);
5453
5454         ieee80211_free_hw(wl->hw);
5455 }
5456
5457 static struct bcma_driver b43_bcma_driver = {
5458         .name           = KBUILD_MODNAME,
5459         .id_table       = b43_bcma_tbl,
5460         .probe          = b43_bcma_probe,
5461         .remove         = b43_bcma_remove,
5462 };
5463 #endif
5464
5465 #ifdef CONFIG_B43_SSB
5466 static
5467 int b43_ssb_probe(struct ssb_device *sdev, const struct ssb_device_id *id)
5468 {
5469         struct b43_bus_dev *dev;
5470         struct b43_wl *wl;
5471         int err;
5472         int first = 0;
5473
5474         dev = b43_bus_dev_ssb_init(sdev);
5475         if (!dev)
5476                 return -ENOMEM;
5477
5478         wl = ssb_get_devtypedata(sdev);
5479         if (!wl) {
5480                 /* Probing the first core. Must setup common struct b43_wl */
5481                 first = 1;
5482                 b43_sprom_fixup(sdev->bus);
5483                 wl = b43_wireless_init(dev);
5484                 if (IS_ERR(wl)) {
5485                         err = PTR_ERR(wl);
5486                         goto out;
5487                 }
5488                 ssb_set_devtypedata(sdev, wl);
5489                 B43_WARN_ON(ssb_get_devtypedata(sdev) != wl);
5490         }
5491         err = b43_one_core_attach(dev, wl);
5492         if (err)
5493                 goto err_wireless_exit;
5494
5495         /* setup and start work to load firmware */
5496         INIT_WORK(&wl->firmware_load, b43_request_firmware);
5497         schedule_work(&wl->firmware_load);
5498
5499       out:
5500         return err;
5501
5502       err_wireless_exit:
5503         if (first)
5504                 b43_wireless_exit(dev, wl);
5505         return err;
5506 }
5507
5508 static void b43_ssb_remove(struct ssb_device *sdev)
5509 {
5510         struct b43_wl *wl = ssb_get_devtypedata(sdev);
5511         struct b43_wldev *wldev = ssb_get_drvdata(sdev);
5512         struct b43_bus_dev *dev = wldev->dev;
5513
5514         /* We must cancel any work here before unregistering from ieee80211,
5515          * as the ieee80211 unreg will destroy the workqueue. */
5516         cancel_work_sync(&wldev->restart_work);
5517         cancel_work_sync(&wl->firmware_load);
5518
5519         B43_WARN_ON(!wl);
5520         if (!wldev->fw.ucode.data)
5521                 return;                 /* NULL if firmware never loaded */
5522         if (wl->current_dev == wldev && wl->hw_registred) {
5523                 b43_leds_stop(wldev);
5524                 ieee80211_unregister_hw(wl->hw);
5525         }
5526
5527         b43_one_core_detach(dev);
5528
5529         if (list_empty(&wl->devlist)) {
5530                 b43_leds_unregister(wl);
5531                 /* Last core on the chip unregistered.
5532                  * We can destroy common struct b43_wl.
5533                  */
5534                 b43_wireless_exit(dev, wl);
5535         }
5536 }
5537
5538 static struct ssb_driver b43_ssb_driver = {
5539         .name           = KBUILD_MODNAME,
5540         .id_table       = b43_ssb_tbl,
5541         .probe          = b43_ssb_probe,
5542         .remove         = b43_ssb_remove,
5543 };
5544 #endif /* CONFIG_B43_SSB */
5545
5546 /* Perform a hardware reset. This can be called from any context. */
5547 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
5548 {
5549         /* Must avoid requeueing, if we are in shutdown. */
5550         if (b43_status(dev) < B43_STAT_INITIALIZED)
5551                 return;
5552         b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
5553         ieee80211_queue_work(dev->wl->hw, &dev->restart_work);
5554 }
5555
5556 static void b43_print_driverinfo(void)
5557 {
5558         const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
5559                    *feat_leds = "", *feat_sdio = "";
5560
5561 #ifdef CONFIG_B43_PCI_AUTOSELECT
5562         feat_pci = "P";
5563 #endif
5564 #ifdef CONFIG_B43_PCMCIA
5565         feat_pcmcia = "M";
5566 #endif
5567 #ifdef CONFIG_B43_PHY_N
5568         feat_nphy = "N";
5569 #endif
5570 #ifdef CONFIG_B43_LEDS
5571         feat_leds = "L";
5572 #endif
5573 #ifdef CONFIG_B43_SDIO
5574         feat_sdio = "S";
5575 #endif
5576         printk(KERN_INFO "Broadcom 43xx driver loaded "
5577                "[ Features: %s%s%s%s%s ]\n",
5578                feat_pci, feat_pcmcia, feat_nphy,
5579                feat_leds, feat_sdio);
5580 }
5581
5582 static int __init b43_init(void)
5583 {
5584         int err;
5585
5586         b43_debugfs_init();
5587         err = b43_pcmcia_init();
5588         if (err)
5589                 goto err_dfs_exit;
5590         err = b43_sdio_init();
5591         if (err)
5592                 goto err_pcmcia_exit;
5593 #ifdef CONFIG_B43_BCMA
5594         err = bcma_driver_register(&b43_bcma_driver);
5595         if (err)
5596                 goto err_sdio_exit;
5597 #endif
5598 #ifdef CONFIG_B43_SSB
5599         err = ssb_driver_register(&b43_ssb_driver);
5600         if (err)
5601                 goto err_bcma_driver_exit;
5602 #endif
5603         b43_print_driverinfo();
5604
5605         return err;
5606
5607 #ifdef CONFIG_B43_SSB
5608 err_bcma_driver_exit:
5609 #endif
5610 #ifdef CONFIG_B43_BCMA
5611         bcma_driver_unregister(&b43_bcma_driver);
5612 err_sdio_exit:
5613 #endif
5614         b43_sdio_exit();
5615 err_pcmcia_exit:
5616         b43_pcmcia_exit();
5617 err_dfs_exit:
5618         b43_debugfs_exit();
5619         return err;
5620 }
5621
5622 static void __exit b43_exit(void)
5623 {
5624 #ifdef CONFIG_B43_SSB
5625         ssb_driver_unregister(&b43_ssb_driver);
5626 #endif
5627 #ifdef CONFIG_B43_BCMA
5628         bcma_driver_unregister(&b43_bcma_driver);
5629 #endif
5630         b43_sdio_exit();
5631         b43_pcmcia_exit();
5632         b43_debugfs_exit();
5633 }
5634
5635 module_init(b43_init)
5636 module_exit(b43_exit)
Local Linux development repo for Freescale iMX