]> Pileus Git - ~andy/linux/blob - drivers/net/wireless/b43/main.c
projects / ~andy / linux / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge branch 'x86/jumplabel' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
[~andy/linux] / drivers / net / wireless / b43 / main.c
1 /*
2
3   Broadcom B43 wireless driver
4
5   Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6   Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7   Copyright (c) 2005-2009 Michael Buesch <m@bues.ch>
8   Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9   Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
10   Copyright (c) 2010-2011 Rafał Miłecki <zajec5@gmail.com>
11
12   SDIO support
13   Copyright (c) 2009 Albert Herranz <albert_herranz@yahoo.es>
14
15   Some parts of the code in this file are derived from the ipw2200
16   driver  Copyright(c) 2003 - 2004 Intel Corporation.
17
18   This program is free software; you can redistribute it and/or modify
19   it under the terms of the GNU General Public License as published by
20   the Free Software Foundation; either version 2 of the License, or
21   (at your option) any later version.
22
23   This program is distributed in the hope that it will be useful,
24   but WITHOUT ANY WARRANTY; without even the implied warranty of
25   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
26   GNU General Public License for more details.
27
28   You should have received a copy of the GNU General Public License
29   along with this program; see the file COPYING.  If not, write to
30   the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
31   Boston, MA 02110-1301, USA.
32
33 */
34
35 #include <linux/delay.h>
36 #include <linux/init.h>
37 #include <linux/module.h>
38 #include <linux/if_arp.h>
39 #include <linux/etherdevice.h>
40 #include <linux/firmware.h>
41 #include <linux/workqueue.h>
42 #include <linux/skbuff.h>
43 #include <linux/io.h>
44 #include <linux/dma-mapping.h>
45 #include <linux/slab.h>
46 #include <asm/unaligned.h>
47
48 #include "b43.h"
49 #include "main.h"
50 #include "debugfs.h"
51 #include "phy_common.h"
52 #include "phy_g.h"
53 #include "phy_n.h"
54 #include "dma.h"
55 #include "pio.h"
56 #include "sysfs.h"
57 #include "xmit.h"
58 #include "lo.h"
59 #include "pcmcia.h"
60 #include "sdio.h"
61 #include <linux/mmc/sdio_func.h>
62
63 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
64 MODULE_AUTHOR("Martin Langer");
65 MODULE_AUTHOR("Stefano Brivio");
66 MODULE_AUTHOR("Michael Buesch");
67 MODULE_AUTHOR("Gábor Stefanik");
68 MODULE_AUTHOR("Rafał Miłecki");
69 MODULE_LICENSE("GPL");
70
71 MODULE_FIRMWARE("b43/ucode11.fw");
72 MODULE_FIRMWARE("b43/ucode13.fw");
73 MODULE_FIRMWARE("b43/ucode14.fw");
74 MODULE_FIRMWARE("b43/ucode15.fw");
75 MODULE_FIRMWARE("b43/ucode16_mimo.fw");
76 MODULE_FIRMWARE("b43/ucode5.fw");
77 MODULE_FIRMWARE("b43/ucode9.fw");
78
79 static int modparam_bad_frames_preempt;
80 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
81 MODULE_PARM_DESC(bad_frames_preempt,
82                  "enable(1) / disable(0) Bad Frames Preemption");
83
84 static char modparam_fwpostfix[16];
85 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
86 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
87
88 static int modparam_hwpctl;
89 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
90 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
91
92 static int modparam_nohwcrypt;
93 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
94 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
95
96 static int modparam_hwtkip;
97 module_param_named(hwtkip, modparam_hwtkip, int, 0444);
98 MODULE_PARM_DESC(hwtkip, "Enable hardware tkip.");
99
100 static int modparam_qos = 1;
101 module_param_named(qos, modparam_qos, int, 0444);
102 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
103
104 static int modparam_btcoex = 1;
105 module_param_named(btcoex, modparam_btcoex, int, 0444);
106 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistence (default on)");
107
108 int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
109 module_param_named(verbose, b43_modparam_verbose, int, 0644);
110 MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
111
112 static int b43_modparam_pio = 0;
113 module_param_named(pio, b43_modparam_pio, int, 0644);
114 MODULE_PARM_DESC(pio, "Use PIO accesses by default: 0=DMA, 1=PIO");
115
116 static int modparam_allhwsupport = !IS_ENABLED(CONFIG_BRCMSMAC);
117 module_param_named(allhwsupport, modparam_allhwsupport, int, 0444);
118 MODULE_PARM_DESC(allhwsupport, "Enable support for all hardware (even it if overlaps with the brcmsmac driver)");
119
120 #ifdef CONFIG_B43_BCMA
121 static const struct bcma_device_id b43_bcma_tbl[] = {
122         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x11, BCMA_ANY_CLASS),
123         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x17, BCMA_ANY_CLASS),
124         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x18, BCMA_ANY_CLASS),
125         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1D, BCMA_ANY_CLASS),
126         BCMA_CORETABLE_END
127 };
128 MODULE_DEVICE_TABLE(bcma, b43_bcma_tbl);
129 #endif
130
131 #ifdef CONFIG_B43_SSB
132 static const struct ssb_device_id b43_ssb_tbl[] = {
133         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
134         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
135         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
136         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
137         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
138         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
139         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 12),
140         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
141         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
142         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
143         SSB_DEVTABLE_END
144 };
145 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
146 #endif
147
148 /* Channel and ratetables are shared for all devices.
149  * They can't be const, because ieee80211 puts some precalculated
150  * data in there. This data is the same for all devices, so we don't
151  * get concurrency issues */
152 #define RATETAB_ENT(_rateid, _flags) \
153         {                                                               \
154                 .bitrate        = B43_RATE_TO_BASE100KBPS(_rateid),     \
155                 .hw_value       = (_rateid),                            \
156                 .flags          = (_flags),                             \
157         }
158
159 /*
160  * NOTE: When changing this, sync with xmit.c's
161  *       b43_plcp_get_bitrate_idx_* functions!
162  */
163 static struct ieee80211_rate __b43_ratetable[] = {
164         RATETAB_ENT(B43_CCK_RATE_1MB, 0),
165         RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
166         RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
167         RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
168         RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
169         RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
170         RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
171         RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
172         RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
173         RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
174         RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
175         RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
176 };
177
178 #define b43_a_ratetable         (__b43_ratetable + 4)
179 #define b43_a_ratetable_size    8
180 #define b43_b_ratetable         (__b43_ratetable + 0)
181 #define b43_b_ratetable_size    4
182 #define b43_g_ratetable         (__b43_ratetable + 0)
183 #define b43_g_ratetable_size    12
184
185 #define CHAN4G(_channel, _freq, _flags) {                       \
186         .band                   = IEEE80211_BAND_2GHZ,          \
187         .center_freq            = (_freq),                      \
188         .hw_value               = (_channel),                   \
189         .flags                  = (_flags),                     \
190         .max_antenna_gain       = 0,                            \
191         .max_power              = 30,                           \
192 }
193 static struct ieee80211_channel b43_2ghz_chantable[] = {
194         CHAN4G(1, 2412, 0),
195         CHAN4G(2, 2417, 0),
196         CHAN4G(3, 2422, 0),
197         CHAN4G(4, 2427, 0),
198         CHAN4G(5, 2432, 0),
199         CHAN4G(6, 2437, 0),
200         CHAN4G(7, 2442, 0),
201         CHAN4G(8, 2447, 0),
202         CHAN4G(9, 2452, 0),
203         CHAN4G(10, 2457, 0),
204         CHAN4G(11, 2462, 0),
205         CHAN4G(12, 2467, 0),
206         CHAN4G(13, 2472, 0),
207         CHAN4G(14, 2484, 0),
208 };
209 #undef CHAN4G
210
211 #define CHAN5G(_channel, _flags) {                              \
212         .band                   = IEEE80211_BAND_5GHZ,          \
213         .center_freq            = 5000 + (5 * (_channel)),      \
214         .hw_value               = (_channel),                   \
215         .flags                  = (_flags),                     \
216         .max_antenna_gain       = 0,                            \
217         .max_power              = 30,                           \
218 }
219 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
220         CHAN5G(32, 0),          CHAN5G(34, 0),
221         CHAN5G(36, 0),          CHAN5G(38, 0),
222         CHAN5G(40, 0),          CHAN5G(42, 0),
223         CHAN5G(44, 0),          CHAN5G(46, 0),
224         CHAN5G(48, 0),          CHAN5G(50, 0),
225         CHAN5G(52, 0),          CHAN5G(54, 0),
226         CHAN5G(56, 0),          CHAN5G(58, 0),
227         CHAN5G(60, 0),          CHAN5G(62, 0),
228         CHAN5G(64, 0),          CHAN5G(66, 0),
229         CHAN5G(68, 0),          CHAN5G(70, 0),
230         CHAN5G(72, 0),          CHAN5G(74, 0),
231         CHAN5G(76, 0),          CHAN5G(78, 0),
232         CHAN5G(80, 0),          CHAN5G(82, 0),
233         CHAN5G(84, 0),          CHAN5G(86, 0),
234         CHAN5G(88, 0),          CHAN5G(90, 0),
235         CHAN5G(92, 0),          CHAN5G(94, 0),
236         CHAN5G(96, 0),          CHAN5G(98, 0),
237         CHAN5G(100, 0),         CHAN5G(102, 0),
238         CHAN5G(104, 0),         CHAN5G(106, 0),
239         CHAN5G(108, 0),         CHAN5G(110, 0),
240         CHAN5G(112, 0),         CHAN5G(114, 0),
241         CHAN5G(116, 0),         CHAN5G(118, 0),
242         CHAN5G(120, 0),         CHAN5G(122, 0),
243         CHAN5G(124, 0),         CHAN5G(126, 0),
244         CHAN5G(128, 0),         CHAN5G(130, 0),
245         CHAN5G(132, 0),         CHAN5G(134, 0),
246         CHAN5G(136, 0),         CHAN5G(138, 0),
247         CHAN5G(140, 0),         CHAN5G(142, 0),
248         CHAN5G(144, 0),         CHAN5G(145, 0),
249         CHAN5G(146, 0),         CHAN5G(147, 0),
250         CHAN5G(148, 0),         CHAN5G(149, 0),
251         CHAN5G(150, 0),         CHAN5G(151, 0),
252         CHAN5G(152, 0),         CHAN5G(153, 0),
253         CHAN5G(154, 0),         CHAN5G(155, 0),
254         CHAN5G(156, 0),         CHAN5G(157, 0),
255         CHAN5G(158, 0),         CHAN5G(159, 0),
256         CHAN5G(160, 0),         CHAN5G(161, 0),
257         CHAN5G(162, 0),         CHAN5G(163, 0),
258         CHAN5G(164, 0),         CHAN5G(165, 0),
259         CHAN5G(166, 0),         CHAN5G(168, 0),
260         CHAN5G(170, 0),         CHAN5G(172, 0),
261         CHAN5G(174, 0),         CHAN5G(176, 0),
262         CHAN5G(178, 0),         CHAN5G(180, 0),
263         CHAN5G(182, 0),         CHAN5G(184, 0),
264         CHAN5G(186, 0),         CHAN5G(188, 0),
265         CHAN5G(190, 0),         CHAN5G(192, 0),
266         CHAN5G(194, 0),         CHAN5G(196, 0),
267         CHAN5G(198, 0),         CHAN5G(200, 0),
268         CHAN5G(202, 0),         CHAN5G(204, 0),
269         CHAN5G(206, 0),         CHAN5G(208, 0),
270         CHAN5G(210, 0),         CHAN5G(212, 0),
271         CHAN5G(214, 0),         CHAN5G(216, 0),
272         CHAN5G(218, 0),         CHAN5G(220, 0),
273         CHAN5G(222, 0),         CHAN5G(224, 0),
274         CHAN5G(226, 0),         CHAN5G(228, 0),
275 };
276
277 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
278         CHAN5G(34, 0),          CHAN5G(36, 0),
279         CHAN5G(38, 0),          CHAN5G(40, 0),
280         CHAN5G(42, 0),          CHAN5G(44, 0),
281         CHAN5G(46, 0),          CHAN5G(48, 0),
282         CHAN5G(52, 0),          CHAN5G(56, 0),
283         CHAN5G(60, 0),          CHAN5G(64, 0),
284         CHAN5G(100, 0),         CHAN5G(104, 0),
285         CHAN5G(108, 0),         CHAN5G(112, 0),
286         CHAN5G(116, 0),         CHAN5G(120, 0),
287         CHAN5G(124, 0),         CHAN5G(128, 0),
288         CHAN5G(132, 0),         CHAN5G(136, 0),
289         CHAN5G(140, 0),         CHAN5G(149, 0),
290         CHAN5G(153, 0),         CHAN5G(157, 0),
291         CHAN5G(161, 0),         CHAN5G(165, 0),
292         CHAN5G(184, 0),         CHAN5G(188, 0),
293         CHAN5G(192, 0),         CHAN5G(196, 0),
294         CHAN5G(200, 0),         CHAN5G(204, 0),
295         CHAN5G(208, 0),         CHAN5G(212, 0),
296         CHAN5G(216, 0),
297 };
298 #undef CHAN5G
299
300 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
301         .band           = IEEE80211_BAND_5GHZ,
302         .channels       = b43_5ghz_nphy_chantable,
303         .n_channels     = ARRAY_SIZE(b43_5ghz_nphy_chantable),
304         .bitrates       = b43_a_ratetable,
305         .n_bitrates     = b43_a_ratetable_size,
306 };
307
308 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
309         .band           = IEEE80211_BAND_5GHZ,
310         .channels       = b43_5ghz_aphy_chantable,
311         .n_channels     = ARRAY_SIZE(b43_5ghz_aphy_chantable),
312         .bitrates       = b43_a_ratetable,
313         .n_bitrates     = b43_a_ratetable_size,
314 };
315
316 static struct ieee80211_supported_band b43_band_2GHz = {
317         .band           = IEEE80211_BAND_2GHZ,
318         .channels       = b43_2ghz_chantable,
319         .n_channels     = ARRAY_SIZE(b43_2ghz_chantable),
320         .bitrates       = b43_g_ratetable,
321         .n_bitrates     = b43_g_ratetable_size,
322 };
323
324 static void b43_wireless_core_exit(struct b43_wldev *dev);
325 static int b43_wireless_core_init(struct b43_wldev *dev);
326 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev);
327 static int b43_wireless_core_start(struct b43_wldev *dev);
328 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
329                                     struct ieee80211_vif *vif,
330                                     struct ieee80211_bss_conf *conf,
331                                     u32 changed);
332
333 static int b43_ratelimit(struct b43_wl *wl)
334 {
335         if (!wl || !wl->current_dev)
336                 return 1;
337         if (b43_status(wl->current_dev) < B43_STAT_STARTED)
338                 return 1;
339         /* We are up and running.
340          * Ratelimit the messages to avoid DoS over the net. */
341         return net_ratelimit();
342 }
343
344 void b43info(struct b43_wl *wl, const char *fmt, ...)
345 {
346         struct va_format vaf;
347         va_list args;
348
349         if (b43_modparam_verbose < B43_VERBOSITY_INFO)
350                 return;
351         if (!b43_ratelimit(wl))
352                 return;
353
354         va_start(args, fmt);
355
356         vaf.fmt = fmt;
357         vaf.va = &args;
358
359         printk(KERN_INFO "b43-%s: %pV",
360                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
361
362         va_end(args);
363 }
364
365 void b43err(struct b43_wl *wl, const char *fmt, ...)
366 {
367         struct va_format vaf;
368         va_list args;
369
370         if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
371                 return;
372         if (!b43_ratelimit(wl))
373                 return;
374
375         va_start(args, fmt);
376
377         vaf.fmt = fmt;
378         vaf.va = &args;
379
380         printk(KERN_ERR "b43-%s ERROR: %pV",
381                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
382
383         va_end(args);
384 }
385
386 void b43warn(struct b43_wl *wl, const char *fmt, ...)
387 {
388         struct va_format vaf;
389         va_list args;
390
391         if (b43_modparam_verbose < B43_VERBOSITY_WARN)
392                 return;
393         if (!b43_ratelimit(wl))
394                 return;
395
396         va_start(args, fmt);
397
398         vaf.fmt = fmt;
399         vaf.va = &args;
400
401         printk(KERN_WARNING "b43-%s warning: %pV",
402                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
403
404         va_end(args);
405 }
406
407 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
408 {
409         struct va_format vaf;
410         va_list args;
411
412         if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
413                 return;
414
415         va_start(args, fmt);
416
417         vaf.fmt = fmt;
418         vaf.va = &args;
419
420         printk(KERN_DEBUG "b43-%s debug: %pV",
421                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
422
423         va_end(args);
424 }
425
426 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
427 {
428         u32 macctl;
429
430         B43_WARN_ON(offset % 4 != 0);
431
432         macctl = b43_read32(dev, B43_MMIO_MACCTL);
433         if (macctl & B43_MACCTL_BE)
434                 val = swab32(val);
435
436         b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
437         mmiowb();
438         b43_write32(dev, B43_MMIO_RAM_DATA, val);
439 }
440
441 static inline void b43_shm_control_word(struct b43_wldev *dev,
442                                         u16 routing, u16 offset)
443 {
444         u32 control;
445
446         /* "offset" is the WORD offset. */
447         control = routing;
448         control <<= 16;
449         control |= offset;
450         b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
451 }
452
453 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
454 {
455         u32 ret;
456
457         if (routing == B43_SHM_SHARED) {
458                 B43_WARN_ON(offset & 0x0001);
459                 if (offset & 0x0003) {
460                         /* Unaligned access */
461                         b43_shm_control_word(dev, routing, offset >> 2);
462                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
463                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
464                         ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
465
466                         goto out;
467                 }
468                 offset >>= 2;
469         }
470         b43_shm_control_word(dev, routing, offset);
471         ret = b43_read32(dev, B43_MMIO_SHM_DATA);
472 out:
473         return ret;
474 }
475
476 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
477 {
478         u16 ret;
479
480         if (routing == B43_SHM_SHARED) {
481                 B43_WARN_ON(offset & 0x0001);
482                 if (offset & 0x0003) {
483                         /* Unaligned access */
484                         b43_shm_control_word(dev, routing, offset >> 2);
485                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
486
487                         goto out;
488                 }
489                 offset >>= 2;
490         }
491         b43_shm_control_word(dev, routing, offset);
492         ret = b43_read16(dev, B43_MMIO_SHM_DATA);
493 out:
494         return ret;
495 }
496
497 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
498 {
499         if (routing == B43_SHM_SHARED) {
500                 B43_WARN_ON(offset & 0x0001);
501                 if (offset & 0x0003) {
502                         /* Unaligned access */
503                         b43_shm_control_word(dev, routing, offset >> 2);
504                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
505                                     value & 0xFFFF);
506                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
507                         b43_write16(dev, B43_MMIO_SHM_DATA,
508                                     (value >> 16) & 0xFFFF);
509                         return;
510                 }
511                 offset >>= 2;
512         }
513         b43_shm_control_word(dev, routing, offset);
514         b43_write32(dev, B43_MMIO_SHM_DATA, value);
515 }
516
517 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
518 {
519         if (routing == B43_SHM_SHARED) {
520                 B43_WARN_ON(offset & 0x0001);
521                 if (offset & 0x0003) {
522                         /* Unaligned access */
523                         b43_shm_control_word(dev, routing, offset >> 2);
524                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
525                         return;
526                 }
527                 offset >>= 2;
528         }
529         b43_shm_control_word(dev, routing, offset);
530         b43_write16(dev, B43_MMIO_SHM_DATA, value);
531 }
532
533 /* Read HostFlags */
534 u64 b43_hf_read(struct b43_wldev *dev)
535 {
536         u64 ret;
537
538         ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3);
539         ret <<= 16;
540         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2);
541         ret <<= 16;
542         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1);
543
544         return ret;
545 }
546
547 /* Write HostFlags */
548 void b43_hf_write(struct b43_wldev *dev, u64 value)
549 {
550         u16 lo, mi, hi;
551
552         lo = (value & 0x00000000FFFFULL);
553         mi = (value & 0x0000FFFF0000ULL) >> 16;
554         hi = (value & 0xFFFF00000000ULL) >> 32;
555         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1, lo);
556         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2, mi);
557         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3, hi);
558 }
559
560 /* Read the firmware capabilities bitmask (Opensource firmware only) */
561 static u16 b43_fwcapa_read(struct b43_wldev *dev)
562 {
563         B43_WARN_ON(!dev->fw.opensource);
564         return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
565 }
566
567 void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
568 {
569         u32 low, high;
570
571         B43_WARN_ON(dev->dev->core_rev < 3);
572
573         /* The hardware guarantees us an atomic read, if we
574          * read the low register first. */
575         low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
576         high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
577
578         *tsf = high;
579         *tsf <<= 32;
580         *tsf |= low;
581 }
582
583 static void b43_time_lock(struct b43_wldev *dev)
584 {
585         b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_TBTTHOLD);
586         /* Commit the write */
587         b43_read32(dev, B43_MMIO_MACCTL);
588 }
589
590 static void b43_time_unlock(struct b43_wldev *dev)
591 {
592         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_TBTTHOLD, 0);
593         /* Commit the write */
594         b43_read32(dev, B43_MMIO_MACCTL);
595 }
596
597 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
598 {
599         u32 low, high;
600
601         B43_WARN_ON(dev->dev->core_rev < 3);
602
603         low = tsf;
604         high = (tsf >> 32);
605         /* The hardware guarantees us an atomic write, if we
606          * write the low register first. */
607         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
608         mmiowb();
609         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
610         mmiowb();
611 }
612
613 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
614 {
615         b43_time_lock(dev);
616         b43_tsf_write_locked(dev, tsf);
617         b43_time_unlock(dev);
618 }
619
620 static
621 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
622 {
623         static const u8 zero_addr[ETH_ALEN] = { 0 };
624         u16 data;
625
626         if (!mac)
627                 mac = zero_addr;
628
629         offset |= 0x0020;
630         b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
631
632         data = mac[0];
633         data |= mac[1] << 8;
634         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
635         data = mac[2];
636         data |= mac[3] << 8;
637         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
638         data = mac[4];
639         data |= mac[5] << 8;
640         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
641 }
642
643 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
644 {
645         const u8 *mac;
646         const u8 *bssid;
647         u8 mac_bssid[ETH_ALEN * 2];
648         int i;
649         u32 tmp;
650
651         bssid = dev->wl->bssid;
652         mac = dev->wl->mac_addr;
653
654         b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
655
656         memcpy(mac_bssid, mac, ETH_ALEN);
657         memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
658
659         /* Write our MAC address and BSSID to template ram */
660         for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
661                 tmp = (u32) (mac_bssid[i + 0]);
662                 tmp |= (u32) (mac_bssid[i + 1]) << 8;
663                 tmp |= (u32) (mac_bssid[i + 2]) << 16;
664                 tmp |= (u32) (mac_bssid[i + 3]) << 24;
665                 b43_ram_write(dev, 0x20 + i, tmp);
666         }
667 }
668
669 static void b43_upload_card_macaddress(struct b43_wldev *dev)
670 {
671         b43_write_mac_bssid_templates(dev);
672         b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
673 }
674
675 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
676 {
677         /* slot_time is in usec. */
678         /* This test used to exit for all but a G PHY. */
679         if (b43_current_band(dev->wl) == IEEE80211_BAND_5GHZ)
680                 return;
681         b43_write16(dev, B43_MMIO_IFSSLOT, 510 + slot_time);
682         /* Shared memory location 0x0010 is the slot time and should be
683          * set to slot_time; however, this register is initially 0 and changing
684          * the value adversely affects the transmit rate for BCM4311
685          * devices. Until this behavior is unterstood, delete this step
686          *
687          * b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
688          */
689 }
690
691 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
692 {
693         b43_set_slot_time(dev, 9);
694 }
695
696 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
697 {
698         b43_set_slot_time(dev, 20);
699 }
700
701 /* DummyTransmission function, as documented on
702  * http://bcm-v4.sipsolutions.net/802.11/DummyTransmission
703  */
704 void b43_dummy_transmission(struct b43_wldev *dev, bool ofdm, bool pa_on)
705 {
706         struct b43_phy *phy = &dev->phy;
707         unsigned int i, max_loop;
708         u16 value;
709         u32 buffer[5] = {
710                 0x00000000,
711                 0x00D40000,
712                 0x00000000,
713                 0x01000000,
714                 0x00000000,
715         };
716
717         if (ofdm) {
718                 max_loop = 0x1E;
719                 buffer[0] = 0x000201CC;
720         } else {
721                 max_loop = 0xFA;
722                 buffer[0] = 0x000B846E;
723         }
724
725         for (i = 0; i < 5; i++)
726                 b43_ram_write(dev, i * 4, buffer[i]);
727
728         b43_write16(dev, B43_MMIO_XMTSEL, 0x0000);
729
730         if (dev->dev->core_rev < 11)
731                 b43_write16(dev, B43_MMIO_WEPCTL, 0x0000);
732         else
733                 b43_write16(dev, B43_MMIO_WEPCTL, 0x0100);
734
735         value = (ofdm ? 0x41 : 0x40);
736         b43_write16(dev, B43_MMIO_TXE0_PHYCTL, value);
737         if (phy->type == B43_PHYTYPE_N || phy->type == B43_PHYTYPE_LP ||
738             phy->type == B43_PHYTYPE_LCN)
739                 b43_write16(dev, B43_MMIO_TXE0_PHYCTL1, 0x1A02);
740
741         b43_write16(dev, B43_MMIO_TXE0_WM_0, 0x0000);
742         b43_write16(dev, B43_MMIO_TXE0_WM_1, 0x0000);
743
744         b43_write16(dev, B43_MMIO_XMTTPLATETXPTR, 0x0000);
745         b43_write16(dev, B43_MMIO_XMTTXCNT, 0x0014);
746         b43_write16(dev, B43_MMIO_XMTSEL, 0x0826);
747         b43_write16(dev, B43_MMIO_TXE0_CTL, 0x0000);
748
749         if (!pa_on && phy->type == B43_PHYTYPE_N)
750                 ; /*b43_nphy_pa_override(dev, false) */
751
752         switch (phy->type) {
753         case B43_PHYTYPE_N:
754         case B43_PHYTYPE_LCN:
755                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x00D0);
756                 break;
757         case B43_PHYTYPE_LP:
758                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0050);
759                 break;
760         default:
761                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0030);
762         }
763         b43_read16(dev, B43_MMIO_TXE0_AUX);
764
765         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
766                 b43_radio_write16(dev, 0x0051, 0x0017);
767         for (i = 0x00; i < max_loop; i++) {
768                 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
769                 if (value & 0x0080)
770                         break;
771                 udelay(10);
772         }
773         for (i = 0x00; i < 0x0A; i++) {
774                 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
775                 if (value & 0x0400)
776                         break;
777                 udelay(10);
778         }
779         for (i = 0x00; i < 0x19; i++) {
780                 value = b43_read16(dev, B43_MMIO_IFSSTAT);
781                 if (!(value & 0x0100))
782                         break;
783                 udelay(10);
784         }
785         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
786                 b43_radio_write16(dev, 0x0051, 0x0037);
787 }
788
789 static void key_write(struct b43_wldev *dev,
790                       u8 index, u8 algorithm, const u8 *key)
791 {
792         unsigned int i;
793         u32 offset;
794         u16 value;
795         u16 kidx;
796
797         /* Key index/algo block */
798         kidx = b43_kidx_to_fw(dev, index);
799         value = ((kidx << 4) | algorithm);
800         b43_shm_write16(dev, B43_SHM_SHARED,
801                         B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
802
803         /* Write the key to the Key Table Pointer offset */
804         offset = dev->ktp + (index * B43_SEC_KEYSIZE);
805         for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
806                 value = key[i];
807                 value |= (u16) (key[i + 1]) << 8;
808                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
809         }
810 }
811
812 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
813 {
814         u32 addrtmp[2] = { 0, 0, };
815         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
816
817         if (b43_new_kidx_api(dev))
818                 pairwise_keys_start = B43_NR_GROUP_KEYS;
819
820         B43_WARN_ON(index < pairwise_keys_start);
821         /* We have four default TX keys and possibly four default RX keys.
822          * Physical mac 0 is mapped to physical key 4 or 8, depending
823          * on the firmware version.
824          * So we must adjust the index here.
825          */
826         index -= pairwise_keys_start;
827         B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
828
829         if (addr) {
830                 addrtmp[0] = addr[0];
831                 addrtmp[0] |= ((u32) (addr[1]) << 8);
832                 addrtmp[0] |= ((u32) (addr[2]) << 16);
833                 addrtmp[0] |= ((u32) (addr[3]) << 24);
834                 addrtmp[1] = addr[4];
835                 addrtmp[1] |= ((u32) (addr[5]) << 8);
836         }
837
838         /* Receive match transmitter address (RCMTA) mechanism */
839         b43_shm_write32(dev, B43_SHM_RCMTA,
840                         (index * 2) + 0, addrtmp[0]);
841         b43_shm_write16(dev, B43_SHM_RCMTA,
842                         (index * 2) + 1, addrtmp[1]);
843 }
844
845 /* The ucode will use phase1 key with TEK key to decrypt rx packets.
846  * When a packet is received, the iv32 is checked.
847  * - if it doesn't the packet is returned without modification (and software
848  *   decryption can be done). That's what happen when iv16 wrap.
849  * - if it does, the rc4 key is computed, and decryption is tried.
850  *   Either it will success and B43_RX_MAC_DEC is returned,
851  *   either it fails and B43_RX_MAC_DEC|B43_RX_MAC_DECERR is returned
852  *   and the packet is not usable (it got modified by the ucode).
853  * So in order to never have B43_RX_MAC_DECERR, we should provide
854  * a iv32 and phase1key that match. Because we drop packets in case of
855  * B43_RX_MAC_DECERR, if we have a correct iv32 but a wrong phase1key, all
856  * packets will be lost without higher layer knowing (ie no resync possible
857  * until next wrap).
858  *
859  * NOTE : this should support 50 key like RCMTA because
860  * (B43_SHM_SH_KEYIDXBLOCK - B43_SHM_SH_TKIPTSCTTAK)/14 = 50
861  */
862 static void rx_tkip_phase1_write(struct b43_wldev *dev, u8 index, u32 iv32,
863                 u16 *phase1key)
864 {
865         unsigned int i;
866         u32 offset;
867         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
868
869         if (!modparam_hwtkip)
870                 return;
871
872         if (b43_new_kidx_api(dev))
873                 pairwise_keys_start = B43_NR_GROUP_KEYS;
874
875         B43_WARN_ON(index < pairwise_keys_start);
876         /* We have four default TX keys and possibly four default RX keys.
877          * Physical mac 0 is mapped to physical key 4 or 8, depending
878          * on the firmware version.
879          * So we must adjust the index here.
880          */
881         index -= pairwise_keys_start;
882         B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
883
884         if (b43_debug(dev, B43_DBG_KEYS)) {
885                 b43dbg(dev->wl, "rx_tkip_phase1_write : idx 0x%x, iv32 0x%x\n",
886                                 index, iv32);
887         }
888         /* Write the key to the  RX tkip shared mem */
889         offset = B43_SHM_SH_TKIPTSCTTAK + index * (10 + 4);
890         for (i = 0; i < 10; i += 2) {
891                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i,
892                                 phase1key ? phase1key[i / 2] : 0);
893         }
894         b43_shm_write16(dev, B43_SHM_SHARED, offset + i, iv32);
895         b43_shm_write16(dev, B43_SHM_SHARED, offset + i + 2, iv32 >> 16);
896 }
897
898 static void b43_op_update_tkip_key(struct ieee80211_hw *hw,
899                                    struct ieee80211_vif *vif,
900                                    struct ieee80211_key_conf *keyconf,
901                                    struct ieee80211_sta *sta,
902                                    u32 iv32, u16 *phase1key)
903 {
904         struct b43_wl *wl = hw_to_b43_wl(hw);
905         struct b43_wldev *dev;
906         int index = keyconf->hw_key_idx;
907
908         if (B43_WARN_ON(!modparam_hwtkip))
909                 return;
910
911         /* This is only called from the RX path through mac80211, where
912          * our mutex is already locked. */
913         B43_WARN_ON(!mutex_is_locked(&wl->mutex));
914         dev = wl->current_dev;
915         B43_WARN_ON(!dev || b43_status(dev) < B43_STAT_INITIALIZED);
916
917         keymac_write(dev, index, NULL); /* First zero out mac to avoid race */
918
919         rx_tkip_phase1_write(dev, index, iv32, phase1key);
920         /* only pairwise TKIP keys are supported right now */
921         if (WARN_ON(!sta))
922                 return;
923         keymac_write(dev, index, sta->addr);
924 }
925
926 static void do_key_write(struct b43_wldev *dev,
927                          u8 index, u8 algorithm,
928                          const u8 *key, size_t key_len, const u8 *mac_addr)
929 {
930         u8 buf[B43_SEC_KEYSIZE] = { 0, };
931         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
932
933         if (b43_new_kidx_api(dev))
934                 pairwise_keys_start = B43_NR_GROUP_KEYS;
935
936         B43_WARN_ON(index >= ARRAY_SIZE(dev->key));
937         B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
938
939         if (index >= pairwise_keys_start)
940                 keymac_write(dev, index, NULL); /* First zero out mac. */
941         if (algorithm == B43_SEC_ALGO_TKIP) {
942                 /*
943                  * We should provide an initial iv32, phase1key pair.
944                  * We could start with iv32=0 and compute the corresponding
945                  * phase1key, but this means calling ieee80211_get_tkip_key
946                  * with a fake skb (or export other tkip function).
947                  * Because we are lazy we hope iv32 won't start with
948                  * 0xffffffff and let's b43_op_update_tkip_key provide a
949                  * correct pair.
950                  */
951                 rx_tkip_phase1_write(dev, index, 0xffffffff, (u16*)buf);
952         } else if (index >= pairwise_keys_start) /* clear it */
953                 rx_tkip_phase1_write(dev, index, 0, NULL);
954         if (key)
955                 memcpy(buf, key, key_len);
956         key_write(dev, index, algorithm, buf);
957         if (index >= pairwise_keys_start)
958                 keymac_write(dev, index, mac_addr);
959
960         dev->key[index].algorithm = algorithm;
961 }
962
963 static int b43_key_write(struct b43_wldev *dev,
964                          int index, u8 algorithm,
965                          const u8 *key, size_t key_len,
966                          const u8 *mac_addr,
967                          struct ieee80211_key_conf *keyconf)
968 {
969         int i;
970         int pairwise_keys_start;
971
972         /* For ALG_TKIP the key is encoded as a 256-bit (32 byte) data block:
973          *      - Temporal Encryption Key (128 bits)
974          *      - Temporal Authenticator Tx MIC Key (64 bits)
975          *      - Temporal Authenticator Rx MIC Key (64 bits)
976          *
977          *      Hardware only store TEK
978          */
979         if (algorithm == B43_SEC_ALGO_TKIP && key_len == 32)
980                 key_len = 16;
981         if (key_len > B43_SEC_KEYSIZE)
982                 return -EINVAL;
983         for (i = 0; i < ARRAY_SIZE(dev->key); i++) {
984                 /* Check that we don't already have this key. */
985                 B43_WARN_ON(dev->key[i].keyconf == keyconf);
986         }
987         if (index < 0) {
988                 /* Pairwise key. Get an empty slot for the key. */
989                 if (b43_new_kidx_api(dev))
990                         pairwise_keys_start = B43_NR_GROUP_KEYS;
991                 else
992                         pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
993                 for (i = pairwise_keys_start;
994                      i < pairwise_keys_start + B43_NR_PAIRWISE_KEYS;
995                      i++) {
996                         B43_WARN_ON(i >= ARRAY_SIZE(dev->key));
997                         if (!dev->key[i].keyconf) {
998                                 /* found empty */
999                                 index = i;
1000                                 break;
1001                         }
1002                 }
1003                 if (index < 0) {
1004                         b43warn(dev->wl, "Out of hardware key memory\n");
1005                         return -ENOSPC;
1006                 }
1007         } else
1008                 B43_WARN_ON(index > 3);
1009
1010         do_key_write(dev, index, algorithm, key, key_len, mac_addr);
1011         if ((index <= 3) && !b43_new_kidx_api(dev)) {
1012                 /* Default RX key */
1013                 B43_WARN_ON(mac_addr);
1014                 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
1015         }
1016         keyconf->hw_key_idx = index;
1017         dev->key[index].keyconf = keyconf;
1018
1019         return 0;
1020 }
1021
1022 static int b43_key_clear(struct b43_wldev *dev, int index)
1023 {
1024         if (B43_WARN_ON((index < 0) || (index >= ARRAY_SIZE(dev->key))))
1025                 return -EINVAL;
1026         do_key_write(dev, index, B43_SEC_ALGO_NONE,
1027                      NULL, B43_SEC_KEYSIZE, NULL);
1028         if ((index <= 3) && !b43_new_kidx_api(dev)) {
1029                 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
1030                              NULL, B43_SEC_KEYSIZE, NULL);
1031         }
1032         dev->key[index].keyconf = NULL;
1033
1034         return 0;
1035 }
1036
1037 static void b43_clear_keys(struct b43_wldev *dev)
1038 {
1039         int i, count;
1040
1041         if (b43_new_kidx_api(dev))
1042                 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1043         else
1044                 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1045         for (i = 0; i < count; i++)
1046                 b43_key_clear(dev, i);
1047 }
1048
1049 static void b43_dump_keymemory(struct b43_wldev *dev)
1050 {
1051         unsigned int i, index, count, offset, pairwise_keys_start;
1052         u8 mac[ETH_ALEN];
1053         u16 algo;
1054         u32 rcmta0;
1055         u16 rcmta1;
1056         u64 hf;
1057         struct b43_key *key;
1058
1059         if (!b43_debug(dev, B43_DBG_KEYS))
1060                 return;
1061
1062         hf = b43_hf_read(dev);
1063         b43dbg(dev->wl, "Hardware key memory dump:  USEDEFKEYS=%u\n",
1064                !!(hf & B43_HF_USEDEFKEYS));
1065         if (b43_new_kidx_api(dev)) {
1066                 pairwise_keys_start = B43_NR_GROUP_KEYS;
1067                 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1068         } else {
1069                 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1070                 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1071         }
1072         for (index = 0; index < count; index++) {
1073                 key = &(dev->key[index]);
1074                 printk(KERN_DEBUG "Key slot %02u: %s",
1075                        index, (key->keyconf == NULL) ? " " : "*");
1076                 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
1077                 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
1078                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1079                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1080                 }
1081
1082                 algo = b43_shm_read16(dev, B43_SHM_SHARED,
1083                                       B43_SHM_SH_KEYIDXBLOCK + (index * 2));
1084                 printk("   Algo: %04X/%02X", algo, key->algorithm);
1085
1086                 if (index >= pairwise_keys_start) {
1087                         if (key->algorithm == B43_SEC_ALGO_TKIP) {
1088                                 printk("   TKIP: ");
1089                                 offset = B43_SHM_SH_TKIPTSCTTAK + (index - 4) * (10 + 4);
1090                                 for (i = 0; i < 14; i += 2) {
1091                                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1092                                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1093                                 }
1094                         }
1095                         rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
1096                                                 ((index - pairwise_keys_start) * 2) + 0);
1097                         rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
1098                                                 ((index - pairwise_keys_start) * 2) + 1);
1099                         *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
1100                         *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
1101                         printk("   MAC: %pM", mac);
1102                 } else
1103                         printk("   DEFAULT KEY");
1104                 printk("\n");
1105         }
1106 }
1107
1108 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1109 {
1110         u32 macctl;
1111         u16 ucstat;
1112         bool hwps;
1113         bool awake;
1114         int i;
1115
1116         B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1117                     (ps_flags & B43_PS_DISABLED));
1118         B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1119
1120         if (ps_flags & B43_PS_ENABLED) {
1121                 hwps = true;
1122         } else if (ps_flags & B43_PS_DISABLED) {
1123                 hwps = false;
1124         } else {
1125                 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1126                 //      and thus is not an AP and we are associated, set bit 25
1127         }
1128         if (ps_flags & B43_PS_AWAKE) {
1129                 awake = true;
1130         } else if (ps_flags & B43_PS_ASLEEP) {
1131                 awake = false;
1132         } else {
1133                 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1134                 //      or we are associated, or FIXME, or the latest PS-Poll packet sent was
1135                 //      successful, set bit26
1136         }
1137
1138 /* FIXME: For now we force awake-on and hwps-off */
1139         hwps = false;
1140         awake = true;
1141
1142         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1143         if (hwps)
1144                 macctl |= B43_MACCTL_HWPS;
1145         else
1146                 macctl &= ~B43_MACCTL_HWPS;
1147         if (awake)
1148                 macctl |= B43_MACCTL_AWAKE;
1149         else
1150                 macctl &= ~B43_MACCTL_AWAKE;
1151         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1152         /* Commit write */
1153         b43_read32(dev, B43_MMIO_MACCTL);
1154         if (awake && dev->dev->core_rev >= 5) {
1155                 /* Wait for the microcode to wake up. */
1156                 for (i = 0; i < 100; i++) {
1157                         ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1158                                                 B43_SHM_SH_UCODESTAT);
1159                         if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1160                                 break;
1161                         udelay(10);
1162                 }
1163         }
1164 }
1165
1166 #ifdef CONFIG_B43_BCMA
1167 static void b43_bcma_phy_reset(struct b43_wldev *dev)
1168 {
1169         u32 flags;
1170
1171         /* Put PHY into reset */
1172         flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1173         flags |= B43_BCMA_IOCTL_PHY_RESET;
1174         flags |= B43_BCMA_IOCTL_PHY_BW_20MHZ; /* Make 20 MHz def */
1175         bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1176         udelay(2);
1177
1178         /* Take PHY out of reset */
1179         flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1180         flags &= ~B43_BCMA_IOCTL_PHY_RESET;
1181         flags |= BCMA_IOCTL_FGC;
1182         bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1183         udelay(1);
1184
1185         /* Do not force clock anymore */
1186         flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1187         flags &= ~BCMA_IOCTL_FGC;
1188         bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1189         udelay(1);
1190 }
1191
1192 static void b43_bcma_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1193 {
1194         u32 req = B43_BCMA_CLKCTLST_80211_PLL_REQ |
1195                   B43_BCMA_CLKCTLST_PHY_PLL_REQ;
1196         u32 status = B43_BCMA_CLKCTLST_80211_PLL_ST |
1197                      B43_BCMA_CLKCTLST_PHY_PLL_ST;
1198
1199         b43_device_enable(dev, B43_BCMA_IOCTL_PHY_CLKEN);
1200         bcma_core_set_clockmode(dev->dev->bdev, BCMA_CLKMODE_FAST);
1201         b43_bcma_phy_reset(dev);
1202         bcma_core_pll_ctl(dev->dev->bdev, req, status, true);
1203 }
1204 #endif
1205
1206 static void b43_ssb_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1207 {
1208         struct ssb_device *sdev = dev->dev->sdev;
1209         u32 tmslow;
1210         u32 flags = 0;
1211
1212         if (gmode)
1213                 flags |= B43_TMSLOW_GMODE;
1214         flags |= B43_TMSLOW_PHYCLKEN;
1215         flags |= B43_TMSLOW_PHYRESET;
1216         if (dev->phy.type == B43_PHYTYPE_N)
1217                 flags |= B43_TMSLOW_PHY_BANDWIDTH_20MHZ; /* Make 20 MHz def */
1218         b43_device_enable(dev, flags);
1219         msleep(2);              /* Wait for the PLL to turn on. */
1220
1221         /* Now take the PHY out of Reset again */
1222         tmslow = ssb_read32(sdev, SSB_TMSLOW);
1223         tmslow |= SSB_TMSLOW_FGC;
1224         tmslow &= ~B43_TMSLOW_PHYRESET;
1225         ssb_write32(sdev, SSB_TMSLOW, tmslow);
1226         ssb_read32(sdev, SSB_TMSLOW);   /* flush */
1227         msleep(1);
1228         tmslow &= ~SSB_TMSLOW_FGC;
1229         ssb_write32(sdev, SSB_TMSLOW, tmslow);
1230         ssb_read32(sdev, SSB_TMSLOW);   /* flush */
1231         msleep(1);
1232 }
1233
1234 void b43_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1235 {
1236         u32 macctl;
1237
1238         switch (dev->dev->bus_type) {
1239 #ifdef CONFIG_B43_BCMA
1240         case B43_BUS_BCMA:
1241                 b43_bcma_wireless_core_reset(dev, gmode);
1242                 break;
1243 #endif
1244 #ifdef CONFIG_B43_SSB
1245         case B43_BUS_SSB:
1246                 b43_ssb_wireless_core_reset(dev, gmode);
1247                 break;
1248 #endif
1249         }
1250
1251         /* Turn Analog ON, but only if we already know the PHY-type.
1252          * This protects against very early setup where we don't know the
1253          * PHY-type, yet. wireless_core_reset will be called once again later,
1254          * when we know the PHY-type. */
1255         if (dev->phy.ops)
1256                 dev->phy.ops->switch_analog(dev, 1);
1257
1258         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1259         macctl &= ~B43_MACCTL_GMODE;
1260         if (gmode)
1261                 macctl |= B43_MACCTL_GMODE;
1262         macctl |= B43_MACCTL_IHR_ENABLED;
1263         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1264 }
1265
1266 static void handle_irq_transmit_status(struct b43_wldev *dev)
1267 {
1268         u32 v0, v1;
1269         u16 tmp;
1270         struct b43_txstatus stat;
1271
1272         while (1) {
1273                 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1274                 if (!(v0 & 0x00000001))
1275                         break;
1276                 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1277
1278                 stat.cookie = (v0 >> 16);
1279                 stat.seq = (v1 & 0x0000FFFF);
1280                 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1281                 tmp = (v0 & 0x0000FFFF);
1282                 stat.frame_count = ((tmp & 0xF000) >> 12);
1283                 stat.rts_count = ((tmp & 0x0F00) >> 8);
1284                 stat.supp_reason = ((tmp & 0x001C) >> 2);
1285                 stat.pm_indicated = !!(tmp & 0x0080);
1286                 stat.intermediate = !!(tmp & 0x0040);
1287                 stat.for_ampdu = !!(tmp & 0x0020);
1288                 stat.acked = !!(tmp & 0x0002);
1289
1290                 b43_handle_txstatus(dev, &stat);
1291         }
1292 }
1293
1294 static void drain_txstatus_queue(struct b43_wldev *dev)
1295 {
1296         u32 dummy;
1297
1298         if (dev->dev->core_rev < 5)
1299                 return;
1300         /* Read all entries from the microcode TXstatus FIFO
1301          * and throw them away.
1302          */
1303         while (1) {
1304                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1305                 if (!(dummy & 0x00000001))
1306                         break;
1307                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1308         }
1309 }
1310
1311 static u32 b43_jssi_read(struct b43_wldev *dev)
1312 {
1313         u32 val = 0;
1314
1315         val = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1);
1316         val <<= 16;
1317         val |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0);
1318
1319         return val;
1320 }
1321
1322 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1323 {
1324         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0,
1325                         (jssi & 0x0000FFFF));
1326         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1,
1327                         (jssi & 0xFFFF0000) >> 16);
1328 }
1329
1330 static void b43_generate_noise_sample(struct b43_wldev *dev)
1331 {
1332         b43_jssi_write(dev, 0x7F7F7F7F);
1333         b43_write32(dev, B43_MMIO_MACCMD,
1334                     b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1335 }
1336
1337 static void b43_calculate_link_quality(struct b43_wldev *dev)
1338 {
1339         /* Top half of Link Quality calculation. */
1340
1341         if (dev->phy.type != B43_PHYTYPE_G)
1342                 return;
1343         if (dev->noisecalc.calculation_running)
1344                 return;
1345         dev->noisecalc.calculation_running = true;
1346         dev->noisecalc.nr_samples = 0;
1347
1348         b43_generate_noise_sample(dev);
1349 }
1350
1351 static void handle_irq_noise(struct b43_wldev *dev)
1352 {
1353         struct b43_phy_g *phy = dev->phy.g;
1354         u16 tmp;
1355         u8 noise[4];
1356         u8 i, j;
1357         s32 average;
1358
1359         /* Bottom half of Link Quality calculation. */
1360
1361         if (dev->phy.type != B43_PHYTYPE_G)
1362                 return;
1363
1364         /* Possible race condition: It might be possible that the user
1365          * changed to a different channel in the meantime since we
1366          * started the calculation. We ignore that fact, since it's
1367          * not really that much of a problem. The background noise is
1368          * an estimation only anyway. Slightly wrong results will get damped
1369          * by the averaging of the 8 sample rounds. Additionally the
1370          * value is shortlived. So it will be replaced by the next noise
1371          * calculation round soon. */
1372
1373         B43_WARN_ON(!dev->noisecalc.calculation_running);
1374         *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1375         if (noise[0] == 0x7F || noise[1] == 0x7F ||
1376             noise[2] == 0x7F || noise[3] == 0x7F)
1377                 goto generate_new;
1378
1379         /* Get the noise samples. */
1380         B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1381         i = dev->noisecalc.nr_samples;
1382         noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1383         noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1384         noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1385         noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1386         dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1387         dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1388         dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1389         dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1390         dev->noisecalc.nr_samples++;
1391         if (dev->noisecalc.nr_samples == 8) {
1392                 /* Calculate the Link Quality by the noise samples. */
1393                 average = 0;
1394                 for (i = 0; i < 8; i++) {
1395                         for (j = 0; j < 4; j++)
1396                                 average += dev->noisecalc.samples[i][j];
1397                 }
1398                 average /= (8 * 4);
1399                 average *= 125;
1400                 average += 64;
1401                 average /= 128;
1402                 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1403                 tmp = (tmp / 128) & 0x1F;
1404                 if (tmp >= 8)
1405                         average += 2;
1406                 else
1407                         average -= 25;
1408                 if (tmp == 8)
1409                         average -= 72;
1410                 else
1411                         average -= 48;
1412
1413                 dev->stats.link_noise = average;
1414                 dev->noisecalc.calculation_running = false;
1415                 return;
1416         }
1417 generate_new:
1418         b43_generate_noise_sample(dev);
1419 }
1420
1421 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1422 {
1423         if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1424                 ///TODO: PS TBTT
1425         } else {
1426                 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1427                         b43_power_saving_ctl_bits(dev, 0);
1428         }
1429         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1430                 dev->dfq_valid = true;
1431 }
1432
1433 static void handle_irq_atim_end(struct b43_wldev *dev)
1434 {
1435         if (dev->dfq_valid) {
1436                 b43_write32(dev, B43_MMIO_MACCMD,
1437                             b43_read32(dev, B43_MMIO_MACCMD)
1438                             | B43_MACCMD_DFQ_VALID);
1439                 dev->dfq_valid = false;
1440         }
1441 }
1442
1443 static void handle_irq_pmq(struct b43_wldev *dev)
1444 {
1445         u32 tmp;
1446
1447         //TODO: AP mode.
1448
1449         while (1) {
1450                 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1451                 if (!(tmp & 0x00000008))
1452                         break;
1453         }
1454         /* 16bit write is odd, but correct. */
1455         b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1456 }
1457
1458 static void b43_write_template_common(struct b43_wldev *dev,
1459                                       const u8 *data, u16 size,
1460                                       u16 ram_offset,
1461                                       u16 shm_size_offset, u8 rate)
1462 {
1463         u32 i, tmp;
1464         struct b43_plcp_hdr4 plcp;
1465
1466         plcp.data = 0;
1467         b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1468         b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1469         ram_offset += sizeof(u32);
1470         /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1471          * So leave the first two bytes of the next write blank.
1472          */
1473         tmp = (u32) (data[0]) << 16;
1474         tmp |= (u32) (data[1]) << 24;
1475         b43_ram_write(dev, ram_offset, tmp);
1476         ram_offset += sizeof(u32);
1477         for (i = 2; i < size; i += sizeof(u32)) {
1478                 tmp = (u32) (data[i + 0]);
1479                 if (i + 1 < size)
1480                         tmp |= (u32) (data[i + 1]) << 8;
1481                 if (i + 2 < size)
1482                         tmp |= (u32) (data[i + 2]) << 16;
1483                 if (i + 3 < size)
1484                         tmp |= (u32) (data[i + 3]) << 24;
1485                 b43_ram_write(dev, ram_offset + i - 2, tmp);
1486         }
1487         b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1488                         size + sizeof(struct b43_plcp_hdr6));
1489 }
1490
1491 /* Check if the use of the antenna that ieee80211 told us to
1492  * use is possible. This will fall back to DEFAULT.
1493  * "antenna_nr" is the antenna identifier we got from ieee80211. */
1494 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1495                                   u8 antenna_nr)
1496 {
1497         u8 antenna_mask;
1498
1499         if (antenna_nr == 0) {
1500                 /* Zero means "use default antenna". That's always OK. */
1501                 return 0;
1502         }
1503
1504         /* Get the mask of available antennas. */
1505         if (dev->phy.gmode)
1506                 antenna_mask = dev->dev->bus_sprom->ant_available_bg;
1507         else
1508                 antenna_mask = dev->dev->bus_sprom->ant_available_a;
1509
1510         if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1511                 /* This antenna is not available. Fall back to default. */
1512                 return 0;
1513         }
1514
1515         return antenna_nr;
1516 }
1517
1518 /* Convert a b43 antenna number value to the PHY TX control value. */
1519 static u16 b43_antenna_to_phyctl(int antenna)
1520 {
1521         switch (antenna) {
1522         case B43_ANTENNA0:
1523                 return B43_TXH_PHY_ANT0;
1524         case B43_ANTENNA1:
1525                 return B43_TXH_PHY_ANT1;
1526         case B43_ANTENNA2:
1527                 return B43_TXH_PHY_ANT2;
1528         case B43_ANTENNA3:
1529                 return B43_TXH_PHY_ANT3;
1530         case B43_ANTENNA_AUTO0:
1531         case B43_ANTENNA_AUTO1:
1532                 return B43_TXH_PHY_ANT01AUTO;
1533         }
1534         B43_WARN_ON(1);
1535         return 0;
1536 }
1537
1538 static void b43_write_beacon_template(struct b43_wldev *dev,
1539                                       u16 ram_offset,
1540                                       u16 shm_size_offset)
1541 {
1542         unsigned int i, len, variable_len;
1543         const struct ieee80211_mgmt *bcn;
1544         const u8 *ie;
1545         bool tim_found = false;
1546         unsigned int rate;
1547         u16 ctl;
1548         int antenna;
1549         struct ieee80211_tx_info *info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1550
1551         bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1552         len = min((size_t) dev->wl->current_beacon->len,
1553                   0x200 - sizeof(struct b43_plcp_hdr6));
1554         rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1555
1556         b43_write_template_common(dev, (const u8 *)bcn,
1557                                   len, ram_offset, shm_size_offset, rate);
1558
1559         /* Write the PHY TX control parameters. */
1560         antenna = B43_ANTENNA_DEFAULT;
1561         antenna = b43_antenna_to_phyctl(antenna);
1562         ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1563         /* We can't send beacons with short preamble. Would get PHY errors. */
1564         ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1565         ctl &= ~B43_TXH_PHY_ANT;
1566         ctl &= ~B43_TXH_PHY_ENC;
1567         ctl |= antenna;
1568         if (b43_is_cck_rate(rate))
1569                 ctl |= B43_TXH_PHY_ENC_CCK;
1570         else
1571                 ctl |= B43_TXH_PHY_ENC_OFDM;
1572         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1573
1574         /* Find the position of the TIM and the DTIM_period value
1575          * and write them to SHM. */
1576         ie = bcn->u.beacon.variable;
1577         variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1578         for (i = 0; i < variable_len - 2; ) {
1579                 uint8_t ie_id, ie_len;
1580
1581                 ie_id = ie[i];
1582                 ie_len = ie[i + 1];
1583                 if (ie_id == 5) {
1584                         u16 tim_position;
1585                         u16 dtim_period;
1586                         /* This is the TIM Information Element */
1587
1588                         /* Check whether the ie_len is in the beacon data range. */
1589                         if (variable_len < ie_len + 2 + i)
1590                                 break;
1591                         /* A valid TIM is at least 4 bytes long. */
1592                         if (ie_len < 4)
1593                                 break;
1594                         tim_found = true;
1595
1596                         tim_position = sizeof(struct b43_plcp_hdr6);
1597                         tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1598                         tim_position += i;
1599
1600                         dtim_period = ie[i + 3];
1601
1602                         b43_shm_write16(dev, B43_SHM_SHARED,
1603                                         B43_SHM_SH_TIMBPOS, tim_position);
1604                         b43_shm_write16(dev, B43_SHM_SHARED,
1605                                         B43_SHM_SH_DTIMPER, dtim_period);
1606                         break;
1607                 }
1608                 i += ie_len + 2;
1609         }
1610         if (!tim_found) {
1611                 /*
1612                  * If ucode wants to modify TIM do it behind the beacon, this
1613                  * will happen, for example, when doing mesh networking.
1614                  */
1615                 b43_shm_write16(dev, B43_SHM_SHARED,
1616                                 B43_SHM_SH_TIMBPOS,
1617                                 len + sizeof(struct b43_plcp_hdr6));
1618                 b43_shm_write16(dev, B43_SHM_SHARED,
1619                                 B43_SHM_SH_DTIMPER, 0);
1620         }
1621         b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1622 }
1623
1624 static void b43_upload_beacon0(struct b43_wldev *dev)
1625 {
1626         struct b43_wl *wl = dev->wl;
1627
1628         if (wl->beacon0_uploaded)
1629                 return;
1630         b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE0, B43_SHM_SH_BTL0);
1631         wl->beacon0_uploaded = true;
1632 }
1633
1634 static void b43_upload_beacon1(struct b43_wldev *dev)
1635 {
1636         struct b43_wl *wl = dev->wl;
1637
1638         if (wl->beacon1_uploaded)
1639                 return;
1640         b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE1, B43_SHM_SH_BTL1);
1641         wl->beacon1_uploaded = true;
1642 }
1643
1644 static void handle_irq_beacon(struct b43_wldev *dev)
1645 {
1646         struct b43_wl *wl = dev->wl;
1647         u32 cmd, beacon0_valid, beacon1_valid;
1648
1649         if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1650             !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) &&
1651             !b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
1652                 return;
1653
1654         /* This is the bottom half of the asynchronous beacon update. */
1655
1656         /* Ignore interrupt in the future. */
1657         dev->irq_mask &= ~B43_IRQ_BEACON;
1658
1659         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1660         beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1661         beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1662
1663         /* Schedule interrupt manually, if busy. */
1664         if (beacon0_valid && beacon1_valid) {
1665                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1666                 dev->irq_mask |= B43_IRQ_BEACON;
1667                 return;
1668         }
1669
1670         if (unlikely(wl->beacon_templates_virgin)) {
1671                 /* We never uploaded a beacon before.
1672                  * Upload both templates now, but only mark one valid. */
1673                 wl->beacon_templates_virgin = false;
1674                 b43_upload_beacon0(dev);
1675                 b43_upload_beacon1(dev);
1676                 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1677                 cmd |= B43_MACCMD_BEACON0_VALID;
1678                 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1679         } else {
1680                 if (!beacon0_valid) {
1681                         b43_upload_beacon0(dev);
1682                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1683                         cmd |= B43_MACCMD_BEACON0_VALID;
1684                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1685                 } else if (!beacon1_valid) {
1686                         b43_upload_beacon1(dev);
1687                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1688                         cmd |= B43_MACCMD_BEACON1_VALID;
1689                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1690                 }
1691         }
1692 }
1693
1694 static void b43_do_beacon_update_trigger_work(struct b43_wldev *dev)
1695 {
1696         u32 old_irq_mask = dev->irq_mask;
1697
1698         /* update beacon right away or defer to irq */
1699         handle_irq_beacon(dev);
1700         if (old_irq_mask != dev->irq_mask) {
1701                 /* The handler updated the IRQ mask. */
1702                 B43_WARN_ON(!dev->irq_mask);
1703                 if (b43_read32(dev, B43_MMIO_GEN_IRQ_MASK)) {
1704                         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1705                 } else {
1706                         /* Device interrupts are currently disabled. That means
1707                          * we just ran the hardirq handler and scheduled the
1708                          * IRQ thread. The thread will write the IRQ mask when
1709                          * it finished, so there's nothing to do here. Writing
1710                          * the mask _here_ would incorrectly re-enable IRQs. */
1711                 }
1712         }
1713 }
1714
1715 static void b43_beacon_update_trigger_work(struct work_struct *work)
1716 {
1717         struct b43_wl *wl = container_of(work, struct b43_wl,
1718                                          beacon_update_trigger);
1719         struct b43_wldev *dev;
1720
1721         mutex_lock(&wl->mutex);
1722         dev = wl->current_dev;
1723         if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1724                 if (b43_bus_host_is_sdio(dev->dev)) {
1725                         /* wl->mutex is enough. */
1726                         b43_do_beacon_update_trigger_work(dev);
1727                         mmiowb();
1728                 } else {
1729                         spin_lock_irq(&wl->hardirq_lock);
1730                         b43_do_beacon_update_trigger_work(dev);
1731                         mmiowb();
1732                         spin_unlock_irq(&wl->hardirq_lock);
1733                 }
1734         }
1735         mutex_unlock(&wl->mutex);
1736 }
1737
1738 /* Asynchronously update the packet templates in template RAM.
1739  * Locking: Requires wl->mutex to be locked. */
1740 static void b43_update_templates(struct b43_wl *wl)
1741 {
1742         struct sk_buff *beacon;
1743
1744         /* This is the top half of the ansynchronous beacon update.
1745          * The bottom half is the beacon IRQ.
1746          * Beacon update must be asynchronous to avoid sending an
1747          * invalid beacon. This can happen for example, if the firmware
1748          * transmits a beacon while we are updating it. */
1749
1750         /* We could modify the existing beacon and set the aid bit in
1751          * the TIM field, but that would probably require resizing and
1752          * moving of data within the beacon template.
1753          * Simply request a new beacon and let mac80211 do the hard work. */
1754         beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1755         if (unlikely(!beacon))
1756                 return;
1757
1758         if (wl->current_beacon)
1759                 dev_kfree_skb_any(wl->current_beacon);
1760         wl->current_beacon = beacon;
1761         wl->beacon0_uploaded = false;
1762         wl->beacon1_uploaded = false;
1763         ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1764 }
1765
1766 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1767 {
1768         b43_time_lock(dev);
1769         if (dev->dev->core_rev >= 3) {
1770                 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1771                 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1772         } else {
1773                 b43_write16(dev, 0x606, (beacon_int >> 6));
1774                 b43_write16(dev, 0x610, beacon_int);
1775         }
1776         b43_time_unlock(dev);
1777         b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1778 }
1779
1780 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1781 {
1782         u16 reason;
1783
1784         /* Read the register that contains the reason code for the panic. */
1785         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1786         b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1787
1788         switch (reason) {
1789         default:
1790                 b43dbg(dev->wl, "The panic reason is unknown.\n");
1791                 /* fallthrough */
1792         case B43_FWPANIC_DIE:
1793                 /* Do not restart the controller or firmware.
1794                  * The device is nonfunctional from now on.
1795                  * Restarting would result in this panic to trigger again,
1796                  * so we avoid that recursion. */
1797                 break;
1798         case B43_FWPANIC_RESTART:
1799                 b43_controller_restart(dev, "Microcode panic");
1800                 break;
1801         }
1802 }
1803
1804 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1805 {
1806         unsigned int i, cnt;
1807         u16 reason, marker_id, marker_line;
1808         __le16 *buf;
1809
1810         /* The proprietary firmware doesn't have this IRQ. */
1811         if (!dev->fw.opensource)
1812                 return;
1813
1814         /* Read the register that contains the reason code for this IRQ. */
1815         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1816
1817         switch (reason) {
1818         case B43_DEBUGIRQ_PANIC:
1819                 b43_handle_firmware_panic(dev);
1820                 break;
1821         case B43_DEBUGIRQ_DUMP_SHM:
1822                 if (!B43_DEBUG)
1823                         break; /* Only with driver debugging enabled. */
1824                 buf = kmalloc(4096, GFP_ATOMIC);
1825                 if (!buf) {
1826                         b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1827                         goto out;
1828                 }
1829                 for (i = 0; i < 4096; i += 2) {
1830                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1831                         buf[i / 2] = cpu_to_le16(tmp);
1832                 }
1833                 b43info(dev->wl, "Shared memory dump:\n");
1834                 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1835                                16, 2, buf, 4096, 1);
1836                 kfree(buf);
1837                 break;
1838         case B43_DEBUGIRQ_DUMP_REGS:
1839                 if (!B43_DEBUG)
1840                         break; /* Only with driver debugging enabled. */
1841                 b43info(dev->wl, "Microcode register dump:\n");
1842                 for (i = 0, cnt = 0; i < 64; i++) {
1843                         u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1844                         if (cnt == 0)
1845                                 printk(KERN_INFO);
1846                         printk("r%02u: 0x%04X  ", i, tmp);
1847                         cnt++;
1848                         if (cnt == 6) {
1849                                 printk("\n");
1850                                 cnt = 0;
1851                         }
1852                 }
1853                 printk("\n");
1854                 break;
1855         case B43_DEBUGIRQ_MARKER:
1856                 if (!B43_DEBUG)
1857                         break; /* Only with driver debugging enabled. */
1858                 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1859                                            B43_MARKER_ID_REG);
1860                 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1861                                              B43_MARKER_LINE_REG);
1862                 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1863                         "at line number %u\n",
1864                         marker_id, marker_line);
1865                 break;
1866         default:
1867                 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1868                        reason);
1869         }
1870 out:
1871         /* Acknowledge the debug-IRQ, so the firmware can continue. */
1872         b43_shm_write16(dev, B43_SHM_SCRATCH,
1873                         B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1874 }
1875
1876 static void b43_do_interrupt_thread(struct b43_wldev *dev)
1877 {
1878         u32 reason;
1879         u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1880         u32 merged_dma_reason = 0;
1881         int i;
1882
1883         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
1884                 return;
1885
1886         reason = dev->irq_reason;
1887         for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1888                 dma_reason[i] = dev->dma_reason[i];
1889                 merged_dma_reason |= dma_reason[i];
1890         }
1891
1892         if (unlikely(reason & B43_IRQ_MAC_TXERR))
1893                 b43err(dev->wl, "MAC transmission error\n");
1894
1895         if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1896                 b43err(dev->wl, "PHY transmission error\n");
1897                 rmb();
1898                 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1899                         atomic_set(&dev->phy.txerr_cnt,
1900                                    B43_PHY_TX_BADNESS_LIMIT);
1901                         b43err(dev->wl, "Too many PHY TX errors, "
1902                                         "restarting the controller\n");
1903                         b43_controller_restart(dev, "PHY TX errors");
1904                 }
1905         }
1906
1907         if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK))) {
1908                 b43err(dev->wl,
1909                         "Fatal DMA error: 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X\n",
1910                         dma_reason[0], dma_reason[1],
1911                         dma_reason[2], dma_reason[3],
1912                         dma_reason[4], dma_reason[5]);
1913                 b43err(dev->wl, "This device does not support DMA "
1914                                "on your system. It will now be switched to PIO.\n");
1915                 /* Fall back to PIO transfers if we get fatal DMA errors! */
1916                 dev->use_pio = true;
1917                 b43_controller_restart(dev, "DMA error");
1918                 return;
1919         }
1920
1921         if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1922                 handle_irq_ucode_debug(dev);
1923         if (reason & B43_IRQ_TBTT_INDI)
1924                 handle_irq_tbtt_indication(dev);
1925         if (reason & B43_IRQ_ATIM_END)
1926                 handle_irq_atim_end(dev);
1927         if (reason & B43_IRQ_BEACON)
1928                 handle_irq_beacon(dev);
1929         if (reason & B43_IRQ_PMQ)
1930                 handle_irq_pmq(dev);
1931         if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1932                 ;/* TODO */
1933         if (reason & B43_IRQ_NOISESAMPLE_OK)
1934                 handle_irq_noise(dev);
1935
1936         /* Check the DMA reason registers for received data. */
1937         if (dma_reason[0] & B43_DMAIRQ_RDESC_UFLOW) {
1938                 if (B43_DEBUG)
1939                         b43warn(dev->wl, "RX descriptor underrun\n");
1940                 b43_dma_handle_rx_overflow(dev->dma.rx_ring);
1941         }
1942         if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
1943                 if (b43_using_pio_transfers(dev))
1944                         b43_pio_rx(dev->pio.rx_queue);
1945                 else
1946                         b43_dma_rx(dev->dma.rx_ring);
1947         }
1948         B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1949         B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
1950         B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
1951         B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1952         B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1953
1954         if (reason & B43_IRQ_TX_OK)
1955                 handle_irq_transmit_status(dev);
1956
1957         /* Re-enable interrupts on the device by restoring the current interrupt mask. */
1958         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1959
1960 #if B43_DEBUG
1961         if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
1962                 dev->irq_count++;
1963                 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
1964                         if (reason & (1 << i))
1965                                 dev->irq_bit_count[i]++;
1966                 }
1967         }
1968 #endif
1969 }
1970
1971 /* Interrupt thread handler. Handles device interrupts in thread context. */
1972 static irqreturn_t b43_interrupt_thread_handler(int irq, void *dev_id)
1973 {
1974         struct b43_wldev *dev = dev_id;
1975
1976         mutex_lock(&dev->wl->mutex);
1977         b43_do_interrupt_thread(dev);
1978         mmiowb();
1979         mutex_unlock(&dev->wl->mutex);
1980
1981         return IRQ_HANDLED;
1982 }
1983
1984 static irqreturn_t b43_do_interrupt(struct b43_wldev *dev)
1985 {
1986         u32 reason;
1987
1988         /* This code runs under wl->hardirq_lock, but _only_ on non-SDIO busses.
1989          * On SDIO, this runs under wl->mutex. */
1990
1991         reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1992         if (reason == 0xffffffff)       /* shared IRQ */
1993                 return IRQ_NONE;
1994         reason &= dev->irq_mask;
1995         if (!reason)
1996                 return IRQ_NONE;
1997
1998         dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
1999             & 0x0001FC00;
2000         dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
2001             & 0x0000DC00;
2002         dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
2003             & 0x0000DC00;
2004         dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
2005             & 0x0001DC00;
2006         dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
2007             & 0x0000DC00;
2008 /* Unused ring
2009         dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
2010             & 0x0000DC00;
2011 */
2012
2013         /* ACK the interrupt. */
2014         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
2015         b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
2016         b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
2017         b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
2018         b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
2019         b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
2020 /* Unused ring
2021         b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
2022 */
2023
2024         /* Disable IRQs on the device. The IRQ thread handler will re-enable them. */
2025         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
2026         /* Save the reason bitmasks for the IRQ thread handler. */
2027         dev->irq_reason = reason;
2028
2029         return IRQ_WAKE_THREAD;
2030 }
2031
2032 /* Interrupt handler top-half. This runs with interrupts disabled. */
2033 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
2034 {
2035         struct b43_wldev *dev = dev_id;
2036         irqreturn_t ret;
2037
2038         if (unlikely(b43_status(dev) < B43_STAT_STARTED))
2039                 return IRQ_NONE;
2040
2041         spin_lock(&dev->wl->hardirq_lock);
2042         ret = b43_do_interrupt(dev);
2043         mmiowb();
2044         spin_unlock(&dev->wl->hardirq_lock);
2045
2046         return ret;
2047 }
2048
2049 /* SDIO interrupt handler. This runs in process context. */
2050 static void b43_sdio_interrupt_handler(struct b43_wldev *dev)
2051 {
2052         struct b43_wl *wl = dev->wl;
2053         irqreturn_t ret;
2054
2055         mutex_lock(&wl->mutex);
2056
2057         ret = b43_do_interrupt(dev);
2058         if (ret == IRQ_WAKE_THREAD)
2059                 b43_do_interrupt_thread(dev);
2060
2061         mutex_unlock(&wl->mutex);
2062 }
2063
2064 void b43_do_release_fw(struct b43_firmware_file *fw)
2065 {
2066         release_firmware(fw->data);
2067         fw->data = NULL;
2068         fw->filename = NULL;
2069 }
2070
2071 static void b43_release_firmware(struct b43_wldev *dev)
2072 {
2073         b43_do_release_fw(&dev->fw.ucode);
2074         b43_do_release_fw(&dev->fw.pcm);
2075         b43_do_release_fw(&dev->fw.initvals);
2076         b43_do_release_fw(&dev->fw.initvals_band);
2077 }
2078
2079 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
2080 {
2081         const char text[] =
2082                 "You must go to " \
2083                 "http://wireless.kernel.org/en/users/Drivers/b43#devicefirmware " \
2084                 "and download the correct firmware for this driver version. " \
2085                 "Please carefully read all instructions on this website.\n";
2086
2087         if (error)
2088                 b43err(wl, text);
2089         else
2090                 b43warn(wl, text);
2091 }
2092
2093 static void b43_fw_cb(const struct firmware *firmware, void *context)
2094 {
2095         struct b43_request_fw_context *ctx = context;
2096
2097         ctx->blob = firmware;
2098         complete(&ctx->fw_load_complete);
2099 }
2100
2101 int b43_do_request_fw(struct b43_request_fw_context *ctx,
2102                       const char *name,
2103                       struct b43_firmware_file *fw, bool async)
2104 {
2105         struct b43_fw_header *hdr;
2106         u32 size;
2107         int err;
2108
2109         if (!name) {
2110                 /* Don't fetch anything. Free possibly cached firmware. */
2111                 /* FIXME: We should probably keep it anyway, to save some headache
2112                  * on suspend/resume with multiband devices. */
2113                 b43_do_release_fw(fw);
2114                 return 0;
2115         }
2116         if (fw->filename) {
2117                 if ((fw->type == ctx->req_type) &&
2118                     (strcmp(fw->filename, name) == 0))
2119                         return 0; /* Already have this fw. */
2120                 /* Free the cached firmware first. */
2121                 /* FIXME: We should probably do this later after we successfully
2122                  * got the new fw. This could reduce headache with multiband devices.
2123                  * We could also redesign this to cache the firmware for all possible
2124                  * bands all the time. */
2125                 b43_do_release_fw(fw);
2126         }
2127
2128         switch (ctx->req_type) {
2129         case B43_FWTYPE_PROPRIETARY:
2130                 snprintf(ctx->fwname, sizeof(ctx->fwname),
2131                          "b43%s/%s.fw",
2132                          modparam_fwpostfix, name);
2133                 break;
2134         case B43_FWTYPE_OPENSOURCE:
2135                 snprintf(ctx->fwname, sizeof(ctx->fwname),
2136                          "b43-open%s/%s.fw",
2137                          modparam_fwpostfix, name);
2138                 break;
2139         default:
2140                 B43_WARN_ON(1);
2141                 return -ENOSYS;
2142         }
2143         if (async) {
2144                 /* do this part asynchronously */
2145                 init_completion(&ctx->fw_load_complete);
2146                 err = request_firmware_nowait(THIS_MODULE, 1, ctx->fwname,
2147                                               ctx->dev->dev->dev, GFP_KERNEL,
2148                                               ctx, b43_fw_cb);
2149                 if (err < 0) {
2150                         pr_err("Unable to load firmware\n");
2151                         return err;
2152                 }
2153                 /* stall here until fw ready */
2154                 wait_for_completion(&ctx->fw_load_complete);
2155                 if (ctx->blob)
2156                         goto fw_ready;
2157         /* On some ARM systems, the async request will fail, but the next sync
2158          * request works. For this reason, we dall through here
2159          */
2160         }
2161         err = request_firmware(&ctx->blob, ctx->fwname,
2162                                ctx->dev->dev->dev);
2163         if (err == -ENOENT) {
2164                 snprintf(ctx->errors[ctx->req_type],
2165                          sizeof(ctx->errors[ctx->req_type]),
2166                          "Firmware file \"%s\" not found\n",
2167                          ctx->fwname);
2168                 return err;
2169         } else if (err) {
2170                 snprintf(ctx->errors[ctx->req_type],
2171                          sizeof(ctx->errors[ctx->req_type]),
2172                          "Firmware file \"%s\" request failed (err=%d)\n",
2173                          ctx->fwname, err);
2174                 return err;
2175         }
2176 fw_ready:
2177         if (ctx->blob->size < sizeof(struct b43_fw_header))
2178                 goto err_format;
2179         hdr = (struct b43_fw_header *)(ctx->blob->data);
2180         switch (hdr->type) {
2181         case B43_FW_TYPE_UCODE:
2182         case B43_FW_TYPE_PCM:
2183                 size = be32_to_cpu(hdr->size);
2184                 if (size != ctx->blob->size - sizeof(struct b43_fw_header))
2185                         goto err_format;
2186                 /* fallthrough */
2187         case B43_FW_TYPE_IV:
2188                 if (hdr->ver != 1)
2189                         goto err_format;
2190                 break;
2191         default:
2192                 goto err_format;
2193         }
2194
2195         fw->data = ctx->blob;
2196         fw->filename = name;
2197         fw->type = ctx->req_type;
2198
2199         return 0;
2200
2201 err_format:
2202         snprintf(ctx->errors[ctx->req_type],
2203                  sizeof(ctx->errors[ctx->req_type]),
2204                  "Firmware file \"%s\" format error.\n", ctx->fwname);
2205         release_firmware(ctx->blob);
2206
2207         return -EPROTO;
2208 }
2209
2210 static int b43_try_request_fw(struct b43_request_fw_context *ctx)
2211 {
2212         struct b43_wldev *dev = ctx->dev;
2213         struct b43_firmware *fw = &ctx->dev->fw;
2214         const u8 rev = ctx->dev->dev->core_rev;
2215         const char *filename;
2216         u32 tmshigh;
2217         int err;
2218
2219         /* Files for HT and LCN were found by trying one by one */
2220
2221         /* Get microcode */
2222         if ((rev >= 5) && (rev <= 10)) {
2223                 filename = "ucode5";
2224         } else if ((rev >= 11) && (rev <= 12)) {
2225                 filename = "ucode11";
2226         } else if (rev == 13) {
2227                 filename = "ucode13";
2228         } else if (rev == 14) {
2229                 filename = "ucode14";
2230         } else if (rev == 15) {
2231                 filename = "ucode15";
2232         } else {
2233                 switch (dev->phy.type) {
2234                 case B43_PHYTYPE_N:
2235                         if (rev >= 16)
2236                                 filename = "ucode16_mimo";
2237                         else
2238                                 goto err_no_ucode;
2239                         break;
2240                 case B43_PHYTYPE_HT:
2241                         if (rev == 29)
2242                                 filename = "ucode29_mimo";
2243                         else
2244                                 goto err_no_ucode;
2245                         break;
2246                 case B43_PHYTYPE_LCN:
2247                         if (rev == 24)
2248                                 filename = "ucode24_mimo";
2249                         else
2250                                 goto err_no_ucode;
2251                         break;
2252                 default:
2253                         goto err_no_ucode;
2254                 }
2255         }
2256         err = b43_do_request_fw(ctx, filename, &fw->ucode, true);
2257         if (err)
2258                 goto err_load;
2259
2260         /* Get PCM code */
2261         if ((rev >= 5) && (rev <= 10))
2262                 filename = "pcm5";
2263         else if (rev >= 11)
2264                 filename = NULL;
2265         else
2266                 goto err_no_pcm;
2267         fw->pcm_request_failed = false;
2268         err = b43_do_request_fw(ctx, filename, &fw->pcm, false);
2269         if (err == -ENOENT) {
2270                 /* We did not find a PCM file? Not fatal, but
2271                  * core rev <= 10 must do without hwcrypto then. */
2272                 fw->pcm_request_failed = true;
2273         } else if (err)
2274                 goto err_load;
2275
2276         /* Get initvals */
2277         switch (dev->phy.type) {
2278         case B43_PHYTYPE_A:
2279                 if ((rev >= 5) && (rev <= 10)) {
2280                         tmshigh = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
2281                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2282                                 filename = "a0g1initvals5";
2283                         else
2284                                 filename = "a0g0initvals5";
2285                 } else
2286                         goto err_no_initvals;
2287                 break;
2288         case B43_PHYTYPE_G:
2289                 if ((rev >= 5) && (rev <= 10))
2290                         filename = "b0g0initvals5";
2291                 else if (rev >= 13)
2292                         filename = "b0g0initvals13";
2293                 else
2294                         goto err_no_initvals;
2295                 break;
2296         case B43_PHYTYPE_N:
2297                 if (rev >= 16)
2298                         filename = "n0initvals16";
2299                 else if ((rev >= 11) && (rev <= 12))
2300                         filename = "n0initvals11";
2301                 else
2302                         goto err_no_initvals;
2303                 break;
2304         case B43_PHYTYPE_LP:
2305                 if (rev == 13)
2306                         filename = "lp0initvals13";
2307                 else if (rev == 14)
2308                         filename = "lp0initvals14";
2309                 else if (rev >= 15)
2310                         filename = "lp0initvals15";
2311                 else
2312                         goto err_no_initvals;
2313                 break;
2314         case B43_PHYTYPE_HT:
2315                 if (rev == 29)
2316                         filename = "ht0initvals29";
2317                 else
2318                         goto err_no_initvals;
2319                 break;
2320         case B43_PHYTYPE_LCN:
2321                 if (rev == 24)
2322                         filename = "lcn0initvals24";
2323                 else
2324                         goto err_no_initvals;
2325                 break;
2326         default:
2327                 goto err_no_initvals;
2328         }
2329         err = b43_do_request_fw(ctx, filename, &fw->initvals, false);
2330         if (err)
2331                 goto err_load;
2332
2333         /* Get bandswitch initvals */
2334         switch (dev->phy.type) {
2335         case B43_PHYTYPE_A:
2336                 if ((rev >= 5) && (rev <= 10)) {
2337                         tmshigh = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
2338                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2339                                 filename = "a0g1bsinitvals5";
2340                         else
2341                                 filename = "a0g0bsinitvals5";
2342                 } else if (rev >= 11)
2343                         filename = NULL;
2344                 else
2345                         goto err_no_initvals;
2346                 break;
2347         case B43_PHYTYPE_G:
2348                 if ((rev >= 5) && (rev <= 10))
2349                         filename = "b0g0bsinitvals5";
2350                 else if (rev >= 11)
2351                         filename = NULL;
2352                 else
2353                         goto err_no_initvals;
2354                 break;
2355         case B43_PHYTYPE_N:
2356                 if (rev >= 16)
2357                         filename = "n0bsinitvals16";
2358                 else if ((rev >= 11) && (rev <= 12))
2359                         filename = "n0bsinitvals11";
2360                 else
2361                         goto err_no_initvals;
2362                 break;
2363         case B43_PHYTYPE_LP:
2364                 if (rev == 13)
2365                         filename = "lp0bsinitvals13";
2366                 else if (rev == 14)
2367                         filename = "lp0bsinitvals14";
2368                 else if (rev >= 15)
2369                         filename = "lp0bsinitvals15";
2370                 else
2371                         goto err_no_initvals;
2372                 break;
2373         case B43_PHYTYPE_HT:
2374                 if (rev == 29)
2375                         filename = "ht0bsinitvals29";
2376                 else
2377                         goto err_no_initvals;
2378                 break;
2379         case B43_PHYTYPE_LCN:
2380                 if (rev == 24)
2381                         filename = "lcn0bsinitvals24";
2382                 else
2383                         goto err_no_initvals;
2384                 break;
2385         default:
2386                 goto err_no_initvals;
2387         }
2388         err = b43_do_request_fw(ctx, filename, &fw->initvals_band, false);
2389         if (err)
2390                 goto err_load;
2391
2392         fw->opensource = (ctx->req_type == B43_FWTYPE_OPENSOURCE);
2393
2394         return 0;
2395
2396 err_no_ucode:
2397         err = ctx->fatal_failure = -EOPNOTSUPP;
2398         b43err(dev->wl, "The driver does not know which firmware (ucode) "
2399                "is required for your device (wl-core rev %u)\n", rev);
2400         goto error;
2401
2402 err_no_pcm:
2403         err = ctx->fatal_failure = -EOPNOTSUPP;
2404         b43err(dev->wl, "The driver does not know which firmware (PCM) "
2405                "is required for your device (wl-core rev %u)\n", rev);
2406         goto error;
2407
2408 err_no_initvals:
2409         err = ctx->fatal_failure = -EOPNOTSUPP;
2410         b43err(dev->wl, "The driver does not know which firmware (initvals) "
2411                "is required for your device (wl-core rev %u)\n", rev);
2412         goto error;
2413
2414 err_load:
2415         /* We failed to load this firmware image. The error message
2416          * already is in ctx->errors. Return and let our caller decide
2417          * what to do. */
2418         goto error;
2419
2420 error:
2421         b43_release_firmware(dev);
2422         return err;
2423 }
2424
2425 static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl);
2426 static void b43_one_core_detach(struct b43_bus_dev *dev);
2427
2428 static void b43_request_firmware(struct work_struct *work)
2429 {
2430         struct b43_wl *wl = container_of(work,
2431                             struct b43_wl, firmware_load);
2432         struct b43_wldev *dev = wl->current_dev;
2433         struct b43_request_fw_context *ctx;
2434         unsigned int i;
2435         int err;
2436         const char *errmsg;
2437
2438         ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2439         if (!ctx)
2440                 return;
2441         ctx->dev = dev;
2442
2443         ctx->req_type = B43_FWTYPE_PROPRIETARY;
2444         err = b43_try_request_fw(ctx);
2445         if (!err)
2446                 goto start_ieee80211; /* Successfully loaded it. */
2447         /* Was fw version known? */
2448         if (ctx->fatal_failure)
2449                 goto out;
2450
2451         /* proprietary fw not found, try open source */
2452         ctx->req_type = B43_FWTYPE_OPENSOURCE;
2453         err = b43_try_request_fw(ctx);
2454         if (!err)
2455                 goto start_ieee80211; /* Successfully loaded it. */
2456         if(ctx->fatal_failure)
2457                 goto out;
2458
2459         /* Could not find a usable firmware. Print the errors. */
2460         for (i = 0; i < B43_NR_FWTYPES; i++) {
2461                 errmsg = ctx->errors[i];
2462                 if (strlen(errmsg))
2463                         b43err(dev->wl, "%s", errmsg);
2464         }
2465         b43_print_fw_helptext(dev->wl, 1);
2466         goto out;
2467
2468 start_ieee80211:
2469         wl->hw->queues = B43_QOS_QUEUE_NUM;
2470         if (!modparam_qos || dev->fw.opensource)
2471                 wl->hw->queues = 1;
2472
2473         err = ieee80211_register_hw(wl->hw);
2474         if (err)
2475                 goto err_one_core_detach;
2476         wl->hw_registred = true;
2477         b43_leds_register(wl->current_dev);
2478         goto out;
2479
2480 err_one_core_detach:
2481         b43_one_core_detach(dev->dev);
2482
2483 out:
2484         kfree(ctx);
2485 }
2486
2487 static int b43_upload_microcode(struct b43_wldev *dev)
2488 {
2489         struct wiphy *wiphy = dev->wl->hw->wiphy;
2490         const size_t hdr_len = sizeof(struct b43_fw_header);
2491         const __be32 *data;
2492         unsigned int i, len;
2493         u16 fwrev, fwpatch, fwdate, fwtime;
2494         u32 tmp, macctl;
2495         int err = 0;
2496
2497         /* Jump the microcode PSM to offset 0 */
2498         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2499         B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2500         macctl |= B43_MACCTL_PSM_JMP0;
2501         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2502         /* Zero out all microcode PSM registers and shared memory. */
2503         for (i = 0; i < 64; i++)
2504                 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2505         for (i = 0; i < 4096; i += 2)
2506                 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2507
2508         /* Upload Microcode. */
2509         data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2510         len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2511         b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2512         for (i = 0; i < len; i++) {
2513                 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2514                 udelay(10);
2515         }
2516
2517         if (dev->fw.pcm.data) {
2518                 /* Upload PCM data. */
2519                 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2520                 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2521                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2522                 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2523                 /* No need for autoinc bit in SHM_HW */
2524                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2525                 for (i = 0; i < len; i++) {
2526                         b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2527                         udelay(10);
2528                 }
2529         }
2530
2531         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2532
2533         /* Start the microcode PSM */
2534         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_JMP0,
2535                       B43_MACCTL_PSM_RUN);
2536
2537         /* Wait for the microcode to load and respond */
2538         i = 0;
2539         while (1) {
2540                 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2541                 if (tmp == B43_IRQ_MAC_SUSPENDED)
2542                         break;
2543                 i++;
2544                 if (i >= 20) {
2545                         b43err(dev->wl, "Microcode not responding\n");
2546                         b43_print_fw_helptext(dev->wl, 1);
2547                         err = -ENODEV;
2548                         goto error;
2549                 }
2550                 msleep(50);
2551         }
2552         b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);       /* dummy read */
2553
2554         /* Get and check the revisions. */
2555         fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2556         fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2557         fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2558         fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2559
2560         if (fwrev <= 0x128) {
2561                 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2562                        "binary drivers older than version 4.x is unsupported. "
2563                        "You must upgrade your firmware files.\n");
2564                 b43_print_fw_helptext(dev->wl, 1);
2565                 err = -EOPNOTSUPP;
2566                 goto error;
2567         }
2568         dev->fw.rev = fwrev;
2569         dev->fw.patch = fwpatch;
2570         if (dev->fw.rev >= 598)
2571                 dev->fw.hdr_format = B43_FW_HDR_598;
2572         else if (dev->fw.rev >= 410)
2573                 dev->fw.hdr_format = B43_FW_HDR_410;
2574         else
2575                 dev->fw.hdr_format = B43_FW_HDR_351;
2576         WARN_ON(dev->fw.opensource != (fwdate == 0xFFFF));
2577
2578         dev->qos_enabled = dev->wl->hw->queues > 1;
2579         /* Default to firmware/hardware crypto acceleration. */
2580         dev->hwcrypto_enabled = true;
2581
2582         if (dev->fw.opensource) {
2583                 u16 fwcapa;
2584
2585                 /* Patchlevel info is encoded in the "time" field. */
2586                 dev->fw.patch = fwtime;
2587                 b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2588                         dev->fw.rev, dev->fw.patch);
2589
2590                 fwcapa = b43_fwcapa_read(dev);
2591                 if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2592                         b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2593                         /* Disable hardware crypto and fall back to software crypto. */
2594                         dev->hwcrypto_enabled = false;
2595                 }
2596                 /* adding QoS support should use an offline discovery mechanism */
2597                 WARN(fwcapa & B43_FWCAPA_QOS, "QoS in OpenFW not supported\n");
2598         } else {
2599                 b43info(dev->wl, "Loading firmware version %u.%u "
2600                         "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2601                         fwrev, fwpatch,
2602                         (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2603                         (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2604                 if (dev->fw.pcm_request_failed) {
2605                         b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2606                                 "Hardware accelerated cryptography is disabled.\n");
2607                         b43_print_fw_helptext(dev->wl, 0);
2608                 }
2609         }
2610
2611         snprintf(wiphy->fw_version, sizeof(wiphy->fw_version), "%u.%u",
2612                         dev->fw.rev, dev->fw.patch);
2613         wiphy->hw_version = dev->dev->core_id;
2614
2615         if (dev->fw.hdr_format == B43_FW_HDR_351) {
2616                 /* We're over the deadline, but we keep support for old fw
2617                  * until it turns out to be in major conflict with something new. */
2618                 b43warn(dev->wl, "You are using an old firmware image. "
2619                         "Support for old firmware will be removed soon "
2620                         "(official deadline was July 2008).\n");
2621                 b43_print_fw_helptext(dev->wl, 0);
2622         }
2623
2624         return 0;
2625
2626 error:
2627         /* Stop the microcode PSM. */
2628         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
2629                       B43_MACCTL_PSM_JMP0);
2630
2631         return err;
2632 }
2633
2634 static int b43_write_initvals(struct b43_wldev *dev,
2635                               const struct b43_iv *ivals,
2636                               size_t count,
2637                               size_t array_size)
2638 {
2639         const struct b43_iv *iv;
2640         u16 offset;
2641         size_t i;
2642         bool bit32;
2643
2644         BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2645         iv = ivals;
2646         for (i = 0; i < count; i++) {
2647                 if (array_size < sizeof(iv->offset_size))
2648                         goto err_format;
2649                 array_size -= sizeof(iv->offset_size);
2650                 offset = be16_to_cpu(iv->offset_size);
2651                 bit32 = !!(offset & B43_IV_32BIT);
2652                 offset &= B43_IV_OFFSET_MASK;
2653                 if (offset >= 0x1000)
2654                         goto err_format;
2655                 if (bit32) {
2656                         u32 value;
2657
2658                         if (array_size < sizeof(iv->data.d32))
2659                                 goto err_format;
2660                         array_size -= sizeof(iv->data.d32);
2661
2662                         value = get_unaligned_be32(&iv->data.d32);
2663                         b43_write32(dev, offset, value);
2664
2665                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2666                                                         sizeof(__be16) +
2667                                                         sizeof(__be32));
2668                 } else {
2669                         u16 value;
2670
2671                         if (array_size < sizeof(iv->data.d16))
2672                                 goto err_format;
2673                         array_size -= sizeof(iv->data.d16);
2674
2675                         value = be16_to_cpu(iv->data.d16);
2676                         b43_write16(dev, offset, value);
2677
2678                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2679                                                         sizeof(__be16) +
2680                                                         sizeof(__be16));
2681                 }
2682         }
2683         if (array_size)
2684                 goto err_format;
2685
2686         return 0;
2687
2688 err_format:
2689         b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2690         b43_print_fw_helptext(dev->wl, 1);
2691
2692         return -EPROTO;
2693 }
2694
2695 static int b43_upload_initvals(struct b43_wldev *dev)
2696 {
2697         const size_t hdr_len = sizeof(struct b43_fw_header);
2698         const struct b43_fw_header *hdr;
2699         struct b43_firmware *fw = &dev->fw;
2700         const struct b43_iv *ivals;
2701         size_t count;
2702         int err;
2703
2704         hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2705         ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2706         count = be32_to_cpu(hdr->size);
2707         err = b43_write_initvals(dev, ivals, count,
2708                                  fw->initvals.data->size - hdr_len);
2709         if (err)
2710                 goto out;
2711         if (fw->initvals_band.data) {
2712                 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2713                 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2714                 count = be32_to_cpu(hdr->size);
2715                 err = b43_write_initvals(dev, ivals, count,
2716                                          fw->initvals_band.data->size - hdr_len);
2717                 if (err)
2718                         goto out;
2719         }
2720 out:
2721
2722         return err;
2723 }
2724
2725 /* Initialize the GPIOs
2726  * http://bcm-specs.sipsolutions.net/GPIO
2727  */
2728 static struct ssb_device *b43_ssb_gpio_dev(struct b43_wldev *dev)
2729 {
2730         struct ssb_bus *bus = dev->dev->sdev->bus;
2731
2732 #ifdef CONFIG_SSB_DRIVER_PCICORE
2733         return (bus->chipco.dev ? bus->chipco.dev : bus->pcicore.dev);
2734 #else
2735         return bus->chipco.dev;
2736 #endif
2737 }
2738
2739 static int b43_gpio_init(struct b43_wldev *dev)
2740 {
2741         struct ssb_device *gpiodev;
2742         u32 mask, set;
2743
2744         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_GPOUTSMSK, 0);
2745         b43_maskset16(dev, B43_MMIO_GPIO_MASK, ~0, 0xF);
2746
2747         mask = 0x0000001F;
2748         set = 0x0000000F;
2749         if (dev->dev->chip_id == 0x4301) {
2750                 mask |= 0x0060;
2751                 set |= 0x0060;
2752         } else if (dev->dev->chip_id == 0x5354) {
2753                 /* Don't allow overtaking buttons GPIOs */
2754                 set &= 0x2; /* 0x2 is LED GPIO on BCM5354 */
2755         }
2756
2757         if (0 /* FIXME: conditional unknown */ ) {
2758                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2759                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2760                             | 0x0100);
2761                 /* BT Coexistance Input */
2762                 mask |= 0x0080;
2763                 set |= 0x0080;
2764                 /* BT Coexistance Out */
2765                 mask |= 0x0100;
2766                 set |= 0x0100;
2767         }
2768         if (dev->dev->bus_sprom->boardflags_lo & B43_BFL_PACTRL) {
2769                 /* PA is controlled by gpio 9, let ucode handle it */
2770                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2771                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2772                             | 0x0200);
2773                 mask |= 0x0200;
2774                 set |= 0x0200;
2775         }
2776
2777         switch (dev->dev->bus_type) {
2778 #ifdef CONFIG_B43_BCMA
2779         case B43_BUS_BCMA:
2780                 bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, mask, set);
2781                 break;
2782 #endif
2783 #ifdef CONFIG_B43_SSB
2784         case B43_BUS_SSB:
2785                 gpiodev = b43_ssb_gpio_dev(dev);
2786                 if (gpiodev)
2787                         ssb_write32(gpiodev, B43_GPIO_CONTROL,
2788                                     (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2789                                     & ~mask) | set);
2790                 break;
2791 #endif
2792         }
2793
2794         return 0;
2795 }
2796
2797 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2798 static void b43_gpio_cleanup(struct b43_wldev *dev)
2799 {
2800         struct ssb_device *gpiodev;
2801
2802         switch (dev->dev->bus_type) {
2803 #ifdef CONFIG_B43_BCMA
2804         case B43_BUS_BCMA:
2805                 bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, ~0, 0);
2806                 break;
2807 #endif
2808 #ifdef CONFIG_B43_SSB
2809         case B43_BUS_SSB:
2810                 gpiodev = b43_ssb_gpio_dev(dev);
2811                 if (gpiodev)
2812                         ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2813                 break;
2814 #endif
2815         }
2816 }
2817
2818 /* http://bcm-specs.sipsolutions.net/EnableMac */
2819 void b43_mac_enable(struct b43_wldev *dev)
2820 {
2821         if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2822                 u16 fwstate;
2823
2824                 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2825                                          B43_SHM_SH_UCODESTAT);
2826                 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2827                     (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2828                         b43err(dev->wl, "b43_mac_enable(): The firmware "
2829                                "should be suspended, but current state is %u\n",
2830                                fwstate);
2831                 }
2832         }
2833
2834         dev->mac_suspended--;
2835         B43_WARN_ON(dev->mac_suspended < 0);
2836         if (dev->mac_suspended == 0) {
2837                 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_ENABLED);
2838                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2839                             B43_IRQ_MAC_SUSPENDED);
2840                 /* Commit writes */
2841                 b43_read32(dev, B43_MMIO_MACCTL);
2842                 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2843                 b43_power_saving_ctl_bits(dev, 0);
2844         }
2845 }
2846
2847 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2848 void b43_mac_suspend(struct b43_wldev *dev)
2849 {
2850         int i;
2851         u32 tmp;
2852
2853         might_sleep();
2854         B43_WARN_ON(dev->mac_suspended < 0);
2855
2856         if (dev->mac_suspended == 0) {
2857                 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2858                 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_ENABLED, 0);
2859                 /* force pci to flush the write */
2860                 b43_read32(dev, B43_MMIO_MACCTL);
2861                 for (i = 35; i; i--) {
2862                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2863                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2864                                 goto out;
2865                         udelay(10);
2866                 }
2867                 /* Hm, it seems this will take some time. Use msleep(). */
2868                 for (i = 40; i; i--) {
2869                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2870                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2871                                 goto out;
2872                         msleep(1);
2873                 }
2874                 b43err(dev->wl, "MAC suspend failed\n");
2875         }
2876 out:
2877         dev->mac_suspended++;
2878 }
2879
2880 /* http://bcm-v4.sipsolutions.net/802.11/PHY/N/MacPhyClkSet */
2881 void b43_mac_phy_clock_set(struct b43_wldev *dev, bool on)
2882 {
2883         u32 tmp;
2884
2885         switch (dev->dev->bus_type) {
2886 #ifdef CONFIG_B43_BCMA
2887         case B43_BUS_BCMA:
2888                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
2889                 if (on)
2890                         tmp |= B43_BCMA_IOCTL_MACPHYCLKEN;
2891                 else
2892                         tmp &= ~B43_BCMA_IOCTL_MACPHYCLKEN;
2893                 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
2894                 break;
2895 #endif
2896 #ifdef CONFIG_B43_SSB
2897         case B43_BUS_SSB:
2898                 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
2899                 if (on)
2900                         tmp |= B43_TMSLOW_MACPHYCLKEN;
2901                 else
2902                         tmp &= ~B43_TMSLOW_MACPHYCLKEN;
2903                 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
2904                 break;
2905 #endif
2906         }
2907 }
2908
2909 static void b43_adjust_opmode(struct b43_wldev *dev)
2910 {
2911         struct b43_wl *wl = dev->wl;
2912         u32 ctl;
2913         u16 cfp_pretbtt;
2914
2915         ctl = b43_read32(dev, B43_MMIO_MACCTL);
2916         /* Reset status to STA infrastructure mode. */
2917         ctl &= ~B43_MACCTL_AP;
2918         ctl &= ~B43_MACCTL_KEEP_CTL;
2919         ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2920         ctl &= ~B43_MACCTL_KEEP_BAD;
2921         ctl &= ~B43_MACCTL_PROMISC;
2922         ctl &= ~B43_MACCTL_BEACPROMISC;
2923         ctl |= B43_MACCTL_INFRA;
2924
2925         if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
2926             b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
2927                 ctl |= B43_MACCTL_AP;
2928         else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
2929                 ctl &= ~B43_MACCTL_INFRA;
2930
2931         if (wl->filter_flags & FIF_CONTROL)
2932                 ctl |= B43_MACCTL_KEEP_CTL;
2933         if (wl->filter_flags & FIF_FCSFAIL)
2934                 ctl |= B43_MACCTL_KEEP_BAD;
2935         if (wl->filter_flags & FIF_PLCPFAIL)
2936                 ctl |= B43_MACCTL_KEEP_BADPLCP;
2937         if (wl->filter_flags & FIF_PROMISC_IN_BSS)
2938                 ctl |= B43_MACCTL_PROMISC;
2939         if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2940                 ctl |= B43_MACCTL_BEACPROMISC;
2941
2942         /* Workaround: On old hardware the HW-MAC-address-filter
2943          * doesn't work properly, so always run promisc in filter
2944          * it in software. */
2945         if (dev->dev->core_rev <= 4)
2946                 ctl |= B43_MACCTL_PROMISC;
2947
2948         b43_write32(dev, B43_MMIO_MACCTL, ctl);
2949
2950         cfp_pretbtt = 2;
2951         if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2952                 if (dev->dev->chip_id == 0x4306 &&
2953                     dev->dev->chip_rev == 3)
2954                         cfp_pretbtt = 100;
2955                 else
2956                         cfp_pretbtt = 50;
2957         }
2958         b43_write16(dev, 0x612, cfp_pretbtt);
2959
2960         /* FIXME: We don't currently implement the PMQ mechanism,
2961          *        so always disable it. If we want to implement PMQ,
2962          *        we need to enable it here (clear DISCPMQ) in AP mode.
2963          */
2964         if (0  /* ctl & B43_MACCTL_AP */)
2965                 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_DISCPMQ, 0);
2966         else
2967                 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_DISCPMQ);
2968 }
2969
2970 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
2971 {
2972         u16 offset;
2973
2974         if (is_ofdm) {
2975                 offset = 0x480;
2976                 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
2977         } else {
2978                 offset = 0x4C0;
2979                 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
2980         }
2981         b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
2982                         b43_shm_read16(dev, B43_SHM_SHARED, offset));
2983 }
2984
2985 static void b43_rate_memory_init(struct b43_wldev *dev)
2986 {
2987         switch (dev->phy.type) {
2988         case B43_PHYTYPE_A:
2989         case B43_PHYTYPE_G:
2990         case B43_PHYTYPE_N:
2991         case B43_PHYTYPE_LP:
2992         case B43_PHYTYPE_HT:
2993         case B43_PHYTYPE_LCN:
2994                 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
2995                 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
2996                 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
2997                 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
2998                 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
2999                 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
3000                 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
3001                 if (dev->phy.type == B43_PHYTYPE_A)
3002                         break;
3003                 /* fallthrough */
3004         case B43_PHYTYPE_B:
3005                 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
3006                 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
3007                 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
3008                 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
3009                 break;
3010         default:
3011                 B43_WARN_ON(1);
3012         }
3013 }
3014
3015 /* Set the default values for the PHY TX Control Words. */
3016 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
3017 {
3018         u16 ctl = 0;
3019
3020         ctl |= B43_TXH_PHY_ENC_CCK;
3021         ctl |= B43_TXH_PHY_ANT01AUTO;
3022         ctl |= B43_TXH_PHY_TXPWR;
3023
3024         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
3025         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
3026         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
3027 }
3028
3029 /* Set the TX-Antenna for management frames sent by firmware. */
3030 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
3031 {
3032         u16 ant;
3033         u16 tmp;
3034
3035         ant = b43_antenna_to_phyctl(antenna);
3036
3037         /* For ACK/CTS */
3038         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
3039         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3040         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
3041         /* For Probe Resposes */
3042         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
3043         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3044         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
3045 }
3046
3047 /* This is the opposite of b43_chip_init() */
3048 static void b43_chip_exit(struct b43_wldev *dev)
3049 {
3050         b43_phy_exit(dev);
3051         b43_gpio_cleanup(dev);
3052         /* firmware is released later */
3053 }
3054
3055 /* Initialize the chip
3056  * http://bcm-specs.sipsolutions.net/ChipInit
3057  */
3058 static int b43_chip_init(struct b43_wldev *dev)
3059 {
3060         struct b43_phy *phy = &dev->phy;
3061         int err;
3062         u32 macctl;
3063         u16 value16;
3064
3065         /* Initialize the MAC control */
3066         macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
3067         if (dev->phy.gmode)
3068                 macctl |= B43_MACCTL_GMODE;
3069         macctl |= B43_MACCTL_INFRA;
3070         b43_write32(dev, B43_MMIO_MACCTL, macctl);
3071
3072         err = b43_upload_microcode(dev);
3073         if (err)
3074                 goto out;       /* firmware is released later */
3075
3076         err = b43_gpio_init(dev);
3077         if (err)
3078                 goto out;       /* firmware is released later */
3079
3080         err = b43_upload_initvals(dev);
3081         if (err)
3082                 goto err_gpio_clean;
3083
3084         /* Turn the Analog on and initialize the PHY. */
3085         phy->ops->switch_analog(dev, 1);
3086         err = b43_phy_init(dev);
3087         if (err)
3088                 goto err_gpio_clean;
3089
3090         /* Disable Interference Mitigation. */
3091         if (phy->ops->interf_mitigation)
3092                 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
3093
3094         /* Select the antennae */
3095         if (phy->ops->set_rx_antenna)
3096                 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
3097         b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
3098
3099         if (phy->type == B43_PHYTYPE_B) {
3100                 value16 = b43_read16(dev, 0x005E);
3101                 value16 |= 0x0004;
3102                 b43_write16(dev, 0x005E, value16);
3103         }
3104         b43_write32(dev, 0x0100, 0x01000000);
3105         if (dev->dev->core_rev < 5)
3106                 b43_write32(dev, 0x010C, 0x01000000);
3107
3108         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_INFRA, 0);
3109         b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_INFRA);
3110
3111         /* Probe Response Timeout value */
3112         /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
3113         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 0);
3114
3115         /* Initially set the wireless operation mode. */
3116         b43_adjust_opmode(dev);
3117
3118         if (dev->dev->core_rev < 3) {
3119                 b43_write16(dev, 0x060E, 0x0000);
3120                 b43_write16(dev, 0x0610, 0x8000);
3121                 b43_write16(dev, 0x0604, 0x0000);
3122                 b43_write16(dev, 0x0606, 0x0200);
3123         } else {
3124                 b43_write32(dev, 0x0188, 0x80000000);
3125                 b43_write32(dev, 0x018C, 0x02000000);
3126         }
3127         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
3128         b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001FC00);
3129         b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
3130         b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
3131         b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
3132         b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
3133         b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
3134
3135         b43_mac_phy_clock_set(dev, true);
3136
3137         switch (dev->dev->bus_type) {
3138 #ifdef CONFIG_B43_BCMA
3139         case B43_BUS_BCMA:
3140                 /* FIXME: 0xE74 is quite common, but should be read from CC */
3141                 b43_write16(dev, B43_MMIO_POWERUP_DELAY, 0xE74);
3142                 break;
3143 #endif
3144 #ifdef CONFIG_B43_SSB
3145         case B43_BUS_SSB:
3146                 b43_write16(dev, B43_MMIO_POWERUP_DELAY,
3147                             dev->dev->sdev->bus->chipco.fast_pwrup_delay);
3148                 break;
3149 #endif
3150         }
3151
3152         err = 0;
3153         b43dbg(dev->wl, "Chip initialized\n");
3154 out:
3155         return err;
3156
3157 err_gpio_clean:
3158         b43_gpio_cleanup(dev);
3159         return err;
3160 }
3161
3162 static void b43_periodic_every60sec(struct b43_wldev *dev)
3163 {
3164         const struct b43_phy_operations *ops = dev->phy.ops;
3165
3166         if (ops->pwork_60sec)
3167                 ops->pwork_60sec(dev);
3168
3169         /* Force check the TX power emission now. */
3170         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
3171 }
3172
3173 static void b43_periodic_every30sec(struct b43_wldev *dev)
3174 {
3175         /* Update device statistics. */
3176         b43_calculate_link_quality(dev);
3177 }
3178
3179 static void b43_periodic_every15sec(struct b43_wldev *dev)
3180 {
3181         struct b43_phy *phy = &dev->phy;
3182         u16 wdr;
3183
3184         if (dev->fw.opensource) {
3185                 /* Check if the firmware is still alive.
3186                  * It will reset the watchdog counter to 0 in its idle loop. */
3187                 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
3188                 if (unlikely(wdr)) {
3189                         b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
3190                         b43_controller_restart(dev, "Firmware watchdog");
3191                         return;
3192                 } else {
3193                         b43_shm_write16(dev, B43_SHM_SCRATCH,
3194                                         B43_WATCHDOG_REG, 1);
3195                 }
3196         }
3197
3198         if (phy->ops->pwork_15sec)
3199                 phy->ops->pwork_15sec(dev);
3200
3201         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3202         wmb();
3203
3204 #if B43_DEBUG
3205         if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
3206                 unsigned int i;
3207
3208                 b43dbg(dev->wl, "Stats: %7u IRQs/sec, %7u TX/sec, %7u RX/sec\n",
3209                        dev->irq_count / 15,
3210                        dev->tx_count / 15,
3211                        dev->rx_count / 15);
3212                 dev->irq_count = 0;
3213                 dev->tx_count = 0;
3214                 dev->rx_count = 0;
3215                 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
3216                         if (dev->irq_bit_count[i]) {
3217                                 b43dbg(dev->wl, "Stats: %7u IRQ-%02u/sec (0x%08X)\n",
3218                                        dev->irq_bit_count[i] / 15, i, (1 << i));
3219                                 dev->irq_bit_count[i] = 0;
3220                         }
3221                 }
3222         }
3223 #endif
3224 }
3225
3226 static void do_periodic_work(struct b43_wldev *dev)
3227 {
3228         unsigned int state;
3229
3230         state = dev->periodic_state;
3231         if (state % 4 == 0)
3232                 b43_periodic_every60sec(dev);
3233         if (state % 2 == 0)
3234                 b43_periodic_every30sec(dev);
3235         b43_periodic_every15sec(dev);
3236 }
3237
3238 /* Periodic work locking policy:
3239  *      The whole periodic work handler is protected by
3240  *      wl->mutex. If another lock is needed somewhere in the
3241  *      pwork callchain, it's acquired in-place, where it's needed.
3242  */
3243 static void b43_periodic_work_handler(struct work_struct *work)
3244 {
3245         struct b43_wldev *dev = container_of(work, struct b43_wldev,
3246                                              periodic_work.work);
3247         struct b43_wl *wl = dev->wl;
3248         unsigned long delay;
3249
3250         mutex_lock(&wl->mutex);
3251
3252         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
3253                 goto out;
3254         if (b43_debug(dev, B43_DBG_PWORK_STOP))
3255                 goto out_requeue;
3256
3257         do_periodic_work(dev);
3258
3259         dev->periodic_state++;
3260 out_requeue:
3261         if (b43_debug(dev, B43_DBG_PWORK_FAST))
3262                 delay = msecs_to_jiffies(50);
3263         else
3264                 delay = round_jiffies_relative(HZ * 15);
3265         ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
3266 out:
3267         mutex_unlock(&wl->mutex);
3268 }
3269
3270 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
3271 {
3272         struct delayed_work *work = &dev->periodic_work;
3273
3274         dev->periodic_state = 0;
3275         INIT_DELAYED_WORK(work, b43_periodic_work_handler);
3276         ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
3277 }
3278
3279 /* Check if communication with the device works correctly. */
3280 static int b43_validate_chipaccess(struct b43_wldev *dev)
3281 {
3282         u32 v, backup0, backup4;
3283
3284         backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
3285         backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
3286
3287         /* Check for read/write and endianness problems. */
3288         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
3289         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
3290                 goto error;
3291         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
3292         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
3293                 goto error;
3294
3295         /* Check if unaligned 32bit SHM_SHARED access works properly.
3296          * However, don't bail out on failure, because it's noncritical. */
3297         b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
3298         b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
3299         b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
3300         b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
3301         if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
3302                 b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
3303         b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
3304         if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
3305             b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
3306             b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
3307             b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
3308                 b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
3309
3310         b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
3311         b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
3312
3313         if ((dev->dev->core_rev >= 3) && (dev->dev->core_rev <= 10)) {
3314                 /* The 32bit register shadows the two 16bit registers
3315                  * with update sideeffects. Validate this. */
3316                 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
3317                 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
3318                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
3319                         goto error;
3320                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
3321                         goto error;
3322         }
3323         b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
3324
3325         v = b43_read32(dev, B43_MMIO_MACCTL);
3326         v |= B43_MACCTL_GMODE;
3327         if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
3328                 goto error;
3329
3330         return 0;
3331 error:
3332         b43err(dev->wl, "Failed to validate the chipaccess\n");
3333         return -ENODEV;
3334 }
3335
3336 static void b43_security_init(struct b43_wldev *dev)
3337 {
3338         dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
3339         /* KTP is a word address, but we address SHM bytewise.
3340          * So multiply by two.
3341          */
3342         dev->ktp *= 2;
3343         /* Number of RCMTA address slots */
3344         b43_write16(dev, B43_MMIO_RCMTA_COUNT, B43_NR_PAIRWISE_KEYS);
3345         /* Clear the key memory. */
3346         b43_clear_keys(dev);
3347 }
3348
3349 #ifdef CONFIG_B43_HWRNG
3350 static int b43_rng_read(struct hwrng *rng, u32 *data)
3351 {
3352         struct b43_wl *wl = (struct b43_wl *)rng->priv;
3353         struct b43_wldev *dev;
3354         int count = -ENODEV;
3355
3356         mutex_lock(&wl->mutex);
3357         dev = wl->current_dev;
3358         if (likely(dev && b43_status(dev) >= B43_STAT_INITIALIZED)) {
3359                 *data = b43_read16(dev, B43_MMIO_RNG);
3360                 count = sizeof(u16);
3361         }
3362         mutex_unlock(&wl->mutex);
3363
3364         return count;
3365 }
3366 #endif /* CONFIG_B43_HWRNG */
3367
3368 static void b43_rng_exit(struct b43_wl *wl)
3369 {
3370 #ifdef CONFIG_B43_HWRNG
3371         if (wl->rng_initialized)
3372                 hwrng_unregister(&wl->rng);
3373 #endif /* CONFIG_B43_HWRNG */
3374 }
3375
3376 static int b43_rng_init(struct b43_wl *wl)
3377 {
3378         int err = 0;
3379
3380 #ifdef CONFIG_B43_HWRNG
3381         snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3382                  "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3383         wl->rng.name = wl->rng_name;
3384         wl->rng.data_read = b43_rng_read;
3385         wl->rng.priv = (unsigned long)wl;
3386         wl->rng_initialized = true;
3387         err = hwrng_register(&wl->rng);
3388         if (err) {
3389                 wl->rng_initialized = false;
3390                 b43err(wl, "Failed to register the random "
3391                        "number generator (%d)\n", err);
3392         }
3393 #endif /* CONFIG_B43_HWRNG */
3394
3395         return err;
3396 }
3397
3398 static void b43_tx_work(struct work_struct *work)
3399 {
3400         struct b43_wl *wl = container_of(work, struct b43_wl, tx_work);
3401         struct b43_wldev *dev;
3402         struct sk_buff *skb;
3403         int queue_num;
3404         int err = 0;
3405
3406         mutex_lock(&wl->mutex);
3407         dev = wl->current_dev;
3408         if (unlikely(!dev || b43_status(dev) < B43_STAT_STARTED)) {
3409                 mutex_unlock(&wl->mutex);
3410                 return;
3411         }
3412
3413         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
3414                 while (skb_queue_len(&wl->tx_queue[queue_num])) {
3415                         skb = skb_dequeue(&wl->tx_queue[queue_num]);
3416                         if (b43_using_pio_transfers(dev))
3417                                 err = b43_pio_tx(dev, skb);
3418                         else
3419                                 err = b43_dma_tx(dev, skb);
3420                         if (err == -ENOSPC) {
3421                                 wl->tx_queue_stopped[queue_num] = 1;
3422                                 ieee80211_stop_queue(wl->hw, queue_num);
3423                                 skb_queue_head(&wl->tx_queue[queue_num], skb);
3424                                 break;
3425                         }
3426                         if (unlikely(err))
3427                                 ieee80211_free_txskb(wl->hw, skb);
3428                         err = 0;
3429                 }
3430
3431                 if (!err)
3432                         wl->tx_queue_stopped[queue_num] = 0;
3433         }
3434
3435 #if B43_DEBUG
3436         dev->tx_count++;
3437 #endif
3438         mutex_unlock(&wl->mutex);
3439 }
3440
3441 static void b43_op_tx(struct ieee80211_hw *hw,
3442                       struct ieee80211_tx_control *control,
3443                       struct sk_buff *skb)
3444 {
3445         struct b43_wl *wl = hw_to_b43_wl(hw);
3446
3447         if (unlikely(skb->len < 2 + 2 + 6)) {
3448                 /* Too short, this can't be a valid frame. */
3449                 ieee80211_free_txskb(hw, skb);
3450                 return;
3451         }
3452         B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3453
3454         skb_queue_tail(&wl->tx_queue[skb->queue_mapping], skb);
3455         if (!wl->tx_queue_stopped[skb->queue_mapping]) {
3456                 ieee80211_queue_work(wl->hw, &wl->tx_work);
3457         } else {
3458                 ieee80211_stop_queue(wl->hw, skb->queue_mapping);
3459         }
3460 }
3461
3462 static void b43_qos_params_upload(struct b43_wldev *dev,
3463                                   const struct ieee80211_tx_queue_params *p,
3464                                   u16 shm_offset)
3465 {
3466         u16 params[B43_NR_QOSPARAMS];
3467         int bslots, tmp;
3468         unsigned int i;
3469
3470         if (!dev->qos_enabled)
3471                 return;
3472
3473         bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3474
3475         memset(&params, 0, sizeof(params));
3476
3477         params[B43_QOSPARAM_TXOP] = p->txop * 32;
3478         params[B43_QOSPARAM_CWMIN] = p->cw_min;
3479         params[B43_QOSPARAM_CWMAX] = p->cw_max;
3480         params[B43_QOSPARAM_CWCUR] = p->cw_min;
3481         params[B43_QOSPARAM_AIFS] = p->aifs;
3482         params[B43_QOSPARAM_BSLOTS] = bslots;
3483         params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3484
3485         for (i = 0; i < ARRAY_SIZE(params); i++) {
3486                 if (i == B43_QOSPARAM_STATUS) {
3487                         tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3488                                              shm_offset + (i * 2));
3489                         /* Mark the parameters as updated. */
3490                         tmp |= 0x100;
3491                         b43_shm_write16(dev, B43_SHM_SHARED,
3492                                         shm_offset + (i * 2),
3493                                         tmp);
3494                 } else {
3495                         b43_shm_write16(dev, B43_SHM_SHARED,
3496                                         shm_offset + (i * 2),
3497                                         params[i]);
3498                 }
3499         }
3500 }
3501
3502 /* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3503 static const u16 b43_qos_shm_offsets[] = {
3504         /* [mac80211-queue-nr] = SHM_OFFSET, */
3505         [0] = B43_QOS_VOICE,
3506         [1] = B43_QOS_VIDEO,
3507         [2] = B43_QOS_BESTEFFORT,
3508         [3] = B43_QOS_BACKGROUND,
3509 };
3510
3511 /* Update all QOS parameters in hardware. */
3512 static void b43_qos_upload_all(struct b43_wldev *dev)
3513 {
3514         struct b43_wl *wl = dev->wl;
3515         struct b43_qos_params *params;
3516         unsigned int i;
3517
3518         if (!dev->qos_enabled)
3519                 return;
3520
3521         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3522                      ARRAY_SIZE(wl->qos_params));
3523
3524         b43_mac_suspend(dev);
3525         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3526                 params = &(wl->qos_params[i]);
3527                 b43_qos_params_upload(dev, &(params->p),
3528                                       b43_qos_shm_offsets[i]);
3529         }
3530         b43_mac_enable(dev);
3531 }
3532
3533 static void b43_qos_clear(struct b43_wl *wl)
3534 {
3535         struct b43_qos_params *params;
3536         unsigned int i;
3537
3538         /* Initialize QoS parameters to sane defaults. */
3539
3540         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3541                      ARRAY_SIZE(wl->qos_params));
3542
3543         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3544                 params = &(wl->qos_params[i]);
3545
3546                 switch (b43_qos_shm_offsets[i]) {
3547                 case B43_QOS_VOICE:
3548                         params->p.txop = 0;
3549                         params->p.aifs = 2;
3550                         params->p.cw_min = 0x0001;
3551                         params->p.cw_max = 0x0001;
3552                         break;
3553                 case B43_QOS_VIDEO:
3554                         params->p.txop = 0;
3555                         params->p.aifs = 2;
3556                         params->p.cw_min = 0x0001;
3557                         params->p.cw_max = 0x0001;
3558                         break;
3559                 case B43_QOS_BESTEFFORT:
3560                         params->p.txop = 0;
3561                         params->p.aifs = 3;
3562                         params->p.cw_min = 0x0001;
3563                         params->p.cw_max = 0x03FF;
3564                         break;
3565                 case B43_QOS_BACKGROUND:
3566                         params->p.txop = 0;
3567                         params->p.aifs = 7;
3568                         params->p.cw_min = 0x0001;
3569                         params->p.cw_max = 0x03FF;
3570                         break;
3571                 default:
3572                         B43_WARN_ON(1);
3573                 }
3574         }
3575 }
3576
3577 /* Initialize the core's QOS capabilities */
3578 static void b43_qos_init(struct b43_wldev *dev)
3579 {
3580         if (!dev->qos_enabled) {
3581                 /* Disable QOS support. */
3582                 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_EDCF);
3583                 b43_write16(dev, B43_MMIO_IFSCTL,
3584                             b43_read16(dev, B43_MMIO_IFSCTL)
3585                             & ~B43_MMIO_IFSCTL_USE_EDCF);
3586                 b43dbg(dev->wl, "QoS disabled\n");
3587                 return;
3588         }
3589
3590         /* Upload the current QOS parameters. */
3591         b43_qos_upload_all(dev);
3592
3593         /* Enable QOS support. */
3594         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3595         b43_write16(dev, B43_MMIO_IFSCTL,
3596                     b43_read16(dev, B43_MMIO_IFSCTL)
3597                     | B43_MMIO_IFSCTL_USE_EDCF);
3598         b43dbg(dev->wl, "QoS enabled\n");
3599 }
3600
3601 static int b43_op_conf_tx(struct ieee80211_hw *hw,
3602                           struct ieee80211_vif *vif, u16 _queue,
3603                           const struct ieee80211_tx_queue_params *params)
3604 {
3605         struct b43_wl *wl = hw_to_b43_wl(hw);
3606         struct b43_wldev *dev;
3607         unsigned int queue = (unsigned int)_queue;
3608         int err = -ENODEV;
3609
3610         if (queue >= ARRAY_SIZE(wl->qos_params)) {
3611                 /* Queue not available or don't support setting
3612                  * params on this queue. Return success to not
3613                  * confuse mac80211. */
3614                 return 0;
3615         }
3616         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3617                      ARRAY_SIZE(wl->qos_params));
3618
3619         mutex_lock(&wl->mutex);
3620         dev = wl->current_dev;
3621         if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3622                 goto out_unlock;
3623
3624         memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3625         b43_mac_suspend(dev);
3626         b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3627                               b43_qos_shm_offsets[queue]);
3628         b43_mac_enable(dev);
3629         err = 0;
3630
3631 out_unlock:
3632         mutex_unlock(&wl->mutex);
3633
3634         return err;
3635 }
3636
3637 static int b43_op_get_stats(struct ieee80211_hw *hw,
3638                             struct ieee80211_low_level_stats *stats)
3639 {
3640         struct b43_wl *wl = hw_to_b43_wl(hw);
3641
3642         mutex_lock(&wl->mutex);
3643         memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3644         mutex_unlock(&wl->mutex);
3645
3646         return 0;
3647 }
3648
3649 static u64 b43_op_get_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
3650 {
3651         struct b43_wl *wl = hw_to_b43_wl(hw);
3652         struct b43_wldev *dev;
3653         u64 tsf;
3654
3655         mutex_lock(&wl->mutex);
3656         dev = wl->current_dev;
3657
3658         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3659                 b43_tsf_read(dev, &tsf);
3660         else
3661                 tsf = 0;
3662
3663         mutex_unlock(&wl->mutex);
3664
3665         return tsf;
3666 }
3667
3668 static void b43_op_set_tsf(struct ieee80211_hw *hw,
3669                            struct ieee80211_vif *vif, u64 tsf)
3670 {
3671         struct b43_wl *wl = hw_to_b43_wl(hw);
3672         struct b43_wldev *dev;
3673
3674         mutex_lock(&wl->mutex);
3675         dev = wl->current_dev;
3676
3677         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3678                 b43_tsf_write(dev, tsf);
3679
3680         mutex_unlock(&wl->mutex);
3681 }
3682
3683 static void b43_put_phy_into_reset(struct b43_wldev *dev)
3684 {
3685         u32 tmp;
3686
3687         switch (dev->dev->bus_type) {
3688 #ifdef CONFIG_B43_BCMA
3689         case B43_BUS_BCMA:
3690                 b43err(dev->wl,
3691                        "Putting PHY into reset not supported on BCMA\n");
3692                 break;
3693 #endif
3694 #ifdef CONFIG_B43_SSB
3695         case B43_BUS_SSB:
3696                 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3697                 tmp &= ~B43_TMSLOW_GMODE;
3698                 tmp |= B43_TMSLOW_PHYRESET;
3699                 tmp |= SSB_TMSLOW_FGC;
3700                 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3701                 msleep(1);
3702
3703                 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3704                 tmp &= ~SSB_TMSLOW_FGC;
3705                 tmp |= B43_TMSLOW_PHYRESET;
3706                 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3707                 msleep(1);
3708
3709                 break;
3710 #endif
3711         }
3712 }
3713
3714 static const char *band_to_string(enum ieee80211_band band)
3715 {
3716         switch (band) {
3717         case IEEE80211_BAND_5GHZ:
3718                 return "5";
3719         case IEEE80211_BAND_2GHZ:
3720                 return "2.4";
3721         default:
3722                 break;
3723         }
3724         B43_WARN_ON(1);
3725         return "";
3726 }
3727
3728 /* Expects wl->mutex locked */
3729 static int b43_switch_band(struct b43_wl *wl, struct ieee80211_channel *chan)
3730 {
3731         struct b43_wldev *up_dev = NULL;
3732         struct b43_wldev *down_dev;
3733         struct b43_wldev *d;
3734         int err;
3735         bool uninitialized_var(gmode);
3736         int prev_status;
3737
3738         /* Find a device and PHY which supports the band. */
3739         list_for_each_entry(d, &wl->devlist, list) {
3740                 switch (chan->band) {
3741                 case IEEE80211_BAND_5GHZ:
3742                         if (d->phy.supports_5ghz) {
3743                                 up_dev = d;
3744                                 gmode = false;
3745                         }
3746                         break;
3747                 case IEEE80211_BAND_2GHZ:
3748                         if (d->phy.supports_2ghz) {
3749                                 up_dev = d;
3750                                 gmode = true;
3751                         }
3752                         break;
3753                 default:
3754                         B43_WARN_ON(1);
3755                         return -EINVAL;
3756                 }
3757                 if (up_dev)
3758                         break;
3759         }
3760         if (!up_dev) {
3761                 b43err(wl, "Could not find a device for %s-GHz band operation\n",
3762                        band_to_string(chan->band));
3763                 return -ENODEV;
3764         }
3765         if ((up_dev == wl->current_dev) &&
3766             (!!wl->current_dev->phy.gmode == !!gmode)) {
3767                 /* This device is already running. */
3768                 return 0;
3769         }
3770         b43dbg(wl, "Switching to %s-GHz band\n",
3771                band_to_string(chan->band));
3772         down_dev = wl->current_dev;
3773
3774         prev_status = b43_status(down_dev);
3775         /* Shutdown the currently running core. */
3776         if (prev_status >= B43_STAT_STARTED)
3777                 down_dev = b43_wireless_core_stop(down_dev);
3778         if (prev_status >= B43_STAT_INITIALIZED)
3779                 b43_wireless_core_exit(down_dev);
3780
3781         if (down_dev != up_dev) {
3782                 /* We switch to a different core, so we put PHY into
3783                  * RESET on the old core. */
3784                 b43_put_phy_into_reset(down_dev);
3785         }
3786
3787         /* Now start the new core. */
3788         up_dev->phy.gmode = gmode;
3789         if (prev_status >= B43_STAT_INITIALIZED) {
3790                 err = b43_wireless_core_init(up_dev);
3791                 if (err) {
3792                         b43err(wl, "Fatal: Could not initialize device for "
3793                                "selected %s-GHz band\n",
3794                                band_to_string(chan->band));
3795                         goto init_failure;
3796                 }
3797         }
3798         if (prev_status >= B43_STAT_STARTED) {
3799                 err = b43_wireless_core_start(up_dev);
3800                 if (err) {
3801                         b43err(wl, "Fatal: Could not start device for "
3802                                "selected %s-GHz band\n",
3803                                band_to_string(chan->band));
3804                         b43_wireless_core_exit(up_dev);
3805                         goto init_failure;
3806                 }
3807         }
3808         B43_WARN_ON(b43_status(up_dev) != prev_status);
3809
3810         wl->current_dev = up_dev;
3811
3812         return 0;
3813 init_failure:
3814         /* Whoops, failed to init the new core. No core is operating now. */
3815         wl->current_dev = NULL;
3816         return err;
3817 }
3818
3819 /* Write the short and long frame retry limit values. */
3820 static void b43_set_retry_limits(struct b43_wldev *dev,
3821                                  unsigned int short_retry,
3822                                  unsigned int long_retry)
3823 {
3824         /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3825          * the chip-internal counter. */
3826         short_retry = min(short_retry, (unsigned int)0xF);
3827         long_retry = min(long_retry, (unsigned int)0xF);
3828
3829         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3830                         short_retry);
3831         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3832                         long_retry);
3833 }
3834
3835 static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3836 {
3837         struct b43_wl *wl = hw_to_b43_wl(hw);
3838         struct b43_wldev *dev;
3839         struct b43_phy *phy;
3840         struct ieee80211_conf *conf = &hw->conf;
3841         int antenna;
3842         int err = 0;
3843         bool reload_bss = false;
3844
3845         mutex_lock(&wl->mutex);
3846
3847         dev = wl->current_dev;
3848
3849         /* Switch the band (if necessary). This might change the active core. */
3850         err = b43_switch_band(wl, conf->chandef.chan);
3851         if (err)
3852                 goto out_unlock_mutex;
3853
3854         /* Need to reload all settings if the core changed */
3855         if (dev != wl->current_dev) {
3856                 dev = wl->current_dev;
3857                 changed = ~0;
3858                 reload_bss = true;
3859         }
3860
3861         phy = &dev->phy;
3862
3863         if (conf_is_ht(conf))
3864                 phy->is_40mhz =
3865                         (conf_is_ht40_minus(conf) || conf_is_ht40_plus(conf));
3866         else
3867                 phy->is_40mhz = false;
3868
3869         b43_mac_suspend(dev);
3870
3871         if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
3872                 b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
3873                                           conf->long_frame_max_tx_count);
3874         changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
3875         if (!changed)
3876                 goto out_mac_enable;
3877
3878         /* Switch to the requested channel.
3879          * The firmware takes care of races with the TX handler. */
3880         if (conf->chandef.chan->hw_value != phy->channel)
3881                 b43_switch_channel(dev, conf->chandef.chan->hw_value);
3882
3883         dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_MONITOR);
3884
3885         /* Adjust the desired TX power level. */
3886         if (conf->power_level != 0) {
3887                 if (conf->power_level != phy->desired_txpower) {
3888                         phy->desired_txpower = conf->power_level;
3889                         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
3890                                                    B43_TXPWR_IGNORE_TSSI);
3891                 }
3892         }
3893
3894         /* Antennas for RX and management frame TX. */
3895         antenna = B43_ANTENNA_DEFAULT;
3896         b43_mgmtframe_txantenna(dev, antenna);
3897         antenna = B43_ANTENNA_DEFAULT;
3898         if (phy->ops->set_rx_antenna)
3899                 phy->ops->set_rx_antenna(dev, antenna);
3900
3901         if (wl->radio_enabled != phy->radio_on) {
3902                 if (wl->radio_enabled) {
3903                         b43_software_rfkill(dev, false);
3904                         b43info(dev->wl, "Radio turned on by software\n");
3905                         if (!dev->radio_hw_enable) {
3906                                 b43info(dev->wl, "The hardware RF-kill button "
3907                                         "still turns the radio physically off. "
3908                                         "Press the button to turn it on.\n");
3909                         }
3910                 } else {
3911                         b43_software_rfkill(dev, true);
3912                         b43info(dev->wl, "Radio turned off by software\n");
3913                 }
3914         }
3915
3916 out_mac_enable:
3917         b43_mac_enable(dev);
3918 out_unlock_mutex:
3919         mutex_unlock(&wl->mutex);
3920
3921         if (wl->vif && reload_bss)
3922                 b43_op_bss_info_changed(hw, wl->vif, &wl->vif->bss_conf, ~0);
3923
3924         return err;
3925 }
3926
3927 static void b43_update_basic_rates(struct b43_wldev *dev, u32 brates)
3928 {
3929         struct ieee80211_supported_band *sband =
3930                 dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
3931         struct ieee80211_rate *rate;
3932         int i;
3933         u16 basic, direct, offset, basic_offset, rateptr;
3934
3935         for (i = 0; i < sband->n_bitrates; i++) {
3936                 rate = &sband->bitrates[i];
3937
3938                 if (b43_is_cck_rate(rate->hw_value)) {
3939                         direct = B43_SHM_SH_CCKDIRECT;
3940                         basic = B43_SHM_SH_CCKBASIC;
3941                         offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3942                         offset &= 0xF;
3943                 } else {
3944                         direct = B43_SHM_SH_OFDMDIRECT;
3945                         basic = B43_SHM_SH_OFDMBASIC;
3946                         offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3947                         offset &= 0xF;
3948                 }
3949
3950                 rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
3951
3952                 if (b43_is_cck_rate(rate->hw_value)) {
3953                         basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3954                         basic_offset &= 0xF;
3955                 } else {
3956                         basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3957                         basic_offset &= 0xF;
3958                 }
3959
3960                 /*
3961                  * Get the pointer that we need to point to
3962                  * from the direct map
3963                  */
3964                 rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
3965                                          direct + 2 * basic_offset);
3966                 /* and write it to the basic map */
3967                 b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
3968                                 rateptr);
3969         }
3970 }
3971
3972 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
3973                                     struct ieee80211_vif *vif,
3974                                     struct ieee80211_bss_conf *conf,
3975                                     u32 changed)
3976 {
3977         struct b43_wl *wl = hw_to_b43_wl(hw);
3978         struct b43_wldev *dev;
3979
3980         mutex_lock(&wl->mutex);
3981
3982         dev = wl->current_dev;
3983         if (!dev || b43_status(dev) < B43_STAT_STARTED)
3984                 goto out_unlock_mutex;
3985
3986         B43_WARN_ON(wl->vif != vif);
3987
3988         if (changed & BSS_CHANGED_BSSID) {
3989                 if (conf->bssid)
3990                         memcpy(wl->bssid, conf->bssid, ETH_ALEN);
3991                 else
3992                         memset(wl->bssid, 0, ETH_ALEN);
3993         }
3994
3995         if (b43_status(dev) >= B43_STAT_INITIALIZED) {
3996                 if (changed & BSS_CHANGED_BEACON &&
3997                     (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3998                      b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
3999                      b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
4000                         b43_update_templates(wl);
4001
4002                 if (changed & BSS_CHANGED_BSSID)
4003                         b43_write_mac_bssid_templates(dev);
4004         }
4005
4006         b43_mac_suspend(dev);
4007
4008         /* Update templates for AP/mesh mode. */
4009         if (changed & BSS_CHANGED_BEACON_INT &&
4010             (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
4011              b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
4012              b43_is_mode(wl, NL80211_IFTYPE_ADHOC)) &&
4013             conf->beacon_int)
4014                 b43_set_beacon_int(dev, conf->beacon_int);
4015
4016         if (changed & BSS_CHANGED_BASIC_RATES)
4017                 b43_update_basic_rates(dev, conf->basic_rates);
4018
4019         if (changed & BSS_CHANGED_ERP_SLOT) {
4020                 if (conf->use_short_slot)
4021                         b43_short_slot_timing_enable(dev);
4022                 else
4023                         b43_short_slot_timing_disable(dev);
4024         }
4025
4026         b43_mac_enable(dev);
4027 out_unlock_mutex:
4028         mutex_unlock(&wl->mutex);
4029 }
4030
4031 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
4032                           struct ieee80211_vif *vif, struct ieee80211_sta *sta,
4033                           struct ieee80211_key_conf *key)
4034 {
4035         struct b43_wl *wl = hw_to_b43_wl(hw);
4036         struct b43_wldev *dev;
4037         u8 algorithm;
4038         u8 index;
4039         int err;
4040         static const u8 bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
4041
4042         if (modparam_nohwcrypt)
4043                 return -ENOSPC; /* User disabled HW-crypto */
4044
4045         if ((vif->type == NL80211_IFTYPE_ADHOC ||
4046              vif->type == NL80211_IFTYPE_MESH_POINT) &&
4047             (key->cipher == WLAN_CIPHER_SUITE_TKIP ||
4048              key->cipher == WLAN_CIPHER_SUITE_CCMP) &&
4049             !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
4050                 /*
4051                  * For now, disable hw crypto for the RSN IBSS group keys. This
4052                  * could be optimized in the future, but until that gets
4053                  * implemented, use of software crypto for group addressed
4054                  * frames is a acceptable to allow RSN IBSS to be used.
4055                  */
4056                 return -EOPNOTSUPP;
4057         }
4058
4059         mutex_lock(&wl->mutex);
4060
4061         dev = wl->current_dev;
4062         err = -ENODEV;
4063         if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
4064                 goto out_unlock;
4065
4066         if (dev->fw.pcm_request_failed || !dev->hwcrypto_enabled) {
4067                 /* We don't have firmware for the crypto engine.
4068                  * Must use software-crypto. */
4069                 err = -EOPNOTSUPP;
4070                 goto out_unlock;
4071         }
4072
4073         err = -EINVAL;
4074         switch (key->cipher) {
4075         case WLAN_CIPHER_SUITE_WEP40:
4076                 algorithm = B43_SEC_ALGO_WEP40;
4077                 break;
4078         case WLAN_CIPHER_SUITE_WEP104:
4079                 algorithm = B43_SEC_ALGO_WEP104;
4080                 break;
4081         case WLAN_CIPHER_SUITE_TKIP:
4082                 algorithm = B43_SEC_ALGO_TKIP;
4083                 break;
4084         case WLAN_CIPHER_SUITE_CCMP:
4085                 algorithm = B43_SEC_ALGO_AES;
4086                 break;
4087         default:
4088                 B43_WARN_ON(1);
4089                 goto out_unlock;
4090         }
4091         index = (u8) (key->keyidx);
4092         if (index > 3)
4093                 goto out_unlock;
4094
4095         switch (cmd) {
4096         case SET_KEY:
4097                 if (algorithm == B43_SEC_ALGO_TKIP &&
4098                     (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE) ||
4099                     !modparam_hwtkip)) {
4100                         /* We support only pairwise key */
4101                         err = -EOPNOTSUPP;
4102                         goto out_unlock;
4103                 }
4104
4105                 if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
4106                         if (WARN_ON(!sta)) {
4107                                 err = -EOPNOTSUPP;
4108                                 goto out_unlock;
4109                         }
4110                         /* Pairwise key with an assigned MAC address. */
4111                         err = b43_key_write(dev, -1, algorithm,
4112                                             key->key, key->keylen,
4113                                             sta->addr, key);
4114                 } else {
4115                         /* Group key */
4116                         err = b43_key_write(dev, index, algorithm,
4117                                             key->key, key->keylen, NULL, key);
4118                 }
4119                 if (err)
4120                         goto out_unlock;
4121
4122                 if (algorithm == B43_SEC_ALGO_WEP40 ||
4123                     algorithm == B43_SEC_ALGO_WEP104) {
4124                         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
4125                 } else {
4126                         b43_hf_write(dev,
4127                                      b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
4128                 }
4129                 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
4130                 if (algorithm == B43_SEC_ALGO_TKIP)
4131                         key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
4132                 break;
4133         case DISABLE_KEY: {
4134                 err = b43_key_clear(dev, key->hw_key_idx);
4135                 if (err)
4136                         goto out_unlock;
4137                 break;
4138         }
4139         default:
4140                 B43_WARN_ON(1);
4141         }
4142
4143 out_unlock:
4144         if (!err) {
4145                 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
4146                        "mac: %pM\n",
4147                        cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
4148                        sta ? sta->addr : bcast_addr);
4149                 b43_dump_keymemory(dev);
4150         }
4151         mutex_unlock(&wl->mutex);
4152
4153         return err;
4154 }
4155
4156 static void b43_op_configure_filter(struct ieee80211_hw *hw,
4157                                     unsigned int changed, unsigned int *fflags,
4158                                     u64 multicast)
4159 {
4160         struct b43_wl *wl = hw_to_b43_wl(hw);
4161         struct b43_wldev *dev;
4162
4163         mutex_lock(&wl->mutex);
4164         dev = wl->current_dev;
4165         if (!dev) {
4166                 *fflags = 0;
4167                 goto out_unlock;
4168         }
4169
4170         *fflags &= FIF_PROMISC_IN_BSS |
4171                   FIF_ALLMULTI |
4172                   FIF_FCSFAIL |
4173                   FIF_PLCPFAIL |
4174                   FIF_CONTROL |
4175                   FIF_OTHER_BSS |
4176                   FIF_BCN_PRBRESP_PROMISC;
4177
4178         changed &= FIF_PROMISC_IN_BSS |
4179                    FIF_ALLMULTI |
4180                    FIF_FCSFAIL |
4181                    FIF_PLCPFAIL |
4182                    FIF_CONTROL |
4183                    FIF_OTHER_BSS |
4184                    FIF_BCN_PRBRESP_PROMISC;
4185
4186         wl->filter_flags = *fflags;
4187
4188         if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
4189                 b43_adjust_opmode(dev);
4190
4191 out_unlock:
4192         mutex_unlock(&wl->mutex);
4193 }
4194
4195 /* Locking: wl->mutex
4196  * Returns the current dev. This might be different from the passed in dev,
4197  * because the core might be gone away while we unlocked the mutex. */
4198 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev)
4199 {
4200         struct b43_wl *wl;
4201         struct b43_wldev *orig_dev;
4202         u32 mask;
4203         int queue_num;
4204
4205         if (!dev)
4206                 return NULL;
4207         wl = dev->wl;
4208 redo:
4209         if (!dev || b43_status(dev) < B43_STAT_STARTED)
4210                 return dev;
4211
4212         /* Cancel work. Unlock to avoid deadlocks. */
4213         mutex_unlock(&wl->mutex);
4214         cancel_delayed_work_sync(&dev->periodic_work);
4215         cancel_work_sync(&wl->tx_work);
4216         mutex_lock(&wl->mutex);
4217         dev = wl->current_dev;
4218         if (!dev || b43_status(dev) < B43_STAT_STARTED) {
4219                 /* Whoops, aliens ate up the device while we were unlocked. */
4220                 return dev;
4221         }
4222
4223         /* Disable interrupts on the device. */
4224         b43_set_status(dev, B43_STAT_INITIALIZED);
4225         if (b43_bus_host_is_sdio(dev->dev)) {
4226                 /* wl->mutex is locked. That is enough. */
4227                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4228                 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4229         } else {
4230                 spin_lock_irq(&wl->hardirq_lock);
4231                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4232                 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4233                 spin_unlock_irq(&wl->hardirq_lock);
4234         }
4235         /* Synchronize and free the interrupt handlers. Unlock to avoid deadlocks. */
4236         orig_dev = dev;
4237         mutex_unlock(&wl->mutex);
4238         if (b43_bus_host_is_sdio(dev->dev)) {
4239                 b43_sdio_free_irq(dev);
4240         } else {
4241                 synchronize_irq(dev->dev->irq);
4242                 free_irq(dev->dev->irq, dev);
4243         }
4244         mutex_lock(&wl->mutex);
4245         dev = wl->current_dev;
4246         if (!dev)
4247                 return dev;
4248         if (dev != orig_dev) {
4249                 if (b43_status(dev) >= B43_STAT_STARTED)
4250                         goto redo;
4251                 return dev;
4252         }
4253         mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
4254         B43_WARN_ON(mask != 0xFFFFFFFF && mask);
4255
4256         /* Drain all TX queues. */
4257         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
4258                 while (skb_queue_len(&wl->tx_queue[queue_num])) {
4259                         struct sk_buff *skb;
4260
4261                         skb = skb_dequeue(&wl->tx_queue[queue_num]);
4262                         ieee80211_free_txskb(wl->hw, skb);
4263                 }
4264         }
4265
4266         b43_mac_suspend(dev);
4267         b43_leds_exit(dev);
4268         b43dbg(wl, "Wireless interface stopped\n");
4269
4270         return dev;
4271 }
4272
4273 /* Locking: wl->mutex */
4274 static int b43_wireless_core_start(struct b43_wldev *dev)
4275 {
4276         int err;
4277
4278         B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
4279
4280         drain_txstatus_queue(dev);
4281         if (b43_bus_host_is_sdio(dev->dev)) {
4282                 err = b43_sdio_request_irq(dev, b43_sdio_interrupt_handler);
4283                 if (err) {
4284                         b43err(dev->wl, "Cannot request SDIO IRQ\n");
4285                         goto out;
4286                 }
4287         } else {
4288                 err = request_threaded_irq(dev->dev->irq, b43_interrupt_handler,
4289                                            b43_interrupt_thread_handler,
4290                                            IRQF_SHARED, KBUILD_MODNAME, dev);
4291                 if (err) {
4292                         b43err(dev->wl, "Cannot request IRQ-%d\n",
4293                                dev->dev->irq);
4294                         goto out;
4295                 }
4296         }
4297
4298         /* We are ready to run. */
4299         ieee80211_wake_queues(dev->wl->hw);
4300         b43_set_status(dev, B43_STAT_STARTED);
4301
4302         /* Start data flow (TX/RX). */
4303         b43_mac_enable(dev);
4304         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
4305
4306         /* Start maintenance work */
4307         b43_periodic_tasks_setup(dev);
4308
4309         b43_leds_init(dev);
4310
4311         b43dbg(dev->wl, "Wireless interface started\n");
4312 out:
4313         return err;
4314 }
4315
4316 static char *b43_phy_name(struct b43_wldev *dev, u8 phy_type)
4317 {
4318         switch (phy_type) {
4319         case B43_PHYTYPE_A:
4320                 return "A";
4321         case B43_PHYTYPE_B:
4322                 return "B";
4323         case B43_PHYTYPE_G:
4324                 return "G";
4325         case B43_PHYTYPE_N:
4326                 return "N";
4327         case B43_PHYTYPE_LP:
4328                 return "LP";
4329         case B43_PHYTYPE_SSLPN:
4330                 return "SSLPN";
4331         case B43_PHYTYPE_HT:
4332                 return "HT";
4333         case B43_PHYTYPE_LCN:
4334                 return "LCN";
4335         case B43_PHYTYPE_LCNXN:
4336                 return "LCNXN";
4337         case B43_PHYTYPE_LCN40:
4338                 return "LCN40";
4339         case B43_PHYTYPE_AC:
4340                 return "AC";
4341         }
4342         return "UNKNOWN";
4343 }
4344
4345 /* Get PHY and RADIO versioning numbers */
4346 static int b43_phy_versioning(struct b43_wldev *dev)
4347 {
4348         struct b43_phy *phy = &dev->phy;
4349         u32 tmp;
4350         u8 analog_type;
4351         u8 phy_type;
4352         u8 phy_rev;
4353         u16 radio_manuf;
4354         u16 radio_ver;
4355         u16 radio_rev;
4356         int unsupported = 0;
4357
4358         /* Get PHY versioning */
4359         tmp = b43_read16(dev, B43_MMIO_PHY_VER);
4360         analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
4361         phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
4362         phy_rev = (tmp & B43_PHYVER_VERSION);
4363         switch (phy_type) {
4364         case B43_PHYTYPE_A:
4365                 if (phy_rev >= 4)
4366                         unsupported = 1;
4367                 break;
4368         case B43_PHYTYPE_B:
4369                 if (phy_rev != 2 && phy_rev != 4 && phy_rev != 6
4370                     && phy_rev != 7)
4371                         unsupported = 1;
4372                 break;
4373         case B43_PHYTYPE_G:
4374                 if (phy_rev > 9)
4375                         unsupported = 1;
4376                 break;
4377 #ifdef CONFIG_B43_PHY_N
4378         case B43_PHYTYPE_N:
4379                 if (phy_rev > 9)
4380                         unsupported = 1;
4381                 break;
4382 #endif
4383 #ifdef CONFIG_B43_PHY_LP
4384         case B43_PHYTYPE_LP:
4385                 if (phy_rev > 2)
4386                         unsupported = 1;
4387                 break;
4388 #endif
4389 #ifdef CONFIG_B43_PHY_HT
4390         case B43_PHYTYPE_HT:
4391                 if (phy_rev > 1)
4392                         unsupported = 1;
4393                 break;
4394 #endif
4395 #ifdef CONFIG_B43_PHY_LCN
4396         case B43_PHYTYPE_LCN:
4397                 if (phy_rev > 1)
4398                         unsupported = 1;
4399                 break;
4400 #endif
4401         default:
4402                 unsupported = 1;
4403         }
4404         if (unsupported) {
4405                 b43err(dev->wl, "FOUND UNSUPPORTED PHY (Analog %u, Type %d (%s), Revision %u)\n",
4406                        analog_type, phy_type, b43_phy_name(dev, phy_type),
4407                        phy_rev);
4408                 return -EOPNOTSUPP;
4409         }
4410         b43info(dev->wl, "Found PHY: Analog %u, Type %d (%s), Revision %u\n",
4411                 analog_type, phy_type, b43_phy_name(dev, phy_type), phy_rev);
4412
4413         /* Get RADIO versioning */
4414         if (dev->dev->core_rev >= 24) {
4415                 u16 radio24[3];
4416
4417                 for (tmp = 0; tmp < 3; tmp++) {
4418                         b43_write16(dev, B43_MMIO_RADIO24_CONTROL, tmp);
4419                         radio24[tmp] = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4420                 }
4421
4422                 /* Broadcom uses "id" for our "ver" and has separated "ver" */
4423                 /* radio_ver = (radio24[0] & 0xF0) >> 4; */
4424
4425                 radio_manuf = 0x17F;
4426                 radio_ver = (radio24[2] << 8) | radio24[1];
4427                 radio_rev = (radio24[0] & 0xF);
4428         } else {
4429                 if (dev->dev->chip_id == 0x4317) {
4430                         if (dev->dev->chip_rev == 0)
4431                                 tmp = 0x3205017F;
4432                         else if (dev->dev->chip_rev == 1)
4433                                 tmp = 0x4205017F;
4434                         else
4435                                 tmp = 0x5205017F;
4436                 } else {
4437                         b43_write16(dev, B43_MMIO_RADIO_CONTROL,
4438                                     B43_RADIOCTL_ID);
4439                         tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
4440                         b43_write16(dev, B43_MMIO_RADIO_CONTROL,
4441                                     B43_RADIOCTL_ID);
4442                         tmp |= (u32)b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH)
4443                                 << 16;
4444                 }
4445                 radio_manuf = (tmp & 0x00000FFF);
4446                 radio_ver = (tmp & 0x0FFFF000) >> 12;
4447                 radio_rev = (tmp & 0xF0000000) >> 28;
4448         }
4449
4450         if (radio_manuf != 0x17F /* Broadcom */)
4451                 unsupported = 1;
4452         switch (phy_type) {
4453         case B43_PHYTYPE_A:
4454                 if (radio_ver != 0x2060)
4455                         unsupported = 1;
4456                 if (radio_rev != 1)
4457                         unsupported = 1;
4458                 if (radio_manuf != 0x17F)
4459                         unsupported = 1;
4460                 break;
4461         case B43_PHYTYPE_B:
4462                 if ((radio_ver & 0xFFF0) != 0x2050)
4463                         unsupported = 1;
4464                 break;
4465         case B43_PHYTYPE_G:
4466                 if (radio_ver != 0x2050)
4467                         unsupported = 1;
4468                 break;
4469         case B43_PHYTYPE_N:
4470                 if (radio_ver != 0x2055 && radio_ver != 0x2056)
4471                         unsupported = 1;
4472                 break;
4473         case B43_PHYTYPE_LP:
4474                 if (radio_ver != 0x2062 && radio_ver != 0x2063)
4475                         unsupported = 1;
4476                 break;
4477         case B43_PHYTYPE_HT:
4478                 if (radio_ver != 0x2059)
4479                         unsupported = 1;
4480                 break;
4481         case B43_PHYTYPE_LCN:
4482                 if (radio_ver != 0x2064)
4483                         unsupported = 1;
4484                 break;
4485         default:
4486                 B43_WARN_ON(1);
4487         }
4488         if (unsupported) {
4489                 b43err(dev->wl, "FOUND UNSUPPORTED RADIO "
4490                        "(Manuf 0x%X, Version 0x%X, Revision %u)\n",
4491                        radio_manuf, radio_ver, radio_rev);
4492                 return -EOPNOTSUPP;
4493         }
4494         b43dbg(dev->wl, "Found Radio: Manuf 0x%X, Version 0x%X, Revision %u\n",
4495                radio_manuf, radio_ver, radio_rev);
4496
4497         phy->radio_manuf = radio_manuf;
4498         phy->radio_ver = radio_ver;
4499         phy->radio_rev = radio_rev;
4500
4501         phy->analog = analog_type;
4502         phy->type = phy_type;
4503         phy->rev = phy_rev;
4504
4505         return 0;
4506 }
4507
4508 static void setup_struct_phy_for_init(struct b43_wldev *dev,
4509                                       struct b43_phy *phy)
4510 {
4511         phy->hardware_power_control = !!modparam_hwpctl;
4512         phy->next_txpwr_check_time = jiffies;
4513         /* PHY TX errors counter. */
4514         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
4515
4516 #if B43_DEBUG
4517         phy->phy_locked = false;
4518         phy->radio_locked = false;
4519 #endif
4520 }
4521
4522 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
4523 {
4524         dev->dfq_valid = false;
4525
4526         /* Assume the radio is enabled. If it's not enabled, the state will
4527          * immediately get fixed on the first periodic work run. */
4528         dev->radio_hw_enable = true;
4529
4530         /* Stats */
4531         memset(&dev->stats, 0, sizeof(dev->stats));
4532
4533         setup_struct_phy_for_init(dev, &dev->phy);
4534
4535         /* IRQ related flags */
4536         dev->irq_reason = 0;
4537         memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
4538         dev->irq_mask = B43_IRQ_MASKTEMPLATE;
4539         if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
4540                 dev->irq_mask &= ~B43_IRQ_PHY_TXERR;
4541
4542         dev->mac_suspended = 1;
4543
4544         /* Noise calculation context */
4545         memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
4546 }
4547
4548 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
4549 {
4550         struct ssb_sprom *sprom = dev->dev->bus_sprom;
4551         u64 hf;
4552
4553         if (!modparam_btcoex)
4554                 return;
4555         if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
4556                 return;
4557         if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
4558                 return;
4559
4560         hf = b43_hf_read(dev);
4561         if (sprom->boardflags_lo & B43_BFL_BTCMOD)
4562                 hf |= B43_HF_BTCOEXALT;
4563         else
4564                 hf |= B43_HF_BTCOEX;
4565         b43_hf_write(dev, hf);
4566 }
4567
4568 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
4569 {
4570         if (!modparam_btcoex)
4571                 return;
4572         //TODO
4573 }
4574
4575 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
4576 {
4577         struct ssb_bus *bus;
4578         u32 tmp;
4579
4580         if (dev->dev->bus_type != B43_BUS_SSB)
4581                 return;
4582
4583         bus = dev->dev->sdev->bus;
4584
4585         if ((bus->chip_id == 0x4311 && bus->chip_rev == 2) ||
4586             (bus->chip_id == 0x4312)) {
4587                 tmp = ssb_read32(dev->dev->sdev, SSB_IMCFGLO);
4588                 tmp &= ~SSB_IMCFGLO_REQTO;
4589                 tmp &= ~SSB_IMCFGLO_SERTO;
4590                 tmp |= 0x3;
4591                 ssb_write32(dev->dev->sdev, SSB_IMCFGLO, tmp);
4592                 ssb_commit_settings(bus);
4593         }
4594 }
4595
4596 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
4597 {
4598         u16 pu_delay;
4599
4600         /* The time value is in microseconds. */
4601         if (dev->phy.type == B43_PHYTYPE_A)
4602                 pu_delay = 3700;
4603         else
4604                 pu_delay = 1050;
4605         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
4606                 pu_delay = 500;
4607         if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
4608                 pu_delay = max(pu_delay, (u16)2400);
4609
4610         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
4611 }
4612
4613 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
4614 static void b43_set_pretbtt(struct b43_wldev *dev)
4615 {
4616         u16 pretbtt;
4617
4618         /* The time value is in microseconds. */
4619         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC)) {
4620                 pretbtt = 2;
4621         } else {
4622                 if (dev->phy.type == B43_PHYTYPE_A)
4623                         pretbtt = 120;
4624                 else
4625                         pretbtt = 250;
4626         }
4627         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
4628         b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
4629 }
4630
4631 /* Shutdown a wireless core */
4632 /* Locking: wl->mutex */
4633 static void b43_wireless_core_exit(struct b43_wldev *dev)
4634 {
4635         B43_WARN_ON(dev && b43_status(dev) > B43_STAT_INITIALIZED);
4636         if (!dev || b43_status(dev) != B43_STAT_INITIALIZED)
4637                 return;
4638
4639         /* Unregister HW RNG driver */
4640         b43_rng_exit(dev->wl);
4641
4642         b43_set_status(dev, B43_STAT_UNINIT);
4643
4644         /* Stop the microcode PSM. */
4645         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
4646                       B43_MACCTL_PSM_JMP0);
4647
4648         switch (dev->dev->bus_type) {
4649 #ifdef CONFIG_B43_BCMA
4650         case B43_BUS_BCMA:
4651                 bcma_core_pci_down(dev->dev->bdev->bus);
4652                 break;
4653 #endif
4654 #ifdef CONFIG_B43_SSB
4655         case B43_BUS_SSB:
4656                 /* TODO */
4657                 break;
4658 #endif
4659         }
4660
4661         b43_dma_free(dev);
4662         b43_pio_free(dev);
4663         b43_chip_exit(dev);
4664         dev->phy.ops->switch_analog(dev, 0);
4665         if (dev->wl->current_beacon) {
4666                 dev_kfree_skb_any(dev->wl->current_beacon);
4667                 dev->wl->current_beacon = NULL;
4668         }
4669
4670         b43_device_disable(dev, 0);
4671         b43_bus_may_powerdown(dev);
4672 }
4673
4674 /* Initialize a wireless core */
4675 static int b43_wireless_core_init(struct b43_wldev *dev)
4676 {
4677         struct ssb_sprom *sprom = dev->dev->bus_sprom;
4678         struct b43_phy *phy = &dev->phy;
4679         int err;
4680         u64 hf;
4681
4682         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4683
4684         err = b43_bus_powerup(dev, 0);
4685         if (err)
4686                 goto out;
4687         if (!b43_device_is_enabled(dev))
4688                 b43_wireless_core_reset(dev, phy->gmode);
4689
4690         /* Reset all data structures. */
4691         setup_struct_wldev_for_init(dev);
4692         phy->ops->prepare_structs(dev);
4693
4694         /* Enable IRQ routing to this device. */
4695         switch (dev->dev->bus_type) {
4696 #ifdef CONFIG_B43_BCMA
4697         case B43_BUS_BCMA:
4698                 bcma_core_pci_irq_ctl(&dev->dev->bdev->bus->drv_pci[0],
4699                                       dev->dev->bdev, true);
4700                 bcma_core_pci_up(dev->dev->bdev->bus);
4701                 break;
4702 #endif
4703 #ifdef CONFIG_B43_SSB
4704         case B43_BUS_SSB:
4705                 ssb_pcicore_dev_irqvecs_enable(&dev->dev->sdev->bus->pcicore,
4706                                                dev->dev->sdev);
4707                 break;
4708 #endif
4709         }
4710
4711         b43_imcfglo_timeouts_workaround(dev);
4712         b43_bluetooth_coext_disable(dev);
4713         if (phy->ops->prepare_hardware) {
4714                 err = phy->ops->prepare_hardware(dev);
4715                 if (err)
4716                         goto err_busdown;
4717         }
4718         err = b43_chip_init(dev);
4719         if (err)
4720                 goto err_busdown;
4721         b43_shm_write16(dev, B43_SHM_SHARED,
4722                         B43_SHM_SH_WLCOREREV, dev->dev->core_rev);
4723         hf = b43_hf_read(dev);
4724         if (phy->type == B43_PHYTYPE_G) {
4725                 hf |= B43_HF_SYMW;
4726                 if (phy->rev == 1)
4727                         hf |= B43_HF_GDCW;
4728                 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4729                         hf |= B43_HF_OFDMPABOOST;
4730         }
4731         if (phy->radio_ver == 0x2050) {
4732                 if (phy->radio_rev == 6)
4733                         hf |= B43_HF_4318TSSI;
4734                 if (phy->radio_rev < 6)
4735                         hf |= B43_HF_VCORECALC;
4736         }
4737         if (sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW)
4738                 hf |= B43_HF_DSCRQ; /* Disable slowclock requests from ucode. */
4739 #ifdef CONFIG_SSB_DRIVER_PCICORE
4740         if (dev->dev->bus_type == B43_BUS_SSB &&
4741             dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI &&
4742             dev->dev->sdev->bus->pcicore.dev->id.revision <= 10)
4743                 hf |= B43_HF_PCISCW; /* PCI slow clock workaround. */
4744 #endif
4745         hf &= ~B43_HF_SKCFPUP;
4746         b43_hf_write(dev, hf);
4747
4748         b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4749                              B43_DEFAULT_LONG_RETRY_LIMIT);
4750         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4751         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4752
4753         /* Disable sending probe responses from firmware.
4754          * Setting the MaxTime to one usec will always trigger
4755          * a timeout, so we never send any probe resp.
4756          * A timeout of zero is infinite. */
4757         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4758
4759         b43_rate_memory_init(dev);
4760         b43_set_phytxctl_defaults(dev);
4761
4762         /* Minimum Contention Window */
4763         if (phy->type == B43_PHYTYPE_B)
4764                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4765         else
4766                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4767         /* Maximum Contention Window */
4768         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4769
4770         if (b43_bus_host_is_pcmcia(dev->dev) ||
4771             b43_bus_host_is_sdio(dev->dev)) {
4772                 dev->__using_pio_transfers = true;
4773                 err = b43_pio_init(dev);
4774         } else if (dev->use_pio) {
4775                 b43warn(dev->wl, "Forced PIO by use_pio module parameter. "
4776                         "This should not be needed and will result in lower "
4777                         "performance.\n");
4778                 dev->__using_pio_transfers = true;
4779                 err = b43_pio_init(dev);
4780         } else {
4781                 dev->__using_pio_transfers = false;
4782                 err = b43_dma_init(dev);
4783         }
4784         if (err)
4785                 goto err_chip_exit;
4786         b43_qos_init(dev);
4787         b43_set_synth_pu_delay(dev, 1);
4788         b43_bluetooth_coext_enable(dev);
4789
4790         b43_bus_powerup(dev, !(sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW));
4791         b43_upload_card_macaddress(dev);
4792         b43_security_init(dev);
4793
4794         ieee80211_wake_queues(dev->wl->hw);
4795
4796         b43_set_status(dev, B43_STAT_INITIALIZED);
4797
4798         /* Register HW RNG driver */
4799         b43_rng_init(dev->wl);
4800
4801 out:
4802         return err;
4803
4804 err_chip_exit:
4805         b43_chip_exit(dev);
4806 err_busdown:
4807         b43_bus_may_powerdown(dev);
4808         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4809         return err;
4810 }
4811
4812 static int b43_op_add_interface(struct ieee80211_hw *hw,
4813                                 struct ieee80211_vif *vif)
4814 {
4815         struct b43_wl *wl = hw_to_b43_wl(hw);
4816         struct b43_wldev *dev;
4817         int err = -EOPNOTSUPP;
4818
4819         /* TODO: allow WDS/AP devices to coexist */
4820
4821         if (vif->type != NL80211_IFTYPE_AP &&
4822             vif->type != NL80211_IFTYPE_MESH_POINT &&
4823             vif->type != NL80211_IFTYPE_STATION &&
4824             vif->type != NL80211_IFTYPE_WDS &&
4825             vif->type != NL80211_IFTYPE_ADHOC)
4826                 return -EOPNOTSUPP;
4827
4828         mutex_lock(&wl->mutex);
4829         if (wl->operating)
4830                 goto out_mutex_unlock;
4831
4832         b43dbg(wl, "Adding Interface type %d\n", vif->type);
4833
4834         dev = wl->current_dev;
4835         wl->operating = true;
4836         wl->vif = vif;
4837         wl->if_type = vif->type;
4838         memcpy(wl->mac_addr, vif->addr, ETH_ALEN);
4839
4840         b43_adjust_opmode(dev);
4841         b43_set_pretbtt(dev);
4842         b43_set_synth_pu_delay(dev, 0);
4843         b43_upload_card_macaddress(dev);
4844
4845         err = 0;
4846  out_mutex_unlock:
4847         mutex_unlock(&wl->mutex);
4848
4849         if (err == 0)
4850                 b43_op_bss_info_changed(hw, vif, &vif->bss_conf, ~0);
4851
4852         return err;
4853 }
4854
4855 static void b43_op_remove_interface(struct ieee80211_hw *hw,
4856                                     struct ieee80211_vif *vif)
4857 {
4858         struct b43_wl *wl = hw_to_b43_wl(hw);
4859         struct b43_wldev *dev = wl->current_dev;
4860
4861         b43dbg(wl, "Removing Interface type %d\n", vif->type);
4862
4863         mutex_lock(&wl->mutex);
4864
4865         B43_WARN_ON(!wl->operating);
4866         B43_WARN_ON(wl->vif != vif);
4867         wl->vif = NULL;
4868
4869         wl->operating = false;
4870
4871         b43_adjust_opmode(dev);
4872         memset(wl->mac_addr, 0, ETH_ALEN);
4873         b43_upload_card_macaddress(dev);
4874
4875         mutex_unlock(&wl->mutex);
4876 }
4877
4878 static int b43_op_start(struct ieee80211_hw *hw)
4879 {
4880         struct b43_wl *wl = hw_to_b43_wl(hw);
4881         struct b43_wldev *dev = wl->current_dev;
4882         int did_init = 0;
4883         int err = 0;
4884
4885         /* Kill all old instance specific information to make sure
4886          * the card won't use it in the short timeframe between start
4887          * and mac80211 reconfiguring it. */
4888         memset(wl->bssid, 0, ETH_ALEN);
4889         memset(wl->mac_addr, 0, ETH_ALEN);
4890         wl->filter_flags = 0;
4891         wl->radiotap_enabled = false;
4892         b43_qos_clear(wl);
4893         wl->beacon0_uploaded = false;
4894         wl->beacon1_uploaded = false;
4895         wl->beacon_templates_virgin = true;
4896         wl->radio_enabled = true;
4897
4898         mutex_lock(&wl->mutex);
4899
4900         if (b43_status(dev) < B43_STAT_INITIALIZED) {
4901                 err = b43_wireless_core_init(dev);
4902                 if (err)
4903                         goto out_mutex_unlock;
4904                 did_init = 1;
4905         }
4906
4907         if (b43_status(dev) < B43_STAT_STARTED) {
4908                 err = b43_wireless_core_start(dev);
4909                 if (err) {
4910                         if (did_init)
4911                                 b43_wireless_core_exit(dev);
4912                         goto out_mutex_unlock;
4913                 }
4914         }
4915
4916         /* XXX: only do if device doesn't support rfkill irq */
4917         wiphy_rfkill_start_polling(hw->wiphy);
4918
4919  out_mutex_unlock:
4920         mutex_unlock(&wl->mutex);
4921
4922         /*
4923          * Configuration may have been overwritten during initialization.
4924          * Reload the configuration, but only if initialization was
4925          * successful. Reloading the configuration after a failed init
4926          * may hang the system.
4927          */
4928         if (!err)
4929                 b43_op_config(hw, ~0);
4930
4931         return err;
4932 }
4933
4934 static void b43_op_stop(struct ieee80211_hw *hw)
4935 {
4936         struct b43_wl *wl = hw_to_b43_wl(hw);
4937         struct b43_wldev *dev = wl->current_dev;
4938
4939         cancel_work_sync(&(wl->beacon_update_trigger));
4940
4941         if (!dev)
4942                 goto out;
4943
4944         mutex_lock(&wl->mutex);
4945         if (b43_status(dev) >= B43_STAT_STARTED) {
4946                 dev = b43_wireless_core_stop(dev);
4947                 if (!dev)
4948                         goto out_unlock;
4949         }
4950         b43_wireless_core_exit(dev);
4951         wl->radio_enabled = false;
4952
4953 out_unlock:
4954         mutex_unlock(&wl->mutex);
4955 out:
4956         cancel_work_sync(&(wl->txpower_adjust_work));
4957 }
4958
4959 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
4960                                  struct ieee80211_sta *sta, bool set)
4961 {
4962         struct b43_wl *wl = hw_to_b43_wl(hw);
4963
4964         /* FIXME: add locking */
4965         b43_update_templates(wl);
4966
4967         return 0;
4968 }
4969
4970 static void b43_op_sta_notify(struct ieee80211_hw *hw,
4971                               struct ieee80211_vif *vif,
4972                               enum sta_notify_cmd notify_cmd,
4973                               struct ieee80211_sta *sta)
4974 {
4975         struct b43_wl *wl = hw_to_b43_wl(hw);
4976
4977         B43_WARN_ON(!vif || wl->vif != vif);
4978 }
4979
4980 static void b43_op_sw_scan_start_notifier(struct ieee80211_hw *hw)
4981 {
4982         struct b43_wl *wl = hw_to_b43_wl(hw);
4983         struct b43_wldev *dev;
4984
4985         mutex_lock(&wl->mutex);
4986         dev = wl->current_dev;
4987         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4988                 /* Disable CFP update during scan on other channels. */
4989                 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_SKCFPUP);
4990         }
4991         mutex_unlock(&wl->mutex);
4992 }
4993
4994 static void b43_op_sw_scan_complete_notifier(struct ieee80211_hw *hw)
4995 {
4996         struct b43_wl *wl = hw_to_b43_wl(hw);
4997         struct b43_wldev *dev;
4998
4999         mutex_lock(&wl->mutex);
5000         dev = wl->current_dev;
5001         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
5002                 /* Re-enable CFP update. */
5003                 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_SKCFPUP);
5004         }
5005         mutex_unlock(&wl->mutex);
5006 }
5007
5008 static int b43_op_get_survey(struct ieee80211_hw *hw, int idx,
5009                              struct survey_info *survey)
5010 {
5011         struct b43_wl *wl = hw_to_b43_wl(hw);
5012         struct b43_wldev *dev = wl->current_dev;
5013         struct ieee80211_conf *conf = &hw->conf;
5014
5015         if (idx != 0)
5016                 return -ENOENT;
5017
5018         survey->channel = conf->chandef.chan;
5019         survey->filled = SURVEY_INFO_NOISE_DBM;
5020         survey->noise = dev->stats.link_noise;
5021
5022         return 0;
5023 }
5024
5025 static const struct ieee80211_ops b43_hw_ops = {
5026         .tx                     = b43_op_tx,
5027         .conf_tx                = b43_op_conf_tx,
5028         .add_interface          = b43_op_add_interface,
5029         .remove_interface       = b43_op_remove_interface,
5030         .config                 = b43_op_config,
5031         .bss_info_changed       = b43_op_bss_info_changed,
5032         .configure_filter       = b43_op_configure_filter,
5033         .set_key                = b43_op_set_key,
5034         .update_tkip_key        = b43_op_update_tkip_key,
5035         .get_stats              = b43_op_get_stats,
5036         .get_tsf                = b43_op_get_tsf,
5037         .set_tsf                = b43_op_set_tsf,
5038         .start                  = b43_op_start,
5039         .stop                   = b43_op_stop,
5040         .set_tim                = b43_op_beacon_set_tim,
5041         .sta_notify             = b43_op_sta_notify,
5042         .sw_scan_start          = b43_op_sw_scan_start_notifier,
5043         .sw_scan_complete       = b43_op_sw_scan_complete_notifier,
5044         .get_survey             = b43_op_get_survey,
5045         .rfkill_poll            = b43_rfkill_poll,
5046 };
5047
5048 /* Hard-reset the chip. Do not call this directly.
5049  * Use b43_controller_restart()
5050  */
5051 static void b43_chip_reset(struct work_struct *work)
5052 {
5053         struct b43_wldev *dev =
5054             container_of(work, struct b43_wldev, restart_work);
5055         struct b43_wl *wl = dev->wl;
5056         int err = 0;
5057         int prev_status;
5058
5059         mutex_lock(&wl->mutex);
5060
5061         prev_status = b43_status(dev);
5062         /* Bring the device down... */
5063         if (prev_status >= B43_STAT_STARTED) {
5064                 dev = b43_wireless_core_stop(dev);
5065                 if (!dev) {
5066                         err = -ENODEV;
5067                         goto out;
5068                 }
5069         }
5070         if (prev_status >= B43_STAT_INITIALIZED)
5071                 b43_wireless_core_exit(dev);
5072
5073         /* ...and up again. */
5074         if (prev_status >= B43_STAT_INITIALIZED) {
5075                 err = b43_wireless_core_init(dev);
5076                 if (err)
5077                         goto out;
5078         }
5079         if (prev_status >= B43_STAT_STARTED) {
5080                 err = b43_wireless_core_start(dev);
5081                 if (err) {
5082                         b43_wireless_core_exit(dev);
5083                         goto out;
5084                 }
5085         }
5086 out:
5087         if (err)
5088                 wl->current_dev = NULL; /* Failed to init the dev. */
5089         mutex_unlock(&wl->mutex);
5090
5091         if (err) {
5092                 b43err(wl, "Controller restart FAILED\n");
5093                 return;
5094         }
5095
5096         /* reload configuration */
5097         b43_op_config(wl->hw, ~0);
5098         if (wl->vif)
5099                 b43_op_bss_info_changed(wl->hw, wl->vif, &wl->vif->bss_conf, ~0);
5100
5101         b43info(wl, "Controller restarted\n");
5102 }
5103
5104 static int b43_setup_bands(struct b43_wldev *dev,
5105                            bool have_2ghz_phy, bool have_5ghz_phy)
5106 {
5107         struct ieee80211_hw *hw = dev->wl->hw;
5108
5109         if (have_2ghz_phy)
5110                 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &b43_band_2GHz;
5111         if (dev->phy.type == B43_PHYTYPE_N) {
5112                 if (have_5ghz_phy)
5113                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_nphy;
5114         } else {
5115                 if (have_5ghz_phy)
5116                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
5117         }
5118
5119         dev->phy.supports_2ghz = have_2ghz_phy;
5120         dev->phy.supports_5ghz = have_5ghz_phy;
5121
5122         return 0;
5123 }
5124
5125 static void b43_wireless_core_detach(struct b43_wldev *dev)
5126 {
5127         /* We release firmware that late to not be required to re-request
5128          * is all the time when we reinit the core. */
5129         b43_release_firmware(dev);
5130         b43_phy_free(dev);
5131 }
5132
5133 static int b43_wireless_core_attach(struct b43_wldev *dev)
5134 {
5135         struct b43_wl *wl = dev->wl;
5136         struct pci_dev *pdev = NULL;
5137         int err;
5138         u32 tmp;
5139         bool have_2ghz_phy = false, have_5ghz_phy = false;
5140
5141         /* Do NOT do any device initialization here.
5142          * Do it in wireless_core_init() instead.
5143          * This function is for gathering basic information about the HW, only.
5144          * Also some structs may be set up here. But most likely you want to have
5145          * that in core_init(), too.
5146          */
5147
5148 #ifdef CONFIG_B43_SSB
5149         if (dev->dev->bus_type == B43_BUS_SSB &&
5150             dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI)
5151                 pdev = dev->dev->sdev->bus->host_pci;
5152 #endif
5153
5154         err = b43_bus_powerup(dev, 0);
5155         if (err) {
5156                 b43err(wl, "Bus powerup failed\n");
5157                 goto out;
5158         }
5159
5160         /* Get the PHY type. */
5161         switch (dev->dev->bus_type) {
5162 #ifdef CONFIG_B43_BCMA
5163         case B43_BUS_BCMA:
5164                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOST);
5165                 have_2ghz_phy = !!(tmp & B43_BCMA_IOST_2G_PHY);
5166                 have_5ghz_phy = !!(tmp & B43_BCMA_IOST_5G_PHY);
5167                 break;
5168 #endif
5169 #ifdef CONFIG_B43_SSB
5170         case B43_BUS_SSB:
5171                 if (dev->dev->core_rev >= 5) {
5172                         tmp = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
5173                         have_2ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_2GHZ_PHY);
5174                         have_5ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_5GHZ_PHY);
5175                 } else
5176                         B43_WARN_ON(1);
5177                 break;
5178 #endif
5179         }
5180
5181         dev->phy.gmode = have_2ghz_phy;
5182         dev->phy.radio_on = true;
5183         b43_wireless_core_reset(dev, dev->phy.gmode);
5184
5185         err = b43_phy_versioning(dev);
5186         if (err)
5187                 goto err_powerdown;
5188         /* Check if this device supports multiband. */
5189         if (!pdev ||
5190             (pdev->device != 0x4312 &&
5191              pdev->device != 0x4319 && pdev->device != 0x4324)) {
5192                 /* No multiband support. */
5193                 have_2ghz_phy = false;
5194                 have_5ghz_phy = false;
5195                 switch (dev->phy.type) {
5196                 case B43_PHYTYPE_A:
5197                         have_5ghz_phy = true;
5198                         break;
5199                 case B43_PHYTYPE_LP: //FIXME not always!
5200 #if 0 //FIXME enabling 5GHz causes a NULL pointer dereference
5201                         have_5ghz_phy = 1;
5202 #endif
5203                 case B43_PHYTYPE_G:
5204                 case B43_PHYTYPE_N:
5205                 case B43_PHYTYPE_HT:
5206                 case B43_PHYTYPE_LCN:
5207                         have_2ghz_phy = true;
5208                         break;
5209                 default:
5210                         B43_WARN_ON(1);
5211                 }
5212         }
5213         if (dev->phy.type == B43_PHYTYPE_A) {
5214                 /* FIXME */
5215                 b43err(wl, "IEEE 802.11a devices are unsupported\n");
5216                 err = -EOPNOTSUPP;
5217                 goto err_powerdown;
5218         }
5219         if (1 /* disable A-PHY */) {
5220                 /* FIXME: For now we disable the A-PHY on multi-PHY devices. */
5221                 if (dev->phy.type != B43_PHYTYPE_N &&
5222                     dev->phy.type != B43_PHYTYPE_LP) {
5223                         have_2ghz_phy = true;
5224                         have_5ghz_phy = false;
5225                 }
5226         }
5227
5228         err = b43_phy_allocate(dev);
5229         if (err)
5230                 goto err_powerdown;
5231
5232         dev->phy.gmode = have_2ghz_phy;
5233         b43_wireless_core_reset(dev, dev->phy.gmode);
5234
5235         err = b43_validate_chipaccess(dev);
5236         if (err)
5237                 goto err_phy_free;
5238         err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
5239         if (err)
5240                 goto err_phy_free;
5241
5242         /* Now set some default "current_dev" */
5243         if (!wl->current_dev)
5244                 wl->current_dev = dev;
5245         INIT_WORK(&dev->restart_work, b43_chip_reset);
5246
5247         dev->phy.ops->switch_analog(dev, 0);
5248         b43_device_disable(dev, 0);
5249         b43_bus_may_powerdown(dev);
5250
5251 out:
5252         return err;
5253
5254 err_phy_free:
5255         b43_phy_free(dev);
5256 err_powerdown:
5257         b43_bus_may_powerdown(dev);
5258         return err;
5259 }
5260
5261 static void b43_one_core_detach(struct b43_bus_dev *dev)
5262 {
5263         struct b43_wldev *wldev;
5264         struct b43_wl *wl;
5265
5266         /* Do not cancel ieee80211-workqueue based work here.
5267          * See comment in b43_remove(). */
5268
5269         wldev = b43_bus_get_wldev(dev);
5270         wl = wldev->wl;
5271         b43_debugfs_remove_device(wldev);
5272         b43_wireless_core_detach(wldev);
5273         list_del(&wldev->list);
5274         wl->nr_devs--;
5275         b43_bus_set_wldev(dev, NULL);
5276         kfree(wldev);
5277 }
5278
5279 static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl)
5280 {
5281         struct b43_wldev *wldev;
5282         int err = -ENOMEM;
5283
5284         wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
5285         if (!wldev)
5286                 goto out;
5287
5288         wldev->use_pio = b43_modparam_pio;
5289         wldev->dev = dev;
5290         wldev->wl = wl;
5291         b43_set_status(wldev, B43_STAT_UNINIT);
5292         wldev->bad_frames_preempt = modparam_bad_frames_preempt;
5293         INIT_LIST_HEAD(&wldev->list);
5294
5295         err = b43_wireless_core_attach(wldev);
5296         if (err)
5297                 goto err_kfree_wldev;
5298
5299         list_add(&wldev->list, &wl->devlist);
5300         wl->nr_devs++;
5301         b43_bus_set_wldev(dev, wldev);
5302         b43_debugfs_add_device(wldev);
5303
5304       out:
5305         return err;
5306
5307       err_kfree_wldev:
5308         kfree(wldev);
5309         return err;
5310 }
5311
5312 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice)         ( \
5313         (pdev->vendor == PCI_VENDOR_ID_##_vendor) &&                    \
5314         (pdev->device == _device) &&                                    \
5315         (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) &&       \
5316         (pdev->subsystem_device == _subdevice)                          )
5317
5318 static void b43_sprom_fixup(struct ssb_bus *bus)
5319 {
5320         struct pci_dev *pdev;
5321
5322         /* boardflags workarounds */
5323         if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
5324             bus->chip_id == 0x4301 && bus->sprom.board_rev == 0x74)
5325                 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
5326         if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
5327             bus->boardinfo.type == 0x4E && bus->sprom.board_rev > 0x40)
5328                 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
5329         if (bus->bustype == SSB_BUSTYPE_PCI) {
5330                 pdev = bus->host_pci;
5331                 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
5332                     IS_PDEV(pdev, BROADCOM, 0x4320,    DELL, 0x0003) ||
5333                     IS_PDEV(pdev, BROADCOM, 0x4320,      HP, 0x12f8) ||
5334                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
5335                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
5336                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
5337                     IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
5338                         bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
5339         }
5340 }
5341
5342 static void b43_wireless_exit(struct b43_bus_dev *dev, struct b43_wl *wl)
5343 {
5344         struct ieee80211_hw *hw = wl->hw;
5345
5346         ssb_set_devtypedata(dev->sdev, NULL);
5347         ieee80211_free_hw(hw);
5348 }
5349
5350 static struct b43_wl *b43_wireless_init(struct b43_bus_dev *dev)
5351 {
5352         struct ssb_sprom *sprom = dev->bus_sprom;
5353         struct ieee80211_hw *hw;
5354         struct b43_wl *wl;
5355         char chip_name[6];
5356         int queue_num;
5357
5358         hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
5359         if (!hw) {
5360                 b43err(NULL, "Could not allocate ieee80211 device\n");
5361                 return ERR_PTR(-ENOMEM);
5362         }
5363         wl = hw_to_b43_wl(hw);
5364
5365         /* fill hw info */
5366         hw->flags = IEEE80211_HW_RX_INCLUDES_FCS |
5367                     IEEE80211_HW_SIGNAL_DBM;
5368
5369         hw->wiphy->interface_modes =
5370                 BIT(NL80211_IFTYPE_AP) |
5371                 BIT(NL80211_IFTYPE_MESH_POINT) |
5372                 BIT(NL80211_IFTYPE_STATION) |
5373                 BIT(NL80211_IFTYPE_WDS) |
5374                 BIT(NL80211_IFTYPE_ADHOC);
5375
5376         hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
5377
5378         wl->hw_registred = false;
5379         hw->max_rates = 2;
5380         SET_IEEE80211_DEV(hw, dev->dev);
5381         if (is_valid_ether_addr(sprom->et1mac))
5382                 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
5383         else
5384                 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
5385
5386         /* Initialize struct b43_wl */
5387         wl->hw = hw;
5388         mutex_init(&wl->mutex);
5389         spin_lock_init(&wl->hardirq_lock);
5390         INIT_LIST_HEAD(&wl->devlist);
5391         INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
5392         INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
5393         INIT_WORK(&wl->tx_work, b43_tx_work);
5394
5395         /* Initialize queues and flags. */
5396         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
5397                 skb_queue_head_init(&wl->tx_queue[queue_num]);
5398                 wl->tx_queue_stopped[queue_num] = 0;
5399         }
5400
5401         snprintf(chip_name, ARRAY_SIZE(chip_name),
5402                  (dev->chip_id > 0x9999) ? "%d" : "%04X", dev->chip_id);
5403         b43info(wl, "Broadcom %s WLAN found (core revision %u)\n", chip_name,
5404                 dev->core_rev);
5405         return wl;
5406 }
5407
5408 #ifdef CONFIG_B43_BCMA
5409 static int b43_bcma_probe(struct bcma_device *core)
5410 {
5411         struct b43_bus_dev *dev;
5412         struct b43_wl *wl;
5413         int err;
5414
5415         if (!modparam_allhwsupport &&
5416             (core->id.rev == 0x17 || core->id.rev == 0x18)) {
5417                 pr_err("Support for cores revisions 0x17 and 0x18 disabled by module param allhwsupport=0. Try b43.allhwsupport=1\n");
5418                 return -ENOTSUPP;
5419         }
5420
5421         dev = b43_bus_dev_bcma_init(core);
5422         if (!dev)
5423                 return -ENODEV;
5424
5425         wl = b43_wireless_init(dev);
5426         if (IS_ERR(wl)) {
5427                 err = PTR_ERR(wl);
5428                 goto bcma_out;
5429         }
5430
5431         err = b43_one_core_attach(dev, wl);
5432         if (err)
5433                 goto bcma_err_wireless_exit;
5434
5435         /* setup and start work to load firmware */
5436         INIT_WORK(&wl->firmware_load, b43_request_firmware);
5437         schedule_work(&wl->firmware_load);
5438
5439 bcma_out:
5440         return err;
5441
5442 bcma_err_wireless_exit:
5443         ieee80211_free_hw(wl->hw);
5444         return err;
5445 }
5446
5447 static void b43_bcma_remove(struct bcma_device *core)
5448 {
5449         struct b43_wldev *wldev = bcma_get_drvdata(core);
5450         struct b43_wl *wl = wldev->wl;
5451
5452         /* We must cancel any work here before unregistering from ieee80211,
5453          * as the ieee80211 unreg will destroy the workqueue. */
5454         cancel_work_sync(&wldev->restart_work);
5455         cancel_work_sync(&wl->firmware_load);
5456
5457         B43_WARN_ON(!wl);
5458         if (!wldev->fw.ucode.data)
5459                 return;                 /* NULL if firmware never loaded */
5460         if (wl->current_dev == wldev && wl->hw_registred) {
5461                 b43_leds_stop(wldev);
5462                 ieee80211_unregister_hw(wl->hw);
5463         }
5464
5465         b43_one_core_detach(wldev->dev);
5466
5467         b43_leds_unregister(wl);
5468
5469         ieee80211_free_hw(wl->hw);
5470 }
5471
5472 static struct bcma_driver b43_bcma_driver = {
5473         .name           = KBUILD_MODNAME,
5474         .id_table       = b43_bcma_tbl,
5475         .probe          = b43_bcma_probe,
5476         .remove         = b43_bcma_remove,
5477 };
5478 #endif
5479
5480 #ifdef CONFIG_B43_SSB
5481 static
5482 int b43_ssb_probe(struct ssb_device *sdev, const struct ssb_device_id *id)
5483 {
5484         struct b43_bus_dev *dev;
5485         struct b43_wl *wl;
5486         int err;
5487         int first = 0;
5488
5489         dev = b43_bus_dev_ssb_init(sdev);
5490         if (!dev)
5491                 return -ENOMEM;
5492
5493         wl = ssb_get_devtypedata(sdev);
5494         if (!wl) {
5495                 /* Probing the first core. Must setup common struct b43_wl */
5496                 first = 1;
5497                 b43_sprom_fixup(sdev->bus);
5498                 wl = b43_wireless_init(dev);
5499                 if (IS_ERR(wl)) {
5500                         err = PTR_ERR(wl);
5501                         goto out;
5502                 }
5503                 ssb_set_devtypedata(sdev, wl);
5504                 B43_WARN_ON(ssb_get_devtypedata(sdev) != wl);
5505         }
5506         err = b43_one_core_attach(dev, wl);
5507         if (err)
5508                 goto err_wireless_exit;
5509
5510         /* setup and start work to load firmware */
5511         INIT_WORK(&wl->firmware_load, b43_request_firmware);
5512         schedule_work(&wl->firmware_load);
5513
5514       out:
5515         return err;
5516
5517       err_wireless_exit:
5518         if (first)
5519                 b43_wireless_exit(dev, wl);
5520         return err;
5521 }
5522
5523 static void b43_ssb_remove(struct ssb_device *sdev)
5524 {
5525         struct b43_wl *wl = ssb_get_devtypedata(sdev);
5526         struct b43_wldev *wldev = ssb_get_drvdata(sdev);
5527         struct b43_bus_dev *dev = wldev->dev;
5528
5529         /* We must cancel any work here before unregistering from ieee80211,
5530          * as the ieee80211 unreg will destroy the workqueue. */
5531         cancel_work_sync(&wldev->restart_work);
5532         cancel_work_sync(&wl->firmware_load);
5533
5534         B43_WARN_ON(!wl);
5535         if (!wldev->fw.ucode.data)
5536                 return;                 /* NULL if firmware never loaded */
5537         if (wl->current_dev == wldev && wl->hw_registred) {
5538                 b43_leds_stop(wldev);
5539                 ieee80211_unregister_hw(wl->hw);
5540         }
5541
5542         b43_one_core_detach(dev);
5543
5544         if (list_empty(&wl->devlist)) {
5545                 b43_leds_unregister(wl);
5546                 /* Last core on the chip unregistered.
5547                  * We can destroy common struct b43_wl.
5548                  */
5549                 b43_wireless_exit(dev, wl);
5550         }
5551 }
5552
5553 static struct ssb_driver b43_ssb_driver = {
5554         .name           = KBUILD_MODNAME,
5555         .id_table       = b43_ssb_tbl,
5556         .probe          = b43_ssb_probe,
5557         .remove         = b43_ssb_remove,
5558 };
5559 #endif /* CONFIG_B43_SSB */
5560
5561 /* Perform a hardware reset. This can be called from any context. */
5562 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
5563 {
5564         /* Must avoid requeueing, if we are in shutdown. */
5565         if (b43_status(dev) < B43_STAT_INITIALIZED)
5566                 return;
5567         b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
5568         ieee80211_queue_work(dev->wl->hw, &dev->restart_work);
5569 }
5570
5571 static void b43_print_driverinfo(void)
5572 {
5573         const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
5574                    *feat_leds = "", *feat_sdio = "";
5575
5576 #ifdef CONFIG_B43_PCI_AUTOSELECT
5577         feat_pci = "P";
5578 #endif
5579 #ifdef CONFIG_B43_PCMCIA
5580         feat_pcmcia = "M";
5581 #endif
5582 #ifdef CONFIG_B43_PHY_N
5583         feat_nphy = "N";
5584 #endif
5585 #ifdef CONFIG_B43_LEDS
5586         feat_leds = "L";
5587 #endif
5588 #ifdef CONFIG_B43_SDIO
5589         feat_sdio = "S";
5590 #endif
5591         printk(KERN_INFO "Broadcom 43xx driver loaded "
5592                "[ Features: %s%s%s%s%s ]\n",
5593                feat_pci, feat_pcmcia, feat_nphy,
5594                feat_leds, feat_sdio);
5595 }
5596
5597 static int __init b43_init(void)
5598 {
5599         int err;
5600
5601         b43_debugfs_init();
5602         err = b43_pcmcia_init();
5603         if (err)
5604                 goto err_dfs_exit;
5605         err = b43_sdio_init();
5606         if (err)
5607                 goto err_pcmcia_exit;
5608 #ifdef CONFIG_B43_BCMA
5609         err = bcma_driver_register(&b43_bcma_driver);
5610         if (err)
5611                 goto err_sdio_exit;
5612 #endif
5613 #ifdef CONFIG_B43_SSB
5614         err = ssb_driver_register(&b43_ssb_driver);
5615         if (err)
5616                 goto err_bcma_driver_exit;
5617 #endif
5618         b43_print_driverinfo();
5619
5620         return err;
5621
5622 #ifdef CONFIG_B43_SSB
5623 err_bcma_driver_exit:
5624 #endif
5625 #ifdef CONFIG_B43_BCMA
5626         bcma_driver_unregister(&b43_bcma_driver);
5627 err_sdio_exit:
5628 #endif
5629         b43_sdio_exit();
5630 err_pcmcia_exit:
5631         b43_pcmcia_exit();
5632 err_dfs_exit:
5633         b43_debugfs_exit();
5634         return err;
5635 }
5636
5637 static void __exit b43_exit(void)
5638 {
5639 #ifdef CONFIG_B43_SSB
5640         ssb_driver_unregister(&b43_ssb_driver);
5641 #endif
5642 #ifdef CONFIG_B43_BCMA
5643         bcma_driver_unregister(&b43_bcma_driver);
5644 #endif
5645         b43_sdio_exit();
5646         b43_pcmcia_exit();
5647         b43_debugfs_exit();
5648 }
5649
5650 module_init(b43_init)
5651 module_exit(b43_exit)
Andy's Linux Kernel repo