git.openpandora.org / pandora-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next
[pandora-kernel.git] / drivers / net / wireless / b43 / main.c
1 /*
2
3   Broadcom B43 wireless driver
4
5   Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6   Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7   Copyright (c) 2005-2009 Michael Buesch <m@bues.ch>
8   Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9   Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
10   Copyright (c) 2010-2011 Rafał Miłecki <zajec5@gmail.com>
11
12   SDIO support
13   Copyright (c) 2009 Albert Herranz <albert_herranz@yahoo.es>
14
15   Some parts of the code in this file are derived from the ipw2200
16   driver  Copyright(c) 2003 - 2004 Intel Corporation.
17
18   This program is free software; you can redistribute it and/or modify
19   it under the terms of the GNU General Public License as published by
20   the Free Software Foundation; either version 2 of the License, or
21   (at your option) any later version.
22
23   This program is distributed in the hope that it will be useful,
24   but WITHOUT ANY WARRANTY; without even the implied warranty of
25   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
26   GNU General Public License for more details.
27
28   You should have received a copy of the GNU General Public License
29   along with this program; see the file COPYING.  If not, write to
30   the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
31   Boston, MA 02110-1301, USA.
32
33 */
34
35 #include <linux/delay.h>
36 #include <linux/init.h>
37 #include <linux/module.h>
38 #include <linux/if_arp.h>
39 #include <linux/etherdevice.h>
40 #include <linux/firmware.h>
41 #include <linux/workqueue.h>
42 #include <linux/skbuff.h>
43 #include <linux/io.h>
44 #include <linux/dma-mapping.h>
45 #include <linux/slab.h>
46 #include <asm/unaligned.h>
47
48 #include "b43.h"
49 #include "main.h"
50 #include "debugfs.h"
51 #include "phy_common.h"
52 #include "phy_g.h"
53 #include "phy_n.h"
54 #include "dma.h"
55 #include "pio.h"
56 #include "sysfs.h"
57 #include "xmit.h"
58 #include "lo.h"
59 #include "pcmcia.h"
60 #include "sdio.h"
61 #include <linux/mmc/sdio_func.h>
62
63 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
64 MODULE_AUTHOR("Martin Langer");
65 MODULE_AUTHOR("Stefano Brivio");
66 MODULE_AUTHOR("Michael Buesch");
67 MODULE_AUTHOR("Gábor Stefanik");
68 MODULE_AUTHOR("Rafał Miłecki");
69 MODULE_LICENSE("GPL");
70
71 MODULE_FIRMWARE("b43/ucode11.fw");
72 MODULE_FIRMWARE("b43/ucode13.fw");
73 MODULE_FIRMWARE("b43/ucode14.fw");
74 MODULE_FIRMWARE("b43/ucode15.fw");
75 MODULE_FIRMWARE("b43/ucode16_mimo.fw");
76 MODULE_FIRMWARE("b43/ucode5.fw");
77 MODULE_FIRMWARE("b43/ucode9.fw");
78
79 static int modparam_bad_frames_preempt;
80 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
81 MODULE_PARM_DESC(bad_frames_preempt,
82                  "enable(1) / disable(0) Bad Frames Preemption");
83
84 static char modparam_fwpostfix[16];
85 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
86 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
87
88 static int modparam_hwpctl;
89 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
90 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
91
92 static int modparam_nohwcrypt;
93 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
94 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
95
96 static int modparam_hwtkip;
97 module_param_named(hwtkip, modparam_hwtkip, int, 0444);
98 MODULE_PARM_DESC(hwtkip, "Enable hardware tkip.");
99
100 static int modparam_qos = 1;
101 module_param_named(qos, modparam_qos, int, 0444);
102 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
103
104 static int modparam_btcoex = 1;
105 module_param_named(btcoex, modparam_btcoex, int, 0444);
106 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistence (default on)");
107
108 int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
109 module_param_named(verbose, b43_modparam_verbose, int, 0644);
110 MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
111
112 static int b43_modparam_pio = 0;
113 module_param_named(pio, b43_modparam_pio, int, 0644);
114 MODULE_PARM_DESC(pio, "Use PIO accesses by default: 0=DMA, 1=PIO");
115
116 static int modparam_allhwsupport = !IS_ENABLED(CONFIG_BRCMSMAC);
117 module_param_named(allhwsupport, modparam_allhwsupport, int, 0444);
118 MODULE_PARM_DESC(allhwsupport, "Enable support for all hardware (even it if overlaps with the brcmsmac driver)");
119
120 #ifdef CONFIG_B43_BCMA
121 static const struct bcma_device_id b43_bcma_tbl[] = {
122         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x11, BCMA_ANY_CLASS),
123         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x17, BCMA_ANY_CLASS),
124         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x18, BCMA_ANY_CLASS),
125         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1C, BCMA_ANY_CLASS),
126         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1D, BCMA_ANY_CLASS),
127         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1E, BCMA_ANY_CLASS),
128         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x28, BCMA_ANY_CLASS),
129         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x2A, BCMA_ANY_CLASS),
130         BCMA_CORETABLE_END
131 };
132 MODULE_DEVICE_TABLE(bcma, b43_bcma_tbl);
133 #endif
134
135 #ifdef CONFIG_B43_SSB
136 static const struct ssb_device_id b43_ssb_tbl[] = {
137         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
138         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
139         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
140         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
141         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
142         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
143         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 12),
144         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
145         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
146         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
147         SSB_DEVTABLE_END
148 };
149 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
150 #endif
151
152 /* Channel and ratetables are shared for all devices.
153  * They can't be const, because ieee80211 puts some precalculated
154  * data in there. This data is the same for all devices, so we don't
155  * get concurrency issues */
156 #define RATETAB_ENT(_rateid, _flags) \
157         {                                                               \
158                 .bitrate        = B43_RATE_TO_BASE100KBPS(_rateid),     \
159                 .hw_value       = (_rateid),                            \
160                 .flags          = (_flags),                             \
161         }
162
163 /*
164  * NOTE: When changing this, sync with xmit.c's
165  *       b43_plcp_get_bitrate_idx_* functions!
166  */
167 static struct ieee80211_rate __b43_ratetable[] = {
168         RATETAB_ENT(B43_CCK_RATE_1MB, 0),
169         RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
170         RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
171         RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
172         RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
173         RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
174         RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
175         RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
176         RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
177         RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
178         RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
179         RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
180 };
181
182 #define b43_a_ratetable         (__b43_ratetable + 4)
183 #define b43_a_ratetable_size    8
184 #define b43_b_ratetable         (__b43_ratetable + 0)
185 #define b43_b_ratetable_size    4
186 #define b43_g_ratetable         (__b43_ratetable + 0)
187 #define b43_g_ratetable_size    12
188
189 #define CHAN2G(_channel, _freq, _flags) {                       \
190         .band                   = IEEE80211_BAND_2GHZ,          \
191         .center_freq            = (_freq),                      \
192         .hw_value               = (_channel),                   \
193         .flags                  = (_flags),                     \
194         .max_antenna_gain       = 0,                            \
195         .max_power              = 30,                           \
196 }
197 static struct ieee80211_channel b43_2ghz_chantable[] = {
198         CHAN2G(1, 2412, 0),
199         CHAN2G(2, 2417, 0),
200         CHAN2G(3, 2422, 0),
201         CHAN2G(4, 2427, 0),
202         CHAN2G(5, 2432, 0),
203         CHAN2G(6, 2437, 0),
204         CHAN2G(7, 2442, 0),
205         CHAN2G(8, 2447, 0),
206         CHAN2G(9, 2452, 0),
207         CHAN2G(10, 2457, 0),
208         CHAN2G(11, 2462, 0),
209         CHAN2G(12, 2467, 0),
210         CHAN2G(13, 2472, 0),
211         CHAN2G(14, 2484, 0),
212 };
213 #undef CHAN2G
214
215 #define CHAN4G(_channel, _flags) {                              \
216         .band                   = IEEE80211_BAND_5GHZ,          \
217         .center_freq            = 4000 + (5 * (_channel)),      \
218         .hw_value               = (_channel),                   \
219         .flags                  = (_flags),                     \
220         .max_antenna_gain       = 0,                            \
221         .max_power              = 30,                           \
222 }
223 #define CHAN5G(_channel, _flags) {                              \
224         .band                   = IEEE80211_BAND_5GHZ,          \
225         .center_freq            = 5000 + (5 * (_channel)),      \
226         .hw_value               = (_channel),                   \
227         .flags                  = (_flags),                     \
228         .max_antenna_gain       = 0,                            \
229         .max_power              = 30,                           \
230 }
231 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
232         CHAN4G(184, 0),         CHAN4G(186, 0),
233         CHAN4G(188, 0),         CHAN4G(190, 0),
234         CHAN4G(192, 0),         CHAN4G(194, 0),
235         CHAN4G(196, 0),         CHAN4G(198, 0),
236         CHAN4G(200, 0),         CHAN4G(202, 0),
237         CHAN4G(204, 0),         CHAN4G(206, 0),
238         CHAN4G(208, 0),         CHAN4G(210, 0),
239         CHAN4G(212, 0),         CHAN4G(214, 0),
240         CHAN4G(216, 0),         CHAN4G(218, 0),
241         CHAN4G(220, 0),         CHAN4G(222, 0),
242         CHAN4G(224, 0),         CHAN4G(226, 0),
243         CHAN4G(228, 0),
244         CHAN5G(32, 0),          CHAN5G(34, 0),
245         CHAN5G(36, 0),          CHAN5G(38, 0),
246         CHAN5G(40, 0),          CHAN5G(42, 0),
247         CHAN5G(44, 0),          CHAN5G(46, 0),
248         CHAN5G(48, 0),          CHAN5G(50, 0),
249         CHAN5G(52, 0),          CHAN5G(54, 0),
250         CHAN5G(56, 0),          CHAN5G(58, 0),
251         CHAN5G(60, 0),          CHAN5G(62, 0),
252         CHAN5G(64, 0),          CHAN5G(66, 0),
253         CHAN5G(68, 0),          CHAN5G(70, 0),
254         CHAN5G(72, 0),          CHAN5G(74, 0),
255         CHAN5G(76, 0),          CHAN5G(78, 0),
256         CHAN5G(80, 0),          CHAN5G(82, 0),
257         CHAN5G(84, 0),          CHAN5G(86, 0),
258         CHAN5G(88, 0),          CHAN5G(90, 0),
259         CHAN5G(92, 0),          CHAN5G(94, 0),
260         CHAN5G(96, 0),          CHAN5G(98, 0),
261         CHAN5G(100, 0),         CHAN5G(102, 0),
262         CHAN5G(104, 0),         CHAN5G(106, 0),
263         CHAN5G(108, 0),         CHAN5G(110, 0),
264         CHAN5G(112, 0),         CHAN5G(114, 0),
265         CHAN5G(116, 0),         CHAN5G(118, 0),
266         CHAN5G(120, 0),         CHAN5G(122, 0),
267         CHAN5G(124, 0),         CHAN5G(126, 0),
268         CHAN5G(128, 0),         CHAN5G(130, 0),
269         CHAN5G(132, 0),         CHAN5G(134, 0),
270         CHAN5G(136, 0),         CHAN5G(138, 0),
271         CHAN5G(140, 0),         CHAN5G(142, 0),
272         CHAN5G(144, 0),         CHAN5G(145, 0),
273         CHAN5G(146, 0),         CHAN5G(147, 0),
274         CHAN5G(148, 0),         CHAN5G(149, 0),
275         CHAN5G(150, 0),         CHAN5G(151, 0),
276         CHAN5G(152, 0),         CHAN5G(153, 0),
277         CHAN5G(154, 0),         CHAN5G(155, 0),
278         CHAN5G(156, 0),         CHAN5G(157, 0),
279         CHAN5G(158, 0),         CHAN5G(159, 0),
280         CHAN5G(160, 0),         CHAN5G(161, 0),
281         CHAN5G(162, 0),         CHAN5G(163, 0),
282         CHAN5G(164, 0),         CHAN5G(165, 0),
283         CHAN5G(166, 0),         CHAN5G(168, 0),
284         CHAN5G(170, 0),         CHAN5G(172, 0),
285         CHAN5G(174, 0),         CHAN5G(176, 0),
286         CHAN5G(178, 0),         CHAN5G(180, 0),
287         CHAN5G(182, 0),
288 };
289
290 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
291         CHAN5G(34, 0),          CHAN5G(36, 0),
292         CHAN5G(38, 0),          CHAN5G(40, 0),
293         CHAN5G(42, 0),          CHAN5G(44, 0),
294         CHAN5G(46, 0),          CHAN5G(48, 0),
295         CHAN5G(52, 0),          CHAN5G(56, 0),
296         CHAN5G(60, 0),          CHAN5G(64, 0),
297         CHAN5G(100, 0),         CHAN5G(104, 0),
298         CHAN5G(108, 0),         CHAN5G(112, 0),
299         CHAN5G(116, 0),         CHAN5G(120, 0),
300         CHAN5G(124, 0),         CHAN5G(128, 0),
301         CHAN5G(132, 0),         CHAN5G(136, 0),
302         CHAN5G(140, 0),         CHAN5G(149, 0),
303         CHAN5G(153, 0),         CHAN5G(157, 0),
304         CHAN5G(161, 0),         CHAN5G(165, 0),
305         CHAN5G(184, 0),         CHAN5G(188, 0),
306         CHAN5G(192, 0),         CHAN5G(196, 0),
307         CHAN5G(200, 0),         CHAN5G(204, 0),
308         CHAN5G(208, 0),         CHAN5G(212, 0),
309         CHAN5G(216, 0),
310 };
311 #undef CHAN4G
312 #undef CHAN5G
313
314 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
315         .band           = IEEE80211_BAND_5GHZ,
316         .channels       = b43_5ghz_nphy_chantable,
317         .n_channels     = ARRAY_SIZE(b43_5ghz_nphy_chantable),
318         .bitrates       = b43_a_ratetable,
319         .n_bitrates     = b43_a_ratetable_size,
320 };
321
322 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
323         .band           = IEEE80211_BAND_5GHZ,
324         .channels       = b43_5ghz_aphy_chantable,
325         .n_channels     = ARRAY_SIZE(b43_5ghz_aphy_chantable),
326         .bitrates       = b43_a_ratetable,
327         .n_bitrates     = b43_a_ratetable_size,
328 };
329
330 static struct ieee80211_supported_band b43_band_2GHz = {
331         .band           = IEEE80211_BAND_2GHZ,
332         .channels       = b43_2ghz_chantable,
333         .n_channels     = ARRAY_SIZE(b43_2ghz_chantable),
334         .bitrates       = b43_g_ratetable,
335         .n_bitrates     = b43_g_ratetable_size,
336 };
337
338 static void b43_wireless_core_exit(struct b43_wldev *dev);
339 static int b43_wireless_core_init(struct b43_wldev *dev);
340 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev);
341 static int b43_wireless_core_start(struct b43_wldev *dev);
342 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
343                                     struct ieee80211_vif *vif,
344                                     struct ieee80211_bss_conf *conf,
345                                     u32 changed);
346
347 static int b43_ratelimit(struct b43_wl *wl)
348 {
349         if (!wl || !wl->current_dev)
350                 return 1;
351         if (b43_status(wl->current_dev) < B43_STAT_STARTED)
352                 return 1;
353         /* We are up and running.
354          * Ratelimit the messages to avoid DoS over the net. */
355         return net_ratelimit();
356 }
357
358 void b43info(struct b43_wl *wl, const char *fmt, ...)
359 {
360         struct va_format vaf;
361         va_list args;
362
363         if (b43_modparam_verbose < B43_VERBOSITY_INFO)
364                 return;
365         if (!b43_ratelimit(wl))
366                 return;
367
368         va_start(args, fmt);
369
370         vaf.fmt = fmt;
371         vaf.va = &args;
372
373         printk(KERN_INFO "b43-%s: %pV",
374                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
375
376         va_end(args);
377 }
378
379 void b43err(struct b43_wl *wl, const char *fmt, ...)
380 {
381         struct va_format vaf;
382         va_list args;
383
384         if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
385                 return;
386         if (!b43_ratelimit(wl))
387                 return;
388
389         va_start(args, fmt);
390
391         vaf.fmt = fmt;
392         vaf.va = &args;
393
394         printk(KERN_ERR "b43-%s ERROR: %pV",
395                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
396
397         va_end(args);
398 }
399
400 void b43warn(struct b43_wl *wl, const char *fmt, ...)
401 {
402         struct va_format vaf;
403         va_list args;
404
405         if (b43_modparam_verbose < B43_VERBOSITY_WARN)
406                 return;
407         if (!b43_ratelimit(wl))
408                 return;
409
410         va_start(args, fmt);
411
412         vaf.fmt = fmt;
413         vaf.va = &args;
414
415         printk(KERN_WARNING "b43-%s warning: %pV",
416                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
417
418         va_end(args);
419 }
420
421 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
422 {
423         struct va_format vaf;
424         va_list args;
425
426         if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
427                 return;
428
429         va_start(args, fmt);
430
431         vaf.fmt = fmt;
432         vaf.va = &args;
433
434         printk(KERN_DEBUG "b43-%s debug: %pV",
435                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
436
437         va_end(args);
438 }
439
440 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
441 {
442         u32 macctl;
443
444         B43_WARN_ON(offset % 4 != 0);
445
446         macctl = b43_read32(dev, B43_MMIO_MACCTL);
447         if (macctl & B43_MACCTL_BE)
448                 val = swab32(val);
449
450         b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
451         mmiowb();
452         b43_write32(dev, B43_MMIO_RAM_DATA, val);
453 }
454
455 static inline void b43_shm_control_word(struct b43_wldev *dev,
456                                         u16 routing, u16 offset)
457 {
458         u32 control;
459
460         /* "offset" is the WORD offset. */
461         control = routing;
462         control <<= 16;
463         control |= offset;
464         b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
465 }
466
467 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
468 {
469         u32 ret;
470
471         if (routing == B43_SHM_SHARED) {
472                 B43_WARN_ON(offset & 0x0001);
473                 if (offset & 0x0003) {
474                         /* Unaligned access */
475                         b43_shm_control_word(dev, routing, offset >> 2);
476                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
477                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
478                         ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
479
480                         goto out;
481                 }
482                 offset >>= 2;
483         }
484         b43_shm_control_word(dev, routing, offset);
485         ret = b43_read32(dev, B43_MMIO_SHM_DATA);
486 out:
487         return ret;
488 }
489
490 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
491 {
492         u16 ret;
493
494         if (routing == B43_SHM_SHARED) {
495                 B43_WARN_ON(offset & 0x0001);
496                 if (offset & 0x0003) {
497                         /* Unaligned access */
498                         b43_shm_control_word(dev, routing, offset >> 2);
499                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
500
501                         goto out;
502                 }
503                 offset >>= 2;
504         }
505         b43_shm_control_word(dev, routing, offset);
506         ret = b43_read16(dev, B43_MMIO_SHM_DATA);
507 out:
508         return ret;
509 }
510
511 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
512 {
513         if (routing == B43_SHM_SHARED) {
514                 B43_WARN_ON(offset & 0x0001);
515                 if (offset & 0x0003) {
516                         /* Unaligned access */
517                         b43_shm_control_word(dev, routing, offset >> 2);
518                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
519                                     value & 0xFFFF);
520                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
521                         b43_write16(dev, B43_MMIO_SHM_DATA,
522                                     (value >> 16) & 0xFFFF);
523                         return;
524                 }
525                 offset >>= 2;
526         }
527         b43_shm_control_word(dev, routing, offset);
528         b43_write32(dev, B43_MMIO_SHM_DATA, value);
529 }
530
531 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
532 {
533         if (routing == B43_SHM_SHARED) {
534                 B43_WARN_ON(offset & 0x0001);
535                 if (offset & 0x0003) {
536                         /* Unaligned access */
537                         b43_shm_control_word(dev, routing, offset >> 2);
538                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
539                         return;
540                 }
541                 offset >>= 2;
542         }
543         b43_shm_control_word(dev, routing, offset);
544         b43_write16(dev, B43_MMIO_SHM_DATA, value);
545 }
546
547 /* Read HostFlags */
548 u64 b43_hf_read(struct b43_wldev *dev)
549 {
550         u64 ret;
551
552         ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3);
553         ret <<= 16;
554         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2);
555         ret <<= 16;
556         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1);
557
558         return ret;
559 }
560
561 /* Write HostFlags */
562 void b43_hf_write(struct b43_wldev *dev, u64 value)
563 {
564         u16 lo, mi, hi;
565
566         lo = (value & 0x00000000FFFFULL);
567         mi = (value & 0x0000FFFF0000ULL) >> 16;
568         hi = (value & 0xFFFF00000000ULL) >> 32;
569         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1, lo);
570         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2, mi);
571         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3, hi);
572 }
573
574 /* Read the firmware capabilities bitmask (Opensource firmware only) */
575 static u16 b43_fwcapa_read(struct b43_wldev *dev)
576 {
577         B43_WARN_ON(!dev->fw.opensource);
578         return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
579 }
580
581 void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
582 {
583         u32 low, high;
584
585         B43_WARN_ON(dev->dev->core_rev < 3);
586
587         /* The hardware guarantees us an atomic read, if we
588          * read the low register first. */
589         low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
590         high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
591
592         *tsf = high;
593         *tsf <<= 32;
594         *tsf |= low;
595 }
596
597 static void b43_time_lock(struct b43_wldev *dev)
598 {
599         b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_TBTTHOLD);
600         /* Commit the write */
601         b43_read32(dev, B43_MMIO_MACCTL);
602 }
603
604 static void b43_time_unlock(struct b43_wldev *dev)
605 {
606         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_TBTTHOLD, 0);
607         /* Commit the write */
608         b43_read32(dev, B43_MMIO_MACCTL);
609 }
610
611 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
612 {
613         u32 low, high;
614
615         B43_WARN_ON(dev->dev->core_rev < 3);
616
617         low = tsf;
618         high = (tsf >> 32);
619         /* The hardware guarantees us an atomic write, if we
620          * write the low register first. */
621         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
622         mmiowb();
623         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
624         mmiowb();
625 }
626
627 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
628 {
629         b43_time_lock(dev);
630         b43_tsf_write_locked(dev, tsf);
631         b43_time_unlock(dev);
632 }
633
634 static
635 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
636 {
637         static const u8 zero_addr[ETH_ALEN] = { 0 };
638         u16 data;
639
640         if (!mac)
641                 mac = zero_addr;
642
643         offset |= 0x0020;
644         b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
645
646         data = mac[0];
647         data |= mac[1] << 8;
648         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
649         data = mac[2];
650         data |= mac[3] << 8;
651         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
652         data = mac[4];
653         data |= mac[5] << 8;
654         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
655 }
656
657 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
658 {
659         const u8 *mac;
660         const u8 *bssid;
661         u8 mac_bssid[ETH_ALEN * 2];
662         int i;
663         u32 tmp;
664
665         bssid = dev->wl->bssid;
666         mac = dev->wl->mac_addr;
667
668         b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
669
670         memcpy(mac_bssid, mac, ETH_ALEN);
671         memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
672
673         /* Write our MAC address and BSSID to template ram */
674         for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
675                 tmp = (u32) (mac_bssid[i + 0]);
676                 tmp |= (u32) (mac_bssid[i + 1]) << 8;
677                 tmp |= (u32) (mac_bssid[i + 2]) << 16;
678                 tmp |= (u32) (mac_bssid[i + 3]) << 24;
679                 b43_ram_write(dev, 0x20 + i, tmp);
680         }
681 }
682
683 static void b43_upload_card_macaddress(struct b43_wldev *dev)
684 {
685         b43_write_mac_bssid_templates(dev);
686         b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
687 }
688
689 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
690 {
691         /* slot_time is in usec. */
692         /* This test used to exit for all but a G PHY. */
693         if (b43_current_band(dev->wl) == IEEE80211_BAND_5GHZ)
694                 return;
695         b43_write16(dev, B43_MMIO_IFSSLOT, 510 + slot_time);
696         /* Shared memory location 0x0010 is the slot time and should be
697          * set to slot_time; however, this register is initially 0 and changing
698          * the value adversely affects the transmit rate for BCM4311
699          * devices. Until this behavior is unterstood, delete this step
700          *
701          * b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
702          */
703 }
704
705 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
706 {
707         b43_set_slot_time(dev, 9);
708 }
709
710 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
711 {
712         b43_set_slot_time(dev, 20);
713 }
714
715 /* DummyTransmission function, as documented on
716  * http://bcm-v4.sipsolutions.net/802.11/DummyTransmission
717  */
718 void b43_dummy_transmission(struct b43_wldev *dev, bool ofdm, bool pa_on)
719 {
720         struct b43_phy *phy = &dev->phy;
721         unsigned int i, max_loop;
722         u16 value;
723         u32 buffer[5] = {
724                 0x00000000,
725                 0x00D40000,
726                 0x00000000,
727                 0x01000000,
728                 0x00000000,
729         };
730
731         if (ofdm) {
732                 max_loop = 0x1E;
733                 buffer[0] = 0x000201CC;
734         } else {
735                 max_loop = 0xFA;
736                 buffer[0] = 0x000B846E;
737         }
738
739         for (i = 0; i < 5; i++)
740                 b43_ram_write(dev, i * 4, buffer[i]);
741
742         b43_write16(dev, B43_MMIO_XMTSEL, 0x0000);
743
744         if (dev->dev->core_rev < 11)
745                 b43_write16(dev, B43_MMIO_WEPCTL, 0x0000);
746         else
747                 b43_write16(dev, B43_MMIO_WEPCTL, 0x0100);
748
749         value = (ofdm ? 0x41 : 0x40);
750         b43_write16(dev, B43_MMIO_TXE0_PHYCTL, value);
751         if (phy->type == B43_PHYTYPE_N || phy->type == B43_PHYTYPE_LP ||
752             phy->type == B43_PHYTYPE_LCN)
753                 b43_write16(dev, B43_MMIO_TXE0_PHYCTL1, 0x1A02);
754
755         b43_write16(dev, B43_MMIO_TXE0_WM_0, 0x0000);
756         b43_write16(dev, B43_MMIO_TXE0_WM_1, 0x0000);
757
758         b43_write16(dev, B43_MMIO_XMTTPLATETXPTR, 0x0000);
759         b43_write16(dev, B43_MMIO_XMTTXCNT, 0x0014);
760         b43_write16(dev, B43_MMIO_XMTSEL, 0x0826);
761         b43_write16(dev, B43_MMIO_TXE0_CTL, 0x0000);
762
763         if (!pa_on && phy->type == B43_PHYTYPE_N)
764                 ; /*b43_nphy_pa_override(dev, false) */
765
766         switch (phy->type) {
767         case B43_PHYTYPE_N:
768         case B43_PHYTYPE_LCN:
769                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x00D0);
770                 break;
771         case B43_PHYTYPE_LP:
772                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0050);
773                 break;
774         default:
775                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0030);
776         }
777         b43_read16(dev, B43_MMIO_TXE0_AUX);
778
779         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
780                 b43_radio_write16(dev, 0x0051, 0x0017);
781         for (i = 0x00; i < max_loop; i++) {
782                 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
783                 if (value & 0x0080)
784                         break;
785                 udelay(10);
786         }
787         for (i = 0x00; i < 0x0A; i++) {
788                 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
789                 if (value & 0x0400)
790                         break;
791                 udelay(10);
792         }
793         for (i = 0x00; i < 0x19; i++) {
794                 value = b43_read16(dev, B43_MMIO_IFSSTAT);
795                 if (!(value & 0x0100))
796                         break;
797                 udelay(10);
798         }
799         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
800                 b43_radio_write16(dev, 0x0051, 0x0037);
801 }
802
803 static void key_write(struct b43_wldev *dev,
804                       u8 index, u8 algorithm, const u8 *key)
805 {
806         unsigned int i;
807         u32 offset;
808         u16 value;
809         u16 kidx;
810
811         /* Key index/algo block */
812         kidx = b43_kidx_to_fw(dev, index);
813         value = ((kidx << 4) | algorithm);
814         b43_shm_write16(dev, B43_SHM_SHARED,
815                         B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
816
817         /* Write the key to the Key Table Pointer offset */
818         offset = dev->ktp + (index * B43_SEC_KEYSIZE);
819         for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
820                 value = key[i];
821                 value |= (u16) (key[i + 1]) << 8;
822                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
823         }
824 }
825
826 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
827 {
828         u32 addrtmp[2] = { 0, 0, };
829         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
830
831         if (b43_new_kidx_api(dev))
832                 pairwise_keys_start = B43_NR_GROUP_KEYS;
833
834         B43_WARN_ON(index < pairwise_keys_start);
835         /* We have four default TX keys and possibly four default RX keys.
836          * Physical mac 0 is mapped to physical key 4 or 8, depending
837          * on the firmware version.
838          * So we must adjust the index here.
839          */
840         index -= pairwise_keys_start;
841         B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
842
843         if (addr) {
844                 addrtmp[0] = addr[0];
845                 addrtmp[0] |= ((u32) (addr[1]) << 8);
846                 addrtmp[0] |= ((u32) (addr[2]) << 16);
847                 addrtmp[0] |= ((u32) (addr[3]) << 24);
848                 addrtmp[1] = addr[4];
849                 addrtmp[1] |= ((u32) (addr[5]) << 8);
850         }
851
852         /* Receive match transmitter address (RCMTA) mechanism */
853         b43_shm_write32(dev, B43_SHM_RCMTA,
854                         (index * 2) + 0, addrtmp[0]);
855         b43_shm_write16(dev, B43_SHM_RCMTA,
856                         (index * 2) + 1, addrtmp[1]);
857 }
858
859 /* The ucode will use phase1 key with TEK key to decrypt rx packets.
860  * When a packet is received, the iv32 is checked.
861  * - if it doesn't the packet is returned without modification (and software
862  *   decryption can be done). That's what happen when iv16 wrap.
863  * - if it does, the rc4 key is computed, and decryption is tried.
864  *   Either it will success and B43_RX_MAC_DEC is returned,
865  *   either it fails and B43_RX_MAC_DEC|B43_RX_MAC_DECERR is returned
866  *   and the packet is not usable (it got modified by the ucode).
867  * So in order to never have B43_RX_MAC_DECERR, we should provide
868  * a iv32 and phase1key that match. Because we drop packets in case of
869  * B43_RX_MAC_DECERR, if we have a correct iv32 but a wrong phase1key, all
870  * packets will be lost without higher layer knowing (ie no resync possible
871  * until next wrap).
872  *
873  * NOTE : this should support 50 key like RCMTA because
874  * (B43_SHM_SH_KEYIDXBLOCK - B43_SHM_SH_TKIPTSCTTAK)/14 = 50
875  */
876 static void rx_tkip_phase1_write(struct b43_wldev *dev, u8 index, u32 iv32,
877                 u16 *phase1key)
878 {
879         unsigned int i;
880         u32 offset;
881         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
882
883         if (!modparam_hwtkip)
884                 return;
885
886         if (b43_new_kidx_api(dev))
887                 pairwise_keys_start = B43_NR_GROUP_KEYS;
888
889         B43_WARN_ON(index < pairwise_keys_start);
890         /* We have four default TX keys and possibly four default RX keys.
891          * Physical mac 0 is mapped to physical key 4 or 8, depending
892          * on the firmware version.
893          * So we must adjust the index here.
894          */
895         index -= pairwise_keys_start;
896         B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
897
898         if (b43_debug(dev, B43_DBG_KEYS)) {
899                 b43dbg(dev->wl, "rx_tkip_phase1_write : idx 0x%x, iv32 0x%x\n",
900                                 index, iv32);
901         }
902         /* Write the key to the  RX tkip shared mem */
903         offset = B43_SHM_SH_TKIPTSCTTAK + index * (10 + 4);
904         for (i = 0; i < 10; i += 2) {
905                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i,
906                                 phase1key ? phase1key[i / 2] : 0);
907         }
908         b43_shm_write16(dev, B43_SHM_SHARED, offset + i, iv32);
909         b43_shm_write16(dev, B43_SHM_SHARED, offset + i + 2, iv32 >> 16);
910 }
911
912 static void b43_op_update_tkip_key(struct ieee80211_hw *hw,
913                                    struct ieee80211_vif *vif,
914                                    struct ieee80211_key_conf *keyconf,
915                                    struct ieee80211_sta *sta,
916                                    u32 iv32, u16 *phase1key)
917 {
918         struct b43_wl *wl = hw_to_b43_wl(hw);
919         struct b43_wldev *dev;
920         int index = keyconf->hw_key_idx;
921
922         if (B43_WARN_ON(!modparam_hwtkip))
923                 return;
924
925         /* This is only called from the RX path through mac80211, where
926          * our mutex is already locked. */
927         B43_WARN_ON(!mutex_is_locked(&wl->mutex));
928         dev = wl->current_dev;
929         B43_WARN_ON(!dev || b43_status(dev) < B43_STAT_INITIALIZED);
930
931         keymac_write(dev, index, NULL); /* First zero out mac to avoid race */
932
933         rx_tkip_phase1_write(dev, index, iv32, phase1key);
934         /* only pairwise TKIP keys are supported right now */
935         if (WARN_ON(!sta))
936                 return;
937         keymac_write(dev, index, sta->addr);
938 }
939
940 static void do_key_write(struct b43_wldev *dev,
941                          u8 index, u8 algorithm,
942                          const u8 *key, size_t key_len, const u8 *mac_addr)
943 {
944         u8 buf[B43_SEC_KEYSIZE] = { 0, };
945         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
946
947         if (b43_new_kidx_api(dev))
948                 pairwise_keys_start = B43_NR_GROUP_KEYS;
949
950         B43_WARN_ON(index >= ARRAY_SIZE(dev->key));
951         B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
952
953         if (index >= pairwise_keys_start)
954                 keymac_write(dev, index, NULL); /* First zero out mac. */
955         if (algorithm == B43_SEC_ALGO_TKIP) {
956                 /*
957                  * We should provide an initial iv32, phase1key pair.
958                  * We could start with iv32=0 and compute the corresponding
959                  * phase1key, but this means calling ieee80211_get_tkip_key
960                  * with a fake skb (or export other tkip function).
961                  * Because we are lazy we hope iv32 won't start with
962                  * 0xffffffff and let's b43_op_update_tkip_key provide a
963                  * correct pair.
964                  */
965                 rx_tkip_phase1_write(dev, index, 0xffffffff, (u16*)buf);
966         } else if (index >= pairwise_keys_start) /* clear it */
967                 rx_tkip_phase1_write(dev, index, 0, NULL);
968         if (key)
969                 memcpy(buf, key, key_len);
970         key_write(dev, index, algorithm, buf);
971         if (index >= pairwise_keys_start)
972                 keymac_write(dev, index, mac_addr);
973
974         dev->key[index].algorithm = algorithm;
975 }
976
977 static int b43_key_write(struct b43_wldev *dev,
978                          int index, u8 algorithm,
979                          const u8 *key, size_t key_len,
980                          const u8 *mac_addr,
981                          struct ieee80211_key_conf *keyconf)
982 {
983         int i;
984         int pairwise_keys_start;
985
986         /* For ALG_TKIP the key is encoded as a 256-bit (32 byte) data block:
987          *      - Temporal Encryption Key (128 bits)
988          *      - Temporal Authenticator Tx MIC Key (64 bits)
989          *      - Temporal Authenticator Rx MIC Key (64 bits)
990          *
991          *      Hardware only store TEK
992          */
993         if (algorithm == B43_SEC_ALGO_TKIP && key_len == 32)
994                 key_len = 16;
995         if (key_len > B43_SEC_KEYSIZE)
996                 return -EINVAL;
997         for (i = 0; i < ARRAY_SIZE(dev->key); i++) {
998                 /* Check that we don't already have this key. */
999                 B43_WARN_ON(dev->key[i].keyconf == keyconf);
1000         }
1001         if (index < 0) {
1002                 /* Pairwise key. Get an empty slot for the key. */
1003                 if (b43_new_kidx_api(dev))
1004                         pairwise_keys_start = B43_NR_GROUP_KEYS;
1005                 else
1006                         pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1007                 for (i = pairwise_keys_start;
1008                      i < pairwise_keys_start + B43_NR_PAIRWISE_KEYS;
1009                      i++) {
1010                         B43_WARN_ON(i >= ARRAY_SIZE(dev->key));
1011                         if (!dev->key[i].keyconf) {
1012                                 /* found empty */
1013                                 index = i;
1014                                 break;
1015                         }
1016                 }
1017                 if (index < 0) {
1018                         b43warn(dev->wl, "Out of hardware key memory\n");
1019                         return -ENOSPC;
1020                 }
1021         } else
1022                 B43_WARN_ON(index > 3);
1023
1024         do_key_write(dev, index, algorithm, key, key_len, mac_addr);
1025         if ((index <= 3) && !b43_new_kidx_api(dev)) {
1026                 /* Default RX key */
1027                 B43_WARN_ON(mac_addr);
1028                 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
1029         }
1030         keyconf->hw_key_idx = index;
1031         dev->key[index].keyconf = keyconf;
1032
1033         return 0;
1034 }
1035
1036 static int b43_key_clear(struct b43_wldev *dev, int index)
1037 {
1038         if (B43_WARN_ON((index < 0) || (index >= ARRAY_SIZE(dev->key))))
1039                 return -EINVAL;
1040         do_key_write(dev, index, B43_SEC_ALGO_NONE,
1041                      NULL, B43_SEC_KEYSIZE, NULL);
1042         if ((index <= 3) && !b43_new_kidx_api(dev)) {
1043                 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
1044                              NULL, B43_SEC_KEYSIZE, NULL);
1045         }
1046         dev->key[index].keyconf = NULL;
1047
1048         return 0;
1049 }
1050
1051 static void b43_clear_keys(struct b43_wldev *dev)
1052 {
1053         int i, count;
1054
1055         if (b43_new_kidx_api(dev))
1056                 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1057         else
1058                 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1059         for (i = 0; i < count; i++)
1060                 b43_key_clear(dev, i);
1061 }
1062
1063 static void b43_dump_keymemory(struct b43_wldev *dev)
1064 {
1065         unsigned int i, index, count, offset, pairwise_keys_start;
1066         u8 mac[ETH_ALEN];
1067         u16 algo;
1068         u32 rcmta0;
1069         u16 rcmta1;
1070         u64 hf;
1071         struct b43_key *key;
1072
1073         if (!b43_debug(dev, B43_DBG_KEYS))
1074                 return;
1075
1076         hf = b43_hf_read(dev);
1077         b43dbg(dev->wl, "Hardware key memory dump:  USEDEFKEYS=%u\n",
1078                !!(hf & B43_HF_USEDEFKEYS));
1079         if (b43_new_kidx_api(dev)) {
1080                 pairwise_keys_start = B43_NR_GROUP_KEYS;
1081                 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1082         } else {
1083                 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1084                 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1085         }
1086         for (index = 0; index < count; index++) {
1087                 key = &(dev->key[index]);
1088                 printk(KERN_DEBUG "Key slot %02u: %s",
1089                        index, (key->keyconf == NULL) ? " " : "*");
1090                 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
1091                 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
1092                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1093                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1094                 }
1095
1096                 algo = b43_shm_read16(dev, B43_SHM_SHARED,
1097                                       B43_SHM_SH_KEYIDXBLOCK + (index * 2));
1098                 printk("   Algo: %04X/%02X", algo, key->algorithm);
1099
1100                 if (index >= pairwise_keys_start) {
1101                         if (key->algorithm == B43_SEC_ALGO_TKIP) {
1102                                 printk("   TKIP: ");
1103                                 offset = B43_SHM_SH_TKIPTSCTTAK + (index - 4) * (10 + 4);
1104                                 for (i = 0; i < 14; i += 2) {
1105                                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1106                                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1107                                 }
1108                         }
1109                         rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
1110                                                 ((index - pairwise_keys_start) * 2) + 0);
1111                         rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
1112                                                 ((index - pairwise_keys_start) * 2) + 1);
1113                         *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
1114                         *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
1115                         printk("   MAC: %pM", mac);
1116                 } else
1117                         printk("   DEFAULT KEY");
1118                 printk("\n");
1119         }
1120 }
1121
1122 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1123 {
1124         u32 macctl;
1125         u16 ucstat;
1126         bool hwps;
1127         bool awake;
1128         int i;
1129
1130         B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1131                     (ps_flags & B43_PS_DISABLED));
1132         B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1133
1134         if (ps_flags & B43_PS_ENABLED) {
1135                 hwps = true;
1136         } else if (ps_flags & B43_PS_DISABLED) {
1137                 hwps = false;
1138         } else {
1139                 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1140                 //      and thus is not an AP and we are associated, set bit 25
1141         }
1142         if (ps_flags & B43_PS_AWAKE) {
1143                 awake = true;
1144         } else if (ps_flags & B43_PS_ASLEEP) {
1145                 awake = false;
1146         } else {
1147                 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1148                 //      or we are associated, or FIXME, or the latest PS-Poll packet sent was
1149                 //      successful, set bit26
1150         }
1151
1152 /* FIXME: For now we force awake-on and hwps-off */
1153         hwps = false;
1154         awake = true;
1155
1156         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1157         if (hwps)
1158                 macctl |= B43_MACCTL_HWPS;
1159         else
1160                 macctl &= ~B43_MACCTL_HWPS;
1161         if (awake)
1162                 macctl |= B43_MACCTL_AWAKE;
1163         else
1164                 macctl &= ~B43_MACCTL_AWAKE;
1165         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1166         /* Commit write */
1167         b43_read32(dev, B43_MMIO_MACCTL);
1168         if (awake && dev->dev->core_rev >= 5) {
1169                 /* Wait for the microcode to wake up. */
1170                 for (i = 0; i < 100; i++) {
1171                         ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1172                                                 B43_SHM_SH_UCODESTAT);
1173                         if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1174                                 break;
1175                         udelay(10);
1176                 }
1177         }
1178 }
1179
1180 #ifdef CONFIG_B43_BCMA
1181 static void b43_bcma_phy_reset(struct b43_wldev *dev)
1182 {
1183         u32 flags;
1184
1185         /* Put PHY into reset */
1186         flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1187         flags |= B43_BCMA_IOCTL_PHY_RESET;
1188         flags |= B43_BCMA_IOCTL_PHY_BW_20MHZ; /* Make 20 MHz def */
1189         bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1190         udelay(2);
1191
1192         b43_phy_take_out_of_reset(dev);
1193 }
1194
1195 static void b43_bcma_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1196 {
1197         u32 req = B43_BCMA_CLKCTLST_80211_PLL_REQ |
1198                   B43_BCMA_CLKCTLST_PHY_PLL_REQ;
1199         u32 status = B43_BCMA_CLKCTLST_80211_PLL_ST |
1200                      B43_BCMA_CLKCTLST_PHY_PLL_ST;
1201         u32 flags;
1202
1203         flags = B43_BCMA_IOCTL_PHY_CLKEN;
1204         if (gmode)
1205                 flags |= B43_BCMA_IOCTL_GMODE;
1206         b43_device_enable(dev, flags);
1207
1208         bcma_core_set_clockmode(dev->dev->bdev, BCMA_CLKMODE_FAST);
1209         b43_bcma_phy_reset(dev);
1210         bcma_core_pll_ctl(dev->dev->bdev, req, status, true);
1211 }
1212 #endif
1213
1214 #ifdef CONFIG_B43_SSB
1215 static void b43_ssb_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1216 {
1217         u32 flags = 0;
1218
1219         if (gmode)
1220                 flags |= B43_TMSLOW_GMODE;
1221         flags |= B43_TMSLOW_PHYCLKEN;
1222         flags |= B43_TMSLOW_PHYRESET;
1223         if (dev->phy.type == B43_PHYTYPE_N)
1224                 flags |= B43_TMSLOW_PHY_BANDWIDTH_20MHZ; /* Make 20 MHz def */
1225         b43_device_enable(dev, flags);
1226         msleep(2);              /* Wait for the PLL to turn on. */
1227
1228         b43_phy_take_out_of_reset(dev);
1229 }
1230 #endif
1231
1232 void b43_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1233 {
1234         u32 macctl;
1235
1236         switch (dev->dev->bus_type) {
1237 #ifdef CONFIG_B43_BCMA
1238         case B43_BUS_BCMA:
1239                 b43_bcma_wireless_core_reset(dev, gmode);
1240                 break;
1241 #endif
1242 #ifdef CONFIG_B43_SSB
1243         case B43_BUS_SSB:
1244                 b43_ssb_wireless_core_reset(dev, gmode);
1245                 break;
1246 #endif
1247         }
1248
1249         /* Turn Analog ON, but only if we already know the PHY-type.
1250          * This protects against very early setup where we don't know the
1251          * PHY-type, yet. wireless_core_reset will be called once again later,
1252          * when we know the PHY-type. */
1253         if (dev->phy.ops)
1254                 dev->phy.ops->switch_analog(dev, 1);
1255
1256         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1257         macctl &= ~B43_MACCTL_GMODE;
1258         if (gmode)
1259                 macctl |= B43_MACCTL_GMODE;
1260         macctl |= B43_MACCTL_IHR_ENABLED;
1261         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1262 }
1263
1264 static void handle_irq_transmit_status(struct b43_wldev *dev)
1265 {
1266         u32 v0, v1;
1267         u16 tmp;
1268         struct b43_txstatus stat;
1269
1270         while (1) {
1271                 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1272                 if (!(v0 & 0x00000001))
1273                         break;
1274                 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1275
1276                 stat.cookie = (v0 >> 16);
1277                 stat.seq = (v1 & 0x0000FFFF);
1278                 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1279                 tmp = (v0 & 0x0000FFFF);
1280                 stat.frame_count = ((tmp & 0xF000) >> 12);
1281                 stat.rts_count = ((tmp & 0x0F00) >> 8);
1282                 stat.supp_reason = ((tmp & 0x001C) >> 2);
1283                 stat.pm_indicated = !!(tmp & 0x0080);
1284                 stat.intermediate = !!(tmp & 0x0040);
1285                 stat.for_ampdu = !!(tmp & 0x0020);
1286                 stat.acked = !!(tmp & 0x0002);
1287
1288                 b43_handle_txstatus(dev, &stat);
1289         }
1290 }
1291
1292 static void drain_txstatus_queue(struct b43_wldev *dev)
1293 {
1294         u32 dummy;
1295
1296         if (dev->dev->core_rev < 5)
1297                 return;
1298         /* Read all entries from the microcode TXstatus FIFO
1299          * and throw them away.
1300          */
1301         while (1) {
1302                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1303                 if (!(dummy & 0x00000001))
1304                         break;
1305                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1306         }
1307 }
1308
1309 static u32 b43_jssi_read(struct b43_wldev *dev)
1310 {
1311         u32 val = 0;
1312
1313         val = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1);
1314         val <<= 16;
1315         val |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0);
1316
1317         return val;
1318 }
1319
1320 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1321 {
1322         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0,
1323                         (jssi & 0x0000FFFF));
1324         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1,
1325                         (jssi & 0xFFFF0000) >> 16);
1326 }
1327
1328 static void b43_generate_noise_sample(struct b43_wldev *dev)
1329 {
1330         b43_jssi_write(dev, 0x7F7F7F7F);
1331         b43_write32(dev, B43_MMIO_MACCMD,
1332                     b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1333 }
1334
1335 static void b43_calculate_link_quality(struct b43_wldev *dev)
1336 {
1337         /* Top half of Link Quality calculation. */
1338
1339         if (dev->phy.type != B43_PHYTYPE_G)
1340                 return;
1341         if (dev->noisecalc.calculation_running)
1342                 return;
1343         dev->noisecalc.calculation_running = true;
1344         dev->noisecalc.nr_samples = 0;
1345
1346         b43_generate_noise_sample(dev);
1347 }
1348
1349 static void handle_irq_noise(struct b43_wldev *dev)
1350 {
1351         struct b43_phy_g *phy = dev->phy.g;
1352         u16 tmp;
1353         u8 noise[4];
1354         u8 i, j;
1355         s32 average;
1356
1357         /* Bottom half of Link Quality calculation. */
1358
1359         if (dev->phy.type != B43_PHYTYPE_G)
1360                 return;
1361
1362         /* Possible race condition: It might be possible that the user
1363          * changed to a different channel in the meantime since we
1364          * started the calculation. We ignore that fact, since it's
1365          * not really that much of a problem. The background noise is
1366          * an estimation only anyway. Slightly wrong results will get damped
1367          * by the averaging of the 8 sample rounds. Additionally the
1368          * value is shortlived. So it will be replaced by the next noise
1369          * calculation round soon. */
1370
1371         B43_WARN_ON(!dev->noisecalc.calculation_running);
1372         *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1373         if (noise[0] == 0x7F || noise[1] == 0x7F ||
1374             noise[2] == 0x7F || noise[3] == 0x7F)
1375                 goto generate_new;
1376
1377         /* Get the noise samples. */
1378         B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1379         i = dev->noisecalc.nr_samples;
1380         noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1381         noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1382         noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1383         noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1384         dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1385         dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1386         dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1387         dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1388         dev->noisecalc.nr_samples++;
1389         if (dev->noisecalc.nr_samples == 8) {
1390                 /* Calculate the Link Quality by the noise samples. */
1391                 average = 0;
1392                 for (i = 0; i < 8; i++) {
1393                         for (j = 0; j < 4; j++)
1394                                 average += dev->noisecalc.samples[i][j];
1395                 }
1396                 average /= (8 * 4);
1397                 average *= 125;
1398                 average += 64;
1399                 average /= 128;
1400                 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1401                 tmp = (tmp / 128) & 0x1F;
1402                 if (tmp >= 8)
1403                         average += 2;
1404                 else
1405                         average -= 25;
1406                 if (tmp == 8)
1407                         average -= 72;
1408                 else
1409                         average -= 48;
1410
1411                 dev->stats.link_noise = average;
1412                 dev->noisecalc.calculation_running = false;
1413                 return;
1414         }
1415 generate_new:
1416         b43_generate_noise_sample(dev);
1417 }
1418
1419 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1420 {
1421         if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1422                 ///TODO: PS TBTT
1423         } else {
1424                 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1425                         b43_power_saving_ctl_bits(dev, 0);
1426         }
1427         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1428                 dev->dfq_valid = true;
1429 }
1430
1431 static void handle_irq_atim_end(struct b43_wldev *dev)
1432 {
1433         if (dev->dfq_valid) {
1434                 b43_write32(dev, B43_MMIO_MACCMD,
1435                             b43_read32(dev, B43_MMIO_MACCMD)
1436                             | B43_MACCMD_DFQ_VALID);
1437                 dev->dfq_valid = false;
1438         }
1439 }
1440
1441 static void handle_irq_pmq(struct b43_wldev *dev)
1442 {
1443         u32 tmp;
1444
1445         //TODO: AP mode.
1446
1447         while (1) {
1448                 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1449                 if (!(tmp & 0x00000008))
1450                         break;
1451         }
1452         /* 16bit write is odd, but correct. */
1453         b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1454 }
1455
1456 static void b43_write_template_common(struct b43_wldev *dev,
1457                                       const u8 *data, u16 size,
1458                                       u16 ram_offset,
1459                                       u16 shm_size_offset, u8 rate)
1460 {
1461         u32 i, tmp;
1462         struct b43_plcp_hdr4 plcp;
1463
1464         plcp.data = 0;
1465         b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1466         b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1467         ram_offset += sizeof(u32);
1468         /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1469          * So leave the first two bytes of the next write blank.
1470          */
1471         tmp = (u32) (data[0]) << 16;
1472         tmp |= (u32) (data[1]) << 24;
1473         b43_ram_write(dev, ram_offset, tmp);
1474         ram_offset += sizeof(u32);
1475         for (i = 2; i < size; i += sizeof(u32)) {
1476                 tmp = (u32) (data[i + 0]);
1477                 if (i + 1 < size)
1478                         tmp |= (u32) (data[i + 1]) << 8;
1479                 if (i + 2 < size)
1480                         tmp |= (u32) (data[i + 2]) << 16;
1481                 if (i + 3 < size)
1482                         tmp |= (u32) (data[i + 3]) << 24;
1483                 b43_ram_write(dev, ram_offset + i - 2, tmp);
1484         }
1485         b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1486                         size + sizeof(struct b43_plcp_hdr6));
1487 }
1488
1489 /* Check if the use of the antenna that ieee80211 told us to
1490  * use is possible. This will fall back to DEFAULT.
1491  * "antenna_nr" is the antenna identifier we got from ieee80211. */
1492 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1493                                   u8 antenna_nr)
1494 {
1495         u8 antenna_mask;
1496
1497         if (antenna_nr == 0) {
1498                 /* Zero means "use default antenna". That's always OK. */
1499                 return 0;
1500         }
1501
1502         /* Get the mask of available antennas. */
1503         if (dev->phy.gmode)
1504                 antenna_mask = dev->dev->bus_sprom->ant_available_bg;
1505         else
1506                 antenna_mask = dev->dev->bus_sprom->ant_available_a;
1507
1508         if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1509                 /* This antenna is not available. Fall back to default. */
1510                 return 0;
1511         }
1512
1513         return antenna_nr;
1514 }
1515
1516 /* Convert a b43 antenna number value to the PHY TX control value. */
1517 static u16 b43_antenna_to_phyctl(int antenna)
1518 {
1519         switch (antenna) {
1520         case B43_ANTENNA0:
1521                 return B43_TXH_PHY_ANT0;
1522         case B43_ANTENNA1:
1523                 return B43_TXH_PHY_ANT1;
1524         case B43_ANTENNA2:
1525                 return B43_TXH_PHY_ANT2;
1526         case B43_ANTENNA3:
1527                 return B43_TXH_PHY_ANT3;
1528         case B43_ANTENNA_AUTO0:
1529         case B43_ANTENNA_AUTO1:
1530                 return B43_TXH_PHY_ANT01AUTO;
1531         }
1532         B43_WARN_ON(1);
1533         return 0;
1534 }
1535
1536 static void b43_write_beacon_template(struct b43_wldev *dev,
1537                                       u16 ram_offset,
1538                                       u16 shm_size_offset)
1539 {
1540         unsigned int i, len, variable_len;
1541         const struct ieee80211_mgmt *bcn;
1542         const u8 *ie;
1543         bool tim_found = false;
1544         unsigned int rate;
1545         u16 ctl;
1546         int antenna;
1547         struct ieee80211_tx_info *info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1548
1549         bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1550         len = min_t(size_t, dev->wl->current_beacon->len,
1551                   0x200 - sizeof(struct b43_plcp_hdr6));
1552         rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1553
1554         b43_write_template_common(dev, (const u8 *)bcn,
1555                                   len, ram_offset, shm_size_offset, rate);
1556
1557         /* Write the PHY TX control parameters. */
1558         antenna = B43_ANTENNA_DEFAULT;
1559         antenna = b43_antenna_to_phyctl(antenna);
1560         ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1561         /* We can't send beacons with short preamble. Would get PHY errors. */
1562         ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1563         ctl &= ~B43_TXH_PHY_ANT;
1564         ctl &= ~B43_TXH_PHY_ENC;
1565         ctl |= antenna;
1566         if (b43_is_cck_rate(rate))
1567                 ctl |= B43_TXH_PHY_ENC_CCK;
1568         else
1569                 ctl |= B43_TXH_PHY_ENC_OFDM;
1570         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1571
1572         /* Find the position of the TIM and the DTIM_period value
1573          * and write them to SHM. */
1574         ie = bcn->u.beacon.variable;
1575         variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1576         for (i = 0; i < variable_len - 2; ) {
1577                 uint8_t ie_id, ie_len;
1578
1579                 ie_id = ie[i];
1580                 ie_len = ie[i + 1];
1581                 if (ie_id == 5) {
1582                         u16 tim_position;
1583                         u16 dtim_period;
1584                         /* This is the TIM Information Element */
1585
1586                         /* Check whether the ie_len is in the beacon data range. */
1587                         if (variable_len < ie_len + 2 + i)
1588                                 break;
1589                         /* A valid TIM is at least 4 bytes long. */
1590                         if (ie_len < 4)
1591                                 break;
1592                         tim_found = true;
1593
1594                         tim_position = sizeof(struct b43_plcp_hdr6);
1595                         tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1596                         tim_position += i;
1597
1598                         dtim_period = ie[i + 3];
1599
1600                         b43_shm_write16(dev, B43_SHM_SHARED,
1601                                         B43_SHM_SH_TIMBPOS, tim_position);
1602                         b43_shm_write16(dev, B43_SHM_SHARED,
1603                                         B43_SHM_SH_DTIMPER, dtim_period);
1604                         break;
1605                 }
1606                 i += ie_len + 2;
1607         }
1608         if (!tim_found) {
1609                 /*
1610                  * If ucode wants to modify TIM do it behind the beacon, this
1611                  * will happen, for example, when doing mesh networking.
1612                  */
1613                 b43_shm_write16(dev, B43_SHM_SHARED,
1614                                 B43_SHM_SH_TIMBPOS,
1615                                 len + sizeof(struct b43_plcp_hdr6));
1616                 b43_shm_write16(dev, B43_SHM_SHARED,
1617                                 B43_SHM_SH_DTIMPER, 0);
1618         }
1619         b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1620 }
1621
1622 static void b43_upload_beacon0(struct b43_wldev *dev)
1623 {
1624         struct b43_wl *wl = dev->wl;
1625
1626         if (wl->beacon0_uploaded)
1627                 return;
1628         b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE0, B43_SHM_SH_BTL0);
1629         wl->beacon0_uploaded = true;
1630 }
1631
1632 static void b43_upload_beacon1(struct b43_wldev *dev)
1633 {
1634         struct b43_wl *wl = dev->wl;
1635
1636         if (wl->beacon1_uploaded)
1637                 return;
1638         b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE1, B43_SHM_SH_BTL1);
1639         wl->beacon1_uploaded = true;
1640 }
1641
1642 static void handle_irq_beacon(struct b43_wldev *dev)
1643 {
1644         struct b43_wl *wl = dev->wl;
1645         u32 cmd, beacon0_valid, beacon1_valid;
1646
1647         if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1648             !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) &&
1649             !b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
1650                 return;
1651
1652         /* This is the bottom half of the asynchronous beacon update. */
1653
1654         /* Ignore interrupt in the future. */
1655         dev->irq_mask &= ~B43_IRQ_BEACON;
1656
1657         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1658         beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1659         beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1660
1661         /* Schedule interrupt manually, if busy. */
1662         if (beacon0_valid && beacon1_valid) {
1663                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1664                 dev->irq_mask |= B43_IRQ_BEACON;
1665                 return;
1666         }
1667
1668         if (unlikely(wl->beacon_templates_virgin)) {
1669                 /* We never uploaded a beacon before.
1670                  * Upload both templates now, but only mark one valid. */
1671                 wl->beacon_templates_virgin = false;
1672                 b43_upload_beacon0(dev);
1673                 b43_upload_beacon1(dev);
1674                 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1675                 cmd |= B43_MACCMD_BEACON0_VALID;
1676                 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1677         } else {
1678                 if (!beacon0_valid) {
1679                         b43_upload_beacon0(dev);
1680                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1681                         cmd |= B43_MACCMD_BEACON0_VALID;
1682                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1683                 } else if (!beacon1_valid) {
1684                         b43_upload_beacon1(dev);
1685                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1686                         cmd |= B43_MACCMD_BEACON1_VALID;
1687                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1688                 }
1689         }
1690 }
1691
1692 static void b43_do_beacon_update_trigger_work(struct b43_wldev *dev)
1693 {
1694         u32 old_irq_mask = dev->irq_mask;
1695
1696         /* update beacon right away or defer to irq */
1697         handle_irq_beacon(dev);
1698         if (old_irq_mask != dev->irq_mask) {
1699                 /* The handler updated the IRQ mask. */
1700                 B43_WARN_ON(!dev->irq_mask);
1701                 if (b43_read32(dev, B43_MMIO_GEN_IRQ_MASK)) {
1702                         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1703                 } else {
1704                         /* Device interrupts are currently disabled. That means
1705                          * we just ran the hardirq handler and scheduled the
1706                          * IRQ thread. The thread will write the IRQ mask when
1707                          * it finished, so there's nothing to do here. Writing
1708                          * the mask _here_ would incorrectly re-enable IRQs. */
1709                 }
1710         }
1711 }
1712
1713 static void b43_beacon_update_trigger_work(struct work_struct *work)
1714 {
1715         struct b43_wl *wl = container_of(work, struct b43_wl,
1716                                          beacon_update_trigger);
1717         struct b43_wldev *dev;
1718
1719         mutex_lock(&wl->mutex);
1720         dev = wl->current_dev;
1721         if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1722                 if (b43_bus_host_is_sdio(dev->dev)) {
1723                         /* wl->mutex is enough. */
1724                         b43_do_beacon_update_trigger_work(dev);
1725                         mmiowb();
1726                 } else {
1727                         spin_lock_irq(&wl->hardirq_lock);
1728                         b43_do_beacon_update_trigger_work(dev);
1729                         mmiowb();
1730                         spin_unlock_irq(&wl->hardirq_lock);
1731                 }
1732         }
1733         mutex_unlock(&wl->mutex);
1734 }
1735
1736 /* Asynchronously update the packet templates in template RAM.
1737  * Locking: Requires wl->mutex to be locked. */
1738 static void b43_update_templates(struct b43_wl *wl)
1739 {
1740         struct sk_buff *beacon;
1741
1742         /* This is the top half of the ansynchronous beacon update.
1743          * The bottom half is the beacon IRQ.
1744          * Beacon update must be asynchronous to avoid sending an
1745          * invalid beacon. This can happen for example, if the firmware
1746          * transmits a beacon while we are updating it. */
1747
1748         /* We could modify the existing beacon and set the aid bit in
1749          * the TIM field, but that would probably require resizing and
1750          * moving of data within the beacon template.
1751          * Simply request a new beacon and let mac80211 do the hard work. */
1752         beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1753         if (unlikely(!beacon))
1754                 return;
1755
1756         if (wl->current_beacon)
1757                 dev_kfree_skb_any(wl->current_beacon);
1758         wl->current_beacon = beacon;
1759         wl->beacon0_uploaded = false;
1760         wl->beacon1_uploaded = false;
1761         ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1762 }
1763
1764 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1765 {
1766         b43_time_lock(dev);
1767         if (dev->dev->core_rev >= 3) {
1768                 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1769                 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1770         } else {
1771                 b43_write16(dev, 0x606, (beacon_int >> 6));
1772                 b43_write16(dev, 0x610, beacon_int);
1773         }
1774         b43_time_unlock(dev);
1775         b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1776 }
1777
1778 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1779 {
1780         u16 reason;
1781
1782         /* Read the register that contains the reason code for the panic. */
1783         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1784         b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1785
1786         switch (reason) {
1787         default:
1788                 b43dbg(dev->wl, "The panic reason is unknown.\n");
1789                 /* fallthrough */
1790         case B43_FWPANIC_DIE:
1791                 /* Do not restart the controller or firmware.
1792                  * The device is nonfunctional from now on.
1793                  * Restarting would result in this panic to trigger again,
1794                  * so we avoid that recursion. */
1795                 break;
1796         case B43_FWPANIC_RESTART:
1797                 b43_controller_restart(dev, "Microcode panic");
1798                 break;
1799         }
1800 }
1801
1802 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1803 {
1804         unsigned int i, cnt;
1805         u16 reason, marker_id, marker_line;
1806         __le16 *buf;
1807
1808         /* The proprietary firmware doesn't have this IRQ. */
1809         if (!dev->fw.opensource)
1810                 return;
1811
1812         /* Read the register that contains the reason code for this IRQ. */
1813         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1814
1815         switch (reason) {
1816         case B43_DEBUGIRQ_PANIC:
1817                 b43_handle_firmware_panic(dev);
1818                 break;
1819         case B43_DEBUGIRQ_DUMP_SHM:
1820                 if (!B43_DEBUG)
1821                         break; /* Only with driver debugging enabled. */
1822                 buf = kmalloc(4096, GFP_ATOMIC);
1823                 if (!buf) {
1824                         b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1825                         goto out;
1826                 }
1827                 for (i = 0; i < 4096; i += 2) {
1828                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1829                         buf[i / 2] = cpu_to_le16(tmp);
1830                 }
1831                 b43info(dev->wl, "Shared memory dump:\n");
1832                 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1833                                16, 2, buf, 4096, 1);
1834                 kfree(buf);
1835                 break;
1836         case B43_DEBUGIRQ_DUMP_REGS:
1837                 if (!B43_DEBUG)
1838                         break; /* Only with driver debugging enabled. */
1839                 b43info(dev->wl, "Microcode register dump:\n");
1840                 for (i = 0, cnt = 0; i < 64; i++) {
1841                         u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1842                         if (cnt == 0)
1843                                 printk(KERN_INFO);
1844                         printk("r%02u: 0x%04X  ", i, tmp);
1845                         cnt++;
1846                         if (cnt == 6) {
1847                                 printk("\n");
1848                                 cnt = 0;
1849                         }
1850                 }
1851                 printk("\n");
1852                 break;
1853         case B43_DEBUGIRQ_MARKER:
1854                 if (!B43_DEBUG)
1855                         break; /* Only with driver debugging enabled. */
1856                 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1857                                            B43_MARKER_ID_REG);
1858                 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1859                                              B43_MARKER_LINE_REG);
1860                 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1861                         "at line number %u\n",
1862                         marker_id, marker_line);
1863                 break;
1864         default:
1865                 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1866                        reason);
1867         }
1868 out:
1869         /* Acknowledge the debug-IRQ, so the firmware can continue. */
1870         b43_shm_write16(dev, B43_SHM_SCRATCH,
1871                         B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1872 }
1873
1874 static void b43_do_interrupt_thread(struct b43_wldev *dev)
1875 {
1876         u32 reason;
1877         u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1878         u32 merged_dma_reason = 0;
1879         int i;
1880
1881         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
1882                 return;
1883
1884         reason = dev->irq_reason;
1885         for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1886                 dma_reason[i] = dev->dma_reason[i];
1887                 merged_dma_reason |= dma_reason[i];
1888         }
1889
1890         if (unlikely(reason & B43_IRQ_MAC_TXERR))
1891                 b43err(dev->wl, "MAC transmission error\n");
1892
1893         if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1894                 b43err(dev->wl, "PHY transmission error\n");
1895                 rmb();
1896                 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1897                         atomic_set(&dev->phy.txerr_cnt,
1898                                    B43_PHY_TX_BADNESS_LIMIT);
1899                         b43err(dev->wl, "Too many PHY TX errors, "
1900                                         "restarting the controller\n");
1901                         b43_controller_restart(dev, "PHY TX errors");
1902                 }
1903         }
1904
1905         if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK))) {
1906                 b43err(dev->wl,
1907                         "Fatal DMA error: 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X\n",
1908                         dma_reason[0], dma_reason[1],
1909                         dma_reason[2], dma_reason[3],
1910                         dma_reason[4], dma_reason[5]);
1911                 b43err(dev->wl, "This device does not support DMA "
1912                                "on your system. It will now be switched to PIO.\n");
1913                 /* Fall back to PIO transfers if we get fatal DMA errors! */
1914                 dev->use_pio = true;
1915                 b43_controller_restart(dev, "DMA error");
1916                 return;
1917         }
1918
1919         if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1920                 handle_irq_ucode_debug(dev);
1921         if (reason & B43_IRQ_TBTT_INDI)
1922                 handle_irq_tbtt_indication(dev);
1923         if (reason & B43_IRQ_ATIM_END)
1924                 handle_irq_atim_end(dev);
1925         if (reason & B43_IRQ_BEACON)
1926                 handle_irq_beacon(dev);
1927         if (reason & B43_IRQ_PMQ)
1928                 handle_irq_pmq(dev);
1929         if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1930                 ;/* TODO */
1931         if (reason & B43_IRQ_NOISESAMPLE_OK)
1932                 handle_irq_noise(dev);
1933
1934         /* Check the DMA reason registers for received data. */
1935         if (dma_reason[0] & B43_DMAIRQ_RDESC_UFLOW) {
1936                 if (B43_DEBUG)
1937                         b43warn(dev->wl, "RX descriptor underrun\n");
1938                 b43_dma_handle_rx_overflow(dev->dma.rx_ring);
1939         }
1940         if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
1941                 if (b43_using_pio_transfers(dev))
1942                         b43_pio_rx(dev->pio.rx_queue);
1943                 else
1944                         b43_dma_rx(dev->dma.rx_ring);
1945         }
1946         B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1947         B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
1948         B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
1949         B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1950         B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1951
1952         if (reason & B43_IRQ_TX_OK)
1953                 handle_irq_transmit_status(dev);
1954
1955         /* Re-enable interrupts on the device by restoring the current interrupt mask. */
1956         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1957
1958 #if B43_DEBUG
1959         if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
1960                 dev->irq_count++;
1961                 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
1962                         if (reason & (1 << i))
1963                                 dev->irq_bit_count[i]++;
1964                 }
1965         }
1966 #endif
1967 }
1968
1969 /* Interrupt thread handler. Handles device interrupts in thread context. */
1970 static irqreturn_t b43_interrupt_thread_handler(int irq, void *dev_id)
1971 {
1972         struct b43_wldev *dev = dev_id;
1973
1974         mutex_lock(&dev->wl->mutex);
1975         b43_do_interrupt_thread(dev);
1976         mmiowb();
1977         mutex_unlock(&dev->wl->mutex);
1978
1979         return IRQ_HANDLED;
1980 }
1981
1982 static irqreturn_t b43_do_interrupt(struct b43_wldev *dev)
1983 {
1984         u32 reason;
1985
1986         /* This code runs under wl->hardirq_lock, but _only_ on non-SDIO busses.
1987          * On SDIO, this runs under wl->mutex. */
1988
1989         reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1990         if (reason == 0xffffffff)       /* shared IRQ */
1991                 return IRQ_NONE;
1992         reason &= dev->irq_mask;
1993         if (!reason)
1994                 return IRQ_NONE;
1995
1996         dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
1997             & 0x0001FC00;
1998         dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
1999             & 0x0000DC00;
2000         dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
2001             & 0x0000DC00;
2002         dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
2003             & 0x0001DC00;
2004         dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
2005             & 0x0000DC00;
2006 /* Unused ring
2007         dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
2008             & 0x0000DC00;
2009 */
2010
2011         /* ACK the interrupt. */
2012         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
2013         b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
2014         b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
2015         b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
2016         b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
2017         b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
2018 /* Unused ring
2019         b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
2020 */
2021
2022         /* Disable IRQs on the device. The IRQ thread handler will re-enable them. */
2023         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
2024         /* Save the reason bitmasks for the IRQ thread handler. */
2025         dev->irq_reason = reason;
2026
2027         return IRQ_WAKE_THREAD;
2028 }
2029
2030 /* Interrupt handler top-half. This runs with interrupts disabled. */
2031 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
2032 {
2033         struct b43_wldev *dev = dev_id;
2034         irqreturn_t ret;
2035
2036         if (unlikely(b43_status(dev) < B43_STAT_STARTED))
2037                 return IRQ_NONE;
2038
2039         spin_lock(&dev->wl->hardirq_lock);
2040         ret = b43_do_interrupt(dev);
2041         mmiowb();
2042         spin_unlock(&dev->wl->hardirq_lock);
2043
2044         return ret;
2045 }
2046
2047 /* SDIO interrupt handler. This runs in process context. */
2048 static void b43_sdio_interrupt_handler(struct b43_wldev *dev)
2049 {
2050         struct b43_wl *wl = dev->wl;
2051         irqreturn_t ret;
2052
2053         mutex_lock(&wl->mutex);
2054
2055         ret = b43_do_interrupt(dev);
2056         if (ret == IRQ_WAKE_THREAD)
2057                 b43_do_interrupt_thread(dev);
2058
2059         mutex_unlock(&wl->mutex);
2060 }
2061
2062 void b43_do_release_fw(struct b43_firmware_file *fw)
2063 {
2064         release_firmware(fw->data);
2065         fw->data = NULL;
2066         fw->filename = NULL;
2067 }
2068
2069 static void b43_release_firmware(struct b43_wldev *dev)
2070 {
2071         complete(&dev->fw_load_complete);
2072         b43_do_release_fw(&dev->fw.ucode);
2073         b43_do_release_fw(&dev->fw.pcm);
2074         b43_do_release_fw(&dev->fw.initvals);
2075         b43_do_release_fw(&dev->fw.initvals_band);
2076 }
2077
2078 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
2079 {
2080         const char text[] =
2081                 "You must go to " \
2082                 "http://wireless.kernel.org/en/users/Drivers/b43#devicefirmware " \
2083                 "and download the correct firmware for this driver version. " \
2084                 "Please carefully read all instructions on this website.\n";
2085
2086         if (error)
2087                 b43err(wl, text);
2088         else
2089                 b43warn(wl, text);
2090 }
2091
2092 static void b43_fw_cb(const struct firmware *firmware, void *context)
2093 {
2094         struct b43_request_fw_context *ctx = context;
2095
2096         ctx->blob = firmware;
2097         complete(&ctx->dev->fw_load_complete);
2098 }
2099
2100 int b43_do_request_fw(struct b43_request_fw_context *ctx,
2101                       const char *name,
2102                       struct b43_firmware_file *fw, bool async)
2103 {
2104         struct b43_fw_header *hdr;
2105         u32 size;
2106         int err;
2107
2108         if (!name) {
2109                 /* Don't fetch anything. Free possibly cached firmware. */
2110                 /* FIXME: We should probably keep it anyway, to save some headache
2111                  * on suspend/resume with multiband devices. */
2112                 b43_do_release_fw(fw);
2113                 return 0;
2114         }
2115         if (fw->filename) {
2116                 if ((fw->type == ctx->req_type) &&
2117                     (strcmp(fw->filename, name) == 0))
2118                         return 0; /* Already have this fw. */
2119                 /* Free the cached firmware first. */
2120                 /* FIXME: We should probably do this later after we successfully
2121                  * got the new fw. This could reduce headache with multiband devices.
2122                  * We could also redesign this to cache the firmware for all possible
2123                  * bands all the time. */
2124                 b43_do_release_fw(fw);
2125         }
2126
2127         switch (ctx->req_type) {
2128         case B43_FWTYPE_PROPRIETARY:
2129                 snprintf(ctx->fwname, sizeof(ctx->fwname),
2130                          "b43%s/%s.fw",
2131                          modparam_fwpostfix, name);
2132                 break;
2133         case B43_FWTYPE_OPENSOURCE:
2134                 snprintf(ctx->fwname, sizeof(ctx->fwname),
2135                          "b43-open%s/%s.fw",
2136                          modparam_fwpostfix, name);
2137                 break;
2138         default:
2139                 B43_WARN_ON(1);
2140                 return -ENOSYS;
2141         }
2142         if (async) {
2143                 /* do this part asynchronously */
2144                 init_completion(&ctx->dev->fw_load_complete);
2145                 err = request_firmware_nowait(THIS_MODULE, 1, ctx->fwname,
2146                                               ctx->dev->dev->dev, GFP_KERNEL,
2147                                               ctx, b43_fw_cb);
2148                 if (err < 0) {
2149                         pr_err("Unable to load firmware\n");
2150                         return err;
2151                 }
2152                 wait_for_completion(&ctx->dev->fw_load_complete);
2153                 if (ctx->blob)
2154                         goto fw_ready;
2155         /* On some ARM systems, the async request will fail, but the next sync
2156          * request works. For this reason, we fall through here
2157          */
2158         }
2159         err = request_firmware(&ctx->blob, ctx->fwname,
2160                                ctx->dev->dev->dev);
2161         if (err == -ENOENT) {
2162                 snprintf(ctx->errors[ctx->req_type],
2163                          sizeof(ctx->errors[ctx->req_type]),
2164                          "Firmware file \"%s\" not found\n",
2165                          ctx->fwname);
2166                 return err;
2167         } else if (err) {
2168                 snprintf(ctx->errors[ctx->req_type],
2169                          sizeof(ctx->errors[ctx->req_type]),
2170                          "Firmware file \"%s\" request failed (err=%d)\n",
2171                          ctx->fwname, err);
2172                 return err;
2173         }
2174 fw_ready:
2175         if (ctx->blob->size < sizeof(struct b43_fw_header))
2176                 goto err_format;
2177         hdr = (struct b43_fw_header *)(ctx->blob->data);
2178         switch (hdr->type) {
2179         case B43_FW_TYPE_UCODE:
2180         case B43_FW_TYPE_PCM:
2181                 size = be32_to_cpu(hdr->size);
2182                 if (size != ctx->blob->size - sizeof(struct b43_fw_header))
2183                         goto err_format;
2184                 /* fallthrough */
2185         case B43_FW_TYPE_IV:
2186                 if (hdr->ver != 1)
2187                         goto err_format;
2188                 break;
2189         default:
2190                 goto err_format;
2191         }
2192
2193         fw->data = ctx->blob;
2194         fw->filename = name;
2195         fw->type = ctx->req_type;
2196
2197         return 0;
2198
2199 err_format:
2200         snprintf(ctx->errors[ctx->req_type],
2201                  sizeof(ctx->errors[ctx->req_type]),
2202                  "Firmware file \"%s\" format error.\n", ctx->fwname);
2203         release_firmware(ctx->blob);
2204
2205         return -EPROTO;
2206 }
2207
2208 /* http://bcm-v4.sipsolutions.net/802.11/Init/Firmware */
2209 static int b43_try_request_fw(struct b43_request_fw_context *ctx)
2210 {
2211         struct b43_wldev *dev = ctx->dev;
2212         struct b43_firmware *fw = &ctx->dev->fw;
2213         struct b43_phy *phy = &dev->phy;
2214         const u8 rev = ctx->dev->dev->core_rev;
2215         const char *filename;
2216         int err;
2217
2218         /* Get microcode */
2219         filename = NULL;
2220         switch (rev) {
2221         case 42:
2222                 if (phy->type == B43_PHYTYPE_AC)
2223                         filename = "ucode42";
2224                 break;
2225         case 40:
2226                 if (phy->type == B43_PHYTYPE_AC)
2227                         filename = "ucode40";
2228                 break;
2229         case 33:
2230                 if (phy->type == B43_PHYTYPE_LCN40)
2231                         filename = "ucode33_lcn40";
2232                 break;
2233         case 30:
2234                 if (phy->type == B43_PHYTYPE_N)
2235                         filename = "ucode30_mimo";
2236                 break;
2237         case 29:
2238                 if (phy->type == B43_PHYTYPE_HT)
2239                         filename = "ucode29_mimo";
2240                 break;
2241         case 26:
2242                 if (phy->type == B43_PHYTYPE_HT)
2243                         filename = "ucode26_mimo";
2244                 break;
2245         case 28:
2246         case 25:
2247                 if (phy->type == B43_PHYTYPE_N)
2248                         filename = "ucode25_mimo";
2249                 else if (phy->type == B43_PHYTYPE_LCN)
2250                         filename = "ucode25_lcn";
2251                 break;
2252         case 24:
2253                 if (phy->type == B43_PHYTYPE_LCN)
2254                         filename = "ucode24_lcn";
2255                 break;
2256         case 23:
2257                 if (phy->type == B43_PHYTYPE_N)
2258                         filename = "ucode16_mimo";
2259                 break;
2260         case 16 ... 19:
2261                 if (phy->type == B43_PHYTYPE_N)
2262                         filename = "ucode16_mimo";
2263                 else if (phy->type == B43_PHYTYPE_LP)
2264                         filename = "ucode16_lp";
2265                 break;
2266         case 15:
2267                 filename = "ucode15";
2268                 break;
2269         case 14:
2270                 filename = "ucode14";
2271                 break;
2272         case 13:
2273                 filename = "ucode13";
2274                 break;
2275         case 11 ... 12:
2276                 filename = "ucode11";
2277                 break;
2278         case 5 ... 10:
2279                 filename = "ucode5";
2280                 break;
2281         }
2282         if (!filename)
2283                 goto err_no_ucode;
2284         err = b43_do_request_fw(ctx, filename, &fw->ucode, true);
2285         if (err)
2286                 goto err_load;
2287
2288         /* Get PCM code */
2289         if ((rev >= 5) && (rev <= 10))
2290                 filename = "pcm5";
2291         else if (rev >= 11)
2292                 filename = NULL;
2293         else
2294                 goto err_no_pcm;
2295         fw->pcm_request_failed = false;
2296         err = b43_do_request_fw(ctx, filename, &fw->pcm, false);
2297         if (err == -ENOENT) {
2298                 /* We did not find a PCM file? Not fatal, but
2299                  * core rev <= 10 must do without hwcrypto then. */
2300                 fw->pcm_request_failed = true;
2301         } else if (err)
2302                 goto err_load;
2303
2304         /* Get initvals */
2305         filename = NULL;
2306         switch (dev->phy.type) {
2307         case B43_PHYTYPE_G:
2308                 if (rev == 13)
2309                         filename = "b0g0initvals13";
2310                 else if (rev >= 5 && rev <= 10)
2311                         filename = "b0g0initvals5";
2312                 break;
2313         case B43_PHYTYPE_N:
2314                 if (rev == 30)
2315                         filename = "n16initvals30";
2316                 else if (rev == 28 || rev == 25)
2317                         filename = "n0initvals25";
2318                 else if (rev == 24)
2319                         filename = "n0initvals24";
2320                 else if (rev == 23)
2321                         filename = "n0initvals16"; /* What about n0initvals22? */
2322                 else if (rev >= 16 && rev <= 18)
2323                         filename = "n0initvals16";
2324                 else if (rev >= 11 && rev <= 12)
2325                         filename = "n0initvals11";
2326                 break;
2327         case B43_PHYTYPE_LP:
2328                 if (rev >= 16 && rev <= 18)
2329                         filename = "lp0initvals16";
2330                 else if (rev == 15)
2331                         filename = "lp0initvals15";
2332                 else if (rev == 14)
2333                         filename = "lp0initvals14";
2334                 else if (rev == 13)
2335                         filename = "lp0initvals13";
2336                 break;
2337         case B43_PHYTYPE_HT:
2338                 if (rev == 29)
2339                         filename = "ht0initvals29";
2340                 else if (rev == 26)
2341                         filename = "ht0initvals26";
2342                 break;
2343         case B43_PHYTYPE_LCN:
2344                 if (rev == 24)
2345                         filename = "lcn0initvals24";
2346                 break;
2347         case B43_PHYTYPE_LCN40:
2348                 if (rev == 33)
2349                         filename = "lcn400initvals33";
2350                 break;
2351         case B43_PHYTYPE_AC:
2352                 if (rev == 42)
2353                         filename = "ac1initvals42";
2354                 else if (rev == 40)
2355                         filename = "ac0initvals40";
2356                 break;
2357         }
2358         if (!filename)
2359                 goto err_no_initvals;
2360         err = b43_do_request_fw(ctx, filename, &fw->initvals, false);
2361         if (err)
2362                 goto err_load;
2363
2364         /* Get bandswitch initvals */
2365         filename = NULL;
2366         switch (dev->phy.type) {
2367         case B43_PHYTYPE_G:
2368                 if (rev == 13)
2369                         filename = "b0g0bsinitvals13";
2370                 else if (rev >= 5 && rev <= 10)
2371                         filename = "b0g0bsinitvals5";
2372                 break;
2373         case B43_PHYTYPE_N:
2374                 if (rev == 30)
2375                         filename = "n16bsinitvals30";
2376                 else if (rev == 28 || rev == 25)
2377                         filename = "n0bsinitvals25";
2378                 else if (rev == 24)
2379                         filename = "n0bsinitvals24";
2380                 else if (rev == 23)
2381                         filename = "n0bsinitvals16"; /* What about n0bsinitvals22? */
2382                 else if (rev >= 16 && rev <= 18)
2383                         filename = "n0bsinitvals16";
2384                 else if (rev >= 11 && rev <= 12)
2385                         filename = "n0bsinitvals11";
2386                 break;
2387         case B43_PHYTYPE_LP:
2388                 if (rev >= 16 && rev <= 18)
2389                         filename = "lp0bsinitvals16";
2390                 else if (rev == 15)
2391                         filename = "lp0bsinitvals15";
2392                 else if (rev == 14)
2393                         filename = "lp0bsinitvals14";
2394                 else if (rev == 13)
2395                         filename = "lp0bsinitvals13";
2396                 break;
2397         case B43_PHYTYPE_HT:
2398                 if (rev == 29)
2399                         filename = "ht0bsinitvals29";
2400                 else if (rev == 26)
2401                         filename = "ht0bsinitvals26";
2402                 break;
2403         case B43_PHYTYPE_LCN:
2404                 if (rev == 24)
2405                         filename = "lcn0bsinitvals24";
2406                 break;
2407         case B43_PHYTYPE_LCN40:
2408                 if (rev == 33)
2409                         filename = "lcn400bsinitvals33";
2410                 break;
2411         case B43_PHYTYPE_AC:
2412                 if (rev == 42)
2413                         filename = "ac1bsinitvals42";
2414                 else if (rev == 40)
2415                         filename = "ac0bsinitvals40";
2416                 break;
2417         }
2418         if (!filename)
2419                 goto err_no_initvals;
2420         err = b43_do_request_fw(ctx, filename, &fw->initvals_band, false);
2421         if (err)
2422                 goto err_load;
2423
2424         fw->opensource = (ctx->req_type == B43_FWTYPE_OPENSOURCE);
2425
2426         return 0;
2427
2428 err_no_ucode:
2429         err = ctx->fatal_failure = -EOPNOTSUPP;
2430         b43err(dev->wl, "The driver does not know which firmware (ucode) "
2431                "is required for your device (wl-core rev %u)\n", rev);
2432         goto error;
2433
2434 err_no_pcm:
2435         err = ctx->fatal_failure = -EOPNOTSUPP;
2436         b43err(dev->wl, "The driver does not know which firmware (PCM) "
2437                "is required for your device (wl-core rev %u)\n", rev);
2438         goto error;
2439
2440 err_no_initvals:
2441         err = ctx->fatal_failure = -EOPNOTSUPP;
2442         b43err(dev->wl, "The driver does not know which firmware (initvals) "
2443                "is required for your device (wl-core rev %u)\n", rev);
2444         goto error;
2445
2446 err_load:
2447         /* We failed to load this firmware image. The error message
2448          * already is in ctx->errors. Return and let our caller decide
2449          * what to do. */
2450         goto error;
2451
2452 error:
2453         b43_release_firmware(dev);
2454         return err;
2455 }
2456
2457 static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl);
2458 static void b43_one_core_detach(struct b43_bus_dev *dev);
2459 static int b43_rng_init(struct b43_wl *wl);
2460
2461 static void b43_request_firmware(struct work_struct *work)
2462 {
2463         struct b43_wl *wl = container_of(work,
2464                             struct b43_wl, firmware_load);
2465         struct b43_wldev *dev = wl->current_dev;
2466         struct b43_request_fw_context *ctx;
2467         unsigned int i;
2468         int err;
2469         const char *errmsg;
2470
2471         ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2472         if (!ctx)
2473                 return;
2474         ctx->dev = dev;
2475
2476         ctx->req_type = B43_FWTYPE_PROPRIETARY;
2477         err = b43_try_request_fw(ctx);
2478         if (!err)
2479                 goto start_ieee80211; /* Successfully loaded it. */
2480         /* Was fw version known? */
2481         if (ctx->fatal_failure)
2482                 goto out;
2483
2484         /* proprietary fw not found, try open source */
2485         ctx->req_type = B43_FWTYPE_OPENSOURCE;
2486         err = b43_try_request_fw(ctx);
2487         if (!err)
2488                 goto start_ieee80211; /* Successfully loaded it. */
2489         if(ctx->fatal_failure)
2490                 goto out;
2491
2492         /* Could not find a usable firmware. Print the errors. */
2493         for (i = 0; i < B43_NR_FWTYPES; i++) {
2494                 errmsg = ctx->errors[i];
2495                 if (strlen(errmsg))
2496                         b43err(dev->wl, "%s", errmsg);
2497         }
2498         b43_print_fw_helptext(dev->wl, 1);
2499         goto out;
2500
2501 start_ieee80211:
2502         wl->hw->queues = B43_QOS_QUEUE_NUM;
2503         if (!modparam_qos || dev->fw.opensource)
2504                 wl->hw->queues = 1;
2505
2506         err = ieee80211_register_hw(wl->hw);
2507         if (err)
2508                 goto err_one_core_detach;
2509         wl->hw_registred = true;
2510         b43_leds_register(wl->current_dev);
2511
2512         /* Register HW RNG driver */
2513         b43_rng_init(wl);
2514
2515         goto out;
2516
2517 err_one_core_detach:
2518         b43_one_core_detach(dev->dev);
2519
2520 out:
2521         kfree(ctx);
2522 }
2523
2524 static int b43_upload_microcode(struct b43_wldev *dev)
2525 {
2526         struct wiphy *wiphy = dev->wl->hw->wiphy;
2527         const size_t hdr_len = sizeof(struct b43_fw_header);
2528         const __be32 *data;
2529         unsigned int i, len;
2530         u16 fwrev, fwpatch, fwdate, fwtime;
2531         u32 tmp, macctl;
2532         int err = 0;
2533
2534         /* Jump the microcode PSM to offset 0 */
2535         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2536         B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2537         macctl |= B43_MACCTL_PSM_JMP0;
2538         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2539         /* Zero out all microcode PSM registers and shared memory. */
2540         for (i = 0; i < 64; i++)
2541                 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2542         for (i = 0; i < 4096; i += 2)
2543                 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2544
2545         /* Upload Microcode. */
2546         data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2547         len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2548         b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2549         for (i = 0; i < len; i++) {
2550                 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2551                 udelay(10);
2552         }
2553
2554         if (dev->fw.pcm.data) {
2555                 /* Upload PCM data. */
2556                 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2557                 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2558                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2559                 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2560                 /* No need for autoinc bit in SHM_HW */
2561                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2562                 for (i = 0; i < len; i++) {
2563                         b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2564                         udelay(10);
2565                 }
2566         }
2567
2568         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2569
2570         /* Start the microcode PSM */
2571         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_JMP0,
2572                       B43_MACCTL_PSM_RUN);
2573
2574         /* Wait for the microcode to load and respond */
2575         i = 0;
2576         while (1) {
2577                 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2578                 if (tmp == B43_IRQ_MAC_SUSPENDED)
2579                         break;
2580                 i++;
2581                 if (i >= 20) {
2582                         b43err(dev->wl, "Microcode not responding\n");
2583                         b43_print_fw_helptext(dev->wl, 1);
2584                         err = -ENODEV;
2585                         goto error;
2586                 }
2587                 msleep(50);
2588         }
2589         b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);       /* dummy read */
2590
2591         /* Get and check the revisions. */
2592         fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2593         fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2594         fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2595         fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2596
2597         if (fwrev <= 0x128) {
2598                 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2599                        "binary drivers older than version 4.x is unsupported. "
2600                        "You must upgrade your firmware files.\n");
2601                 b43_print_fw_helptext(dev->wl, 1);
2602                 err = -EOPNOTSUPP;
2603                 goto error;
2604         }
2605         dev->fw.rev = fwrev;
2606         dev->fw.patch = fwpatch;
2607         if (dev->fw.rev >= 598)
2608                 dev->fw.hdr_format = B43_FW_HDR_598;
2609         else if (dev->fw.rev >= 410)
2610                 dev->fw.hdr_format = B43_FW_HDR_410;
2611         else
2612                 dev->fw.hdr_format = B43_FW_HDR_351;
2613         WARN_ON(dev->fw.opensource != (fwdate == 0xFFFF));
2614
2615         dev->qos_enabled = dev->wl->hw->queues > 1;
2616         /* Default to firmware/hardware crypto acceleration. */
2617         dev->hwcrypto_enabled = true;
2618
2619         if (dev->fw.opensource) {
2620                 u16 fwcapa;
2621
2622                 /* Patchlevel info is encoded in the "time" field. */
2623                 dev->fw.patch = fwtime;
2624                 b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2625                         dev->fw.rev, dev->fw.patch);
2626
2627                 fwcapa = b43_fwcapa_read(dev);
2628                 if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2629                         b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2630                         /* Disable hardware crypto and fall back to software crypto. */
2631                         dev->hwcrypto_enabled = false;
2632                 }
2633                 /* adding QoS support should use an offline discovery mechanism */
2634                 WARN(fwcapa & B43_FWCAPA_QOS, "QoS in OpenFW not supported\n");
2635         } else {
2636                 b43info(dev->wl, "Loading firmware version %u.%u "
2637                         "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2638                         fwrev, fwpatch,
2639                         (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2640                         (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2641                 if (dev->fw.pcm_request_failed) {
2642                         b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2643                                 "Hardware accelerated cryptography is disabled.\n");
2644                         b43_print_fw_helptext(dev->wl, 0);
2645                 }
2646         }
2647
2648         snprintf(wiphy->fw_version, sizeof(wiphy->fw_version), "%u.%u",
2649                         dev->fw.rev, dev->fw.patch);
2650         wiphy->hw_version = dev->dev->core_id;
2651
2652         if (dev->fw.hdr_format == B43_FW_HDR_351) {
2653                 /* We're over the deadline, but we keep support for old fw
2654                  * until it turns out to be in major conflict with something new. */
2655                 b43warn(dev->wl, "You are using an old firmware image. "
2656                         "Support for old firmware will be removed soon "
2657                         "(official deadline was July 2008).\n");
2658                 b43_print_fw_helptext(dev->wl, 0);
2659         }
2660
2661         return 0;
2662
2663 error:
2664         /* Stop the microcode PSM. */
2665         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
2666                       B43_MACCTL_PSM_JMP0);
2667
2668         return err;
2669 }
2670
2671 static int b43_write_initvals(struct b43_wldev *dev,
2672                               const struct b43_iv *ivals,
2673                               size_t count,
2674                               size_t array_size)
2675 {
2676         const struct b43_iv *iv;
2677         u16 offset;
2678         size_t i;
2679         bool bit32;
2680
2681         BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2682         iv = ivals;
2683         for (i = 0; i < count; i++) {
2684                 if (array_size < sizeof(iv->offset_size))
2685                         goto err_format;
2686                 array_size -= sizeof(iv->offset_size);
2687                 offset = be16_to_cpu(iv->offset_size);
2688                 bit32 = !!(offset & B43_IV_32BIT);
2689                 offset &= B43_IV_OFFSET_MASK;
2690                 if (offset >= 0x1000)
2691                         goto err_format;
2692                 if (bit32) {
2693                         u32 value;
2694
2695                         if (array_size < sizeof(iv->data.d32))
2696                                 goto err_format;
2697                         array_size -= sizeof(iv->data.d32);
2698
2699                         value = get_unaligned_be32(&iv->data.d32);
2700                         b43_write32(dev, offset, value);
2701
2702                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2703                                                         sizeof(__be16) +
2704                                                         sizeof(__be32));
2705                 } else {
2706                         u16 value;
2707
2708                         if (array_size < sizeof(iv->data.d16))
2709                                 goto err_format;
2710                         array_size -= sizeof(iv->data.d16);
2711
2712                         value = be16_to_cpu(iv->data.d16);
2713                         b43_write16(dev, offset, value);
2714
2715                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2716                                                         sizeof(__be16) +
2717                                                         sizeof(__be16));
2718                 }
2719         }
2720         if (array_size)
2721                 goto err_format;
2722
2723         return 0;
2724
2725 err_format:
2726         b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2727         b43_print_fw_helptext(dev->wl, 1);
2728
2729         return -EPROTO;
2730 }
2731
2732 static int b43_upload_initvals(struct b43_wldev *dev)
2733 {
2734         const size_t hdr_len = sizeof(struct b43_fw_header);
2735         const struct b43_fw_header *hdr;
2736         struct b43_firmware *fw = &dev->fw;
2737         const struct b43_iv *ivals;
2738         size_t count;
2739
2740         hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2741         ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2742         count = be32_to_cpu(hdr->size);
2743         return b43_write_initvals(dev, ivals, count,
2744                                  fw->initvals.data->size - hdr_len);
2745 }
2746
2747 static int b43_upload_initvals_band(struct b43_wldev *dev)
2748 {
2749         const size_t hdr_len = sizeof(struct b43_fw_header);
2750         const struct b43_fw_header *hdr;
2751         struct b43_firmware *fw = &dev->fw;
2752         const struct b43_iv *ivals;
2753         size_t count;
2754
2755         if (!fw->initvals_band.data)
2756                 return 0;
2757
2758         hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2759         ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2760         count = be32_to_cpu(hdr->size);
2761         return b43_write_initvals(dev, ivals, count,
2762                                   fw->initvals_band.data->size - hdr_len);
2763 }
2764
2765 /* Initialize the GPIOs
2766  * http://bcm-specs.sipsolutions.net/GPIO
2767  */
2768
2769 #ifdef CONFIG_B43_SSB
2770 static struct ssb_device *b43_ssb_gpio_dev(struct b43_wldev *dev)
2771 {
2772         struct ssb_bus *bus = dev->dev->sdev->bus;
2773
2774 #ifdef CONFIG_SSB_DRIVER_PCICORE
2775         return (bus->chipco.dev ? bus->chipco.dev : bus->pcicore.dev);
2776 #else
2777         return bus->chipco.dev;
2778 #endif
2779 }
2780 #endif
2781
2782 static int b43_gpio_init(struct b43_wldev *dev)
2783 {
2784 #ifdef CONFIG_B43_SSB
2785         struct ssb_device *gpiodev;
2786 #endif
2787         u32 mask, set;
2788
2789         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_GPOUTSMSK, 0);
2790         b43_maskset16(dev, B43_MMIO_GPIO_MASK, ~0, 0xF);
2791
2792         mask = 0x0000001F;
2793         set = 0x0000000F;
2794         if (dev->dev->chip_id == 0x4301) {
2795                 mask |= 0x0060;
2796                 set |= 0x0060;
2797         } else if (dev->dev->chip_id == 0x5354) {
2798                 /* Don't allow overtaking buttons GPIOs */
2799                 set &= 0x2; /* 0x2 is LED GPIO on BCM5354 */
2800         }
2801
2802         if (0 /* FIXME: conditional unknown */ ) {
2803                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2804                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2805                             | 0x0100);
2806                 /* BT Coexistance Input */
2807                 mask |= 0x0080;
2808                 set |= 0x0080;
2809                 /* BT Coexistance Out */
2810                 mask |= 0x0100;
2811                 set |= 0x0100;
2812         }
2813         if (dev->dev->bus_sprom->boardflags_lo & B43_BFL_PACTRL) {
2814                 /* PA is controlled by gpio 9, let ucode handle it */
2815                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2816                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2817                             | 0x0200);
2818                 mask |= 0x0200;
2819                 set |= 0x0200;
2820         }
2821
2822         switch (dev->dev->bus_type) {
2823 #ifdef CONFIG_B43_BCMA
2824         case B43_BUS_BCMA:
2825                 bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, mask, set);
2826                 break;
2827 #endif
2828 #ifdef CONFIG_B43_SSB
2829         case B43_BUS_SSB:
2830                 gpiodev = b43_ssb_gpio_dev(dev);
2831                 if (gpiodev)
2832                         ssb_write32(gpiodev, B43_GPIO_CONTROL,
2833                                     (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2834                                     & ~mask) | set);
2835                 break;
2836 #endif
2837         }
2838
2839         return 0;
2840 }
2841
2842 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2843 static void b43_gpio_cleanup(struct b43_wldev *dev)
2844 {
2845 #ifdef CONFIG_B43_SSB
2846         struct ssb_device *gpiodev;
2847 #endif
2848
2849         switch (dev->dev->bus_type) {
2850 #ifdef CONFIG_B43_BCMA
2851         case B43_BUS_BCMA:
2852                 bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, ~0, 0);
2853                 break;
2854 #endif
2855 #ifdef CONFIG_B43_SSB
2856         case B43_BUS_SSB:
2857                 gpiodev = b43_ssb_gpio_dev(dev);
2858                 if (gpiodev)
2859                         ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2860                 break;
2861 #endif
2862         }
2863 }
2864
2865 /* http://bcm-specs.sipsolutions.net/EnableMac */
2866 void b43_mac_enable(struct b43_wldev *dev)
2867 {
2868         if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2869                 u16 fwstate;
2870
2871                 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2872                                          B43_SHM_SH_UCODESTAT);
2873                 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2874                     (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2875                         b43err(dev->wl, "b43_mac_enable(): The firmware "
2876                                "should be suspended, but current state is %u\n",
2877                                fwstate);
2878                 }
2879         }
2880
2881         dev->mac_suspended--;
2882         B43_WARN_ON(dev->mac_suspended < 0);
2883         if (dev->mac_suspended == 0) {
2884                 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_ENABLED);
2885                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2886                             B43_IRQ_MAC_SUSPENDED);
2887                 /* Commit writes */
2888                 b43_read32(dev, B43_MMIO_MACCTL);
2889                 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2890                 b43_power_saving_ctl_bits(dev, 0);
2891         }
2892 }
2893
2894 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2895 void b43_mac_suspend(struct b43_wldev *dev)
2896 {
2897         int i;
2898         u32 tmp;
2899
2900         might_sleep();
2901         B43_WARN_ON(dev->mac_suspended < 0);
2902
2903         if (dev->mac_suspended == 0) {
2904                 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2905                 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_ENABLED, 0);
2906                 /* force pci to flush the write */
2907                 b43_read32(dev, B43_MMIO_MACCTL);
2908                 for (i = 35; i; i--) {
2909                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2910                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2911                                 goto out;
2912                         udelay(10);
2913                 }
2914                 /* Hm, it seems this will take some time. Use msleep(). */
2915                 for (i = 40; i; i--) {
2916                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2917                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2918                                 goto out;
2919                         msleep(1);
2920                 }
2921                 b43err(dev->wl, "MAC suspend failed\n");
2922         }
2923 out:
2924         dev->mac_suspended++;
2925 }
2926
2927 /* http://bcm-v4.sipsolutions.net/802.11/PHY/N/MacPhyClkSet */
2928 void b43_mac_phy_clock_set(struct b43_wldev *dev, bool on)
2929 {
2930         u32 tmp;
2931
2932         switch (dev->dev->bus_type) {
2933 #ifdef CONFIG_B43_BCMA
2934         case B43_BUS_BCMA:
2935                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
2936                 if (on)
2937                         tmp |= B43_BCMA_IOCTL_MACPHYCLKEN;
2938                 else
2939                         tmp &= ~B43_BCMA_IOCTL_MACPHYCLKEN;
2940                 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
2941                 break;
2942 #endif
2943 #ifdef CONFIG_B43_SSB
2944         case B43_BUS_SSB:
2945                 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
2946                 if (on)
2947                         tmp |= B43_TMSLOW_MACPHYCLKEN;
2948                 else
2949                         tmp &= ~B43_TMSLOW_MACPHYCLKEN;
2950                 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
2951                 break;
2952 #endif
2953         }
2954 }
2955
2956 static void b43_adjust_opmode(struct b43_wldev *dev)
2957 {
2958         struct b43_wl *wl = dev->wl;
2959         u32 ctl;
2960         u16 cfp_pretbtt;
2961
2962         ctl = b43_read32(dev, B43_MMIO_MACCTL);
2963         /* Reset status to STA infrastructure mode. */
2964         ctl &= ~B43_MACCTL_AP;
2965         ctl &= ~B43_MACCTL_KEEP_CTL;
2966         ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2967         ctl &= ~B43_MACCTL_KEEP_BAD;
2968         ctl &= ~B43_MACCTL_PROMISC;
2969         ctl &= ~B43_MACCTL_BEACPROMISC;
2970         ctl |= B43_MACCTL_INFRA;
2971
2972         if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
2973             b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
2974                 ctl |= B43_MACCTL_AP;
2975         else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
2976                 ctl &= ~B43_MACCTL_INFRA;
2977
2978         if (wl->filter_flags & FIF_CONTROL)
2979                 ctl |= B43_MACCTL_KEEP_CTL;
2980         if (wl->filter_flags & FIF_FCSFAIL)
2981                 ctl |= B43_MACCTL_KEEP_BAD;
2982         if (wl->filter_flags & FIF_PLCPFAIL)
2983                 ctl |= B43_MACCTL_KEEP_BADPLCP;
2984         if (wl->filter_flags & FIF_PROMISC_IN_BSS)
2985                 ctl |= B43_MACCTL_PROMISC;
2986         if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2987                 ctl |= B43_MACCTL_BEACPROMISC;
2988
2989         /* Workaround: On old hardware the HW-MAC-address-filter
2990          * doesn't work properly, so always run promisc in filter
2991          * it in software. */
2992         if (dev->dev->core_rev <= 4)
2993                 ctl |= B43_MACCTL_PROMISC;
2994
2995         b43_write32(dev, B43_MMIO_MACCTL, ctl);
2996
2997         cfp_pretbtt = 2;
2998         if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2999                 if (dev->dev->chip_id == 0x4306 &&
3000                     dev->dev->chip_rev == 3)
3001                         cfp_pretbtt = 100;
3002                 else
3003                         cfp_pretbtt = 50;
3004         }
3005         b43_write16(dev, 0x612, cfp_pretbtt);
3006
3007         /* FIXME: We don't currently implement the PMQ mechanism,
3008          *        so always disable it. If we want to implement PMQ,
3009          *        we need to enable it here (clear DISCPMQ) in AP mode.
3010          */
3011         if (0  /* ctl & B43_MACCTL_AP */)
3012                 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_DISCPMQ, 0);
3013         else
3014                 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_DISCPMQ);
3015 }
3016
3017 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
3018 {
3019         u16 offset;
3020
3021         if (is_ofdm) {
3022                 offset = 0x480;
3023                 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
3024         } else {
3025                 offset = 0x4C0;
3026                 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
3027         }
3028         b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
3029                         b43_shm_read16(dev, B43_SHM_SHARED, offset));
3030 }
3031
3032 static void b43_rate_memory_init(struct b43_wldev *dev)
3033 {
3034         switch (dev->phy.type) {
3035         case B43_PHYTYPE_A:
3036         case B43_PHYTYPE_G:
3037         case B43_PHYTYPE_N:
3038         case B43_PHYTYPE_LP:
3039         case B43_PHYTYPE_HT:
3040         case B43_PHYTYPE_LCN:
3041                 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
3042                 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
3043                 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
3044                 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
3045                 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
3046                 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
3047                 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
3048                 if (dev->phy.type == B43_PHYTYPE_A)
3049                         break;
3050                 /* fallthrough */
3051         case B43_PHYTYPE_B:
3052                 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
3053                 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
3054                 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
3055                 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
3056                 break;
3057         default:
3058                 B43_WARN_ON(1);
3059         }
3060 }
3061
3062 /* Set the default values for the PHY TX Control Words. */
3063 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
3064 {
3065         u16 ctl = 0;
3066
3067         ctl |= B43_TXH_PHY_ENC_CCK;
3068         ctl |= B43_TXH_PHY_ANT01AUTO;
3069         ctl |= B43_TXH_PHY_TXPWR;
3070
3071         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
3072         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
3073         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
3074 }
3075
3076 /* Set the TX-Antenna for management frames sent by firmware. */
3077 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
3078 {
3079         u16 ant;
3080         u16 tmp;
3081
3082         ant = b43_antenna_to_phyctl(antenna);
3083
3084         /* For ACK/CTS */
3085         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
3086         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3087         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
3088         /* For Probe Resposes */
3089         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
3090         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3091         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
3092 }
3093
3094 /* This is the opposite of b43_chip_init() */
3095 static void b43_chip_exit(struct b43_wldev *dev)
3096 {
3097         b43_phy_exit(dev);
3098         b43_gpio_cleanup(dev);
3099         /* firmware is released later */
3100 }
3101
3102 /* Initialize the chip
3103  * http://bcm-specs.sipsolutions.net/ChipInit
3104  */
3105 static int b43_chip_init(struct b43_wldev *dev)
3106 {
3107         struct b43_phy *phy = &dev->phy;
3108         int err;
3109         u32 macctl;
3110         u16 value16;
3111
3112         /* Initialize the MAC control */
3113         macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
3114         if (dev->phy.gmode)
3115                 macctl |= B43_MACCTL_GMODE;
3116         macctl |= B43_MACCTL_INFRA;
3117         b43_write32(dev, B43_MMIO_MACCTL, macctl);
3118
3119         err = b43_upload_microcode(dev);
3120         if (err)
3121                 goto out;       /* firmware is released later */
3122
3123         err = b43_gpio_init(dev);
3124         if (err)
3125                 goto out;       /* firmware is released later */
3126
3127         err = b43_upload_initvals(dev);
3128         if (err)
3129                 goto err_gpio_clean;
3130
3131         err = b43_upload_initvals_band(dev);
3132         if (err)
3133                 goto err_gpio_clean;
3134
3135         /* Turn the Analog on and initialize the PHY. */
3136         phy->ops->switch_analog(dev, 1);
3137         err = b43_phy_init(dev);
3138         if (err)
3139                 goto err_gpio_clean;
3140
3141         /* Disable Interference Mitigation. */
3142         if (phy->ops->interf_mitigation)
3143                 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
3144
3145         /* Select the antennae */
3146         if (phy->ops->set_rx_antenna)
3147                 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
3148         b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
3149
3150         if (phy->type == B43_PHYTYPE_B) {
3151                 value16 = b43_read16(dev, 0x005E);
3152                 value16 |= 0x0004;
3153                 b43_write16(dev, 0x005E, value16);
3154         }
3155         b43_write32(dev, 0x0100, 0x01000000);
3156         if (dev->dev->core_rev < 5)
3157                 b43_write32(dev, 0x010C, 0x01000000);
3158
3159         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_INFRA, 0);
3160         b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_INFRA);
3161
3162         /* Probe Response Timeout value */
3163         /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
3164         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 0);
3165
3166         /* Initially set the wireless operation mode. */
3167         b43_adjust_opmode(dev);
3168
3169         if (dev->dev->core_rev < 3) {
3170                 b43_write16(dev, 0x060E, 0x0000);
3171                 b43_write16(dev, 0x0610, 0x8000);
3172                 b43_write16(dev, 0x0604, 0x0000);
3173                 b43_write16(dev, 0x0606, 0x0200);
3174         } else {
3175                 b43_write32(dev, 0x0188, 0x80000000);
3176                 b43_write32(dev, 0x018C, 0x02000000);
3177         }
3178         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
3179         b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001FC00);
3180         b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
3181         b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
3182         b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
3183         b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
3184         b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
3185
3186         b43_mac_phy_clock_set(dev, true);
3187
3188         switch (dev->dev->bus_type) {
3189 #ifdef CONFIG_B43_BCMA
3190         case B43_BUS_BCMA:
3191                 /* FIXME: 0xE74 is quite common, but should be read from CC */
3192                 b43_write16(dev, B43_MMIO_POWERUP_DELAY, 0xE74);
3193                 break;
3194 #endif
3195 #ifdef CONFIG_B43_SSB
3196         case B43_BUS_SSB:
3197                 b43_write16(dev, B43_MMIO_POWERUP_DELAY,
3198                             dev->dev->sdev->bus->chipco.fast_pwrup_delay);
3199                 break;
3200 #endif
3201         }
3202
3203         err = 0;
3204         b43dbg(dev->wl, "Chip initialized\n");
3205 out:
3206         return err;
3207
3208 err_gpio_clean:
3209         b43_gpio_cleanup(dev);
3210         return err;
3211 }
3212
3213 static void b43_periodic_every60sec(struct b43_wldev *dev)
3214 {
3215         const struct b43_phy_operations *ops = dev->phy.ops;
3216
3217         if (ops->pwork_60sec)
3218                 ops->pwork_60sec(dev);
3219
3220         /* Force check the TX power emission now. */
3221         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
3222 }
3223
3224 static void b43_periodic_every30sec(struct b43_wldev *dev)
3225 {
3226         /* Update device statistics. */
3227         b43_calculate_link_quality(dev);
3228 }
3229
3230 static void b43_periodic_every15sec(struct b43_wldev *dev)
3231 {
3232         struct b43_phy *phy = &dev->phy;
3233         u16 wdr;
3234
3235         if (dev->fw.opensource) {
3236                 /* Check if the firmware is still alive.
3237                  * It will reset the watchdog counter to 0 in its idle loop. */
3238                 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
3239                 if (unlikely(wdr)) {
3240                         b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
3241                         b43_controller_restart(dev, "Firmware watchdog");
3242                         return;
3243                 } else {
3244                         b43_shm_write16(dev, B43_SHM_SCRATCH,
3245                                         B43_WATCHDOG_REG, 1);
3246                 }
3247         }
3248
3249         if (phy->ops->pwork_15sec)
3250                 phy->ops->pwork_15sec(dev);
3251
3252         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3253         wmb();
3254
3255 #if B43_DEBUG
3256         if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
3257                 unsigned int i;
3258
3259                 b43dbg(dev->wl, "Stats: %7u IRQs/sec, %7u TX/sec, %7u RX/sec\n",
3260                        dev->irq_count / 15,
3261                        dev->tx_count / 15,
3262                        dev->rx_count / 15);
3263                 dev->irq_count = 0;
3264                 dev->tx_count = 0;
3265                 dev->rx_count = 0;
3266                 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
3267                         if (dev->irq_bit_count[i]) {
3268                                 b43dbg(dev->wl, "Stats: %7u IRQ-%02u/sec (0x%08X)\n",
3269                                        dev->irq_bit_count[i] / 15, i, (1 << i));
3270                                 dev->irq_bit_count[i] = 0;
3271                         }
3272                 }
3273         }
3274 #endif
3275 }
3276
3277 static void do_periodic_work(struct b43_wldev *dev)
3278 {
3279         unsigned int state;
3280
3281         state = dev->periodic_state;
3282         if (state % 4 == 0)
3283                 b43_periodic_every60sec(dev);
3284         if (state % 2 == 0)
3285                 b43_periodic_every30sec(dev);
3286         b43_periodic_every15sec(dev);
3287 }
3288
3289 /* Periodic work locking policy:
3290  *      The whole periodic work handler is protected by
3291  *      wl->mutex. If another lock is needed somewhere in the
3292  *      pwork callchain, it's acquired in-place, where it's needed.
3293  */
3294 static void b43_periodic_work_handler(struct work_struct *work)
3295 {
3296         struct b43_wldev *dev = container_of(work, struct b43_wldev,
3297                                              periodic_work.work);
3298         struct b43_wl *wl = dev->wl;
3299         unsigned long delay;
3300
3301         mutex_lock(&wl->mutex);
3302
3303         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
3304                 goto out;
3305         if (b43_debug(dev, B43_DBG_PWORK_STOP))
3306                 goto out_requeue;
3307
3308         do_periodic_work(dev);
3309
3310         dev->periodic_state++;
3311 out_requeue:
3312         if (b43_debug(dev, B43_DBG_PWORK_FAST))
3313                 delay = msecs_to_jiffies(50);
3314         else
3315                 delay = round_jiffies_relative(HZ * 15);
3316         ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
3317 out:
3318         mutex_unlock(&wl->mutex);
3319 }
3320
3321 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
3322 {
3323         struct delayed_work *work = &dev->periodic_work;
3324
3325         dev->periodic_state = 0;
3326         INIT_DELAYED_WORK(work, b43_periodic_work_handler);
3327         ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
3328 }
3329
3330 /* Check if communication with the device works correctly. */
3331 static int b43_validate_chipaccess(struct b43_wldev *dev)
3332 {
3333         u32 v, backup0, backup4;
3334
3335         backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
3336         backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
3337
3338         /* Check for read/write and endianness problems. */
3339         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
3340         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
3341                 goto error;
3342         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
3343         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
3344                 goto error;
3345
3346         /* Check if unaligned 32bit SHM_SHARED access works properly.
3347          * However, don't bail out on failure, because it's noncritical. */
3348         b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
3349         b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
3350         b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
3351         b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
3352         if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
3353                 b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
3354         b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
3355         if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
3356             b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
3357             b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
3358             b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
3359                 b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
3360
3361         b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
3362         b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
3363
3364         if ((dev->dev->core_rev >= 3) && (dev->dev->core_rev <= 10)) {
3365                 /* The 32bit register shadows the two 16bit registers
3366                  * with update sideeffects. Validate this. */
3367                 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
3368                 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
3369                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
3370                         goto error;
3371                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
3372                         goto error;
3373         }
3374         b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
3375
3376         v = b43_read32(dev, B43_MMIO_MACCTL);
3377         v |= B43_MACCTL_GMODE;
3378         if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
3379                 goto error;
3380
3381         return 0;
3382 error:
3383         b43err(dev->wl, "Failed to validate the chipaccess\n");
3384         return -ENODEV;
3385 }
3386
3387 static void b43_security_init(struct b43_wldev *dev)
3388 {
3389         dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
3390         /* KTP is a word address, but we address SHM bytewise.
3391          * So multiply by two.
3392          */
3393         dev->ktp *= 2;
3394         /* Number of RCMTA address slots */
3395         b43_write16(dev, B43_MMIO_RCMTA_COUNT, B43_NR_PAIRWISE_KEYS);
3396         /* Clear the key memory. */
3397         b43_clear_keys(dev);
3398 }
3399
3400 #ifdef CONFIG_B43_HWRNG
3401 static int b43_rng_read(struct hwrng *rng, u32 *data)
3402 {
3403         struct b43_wl *wl = (struct b43_wl *)rng->priv;
3404         struct b43_wldev *dev;
3405         int count = -ENODEV;
3406
3407         mutex_lock(&wl->mutex);
3408         dev = wl->current_dev;
3409         if (likely(dev && b43_status(dev) >= B43_STAT_INITIALIZED)) {
3410                 *data = b43_read16(dev, B43_MMIO_RNG);
3411                 count = sizeof(u16);
3412         }
3413         mutex_unlock(&wl->mutex);
3414
3415         return count;
3416 }
3417 #endif /* CONFIG_B43_HWRNG */
3418
3419 static void b43_rng_exit(struct b43_wl *wl)
3420 {
3421 #ifdef CONFIG_B43_HWRNG
3422         if (wl->rng_initialized)
3423                 hwrng_unregister(&wl->rng);
3424 #endif /* CONFIG_B43_HWRNG */
3425 }
3426
3427 static int b43_rng_init(struct b43_wl *wl)
3428 {
3429         int err = 0;
3430
3431 #ifdef CONFIG_B43_HWRNG
3432         snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3433                  "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3434         wl->rng.name = wl->rng_name;
3435         wl->rng.data_read = b43_rng_read;
3436         wl->rng.priv = (unsigned long)wl;
3437         wl->rng_initialized = true;
3438         err = hwrng_register(&wl->rng);
3439         if (err) {
3440                 wl->rng_initialized = false;
3441                 b43err(wl, "Failed to register the random "
3442                        "number generator (%d)\n", err);
3443         }
3444 #endif /* CONFIG_B43_HWRNG */
3445
3446         return err;
3447 }
3448
3449 static void b43_tx_work(struct work_struct *work)
3450 {
3451         struct b43_wl *wl = container_of(work, struct b43_wl, tx_work);
3452         struct b43_wldev *dev;
3453         struct sk_buff *skb;
3454         int queue_num;
3455         int err = 0;
3456
3457         mutex_lock(&wl->mutex);
3458         dev = wl->current_dev;
3459         if (unlikely(!dev || b43_status(dev) < B43_STAT_STARTED)) {
3460                 mutex_unlock(&wl->mutex);
3461                 return;
3462         }
3463
3464         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
3465                 while (skb_queue_len(&wl->tx_queue[queue_num])) {
3466                         skb = skb_dequeue(&wl->tx_queue[queue_num]);
3467                         if (b43_using_pio_transfers(dev))
3468                                 err = b43_pio_tx(dev, skb);
3469                         else
3470                                 err = b43_dma_tx(dev, skb);
3471                         if (err == -ENOSPC) {
3472                                 wl->tx_queue_stopped[queue_num] = 1;
3473                                 ieee80211_stop_queue(wl->hw, queue_num);
3474                                 skb_queue_head(&wl->tx_queue[queue_num], skb);
3475                                 break;
3476                         }
3477                         if (unlikely(err))
3478                                 ieee80211_free_txskb(wl->hw, skb);
3479                         err = 0;
3480                 }
3481
3482                 if (!err)
3483                         wl->tx_queue_stopped[queue_num] = 0;
3484         }
3485
3486 #if B43_DEBUG
3487         dev->tx_count++;
3488 #endif
3489         mutex_unlock(&wl->mutex);
3490 }
3491
3492 static void b43_op_tx(struct ieee80211_hw *hw,
3493                       struct ieee80211_tx_control *control,
3494                       struct sk_buff *skb)
3495 {
3496         struct b43_wl *wl = hw_to_b43_wl(hw);
3497
3498         if (unlikely(skb->len < 2 + 2 + 6)) {
3499                 /* Too short, this can't be a valid frame. */
3500                 ieee80211_free_txskb(hw, skb);
3501                 return;
3502         }
3503         B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3504
3505         skb_queue_tail(&wl->tx_queue[skb->queue_mapping], skb);
3506         if (!wl->tx_queue_stopped[skb->queue_mapping]) {
3507                 ieee80211_queue_work(wl->hw, &wl->tx_work);
3508         } else {
3509                 ieee80211_stop_queue(wl->hw, skb->queue_mapping);
3510         }
3511 }
3512
3513 static void b43_qos_params_upload(struct b43_wldev *dev,
3514                                   const struct ieee80211_tx_queue_params *p,
3515                                   u16 shm_offset)
3516 {
3517         u16 params[B43_NR_QOSPARAMS];
3518         int bslots, tmp;
3519         unsigned int i;
3520
3521         if (!dev->qos_enabled)
3522                 return;
3523
3524         bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3525
3526         memset(&params, 0, sizeof(params));
3527
3528         params[B43_QOSPARAM_TXOP] = p->txop * 32;
3529         params[B43_QOSPARAM_CWMIN] = p->cw_min;
3530         params[B43_QOSPARAM_CWMAX] = p->cw_max;
3531         params[B43_QOSPARAM_CWCUR] = p->cw_min;
3532         params[B43_QOSPARAM_AIFS] = p->aifs;
3533         params[B43_QOSPARAM_BSLOTS] = bslots;
3534         params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3535
3536         for (i = 0; i < ARRAY_SIZE(params); i++) {
3537                 if (i == B43_QOSPARAM_STATUS) {
3538                         tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3539                                              shm_offset + (i * 2));
3540                         /* Mark the parameters as updated. */
3541                         tmp |= 0x100;
3542                         b43_shm_write16(dev, B43_SHM_SHARED,
3543                                         shm_offset + (i * 2),
3544                                         tmp);
3545                 } else {
3546                         b43_shm_write16(dev, B43_SHM_SHARED,
3547                                         shm_offset + (i * 2),
3548                                         params[i]);
3549                 }
3550         }
3551 }
3552
3553 /* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3554 static const u16 b43_qos_shm_offsets[] = {
3555         /* [mac80211-queue-nr] = SHM_OFFSET, */
3556         [0] = B43_QOS_VOICE,
3557         [1] = B43_QOS_VIDEO,
3558         [2] = B43_QOS_BESTEFFORT,
3559         [3] = B43_QOS_BACKGROUND,
3560 };
3561
3562 /* Update all QOS parameters in hardware. */
3563 static void b43_qos_upload_all(struct b43_wldev *dev)
3564 {
3565         struct b43_wl *wl = dev->wl;
3566         struct b43_qos_params *params;
3567         unsigned int i;
3568
3569         if (!dev->qos_enabled)
3570                 return;
3571
3572         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3573                      ARRAY_SIZE(wl->qos_params));
3574
3575         b43_mac_suspend(dev);
3576         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3577                 params = &(wl->qos_params[i]);
3578                 b43_qos_params_upload(dev, &(params->p),
3579                                       b43_qos_shm_offsets[i]);
3580         }
3581         b43_mac_enable(dev);
3582 }
3583
3584 static void b43_qos_clear(struct b43_wl *wl)
3585 {
3586         struct b43_qos_params *params;
3587         unsigned int i;
3588
3589         /* Initialize QoS parameters to sane defaults. */
3590
3591         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3592                      ARRAY_SIZE(wl->qos_params));
3593
3594         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3595                 params = &(wl->qos_params[i]);
3596
3597                 switch (b43_qos_shm_offsets[i]) {
3598                 case B43_QOS_VOICE:
3599                         params->p.txop = 0;
3600                         params->p.aifs = 2;
3601                         params->p.cw_min = 0x0001;
3602                         params->p.cw_max = 0x0001;
3603                         break;
3604                 case B43_QOS_VIDEO:
3605                         params->p.txop = 0;
3606                         params->p.aifs = 2;
3607                         params->p.cw_min = 0x0001;
3608                         params->p.cw_max = 0x0001;
3609                         break;
3610                 case B43_QOS_BESTEFFORT:
3611                         params->p.txop = 0;
3612                         params->p.aifs = 3;
3613                         params->p.cw_min = 0x0001;
3614                         params->p.cw_max = 0x03FF;
3615                         break;
3616                 case B43_QOS_BACKGROUND:
3617                         params->p.txop = 0;
3618                         params->p.aifs = 7;
3619                         params->p.cw_min = 0x0001;
3620                         params->p.cw_max = 0x03FF;
3621                         break;
3622                 default:
3623                         B43_WARN_ON(1);
3624                 }
3625         }
3626 }
3627
3628 /* Initialize the core's QOS capabilities */
3629 static void b43_qos_init(struct b43_wldev *dev)
3630 {
3631         if (!dev->qos_enabled) {
3632                 /* Disable QOS support. */
3633                 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_EDCF);
3634                 b43_write16(dev, B43_MMIO_IFSCTL,
3635                             b43_read16(dev, B43_MMIO_IFSCTL)
3636                             & ~B43_MMIO_IFSCTL_USE_EDCF);
3637                 b43dbg(dev->wl, "QoS disabled\n");
3638                 return;
3639         }
3640
3641         /* Upload the current QOS parameters. */
3642         b43_qos_upload_all(dev);
3643
3644         /* Enable QOS support. */
3645         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3646         b43_write16(dev, B43_MMIO_IFSCTL,
3647                     b43_read16(dev, B43_MMIO_IFSCTL)
3648                     | B43_MMIO_IFSCTL_USE_EDCF);
3649         b43dbg(dev->wl, "QoS enabled\n");
3650 }
3651
3652 static int b43_op_conf_tx(struct ieee80211_hw *hw,
3653                           struct ieee80211_vif *vif, u16 _queue,
3654                           const struct ieee80211_tx_queue_params *params)
3655 {
3656         struct b43_wl *wl = hw_to_b43_wl(hw);
3657         struct b43_wldev *dev;
3658         unsigned int queue = (unsigned int)_queue;
3659         int err = -ENODEV;
3660
3661         if (queue >= ARRAY_SIZE(wl->qos_params)) {
3662                 /* Queue not available or don't support setting
3663                  * params on this queue. Return success to not
3664                  * confuse mac80211. */
3665                 return 0;
3666         }
3667         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3668                      ARRAY_SIZE(wl->qos_params));
3669
3670         mutex_lock(&wl->mutex);
3671         dev = wl->current_dev;
3672         if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3673                 goto out_unlock;
3674
3675         memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3676         b43_mac_suspend(dev);
3677         b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3678                               b43_qos_shm_offsets[queue]);
3679         b43_mac_enable(dev);
3680         err = 0;
3681
3682 out_unlock:
3683         mutex_unlock(&wl->mutex);
3684
3685         return err;
3686 }
3687
3688 static int b43_op_get_stats(struct ieee80211_hw *hw,
3689                             struct ieee80211_low_level_stats *stats)
3690 {
3691         struct b43_wl *wl = hw_to_b43_wl(hw);
3692
3693         mutex_lock(&wl->mutex);
3694         memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3695         mutex_unlock(&wl->mutex);
3696
3697         return 0;
3698 }
3699
3700 static u64 b43_op_get_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
3701 {
3702         struct b43_wl *wl = hw_to_b43_wl(hw);
3703         struct b43_wldev *dev;
3704         u64 tsf;
3705
3706         mutex_lock(&wl->mutex);
3707         dev = wl->current_dev;
3708
3709         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3710                 b43_tsf_read(dev, &tsf);
3711         else
3712                 tsf = 0;
3713
3714         mutex_unlock(&wl->mutex);
3715
3716         return tsf;
3717 }
3718
3719 static void b43_op_set_tsf(struct ieee80211_hw *hw,
3720                            struct ieee80211_vif *vif, u64 tsf)
3721 {
3722         struct b43_wl *wl = hw_to_b43_wl(hw);
3723         struct b43_wldev *dev;
3724
3725         mutex_lock(&wl->mutex);
3726         dev = wl->current_dev;
3727
3728         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3729                 b43_tsf_write(dev, tsf);
3730
3731         mutex_unlock(&wl->mutex);
3732 }
3733
3734 static const char *band_to_string(enum ieee80211_band band)
3735 {
3736         switch (band) {
3737         case IEEE80211_BAND_5GHZ:
3738                 return "5";
3739         case IEEE80211_BAND_2GHZ:
3740                 return "2.4";
3741         default:
3742                 break;
3743         }
3744         B43_WARN_ON(1);
3745         return "";
3746 }
3747
3748 /* Expects wl->mutex locked */
3749 static int b43_switch_band(struct b43_wldev *dev,
3750                            struct ieee80211_channel *chan)
3751 {
3752         struct b43_phy *phy = &dev->phy;
3753         bool gmode;
3754         u32 tmp;
3755
3756         switch (chan->band) {
3757         case IEEE80211_BAND_5GHZ:
3758                 gmode = false;
3759                 break;
3760         case IEEE80211_BAND_2GHZ:
3761                 gmode = true;
3762                 break;
3763         default:
3764                 B43_WARN_ON(1);
3765                 return -EINVAL;
3766         }
3767
3768         if (!((gmode && phy->supports_2ghz) ||
3769               (!gmode && phy->supports_5ghz))) {
3770                 b43err(dev->wl, "This device doesn't support %s-GHz band\n",
3771                        band_to_string(chan->band));
3772                 return -ENODEV;
3773         }
3774
3775         if (!!phy->gmode == !!gmode) {
3776                 /* This device is already running. */
3777                 return 0;
3778         }
3779
3780         b43dbg(dev->wl, "Switching to %s GHz band\n",
3781                band_to_string(chan->band));
3782
3783         /* Some new devices don't need disabling radio for band switching */
3784         if (!(phy->type == B43_PHYTYPE_N && phy->rev >= 3))
3785                 b43_software_rfkill(dev, true);
3786
3787         phy->gmode = gmode;
3788         b43_phy_put_into_reset(dev);
3789         switch (dev->dev->bus_type) {
3790 #ifdef CONFIG_B43_BCMA
3791         case B43_BUS_BCMA:
3792                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
3793                 if (gmode)
3794                         tmp |= B43_BCMA_IOCTL_GMODE;
3795                 else
3796                         tmp &= ~B43_BCMA_IOCTL_GMODE;
3797                 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
3798                 break;
3799 #endif
3800 #ifdef CONFIG_B43_SSB
3801         case B43_BUS_SSB:
3802                 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3803                 if (gmode)
3804                         tmp |= B43_TMSLOW_GMODE;
3805                 else
3806                         tmp &= ~B43_TMSLOW_GMODE;
3807                 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3808                 break;
3809 #endif
3810         }
3811         b43_phy_take_out_of_reset(dev);
3812
3813         b43_upload_initvals_band(dev);
3814
3815         b43_phy_init(dev);
3816
3817         return 0;
3818 }
3819
3820 /* Write the short and long frame retry limit values. */
3821 static void b43_set_retry_limits(struct b43_wldev *dev,
3822                                  unsigned int short_retry,
3823                                  unsigned int long_retry)
3824 {
3825         /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3826          * the chip-internal counter. */
3827         short_retry = min(short_retry, (unsigned int)0xF);
3828         long_retry = min(long_retry, (unsigned int)0xF);
3829
3830         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3831                         short_retry);
3832         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3833                         long_retry);
3834 }
3835
3836 static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3837 {
3838         struct b43_wl *wl = hw_to_b43_wl(hw);
3839         struct b43_wldev *dev = wl->current_dev;
3840         struct b43_phy *phy = &dev->phy;
3841         struct ieee80211_conf *conf = &hw->conf;
3842         int antenna;
3843         int err = 0;
3844
3845         mutex_lock(&wl->mutex);
3846         b43_mac_suspend(dev);
3847
3848         if (changed & IEEE80211_CONF_CHANGE_CHANNEL) {
3849                 phy->chandef = &conf->chandef;
3850                 phy->channel = conf->chandef.chan->hw_value;
3851
3852                 /* Switch the band (if necessary). */
3853                 err = b43_switch_band(dev, conf->chandef.chan);
3854                 if (err)
3855                         goto out_mac_enable;
3856
3857                 /* Switch to the requested channel.
3858                  * The firmware takes care of races with the TX handler.
3859                  */
3860                 b43_switch_channel(dev, phy->channel);
3861         }
3862
3863         if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
3864                 b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
3865                                           conf->long_frame_max_tx_count);
3866         changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
3867         if (!changed)
3868                 goto out_mac_enable;
3869
3870         dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_MONITOR);
3871
3872         /* Adjust the desired TX power level. */
3873         if (conf->power_level != 0) {
3874                 if (conf->power_level != phy->desired_txpower) {
3875                         phy->desired_txpower = conf->power_level;
3876                         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
3877                                                    B43_TXPWR_IGNORE_TSSI);
3878                 }
3879         }
3880
3881         /* Antennas for RX and management frame TX. */
3882         antenna = B43_ANTENNA_DEFAULT;
3883         b43_mgmtframe_txantenna(dev, antenna);
3884         antenna = B43_ANTENNA_DEFAULT;
3885         if (phy->ops->set_rx_antenna)
3886                 phy->ops->set_rx_antenna(dev, antenna);
3887
3888         if (wl->radio_enabled != phy->radio_on) {
3889                 if (wl->radio_enabled) {
3890                         b43_software_rfkill(dev, false);
3891                         b43info(dev->wl, "Radio turned on by software\n");
3892                         if (!dev->radio_hw_enable) {
3893                                 b43info(dev->wl, "The hardware RF-kill button "
3894                                         "still turns the radio physically off. "
3895                                         "Press the button to turn it on.\n");
3896                         }
3897                 } else {
3898                         b43_software_rfkill(dev, true);
3899                         b43info(dev->wl, "Radio turned off by software\n");
3900                 }
3901         }
3902
3903 out_mac_enable:
3904         b43_mac_enable(dev);
3905         mutex_unlock(&wl->mutex);
3906
3907         return err;
3908 }
3909
3910 static void b43_update_basic_rates(struct b43_wldev *dev, u32 brates)
3911 {
3912         struct ieee80211_supported_band *sband =
3913                 dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
3914         struct ieee80211_rate *rate;
3915         int i;
3916         u16 basic, direct, offset, basic_offset, rateptr;
3917
3918         for (i = 0; i < sband->n_bitrates; i++) {
3919                 rate = &sband->bitrates[i];
3920
3921                 if (b43_is_cck_rate(rate->hw_value)) {
3922                         direct = B43_SHM_SH_CCKDIRECT;
3923                         basic = B43_SHM_SH_CCKBASIC;
3924                         offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3925                         offset &= 0xF;
3926                 } else {
3927                         direct = B43_SHM_SH_OFDMDIRECT;
3928                         basic = B43_SHM_SH_OFDMBASIC;
3929                         offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3930                         offset &= 0xF;
3931                 }
3932
3933                 rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
3934
3935                 if (b43_is_cck_rate(rate->hw_value)) {
3936                         basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3937                         basic_offset &= 0xF;
3938                 } else {
3939                         basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3940                         basic_offset &= 0xF;
3941                 }
3942
3943                 /*
3944                  * Get the pointer that we need to point to
3945                  * from the direct map
3946                  */
3947                 rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
3948                                          direct + 2 * basic_offset);
3949                 /* and write it to the basic map */
3950                 b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
3951                                 rateptr);
3952         }
3953 }
3954
3955 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
3956                                     struct ieee80211_vif *vif,
3957                                     struct ieee80211_bss_conf *conf,
3958                                     u32 changed)
3959 {
3960         struct b43_wl *wl = hw_to_b43_wl(hw);
3961         struct b43_wldev *dev;
3962
3963         mutex_lock(&wl->mutex);
3964
3965         dev = wl->current_dev;
3966         if (!dev || b43_status(dev) < B43_STAT_STARTED)
3967                 goto out_unlock_mutex;
3968
3969         B43_WARN_ON(wl->vif != vif);
3970
3971         if (changed & BSS_CHANGED_BSSID) {
3972                 if (conf->bssid)
3973                         memcpy(wl->bssid, conf->bssid, ETH_ALEN);
3974                 else
3975                         memset(wl->bssid, 0, ETH_ALEN);
3976         }
3977
3978         if (b43_status(dev) >= B43_STAT_INITIALIZED) {
3979                 if (changed & BSS_CHANGED_BEACON &&
3980                     (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3981                      b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
3982                      b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
3983                         b43_update_templates(wl);
3984
3985                 if (changed & BSS_CHANGED_BSSID)
3986                         b43_write_mac_bssid_templates(dev);
3987         }
3988
3989         b43_mac_suspend(dev);
3990
3991         /* Update templates for AP/mesh mode. */
3992         if (changed & BSS_CHANGED_BEACON_INT &&
3993             (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3994              b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
3995              b43_is_mode(wl, NL80211_IFTYPE_ADHOC)) &&
3996             conf->beacon_int)
3997                 b43_set_beacon_int(dev, conf->beacon_int);
3998
3999         if (changed & BSS_CHANGED_BASIC_RATES)
4000                 b43_update_basic_rates(dev, conf->basic_rates);
4001
4002         if (changed & BSS_CHANGED_ERP_SLOT) {
4003                 if (conf->use_short_slot)
4004                         b43_short_slot_timing_enable(dev);
4005                 else
4006                         b43_short_slot_timing_disable(dev);
4007         }
4008
4009         b43_mac_enable(dev);
4010 out_unlock_mutex:
4011         mutex_unlock(&wl->mutex);
4012 }
4013
4014 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
4015                           struct ieee80211_vif *vif, struct ieee80211_sta *sta,
4016                           struct ieee80211_key_conf *key)
4017 {
4018         struct b43_wl *wl = hw_to_b43_wl(hw);
4019         struct b43_wldev *dev;
4020         u8 algorithm;
4021         u8 index;
4022         int err;
4023         static const u8 bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
4024
4025         if (modparam_nohwcrypt)
4026                 return -ENOSPC; /* User disabled HW-crypto */
4027
4028         if ((vif->type == NL80211_IFTYPE_ADHOC ||
4029              vif->type == NL80211_IFTYPE_MESH_POINT) &&
4030             (key->cipher == WLAN_CIPHER_SUITE_TKIP ||
4031              key->cipher == WLAN_CIPHER_SUITE_CCMP) &&
4032             !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
4033                 /*
4034                  * For now, disable hw crypto for the RSN IBSS group keys. This
4035                  * could be optimized in the future, but until that gets
4036                  * implemented, use of software crypto for group addressed
4037                  * frames is a acceptable to allow RSN IBSS to be used.
4038                  */
4039                 return -EOPNOTSUPP;
4040         }
4041
4042         mutex_lock(&wl->mutex);
4043
4044         dev = wl->current_dev;
4045         err = -ENODEV;
4046         if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
4047                 goto out_unlock;
4048
4049         if (dev->fw.pcm_request_failed || !dev->hwcrypto_enabled) {
4050                 /* We don't have firmware for the crypto engine.
4051                  * Must use software-crypto. */
4052                 err = -EOPNOTSUPP;
4053                 goto out_unlock;
4054         }
4055
4056         err = -EINVAL;
4057         switch (key->cipher) {
4058         case WLAN_CIPHER_SUITE_WEP40:
4059                 algorithm = B43_SEC_ALGO_WEP40;
4060                 break;
4061         case WLAN_CIPHER_SUITE_WEP104:
4062                 algorithm = B43_SEC_ALGO_WEP104;
4063                 break;
4064         case WLAN_CIPHER_SUITE_TKIP:
4065                 algorithm = B43_SEC_ALGO_TKIP;
4066                 break;
4067         case WLAN_CIPHER_SUITE_CCMP:
4068                 algorithm = B43_SEC_ALGO_AES;
4069                 break;
4070         default:
4071                 B43_WARN_ON(1);
4072                 goto out_unlock;
4073         }
4074         index = (u8) (key->keyidx);
4075         if (index > 3)
4076                 goto out_unlock;
4077
4078         switch (cmd) {
4079         case SET_KEY:
4080                 if (algorithm == B43_SEC_ALGO_TKIP &&
4081                     (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE) ||
4082                     !modparam_hwtkip)) {
4083                         /* We support only pairwise key */
4084                         err = -EOPNOTSUPP;
4085                         goto out_unlock;
4086                 }
4087
4088                 if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
4089                         if (WARN_ON(!sta)) {
4090                                 err = -EOPNOTSUPP;
4091                                 goto out_unlock;
4092                         }
4093                         /* Pairwise key with an assigned MAC address. */
4094                         err = b43_key_write(dev, -1, algorithm,
4095                                             key->key, key->keylen,
4096                                             sta->addr, key);
4097                 } else {
4098                         /* Group key */
4099                         err = b43_key_write(dev, index, algorithm,
4100                                             key->key, key->keylen, NULL, key);
4101                 }
4102                 if (err)
4103                         goto out_unlock;
4104
4105                 if (algorithm == B43_SEC_ALGO_WEP40 ||
4106                     algorithm == B43_SEC_ALGO_WEP104) {
4107                         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
4108                 } else {
4109                         b43_hf_write(dev,
4110                                      b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
4111                 }
4112                 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
4113                 if (algorithm == B43_SEC_ALGO_TKIP)
4114                         key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
4115                 break;
4116         case DISABLE_KEY: {
4117                 err = b43_key_clear(dev, key->hw_key_idx);
4118                 if (err)
4119                         goto out_unlock;
4120                 break;
4121         }
4122         default:
4123                 B43_WARN_ON(1);
4124         }
4125
4126 out_unlock:
4127         if (!err) {
4128                 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
4129                        "mac: %pM\n",
4130                        cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
4131                        sta ? sta->addr : bcast_addr);
4132                 b43_dump_keymemory(dev);
4133         }
4134         mutex_unlock(&wl->mutex);
4135
4136         return err;
4137 }
4138
4139 static void b43_op_configure_filter(struct ieee80211_hw *hw,
4140                                     unsigned int changed, unsigned int *fflags,
4141                                     u64 multicast)
4142 {
4143         struct b43_wl *wl = hw_to_b43_wl(hw);
4144         struct b43_wldev *dev;
4145
4146         mutex_lock(&wl->mutex);
4147         dev = wl->current_dev;
4148         if (!dev) {
4149                 *fflags = 0;
4150                 goto out_unlock;
4151         }
4152
4153         *fflags &= FIF_PROMISC_IN_BSS |
4154                   FIF_ALLMULTI |
4155                   FIF_FCSFAIL |
4156                   FIF_PLCPFAIL |
4157                   FIF_CONTROL |
4158                   FIF_OTHER_BSS |
4159                   FIF_BCN_PRBRESP_PROMISC;
4160
4161         changed &= FIF_PROMISC_IN_BSS |
4162                    FIF_ALLMULTI |
4163                    FIF_FCSFAIL |
4164                    FIF_PLCPFAIL |
4165                    FIF_CONTROL |
4166                    FIF_OTHER_BSS |
4167                    FIF_BCN_PRBRESP_PROMISC;
4168
4169         wl->filter_flags = *fflags;
4170
4171         if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
4172                 b43_adjust_opmode(dev);
4173
4174 out_unlock:
4175         mutex_unlock(&wl->mutex);
4176 }
4177
4178 /* Locking: wl->mutex
4179  * Returns the current dev. This might be different from the passed in dev,
4180  * because the core might be gone away while we unlocked the mutex. */
4181 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev)
4182 {
4183         struct b43_wl *wl;
4184         struct b43_wldev *orig_dev;
4185         u32 mask;
4186         int queue_num;
4187
4188         if (!dev)
4189                 return NULL;
4190         wl = dev->wl;
4191 redo:
4192         if (!dev || b43_status(dev) < B43_STAT_STARTED)
4193                 return dev;
4194
4195         /* Cancel work. Unlock to avoid deadlocks. */
4196         mutex_unlock(&wl->mutex);
4197         cancel_delayed_work_sync(&dev->periodic_work);
4198         cancel_work_sync(&wl->tx_work);
4199         mutex_lock(&wl->mutex);
4200         dev = wl->current_dev;
4201         if (!dev || b43_status(dev) < B43_STAT_STARTED) {
4202                 /* Whoops, aliens ate up the device while we were unlocked. */
4203                 return dev;
4204         }
4205
4206         /* Disable interrupts on the device. */
4207         b43_set_status(dev, B43_STAT_INITIALIZED);
4208         if (b43_bus_host_is_sdio(dev->dev)) {
4209                 /* wl->mutex is locked. That is enough. */
4210                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4211                 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4212         } else {
4213                 spin_lock_irq(&wl->hardirq_lock);
4214                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4215                 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4216                 spin_unlock_irq(&wl->hardirq_lock);
4217         }
4218         /* Synchronize and free the interrupt handlers. Unlock to avoid deadlocks. */
4219         orig_dev = dev;
4220         mutex_unlock(&wl->mutex);
4221         if (b43_bus_host_is_sdio(dev->dev)) {
4222                 b43_sdio_free_irq(dev);
4223         } else {
4224                 synchronize_irq(dev->dev->irq);
4225                 free_irq(dev->dev->irq, dev);
4226         }
4227         mutex_lock(&wl->mutex);
4228         dev = wl->current_dev;
4229         if (!dev)
4230                 return dev;
4231         if (dev != orig_dev) {
4232                 if (b43_status(dev) >= B43_STAT_STARTED)
4233                         goto redo;
4234                 return dev;
4235         }
4236         mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
4237         B43_WARN_ON(mask != 0xFFFFFFFF && mask);
4238
4239         /* Drain all TX queues. */
4240         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
4241                 while (skb_queue_len(&wl->tx_queue[queue_num])) {
4242                         struct sk_buff *skb;
4243
4244                         skb = skb_dequeue(&wl->tx_queue[queue_num]);
4245                         ieee80211_free_txskb(wl->hw, skb);
4246                 }
4247         }
4248
4249         b43_mac_suspend(dev);
4250         b43_leds_exit(dev);
4251         b43dbg(wl, "Wireless interface stopped\n");
4252
4253         return dev;
4254 }
4255
4256 /* Locking: wl->mutex */
4257 static int b43_wireless_core_start(struct b43_wldev *dev)
4258 {
4259         int err;
4260
4261         B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
4262
4263         drain_txstatus_queue(dev);
4264         if (b43_bus_host_is_sdio(dev->dev)) {
4265                 err = b43_sdio_request_irq(dev, b43_sdio_interrupt_handler);
4266                 if (err) {
4267                         b43err(dev->wl, "Cannot request SDIO IRQ\n");
4268                         goto out;
4269                 }
4270         } else {
4271                 err = request_threaded_irq(dev->dev->irq, b43_interrupt_handler,
4272                                            b43_interrupt_thread_handler,
4273                                            IRQF_SHARED, KBUILD_MODNAME, dev);
4274                 if (err) {
4275                         b43err(dev->wl, "Cannot request IRQ-%d\n",
4276                                dev->dev->irq);
4277                         goto out;
4278                 }
4279         }
4280
4281         /* We are ready to run. */
4282         ieee80211_wake_queues(dev->wl->hw);
4283         b43_set_status(dev, B43_STAT_STARTED);
4284
4285         /* Start data flow (TX/RX). */
4286         b43_mac_enable(dev);
4287         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
4288
4289         /* Start maintenance work */
4290         b43_periodic_tasks_setup(dev);
4291
4292         b43_leds_init(dev);
4293
4294         b43dbg(dev->wl, "Wireless interface started\n");
4295 out:
4296         return err;
4297 }
4298
4299 static char *b43_phy_name(struct b43_wldev *dev, u8 phy_type)
4300 {
4301         switch (phy_type) {
4302         case B43_PHYTYPE_A:
4303                 return "A";
4304         case B43_PHYTYPE_B:
4305                 return "B";
4306         case B43_PHYTYPE_G:
4307                 return "G";
4308         case B43_PHYTYPE_N:
4309                 return "N";
4310         case B43_PHYTYPE_LP:
4311                 return "LP";
4312         case B43_PHYTYPE_SSLPN:
4313                 return "SSLPN";
4314         case B43_PHYTYPE_HT:
4315                 return "HT";
4316         case B43_PHYTYPE_LCN:
4317                 return "LCN";
4318         case B43_PHYTYPE_LCNXN:
4319                 return "LCNXN";
4320         case B43_PHYTYPE_LCN40:
4321                 return "LCN40";
4322         case B43_PHYTYPE_AC:
4323                 return "AC";
4324         }
4325         return "UNKNOWN";
4326 }
4327
4328 /* Get PHY and RADIO versioning numbers */
4329 static int b43_phy_versioning(struct b43_wldev *dev)
4330 {
4331         struct b43_phy *phy = &dev->phy;
4332         const u8 core_rev = dev->dev->core_rev;
4333         u32 tmp;
4334         u8 analog_type;
4335         u8 phy_type;
4336         u8 phy_rev;
4337         u16 radio_manuf;
4338         u16 radio_ver;
4339         u16 radio_rev;
4340         int unsupported = 0;
4341
4342         /* Get PHY versioning */
4343         tmp = b43_read16(dev, B43_MMIO_PHY_VER);
4344         analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
4345         phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
4346         phy_rev = (tmp & B43_PHYVER_VERSION);
4347
4348         /* LCNXN is continuation of N which run out of revisions */
4349         if (phy_type == B43_PHYTYPE_LCNXN) {
4350                 phy_type = B43_PHYTYPE_N;
4351                 phy_rev += 16;
4352         }
4353
4354         switch (phy_type) {
4355 #ifdef CONFIG_B43_PHY_G
4356         case B43_PHYTYPE_G:
4357                 if (phy_rev > 9)
4358                         unsupported = 1;
4359                 break;
4360 #endif
4361 #ifdef CONFIG_B43_PHY_N
4362         case B43_PHYTYPE_N:
4363                 if (phy_rev > 9)
4364                         unsupported = 1;
4365                 break;
4366 #endif
4367 #ifdef CONFIG_B43_PHY_LP
4368         case B43_PHYTYPE_LP:
4369                 if (phy_rev > 2)
4370                         unsupported = 1;
4371                 break;
4372 #endif
4373 #ifdef CONFIG_B43_PHY_HT
4374         case B43_PHYTYPE_HT:
4375                 if (phy_rev > 1)
4376                         unsupported = 1;
4377                 break;
4378 #endif
4379 #ifdef CONFIG_B43_PHY_LCN
4380         case B43_PHYTYPE_LCN:
4381                 if (phy_rev > 1)
4382                         unsupported = 1;
4383                 break;
4384 #endif
4385         default:
4386                 unsupported = 1;
4387         }
4388         if (unsupported) {
4389                 b43err(dev->wl, "FOUND UNSUPPORTED PHY (Analog %u, Type %d (%s), Revision %u)\n",
4390                        analog_type, phy_type, b43_phy_name(dev, phy_type),
4391                        phy_rev);
4392                 return -EOPNOTSUPP;
4393         }
4394         b43info(dev->wl, "Found PHY: Analog %u, Type %d (%s), Revision %u\n",
4395                 analog_type, phy_type, b43_phy_name(dev, phy_type), phy_rev);
4396
4397         /* Get RADIO versioning */
4398         if (core_rev == 40 || core_rev == 42) {
4399                 radio_manuf = 0x17F;
4400
4401                 b43_write16(dev, B43_MMIO_RADIO24_CONTROL, 0);
4402                 radio_rev = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4403
4404                 b43_write16(dev, B43_MMIO_RADIO24_CONTROL, 1);
4405                 radio_ver = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4406         } else if (core_rev >= 24) {
4407                 u16 radio24[3];
4408
4409                 for (tmp = 0; tmp < 3; tmp++) {
4410                         b43_write16(dev, B43_MMIO_RADIO24_CONTROL, tmp);
4411                         radio24[tmp] = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4412                 }
4413
4414                 /* Broadcom uses "id" for our "ver" and has separated "ver" */
4415                 /* radio_ver = (radio24[0] & 0xF0) >> 4; */
4416
4417                 radio_manuf = 0x17F;
4418                 radio_ver = (radio24[2] << 8) | radio24[1];
4419                 radio_rev = (radio24[0] & 0xF);
4420         } else {
4421                 if (dev->dev->chip_id == 0x4317) {
4422                         if (dev->dev->chip_rev == 0)
4423                                 tmp = 0x3205017F;
4424                         else if (dev->dev->chip_rev == 1)
4425                                 tmp = 0x4205017F;
4426                         else
4427                                 tmp = 0x5205017F;
4428                 } else {
4429                         b43_write16(dev, B43_MMIO_RADIO_CONTROL,
4430                                     B43_RADIOCTL_ID);
4431                         tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
4432                         b43_write16(dev, B43_MMIO_RADIO_CONTROL,
4433                                     B43_RADIOCTL_ID);
4434                         tmp |= (u32)b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH)
4435                                 << 16;
4436                 }
4437                 radio_manuf = (tmp & 0x00000FFF);
4438                 radio_ver = (tmp & 0x0FFFF000) >> 12;
4439                 radio_rev = (tmp & 0xF0000000) >> 28;
4440         }
4441
4442         if (radio_manuf != 0x17F /* Broadcom */)
4443                 unsupported = 1;
4444         switch (phy_type) {
4445         case B43_PHYTYPE_A:
4446                 if (radio_ver != 0x2060)
4447                         unsupported = 1;
4448                 if (radio_rev != 1)
4449                         unsupported = 1;
4450                 if (radio_manuf != 0x17F)
4451                         unsupported = 1;
4452                 break;
4453         case B43_PHYTYPE_B:
4454                 if ((radio_ver & 0xFFF0) != 0x2050)
4455                         unsupported = 1;
4456                 break;
4457         case B43_PHYTYPE_G:
4458                 if (radio_ver != 0x2050)
4459                         unsupported = 1;
4460                 break;
4461         case B43_PHYTYPE_N:
4462                 if (radio_ver != 0x2055 && radio_ver != 0x2056)
4463                         unsupported = 1;
4464                 break;
4465         case B43_PHYTYPE_LP:
4466                 if (radio_ver != 0x2062 && radio_ver != 0x2063)
4467                         unsupported = 1;
4468                 break;
4469         case B43_PHYTYPE_HT:
4470                 if (radio_ver != 0x2059)
4471                         unsupported = 1;
4472                 break;
4473         case B43_PHYTYPE_LCN:
4474                 if (radio_ver != 0x2064)
4475                         unsupported = 1;
4476                 break;
4477         default:
4478                 B43_WARN_ON(1);
4479         }
4480         if (unsupported) {
4481                 b43err(dev->wl, "FOUND UNSUPPORTED RADIO "
4482                        "(Manuf 0x%X, Version 0x%X, Revision %u)\n",
4483                        radio_manuf, radio_ver, radio_rev);
4484                 return -EOPNOTSUPP;
4485         }
4486         b43dbg(dev->wl, "Found Radio: Manuf 0x%X, Version 0x%X, Revision %u\n",
4487                radio_manuf, radio_ver, radio_rev);
4488
4489         phy->radio_manuf = radio_manuf;
4490         phy->radio_ver = radio_ver;
4491         phy->radio_rev = radio_rev;
4492
4493         phy->analog = analog_type;
4494         phy->type = phy_type;
4495         phy->rev = phy_rev;
4496
4497         return 0;
4498 }
4499
4500 static void setup_struct_phy_for_init(struct b43_wldev *dev,
4501                                       struct b43_phy *phy)
4502 {
4503         phy->hardware_power_control = !!modparam_hwpctl;
4504         phy->next_txpwr_check_time = jiffies;
4505         /* PHY TX errors counter. */
4506         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
4507
4508 #if B43_DEBUG
4509         phy->phy_locked = false;
4510         phy->radio_locked = false;
4511 #endif
4512 }
4513
4514 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
4515 {
4516         dev->dfq_valid = false;
4517
4518         /* Assume the radio is enabled. If it's not enabled, the state will
4519          * immediately get fixed on the first periodic work run. */
4520         dev->radio_hw_enable = true;
4521
4522         /* Stats */
4523         memset(&dev->stats, 0, sizeof(dev->stats));
4524
4525         setup_struct_phy_for_init(dev, &dev->phy);
4526
4527         /* IRQ related flags */
4528         dev->irq_reason = 0;
4529         memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
4530         dev->irq_mask = B43_IRQ_MASKTEMPLATE;
4531         if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
4532                 dev->irq_mask &= ~B43_IRQ_PHY_TXERR;
4533
4534         dev->mac_suspended = 1;
4535
4536         /* Noise calculation context */
4537         memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
4538 }
4539
4540 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
4541 {
4542         struct ssb_sprom *sprom = dev->dev->bus_sprom;
4543         u64 hf;
4544
4545         if (!modparam_btcoex)
4546                 return;
4547         if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
4548                 return;
4549         if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
4550                 return;
4551
4552         hf = b43_hf_read(dev);
4553         if (sprom->boardflags_lo & B43_BFL_BTCMOD)
4554                 hf |= B43_HF_BTCOEXALT;
4555         else
4556                 hf |= B43_HF_BTCOEX;
4557         b43_hf_write(dev, hf);
4558 }
4559
4560 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
4561 {
4562         if (!modparam_btcoex)
4563                 return;
4564         //TODO
4565 }
4566
4567 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
4568 {
4569         struct ssb_bus *bus;
4570         u32 tmp;
4571
4572 #ifdef CONFIG_B43_SSB
4573         if (dev->dev->bus_type != B43_BUS_SSB)
4574                 return;
4575 #else
4576         return;
4577 #endif
4578
4579         bus = dev->dev->sdev->bus;
4580
4581         if ((bus->chip_id == 0x4311 && bus->chip_rev == 2) ||
4582             (bus->chip_id == 0x4312)) {
4583                 tmp = ssb_read32(dev->dev->sdev, SSB_IMCFGLO);
4584                 tmp &= ~SSB_IMCFGLO_REQTO;
4585                 tmp &= ~SSB_IMCFGLO_SERTO;
4586                 tmp |= 0x3;
4587                 ssb_write32(dev->dev->sdev, SSB_IMCFGLO, tmp);
4588                 ssb_commit_settings(bus);
4589         }
4590 }
4591
4592 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
4593 {
4594         u16 pu_delay;
4595
4596         /* The time value is in microseconds. */
4597         if (dev->phy.type == B43_PHYTYPE_A)
4598                 pu_delay = 3700;
4599         else
4600                 pu_delay = 1050;
4601         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
4602                 pu_delay = 500;
4603         if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
4604                 pu_delay = max(pu_delay, (u16)2400);
4605
4606         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
4607 }
4608
4609 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
4610 static void b43_set_pretbtt(struct b43_wldev *dev)
4611 {
4612         u16 pretbtt;
4613
4614         /* The time value is in microseconds. */
4615         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC)) {
4616                 pretbtt = 2;
4617         } else {
4618                 if (dev->phy.type == B43_PHYTYPE_A)
4619                         pretbtt = 120;
4620                 else
4621                         pretbtt = 250;
4622         }
4623         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
4624         b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
4625 }
4626
4627 /* Shutdown a wireless core */
4628 /* Locking: wl->mutex */
4629 static void b43_wireless_core_exit(struct b43_wldev *dev)
4630 {
4631         B43_WARN_ON(dev && b43_status(dev) > B43_STAT_INITIALIZED);
4632         if (!dev || b43_status(dev) != B43_STAT_INITIALIZED)
4633                 return;
4634
4635         b43_set_status(dev, B43_STAT_UNINIT);
4636
4637         /* Stop the microcode PSM. */
4638         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
4639                       B43_MACCTL_PSM_JMP0);
4640
4641         switch (dev->dev->bus_type) {
4642 #ifdef CONFIG_B43_BCMA
4643         case B43_BUS_BCMA:
4644                 bcma_core_pci_down(dev->dev->bdev->bus);
4645                 break;
4646 #endif
4647 #ifdef CONFIG_B43_SSB
4648         case B43_BUS_SSB:
4649                 /* TODO */
4650                 break;
4651 #endif
4652         }
4653
4654         b43_dma_free(dev);
4655         b43_pio_free(dev);
4656         b43_chip_exit(dev);
4657         dev->phy.ops->switch_analog(dev, 0);
4658         if (dev->wl->current_beacon) {
4659                 dev_kfree_skb_any(dev->wl->current_beacon);
4660                 dev->wl->current_beacon = NULL;
4661         }
4662
4663         b43_device_disable(dev, 0);
4664         b43_bus_may_powerdown(dev);
4665 }
4666
4667 /* Initialize a wireless core */
4668 static int b43_wireless_core_init(struct b43_wldev *dev)
4669 {
4670         struct ssb_sprom *sprom = dev->dev->bus_sprom;
4671         struct b43_phy *phy = &dev->phy;
4672         int err;
4673         u64 hf;
4674
4675         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4676
4677         err = b43_bus_powerup(dev, 0);
4678         if (err)
4679                 goto out;
4680         if (!b43_device_is_enabled(dev))
4681                 b43_wireless_core_reset(dev, phy->gmode);
4682
4683         /* Reset all data structures. */
4684         setup_struct_wldev_for_init(dev);
4685         phy->ops->prepare_structs(dev);
4686
4687         /* Enable IRQ routing to this device. */
4688         switch (dev->dev->bus_type) {
4689 #ifdef CONFIG_B43_BCMA
4690         case B43_BUS_BCMA:
4691                 bcma_core_pci_irq_ctl(&dev->dev->bdev->bus->drv_pci[0],
4692                                       dev->dev->bdev, true);
4693                 bcma_core_pci_up(dev->dev->bdev->bus);
4694                 break;
4695 #endif
4696 #ifdef CONFIG_B43_SSB
4697         case B43_BUS_SSB:
4698                 ssb_pcicore_dev_irqvecs_enable(&dev->dev->sdev->bus->pcicore,
4699                                                dev->dev->sdev);
4700                 break;
4701 #endif
4702         }
4703
4704         b43_imcfglo_timeouts_workaround(dev);
4705         b43_bluetooth_coext_disable(dev);
4706         if (phy->ops->prepare_hardware) {
4707                 err = phy->ops->prepare_hardware(dev);
4708                 if (err)
4709                         goto err_busdown;
4710         }
4711         err = b43_chip_init(dev);
4712         if (err)
4713                 goto err_busdown;
4714         b43_shm_write16(dev, B43_SHM_SHARED,
4715                         B43_SHM_SH_WLCOREREV, dev->dev->core_rev);
4716         hf = b43_hf_read(dev);
4717         if (phy->type == B43_PHYTYPE_G) {
4718                 hf |= B43_HF_SYMW;
4719                 if (phy->rev == 1)
4720                         hf |= B43_HF_GDCW;
4721                 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4722                         hf |= B43_HF_OFDMPABOOST;
4723         }
4724         if (phy->radio_ver == 0x2050) {
4725                 if (phy->radio_rev == 6)
4726                         hf |= B43_HF_4318TSSI;
4727                 if (phy->radio_rev < 6)
4728                         hf |= B43_HF_VCORECALC;
4729         }
4730         if (sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW)
4731                 hf |= B43_HF_DSCRQ; /* Disable slowclock requests from ucode. */
4732 #if defined(CONFIG_B43_SSB) && defined(CONFIG_SSB_DRIVER_PCICORE)
4733         if (dev->dev->bus_type == B43_BUS_SSB &&
4734             dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI &&
4735             dev->dev->sdev->bus->pcicore.dev->id.revision <= 10)
4736                 hf |= B43_HF_PCISCW; /* PCI slow clock workaround. */
4737 #endif
4738         hf &= ~B43_HF_SKCFPUP;
4739         b43_hf_write(dev, hf);
4740
4741         b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4742                              B43_DEFAULT_LONG_RETRY_LIMIT);
4743         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4744         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4745
4746         /* Disable sending probe responses from firmware.
4747          * Setting the MaxTime to one usec will always trigger
4748          * a timeout, so we never send any probe resp.
4749          * A timeout of zero is infinite. */
4750         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4751
4752         b43_rate_memory_init(dev);
4753         b43_set_phytxctl_defaults(dev);
4754
4755         /* Minimum Contention Window */
4756         if (phy->type == B43_PHYTYPE_B)
4757                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4758         else
4759                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4760         /* Maximum Contention Window */
4761         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4762
4763         if (b43_bus_host_is_pcmcia(dev->dev) ||
4764             b43_bus_host_is_sdio(dev->dev)) {
4765                 dev->__using_pio_transfers = true;
4766                 err = b43_pio_init(dev);
4767         } else if (dev->use_pio) {
4768                 b43warn(dev->wl, "Forced PIO by use_pio module parameter. "
4769                         "This should not be needed and will result in lower "
4770                         "performance.\n");
4771                 dev->__using_pio_transfers = true;
4772                 err = b43_pio_init(dev);
4773         } else {
4774                 dev->__using_pio_transfers = false;
4775                 err = b43_dma_init(dev);
4776         }
4777         if (err)
4778                 goto err_chip_exit;
4779         b43_qos_init(dev);
4780         b43_set_synth_pu_delay(dev, 1);
4781         b43_bluetooth_coext_enable(dev);
4782
4783         b43_bus_powerup(dev, !(sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW));
4784         b43_upload_card_macaddress(dev);
4785         b43_security_init(dev);
4786
4787         ieee80211_wake_queues(dev->wl->hw);
4788
4789         b43_set_status(dev, B43_STAT_INITIALIZED);
4790
4791 out:
4792         return err;
4793
4794 err_chip_exit:
4795         b43_chip_exit(dev);
4796 err_busdown:
4797         b43_bus_may_powerdown(dev);
4798         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4799         return err;
4800 }
4801
4802 static int b43_op_add_interface(struct ieee80211_hw *hw,
4803                                 struct ieee80211_vif *vif)
4804 {
4805         struct b43_wl *wl = hw_to_b43_wl(hw);
4806         struct b43_wldev *dev;
4807         int err = -EOPNOTSUPP;
4808
4809         /* TODO: allow WDS/AP devices to coexist */
4810
4811         if (vif->type != NL80211_IFTYPE_AP &&
4812             vif->type != NL80211_IFTYPE_MESH_POINT &&
4813             vif->type != NL80211_IFTYPE_STATION &&
4814             vif->type != NL80211_IFTYPE_WDS &&
4815             vif->type != NL80211_IFTYPE_ADHOC)
4816                 return -EOPNOTSUPP;
4817
4818         mutex_lock(&wl->mutex);
4819         if (wl->operating)
4820                 goto out_mutex_unlock;
4821
4822         b43dbg(wl, "Adding Interface type %d\n", vif->type);
4823
4824         dev = wl->current_dev;
4825         wl->operating = true;
4826         wl->vif = vif;
4827         wl->if_type = vif->type;
4828         memcpy(wl->mac_addr, vif->addr, ETH_ALEN);
4829
4830         b43_adjust_opmode(dev);
4831         b43_set_pretbtt(dev);
4832         b43_set_synth_pu_delay(dev, 0);
4833         b43_upload_card_macaddress(dev);
4834
4835         err = 0;
4836  out_mutex_unlock:
4837         mutex_unlock(&wl->mutex);
4838
4839         if (err == 0)
4840                 b43_op_bss_info_changed(hw, vif, &vif->bss_conf, ~0);
4841
4842         return err;
4843 }
4844
4845 static void b43_op_remove_interface(struct ieee80211_hw *hw,
4846                                     struct ieee80211_vif *vif)
4847 {
4848         struct b43_wl *wl = hw_to_b43_wl(hw);
4849         struct b43_wldev *dev = wl->current_dev;
4850
4851         b43dbg(wl, "Removing Interface type %d\n", vif->type);
4852
4853         mutex_lock(&wl->mutex);
4854
4855         B43_WARN_ON(!wl->operating);
4856         B43_WARN_ON(wl->vif != vif);
4857         wl->vif = NULL;
4858
4859         wl->operating = false;
4860
4861         b43_adjust_opmode(dev);
4862         memset(wl->mac_addr, 0, ETH_ALEN);
4863         b43_upload_card_macaddress(dev);
4864
4865         mutex_unlock(&wl->mutex);
4866 }
4867
4868 static int b43_op_start(struct ieee80211_hw *hw)
4869 {
4870         struct b43_wl *wl = hw_to_b43_wl(hw);
4871         struct b43_wldev *dev = wl->current_dev;
4872         int did_init = 0;
4873         int err = 0;
4874
4875         /* Kill all old instance specific information to make sure
4876          * the card won't use it in the short timeframe between start
4877          * and mac80211 reconfiguring it. */
4878         memset(wl->bssid, 0, ETH_ALEN);
4879         memset(wl->mac_addr, 0, ETH_ALEN);
4880         wl->filter_flags = 0;
4881         wl->radiotap_enabled = false;
4882         b43_qos_clear(wl);
4883         wl->beacon0_uploaded = false;
4884         wl->beacon1_uploaded = false;
4885         wl->beacon_templates_virgin = true;
4886         wl->radio_enabled = true;
4887
4888         mutex_lock(&wl->mutex);
4889
4890         if (b43_status(dev) < B43_STAT_INITIALIZED) {
4891                 err = b43_wireless_core_init(dev);
4892                 if (err)
4893                         goto out_mutex_unlock;
4894                 did_init = 1;
4895         }
4896
4897         if (b43_status(dev) < B43_STAT_STARTED) {
4898                 err = b43_wireless_core_start(dev);
4899                 if (err) {
4900                         if (did_init)
4901                                 b43_wireless_core_exit(dev);
4902                         goto out_mutex_unlock;
4903                 }
4904         }
4905
4906         /* XXX: only do if device doesn't support rfkill irq */
4907         wiphy_rfkill_start_polling(hw->wiphy);
4908
4909  out_mutex_unlock:
4910         mutex_unlock(&wl->mutex);
4911
4912         /*
4913          * Configuration may have been overwritten during initialization.
4914          * Reload the configuration, but only if initialization was
4915          * successful. Reloading the configuration after a failed init
4916          * may hang the system.
4917          */
4918         if (!err)
4919                 b43_op_config(hw, ~0);
4920
4921         return err;
4922 }
4923
4924 static void b43_op_stop(struct ieee80211_hw *hw)
4925 {
4926         struct b43_wl *wl = hw_to_b43_wl(hw);
4927         struct b43_wldev *dev = wl->current_dev;
4928
4929         cancel_work_sync(&(wl->beacon_update_trigger));
4930
4931         if (!dev)
4932                 goto out;
4933
4934         mutex_lock(&wl->mutex);
4935         if (b43_status(dev) >= B43_STAT_STARTED) {
4936                 dev = b43_wireless_core_stop(dev);
4937                 if (!dev)
4938                         goto out_unlock;
4939         }
4940         b43_wireless_core_exit(dev);
4941         wl->radio_enabled = false;
4942
4943 out_unlock:
4944         mutex_unlock(&wl->mutex);
4945 out:
4946         cancel_work_sync(&(wl->txpower_adjust_work));
4947 }
4948
4949 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
4950                                  struct ieee80211_sta *sta, bool set)
4951 {
4952         struct b43_wl *wl = hw_to_b43_wl(hw);
4953
4954         /* FIXME: add locking */
4955         b43_update_templates(wl);
4956
4957         return 0;
4958 }
4959
4960 static void b43_op_sta_notify(struct ieee80211_hw *hw,
4961                               struct ieee80211_vif *vif,
4962                               enum sta_notify_cmd notify_cmd,
4963                               struct ieee80211_sta *sta)
4964 {
4965         struct b43_wl *wl = hw_to_b43_wl(hw);
4966
4967         B43_WARN_ON(!vif || wl->vif != vif);
4968 }
4969
4970 static void b43_op_sw_scan_start_notifier(struct ieee80211_hw *hw)
4971 {
4972         struct b43_wl *wl = hw_to_b43_wl(hw);
4973         struct b43_wldev *dev;
4974
4975         mutex_lock(&wl->mutex);
4976         dev = wl->current_dev;
4977         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4978                 /* Disable CFP update during scan on other channels. */
4979                 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_SKCFPUP);
4980         }
4981         mutex_unlock(&wl->mutex);
4982 }
4983
4984 static void b43_op_sw_scan_complete_notifier(struct ieee80211_hw *hw)
4985 {
4986         struct b43_wl *wl = hw_to_b43_wl(hw);
4987         struct b43_wldev *dev;
4988
4989         mutex_lock(&wl->mutex);
4990         dev = wl->current_dev;
4991         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4992                 /* Re-enable CFP update. */
4993                 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_SKCFPUP);
4994         }
4995         mutex_unlock(&wl->mutex);
4996 }
4997
4998 static int b43_op_get_survey(struct ieee80211_hw *hw, int idx,
4999                              struct survey_info *survey)
5000 {
5001         struct b43_wl *wl = hw_to_b43_wl(hw);
5002         struct b43_wldev *dev = wl->current_dev;
5003         struct ieee80211_conf *conf = &hw->conf;
5004
5005         if (idx != 0)
5006                 return -ENOENT;
5007
5008         survey->channel = conf->chandef.chan;
5009         survey->filled = SURVEY_INFO_NOISE_DBM;
5010         survey->noise = dev->stats.link_noise;
5011
5012         return 0;
5013 }
5014
5015 static const struct ieee80211_ops b43_hw_ops = {
5016         .tx                     = b43_op_tx,
5017         .conf_tx                = b43_op_conf_tx,
5018         .add_interface          = b43_op_add_interface,
5019         .remove_interface       = b43_op_remove_interface,
5020         .config                 = b43_op_config,
5021         .bss_info_changed       = b43_op_bss_info_changed,
5022         .configure_filter       = b43_op_configure_filter,
5023         .set_key                = b43_op_set_key,
5024         .update_tkip_key        = b43_op_update_tkip_key,
5025         .get_stats              = b43_op_get_stats,
5026         .get_tsf                = b43_op_get_tsf,
5027         .set_tsf                = b43_op_set_tsf,
5028         .start                  = b43_op_start,
5029         .stop                   = b43_op_stop,
5030         .set_tim                = b43_op_beacon_set_tim,
5031         .sta_notify             = b43_op_sta_notify,
5032         .sw_scan_start          = b43_op_sw_scan_start_notifier,
5033         .sw_scan_complete       = b43_op_sw_scan_complete_notifier,
5034         .get_survey             = b43_op_get_survey,
5035         .rfkill_poll            = b43_rfkill_poll,
5036 };
5037
5038 /* Hard-reset the chip. Do not call this directly.
5039  * Use b43_controller_restart()
5040  */
5041 static void b43_chip_reset(struct work_struct *work)
5042 {
5043         struct b43_wldev *dev =
5044             container_of(work, struct b43_wldev, restart_work);
5045         struct b43_wl *wl = dev->wl;
5046         int err = 0;
5047         int prev_status;
5048
5049         mutex_lock(&wl->mutex);
5050
5051         prev_status = b43_status(dev);
5052         /* Bring the device down... */
5053         if (prev_status >= B43_STAT_STARTED) {
5054                 dev = b43_wireless_core_stop(dev);
5055                 if (!dev) {
5056                         err = -ENODEV;
5057                         goto out;
5058                 }
5059         }
5060         if (prev_status >= B43_STAT_INITIALIZED)
5061                 b43_wireless_core_exit(dev);
5062
5063         /* ...and up again. */
5064         if (prev_status >= B43_STAT_INITIALIZED) {
5065                 err = b43_wireless_core_init(dev);
5066                 if (err)
5067                         goto out;
5068         }
5069         if (prev_status >= B43_STAT_STARTED) {
5070                 err = b43_wireless_core_start(dev);
5071                 if (err) {
5072                         b43_wireless_core_exit(dev);
5073                         goto out;
5074                 }
5075         }
5076 out:
5077         if (err)
5078                 wl->current_dev = NULL; /* Failed to init the dev. */
5079         mutex_unlock(&wl->mutex);
5080
5081         if (err) {
5082                 b43err(wl, "Controller restart FAILED\n");
5083                 return;
5084         }
5085
5086         /* reload configuration */
5087         b43_op_config(wl->hw, ~0);
5088         if (wl->vif)
5089                 b43_op_bss_info_changed(wl->hw, wl->vif, &wl->vif->bss_conf, ~0);
5090
5091         b43info(wl, "Controller restarted\n");
5092 }
5093
5094 static int b43_setup_bands(struct b43_wldev *dev,
5095                            bool have_2ghz_phy, bool have_5ghz_phy)
5096 {
5097         struct ieee80211_hw *hw = dev->wl->hw;
5098
5099         if (have_2ghz_phy)
5100                 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &b43_band_2GHz;
5101         if (dev->phy.type == B43_PHYTYPE_N) {
5102                 if (have_5ghz_phy)
5103                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_nphy;
5104         } else {
5105                 if (have_5ghz_phy)
5106                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
5107         }
5108
5109         dev->phy.supports_2ghz = have_2ghz_phy;
5110         dev->phy.supports_5ghz = have_5ghz_phy;
5111
5112         return 0;
5113 }
5114
5115 static void b43_wireless_core_detach(struct b43_wldev *dev)
5116 {
5117         /* We release firmware that late to not be required to re-request
5118          * is all the time when we reinit the core. */
5119         b43_release_firmware(dev);
5120         b43_phy_free(dev);
5121 }
5122
5123 static void b43_supported_bands(struct b43_wldev *dev, bool *have_2ghz_phy,
5124                                 bool *have_5ghz_phy)
5125 {
5126         u16 dev_id = 0;
5127
5128 #ifdef CONFIG_B43_BCMA
5129         if (dev->dev->bus_type == B43_BUS_BCMA &&
5130             dev->dev->bdev->bus->hosttype == BCMA_HOSTTYPE_PCI)
5131                 dev_id = dev->dev->bdev->bus->host_pci->device;
5132 #endif
5133 #ifdef CONFIG_B43_SSB
5134         if (dev->dev->bus_type == B43_BUS_SSB &&
5135             dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI)
5136                 dev_id = dev->dev->sdev->bus->host_pci->device;
5137 #endif
5138         /* Override with SPROM value if available */
5139         if (dev->dev->bus_sprom->dev_id)
5140                 dev_id = dev->dev->bus_sprom->dev_id;
5141
5142         /* Note: below IDs can be "virtual" (not maching e.g. real PCI ID) */
5143         switch (dev_id) {
5144         case 0x4324: /* BCM4306 */
5145         case 0x4312: /* BCM4311 */
5146         case 0x4319: /* BCM4318 */
5147         case 0x4328: /* BCM4321 */
5148         case 0x432b: /* BCM4322 */
5149         case 0x4350: /* BCM43222 */
5150         case 0x4353: /* BCM43224 */
5151         case 0x0576: /* BCM43224 */
5152         case 0x435f: /* BCM6362 */
5153         case 0x4331: /* BCM4331 */
5154         case 0x4359: /* BCM43228 */
5155         case 0x43a0: /* BCM4360 */
5156         case 0x43b1: /* BCM4352 */
5157                 /* Dual band devices */
5158                 *have_2ghz_phy = true;
5159                 *have_5ghz_phy = true;
5160                 return;
5161         case 0x4321: /* BCM4306 */
5162         case 0x4313: /* BCM4311 */
5163         case 0x431a: /* BCM4318 */
5164         case 0x432a: /* BCM4321 */
5165         case 0x432d: /* BCM4322 */
5166         case 0x4352: /* BCM43222 */
5167         case 0x4333: /* BCM4331 */
5168         case 0x43a2: /* BCM4360 */
5169         case 0x43b3: /* BCM4352 */
5170                 /* 5 GHz only devices */
5171                 *have_2ghz_phy = false;
5172                 *have_5ghz_phy = true;
5173                 return;
5174         }
5175
5176         /* As a fallback, try to guess using PHY type */
5177         switch (dev->phy.type) {
5178         case B43_PHYTYPE_A:
5179                 *have_2ghz_phy = false;
5180                 *have_5ghz_phy = true;
5181                 return;
5182         case B43_PHYTYPE_G:
5183         case B43_PHYTYPE_N:
5184         case B43_PHYTYPE_LP:
5185         case B43_PHYTYPE_HT:
5186         case B43_PHYTYPE_LCN:
5187                 *have_2ghz_phy = true;
5188                 *have_5ghz_phy = false;
5189                 return;
5190         }
5191
5192         B43_WARN_ON(1);
5193 }
5194
5195 static int b43_wireless_core_attach(struct b43_wldev *dev)
5196 {
5197         struct b43_wl *wl = dev->wl;
5198         struct b43_phy *phy = &dev->phy;
5199         int err;
5200         u32 tmp;
5201         bool have_2ghz_phy = false, have_5ghz_phy = false;
5202
5203         /* Do NOT do any device initialization here.
5204          * Do it in wireless_core_init() instead.
5205          * This function is for gathering basic information about the HW, only.
5206          * Also some structs may be set up here. But most likely you want to have
5207          * that in core_init(), too.
5208          */
5209
5210         err = b43_bus_powerup(dev, 0);
5211         if (err) {
5212                 b43err(wl, "Bus powerup failed\n");
5213                 goto out;
5214         }
5215
5216         phy->do_full_init = true;
5217
5218         /* Try to guess supported bands for the first init needs */
5219         switch (dev->dev->bus_type) {
5220 #ifdef CONFIG_B43_BCMA
5221         case B43_BUS_BCMA:
5222                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOST);
5223                 have_2ghz_phy = !!(tmp & B43_BCMA_IOST_2G_PHY);
5224                 have_5ghz_phy = !!(tmp & B43_BCMA_IOST_5G_PHY);
5225                 break;
5226 #endif
5227 #ifdef CONFIG_B43_SSB
5228         case B43_BUS_SSB:
5229                 if (dev->dev->core_rev >= 5) {
5230                         tmp = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
5231                         have_2ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_2GHZ_PHY);
5232                         have_5ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_5GHZ_PHY);
5233                 } else
5234                         B43_WARN_ON(1);
5235                 break;
5236 #endif
5237         }
5238
5239         dev->phy.gmode = have_2ghz_phy;
5240         b43_wireless_core_reset(dev, dev->phy.gmode);
5241
5242         /* Get the PHY type. */
5243         err = b43_phy_versioning(dev);
5244         if (err)
5245                 goto err_powerdown;
5246
5247         /* Get real info about supported bands */
5248         b43_supported_bands(dev, &have_2ghz_phy, &have_5ghz_phy);
5249
5250         /* We don't support 5 GHz on some PHYs yet */
5251         switch (dev->phy.type) {
5252         case B43_PHYTYPE_A:
5253         case B43_PHYTYPE_G:
5254         case B43_PHYTYPE_N:
5255         case B43_PHYTYPE_LP:
5256         case B43_PHYTYPE_HT:
5257                 b43warn(wl, "5 GHz band is unsupported on this PHY\n");
5258                 have_5ghz_phy = false;
5259         }
5260
5261         if (!have_2ghz_phy && !have_5ghz_phy) {
5262                 b43err(wl, "b43 can't support any band on this device\n");
5263                 err = -EOPNOTSUPP;
5264                 goto err_powerdown;
5265         }
5266
5267         err = b43_phy_allocate(dev);
5268         if (err)
5269                 goto err_powerdown;
5270
5271         dev->phy.gmode = have_2ghz_phy;
5272         b43_wireless_core_reset(dev, dev->phy.gmode);
5273
5274         err = b43_validate_chipaccess(dev);
5275         if (err)
5276                 goto err_phy_free;
5277         err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
5278         if (err)
5279                 goto err_phy_free;
5280
5281         /* Now set some default "current_dev" */
5282         if (!wl->current_dev)
5283                 wl->current_dev = dev;
5284         INIT_WORK(&dev->restart_work, b43_chip_reset);
5285
5286         dev->phy.ops->switch_analog(dev, 0);
5287         b43_device_disable(dev, 0);
5288         b43_bus_may_powerdown(dev);
5289
5290 out:
5291         return err;
5292
5293 err_phy_free:
5294         b43_phy_free(dev);
5295 err_powerdown:
5296         b43_bus_may_powerdown(dev);
5297         return err;
5298 }
5299
5300 static void b43_one_core_detach(struct b43_bus_dev *dev)
5301 {
5302         struct b43_wldev *wldev;
5303         struct b43_wl *wl;
5304
5305         /* Do not cancel ieee80211-workqueue based work here.
5306          * See comment in b43_remove(). */
5307
5308         wldev = b43_bus_get_wldev(dev);
5309         wl = wldev->wl;
5310         b43_debugfs_remove_device(wldev);
5311         b43_wireless_core_detach(wldev);
5312         list_del(&wldev->list);
5313         b43_bus_set_wldev(dev, NULL);
5314         kfree(wldev);
5315 }
5316
5317 static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl)
5318 {
5319         struct b43_wldev *wldev;
5320         int err = -ENOMEM;
5321
5322         wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
5323         if (!wldev)
5324                 goto out;
5325
5326         wldev->use_pio = b43_modparam_pio;
5327         wldev->dev = dev;
5328         wldev->wl = wl;
5329         b43_set_status(wldev, B43_STAT_UNINIT);
5330         wldev->bad_frames_preempt = modparam_bad_frames_preempt;
5331         INIT_LIST_HEAD(&wldev->list);
5332
5333         err = b43_wireless_core_attach(wldev);
5334         if (err)
5335                 goto err_kfree_wldev;
5336
5337         b43_bus_set_wldev(dev, wldev);
5338         b43_debugfs_add_device(wldev);
5339
5340       out:
5341         return err;
5342
5343       err_kfree_wldev:
5344         kfree(wldev);
5345         return err;
5346 }
5347
5348 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice)         ( \
5349         (pdev->vendor == PCI_VENDOR_ID_##_vendor) &&                    \
5350         (pdev->device == _device) &&                                    \
5351         (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) &&       \
5352         (pdev->subsystem_device == _subdevice)                          )
5353
5354 #ifdef CONFIG_B43_SSB
5355 static void b43_sprom_fixup(struct ssb_bus *bus)
5356 {
5357         struct pci_dev *pdev;
5358
5359         /* boardflags workarounds */
5360         if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
5361             bus->chip_id == 0x4301 && bus->sprom.board_rev == 0x74)
5362                 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
5363         if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
5364             bus->boardinfo.type == 0x4E && bus->sprom.board_rev > 0x40)
5365                 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
5366         if (bus->bustype == SSB_BUSTYPE_PCI) {
5367                 pdev = bus->host_pci;
5368                 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
5369                     IS_PDEV(pdev, BROADCOM, 0x4320,    DELL, 0x0003) ||
5370                     IS_PDEV(pdev, BROADCOM, 0x4320,      HP, 0x12f8) ||
5371                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
5372                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
5373                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
5374                     IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
5375                         bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
5376         }
5377 }
5378
5379 static void b43_wireless_exit(struct b43_bus_dev *dev, struct b43_wl *wl)
5380 {
5381         struct ieee80211_hw *hw = wl->hw;
5382
5383         ssb_set_devtypedata(dev->sdev, NULL);
5384         ieee80211_free_hw(hw);
5385 }
5386 #endif
5387
5388 static struct b43_wl *b43_wireless_init(struct b43_bus_dev *dev)
5389 {
5390         struct ssb_sprom *sprom = dev->bus_sprom;
5391         struct ieee80211_hw *hw;
5392         struct b43_wl *wl;
5393         char chip_name[6];
5394         int queue_num;
5395
5396         hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
5397         if (!hw) {
5398                 b43err(NULL, "Could not allocate ieee80211 device\n");
5399                 return ERR_PTR(-ENOMEM);
5400         }
5401         wl = hw_to_b43_wl(hw);
5402
5403         /* fill hw info */
5404         hw->flags = IEEE80211_HW_RX_INCLUDES_FCS |
5405                     IEEE80211_HW_SIGNAL_DBM;
5406
5407         hw->wiphy->interface_modes =
5408                 BIT(NL80211_IFTYPE_AP) |
5409                 BIT(NL80211_IFTYPE_MESH_POINT) |
5410                 BIT(NL80211_IFTYPE_STATION) |
5411                 BIT(NL80211_IFTYPE_WDS) |
5412                 BIT(NL80211_IFTYPE_ADHOC);
5413
5414         hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
5415
5416         wl->hw_registred = false;
5417         hw->max_rates = 2;
5418         SET_IEEE80211_DEV(hw, dev->dev);
5419         if (is_valid_ether_addr(sprom->et1mac))
5420                 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
5421         else
5422                 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
5423
5424         /* Initialize struct b43_wl */
5425         wl->hw = hw;
5426         mutex_init(&wl->mutex);
5427         spin_lock_init(&wl->hardirq_lock);
5428         INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
5429         INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
5430         INIT_WORK(&wl->tx_work, b43_tx_work);
5431
5432         /* Initialize queues and flags. */
5433         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
5434                 skb_queue_head_init(&wl->tx_queue[queue_num]);
5435                 wl->tx_queue_stopped[queue_num] = 0;
5436         }
5437
5438         snprintf(chip_name, ARRAY_SIZE(chip_name),
5439                  (dev->chip_id > 0x9999) ? "%d" : "%04X", dev->chip_id);
5440         b43info(wl, "Broadcom %s WLAN found (core revision %u)\n", chip_name,
5441                 dev->core_rev);
5442         return wl;
5443 }
5444
5445 #ifdef CONFIG_B43_BCMA
5446 static int b43_bcma_probe(struct bcma_device *core)
5447 {
5448         struct b43_bus_dev *dev;
5449         struct b43_wl *wl;
5450         int err;
5451
5452         if (!modparam_allhwsupport &&
5453             (core->id.rev == 0x17 || core->id.rev == 0x18)) {
5454                 pr_err("Support for cores revisions 0x17 and 0x18 disabled by module param allhwsupport=0. Try b43.allhwsupport=1\n");
5455                 return -ENOTSUPP;
5456         }
5457
5458         dev = b43_bus_dev_bcma_init(core);
5459         if (!dev)
5460                 return -ENODEV;
5461
5462         wl = b43_wireless_init(dev);
5463         if (IS_ERR(wl)) {
5464                 err = PTR_ERR(wl);
5465                 goto bcma_out;
5466         }
5467
5468         err = b43_one_core_attach(dev, wl);
5469         if (err)
5470                 goto bcma_err_wireless_exit;
5471
5472         /* setup and start work to load firmware */
5473         INIT_WORK(&wl->firmware_load, b43_request_firmware);
5474         schedule_work(&wl->firmware_load);
5475
5476 bcma_out:
5477         return err;
5478
5479 bcma_err_wireless_exit:
5480         ieee80211_free_hw(wl->hw);
5481         return err;
5482 }
5483
5484 static void b43_bcma_remove(struct bcma_device *core)
5485 {
5486         struct b43_wldev *wldev = bcma_get_drvdata(core);
5487         struct b43_wl *wl = wldev->wl;
5488
5489         /* We must cancel any work here before unregistering from ieee80211,
5490          * as the ieee80211 unreg will destroy the workqueue. */
5491         cancel_work_sync(&wldev->restart_work);
5492         cancel_work_sync(&wl->firmware_load);
5493
5494         B43_WARN_ON(!wl);
5495         if (!wldev->fw.ucode.data)
5496                 return;                 /* NULL if firmware never loaded */
5497         if (wl->current_dev == wldev && wl->hw_registred) {
5498                 b43_leds_stop(wldev);
5499                 ieee80211_unregister_hw(wl->hw);
5500         }
5501
5502         b43_one_core_detach(wldev->dev);
5503
5504         /* Unregister HW RNG driver */
5505         b43_rng_exit(wl);
5506
5507         b43_leds_unregister(wl);
5508
5509         ieee80211_free_hw(wl->hw);
5510 }
5511
5512 static struct bcma_driver b43_bcma_driver = {
5513         .name           = KBUILD_MODNAME,
5514         .id_table       = b43_bcma_tbl,
5515         .probe          = b43_bcma_probe,
5516         .remove         = b43_bcma_remove,
5517 };
5518 #endif
5519
5520 #ifdef CONFIG_B43_SSB
5521 static
5522 int b43_ssb_probe(struct ssb_device *sdev, const struct ssb_device_id *id)
5523 {
5524         struct b43_bus_dev *dev;
5525         struct b43_wl *wl;
5526         int err;
5527
5528         dev = b43_bus_dev_ssb_init(sdev);
5529         if (!dev)
5530                 return -ENOMEM;
5531
5532         wl = ssb_get_devtypedata(sdev);
5533         if (wl) {
5534                 b43err(NULL, "Dual-core devices are not supported\n");
5535                 err = -ENOTSUPP;
5536                 goto err_ssb_kfree_dev;
5537         }
5538
5539         b43_sprom_fixup(sdev->bus);
5540
5541         wl = b43_wireless_init(dev);
5542         if (IS_ERR(wl)) {
5543                 err = PTR_ERR(wl);
5544                 goto err_ssb_kfree_dev;
5545         }
5546         ssb_set_devtypedata(sdev, wl);
5547         B43_WARN_ON(ssb_get_devtypedata(sdev) != wl);
5548
5549         err = b43_one_core_attach(dev, wl);
5550         if (err)
5551                 goto err_ssb_wireless_exit;
5552
5553         /* setup and start work to load firmware */
5554         INIT_WORK(&wl->firmware_load, b43_request_firmware);
5555         schedule_work(&wl->firmware_load);
5556
5557         return err;
5558
5559 err_ssb_wireless_exit:
5560         b43_wireless_exit(dev, wl);
5561 err_ssb_kfree_dev:
5562         kfree(dev);
5563         return err;
5564 }
5565
5566 static void b43_ssb_remove(struct ssb_device *sdev)
5567 {
5568         struct b43_wl *wl = ssb_get_devtypedata(sdev);
5569         struct b43_wldev *wldev = ssb_get_drvdata(sdev);
5570         struct b43_bus_dev *dev = wldev->dev;
5571
5572         /* We must cancel any work here before unregistering from ieee80211,
5573          * as the ieee80211 unreg will destroy the workqueue. */
5574         cancel_work_sync(&wldev->restart_work);
5575         cancel_work_sync(&wl->firmware_load);
5576
5577         B43_WARN_ON(!wl);
5578         if (!wldev->fw.ucode.data)
5579                 return;                 /* NULL if firmware never loaded */
5580         if (wl->current_dev == wldev && wl->hw_registred) {
5581                 b43_leds_stop(wldev);
5582                 ieee80211_unregister_hw(wl->hw);
5583         }
5584
5585         b43_one_core_detach(dev);
5586
5587         /* Unregister HW RNG driver */
5588         b43_rng_exit(wl);
5589
5590         b43_leds_unregister(wl);
5591         b43_wireless_exit(dev, wl);
5592 }
5593
5594 static struct ssb_driver b43_ssb_driver = {
5595         .name           = KBUILD_MODNAME,
5596         .id_table       = b43_ssb_tbl,
5597         .probe          = b43_ssb_probe,
5598         .remove         = b43_ssb_remove,
5599 };
5600 #endif /* CONFIG_B43_SSB */
5601
5602 /* Perform a hardware reset. This can be called from any context. */
5603 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
5604 {
5605         /* Must avoid requeueing, if we are in shutdown. */
5606         if (b43_status(dev) < B43_STAT_INITIALIZED)
5607                 return;
5608         b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
5609         ieee80211_queue_work(dev->wl->hw, &dev->restart_work);
5610 }
5611
5612 static void b43_print_driverinfo(void)
5613 {
5614         const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
5615                    *feat_leds = "", *feat_sdio = "";
5616
5617 #ifdef CONFIG_B43_PCI_AUTOSELECT
5618         feat_pci = "P";
5619 #endif
5620 #ifdef CONFIG_B43_PCMCIA
5621         feat_pcmcia = "M";
5622 #endif
5623 #ifdef CONFIG_B43_PHY_N
5624         feat_nphy = "N";
5625 #endif
5626 #ifdef CONFIG_B43_LEDS
5627         feat_leds = "L";
5628 #endif
5629 #ifdef CONFIG_B43_SDIO
5630         feat_sdio = "S";
5631 #endif
5632         printk(KERN_INFO "Broadcom 43xx driver loaded "
5633                "[ Features: %s%s%s%s%s ]\n",
5634                feat_pci, feat_pcmcia, feat_nphy,
5635                feat_leds, feat_sdio);
5636 }
5637
5638 static int __init b43_init(void)
5639 {
5640         int err;
5641
5642         b43_debugfs_init();
5643         err = b43_pcmcia_init();
5644         if (err)
5645                 goto err_dfs_exit;
5646         err = b43_sdio_init();
5647         if (err)
5648                 goto err_pcmcia_exit;
5649 #ifdef CONFIG_B43_BCMA
5650         err = bcma_driver_register(&b43_bcma_driver);
5651         if (err)
5652                 goto err_sdio_exit;
5653 #endif
5654 #ifdef CONFIG_B43_SSB
5655         err = ssb_driver_register(&b43_ssb_driver);
5656         if (err)
5657                 goto err_bcma_driver_exit;
5658 #endif
5659         b43_print_driverinfo();
5660
5661         return err;
5662
5663 #ifdef CONFIG_B43_SSB
5664 err_bcma_driver_exit:
5665 #endif
5666 #ifdef CONFIG_B43_BCMA
5667         bcma_driver_unregister(&b43_bcma_driver);
5668 err_sdio_exit:
5669 #endif
5670         b43_sdio_exit();
5671 err_pcmcia_exit:
5672         b43_pcmcia_exit();
5673 err_dfs_exit:
5674         b43_debugfs_exit();
5675         return err;
5676 }
5677
5678 static void __exit b43_exit(void)
5679 {
5680 #ifdef CONFIG_B43_SSB
5681         ssb_driver_unregister(&b43_ssb_driver);
5682 #endif
5683 #ifdef CONFIG_B43_BCMA
5684         bcma_driver_unregister(&b43_bcma_driver);
5685 #endif
5686         b43_sdio_exit();
5687         b43_pcmcia_exit();
5688         b43_debugfs_exit();
5689 }
5690
5691 module_init(b43_init)
5692 module_exit(b43_exit)
Pandora Kernel Repository