3 Broadcom B43 wireless driver
5 Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6 Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7 Copyright (c) 2005-2009 Michael Buesch <mb@bu3sch.de>
8 Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9 Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
11 Some parts of the code in this file are derived from the ipw2200
12 driver Copyright(c) 2003 - 2004 Intel Corporation.
14 This program is free software; you can redistribute it and/or modify
15 it under the terms of the GNU General Public License as published by
16 the Free Software Foundation; either version 2 of the License, or
17 (at your option) any later version.
19 This program is distributed in the hope that it will be useful,
20 but WITHOUT ANY WARRANTY; without even the implied warranty of
21 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 GNU General Public License for more details.
24 You should have received a copy of the GNU General Public License
25 along with this program; see the file COPYING. If not, write to
26 the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
27 Boston, MA 02110-1301, USA.
31 #include <linux/delay.h>
32 #include <linux/init.h>
33 #include <linux/moduleparam.h>
34 #include <linux/if_arp.h>
35 #include <linux/etherdevice.h>
36 #include <linux/firmware.h>
37 #include <linux/wireless.h>
38 #include <linux/workqueue.h>
39 #include <linux/skbuff.h>
41 #include <linux/dma-mapping.h>
42 #include <asm/unaligned.h>
47 #include "phy_common.h"
57 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
58 MODULE_AUTHOR("Martin Langer");
59 MODULE_AUTHOR("Stefano Brivio");
60 MODULE_AUTHOR("Michael Buesch");
61 MODULE_LICENSE("GPL");
63 MODULE_FIRMWARE(B43_SUPPORTED_FIRMWARE_ID);
66 static int modparam_bad_frames_preempt;
67 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
68 MODULE_PARM_DESC(bad_frames_preempt,
69 "enable(1) / disable(0) Bad Frames Preemption");
71 static char modparam_fwpostfix[16];
72 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
73 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
75 static int modparam_hwpctl;
76 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
77 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
79 static int modparam_nohwcrypt;
80 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
81 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
83 static int modparam_qos = 1;
84 module_param_named(qos, modparam_qos, int, 0444);
85 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
87 static int modparam_btcoex = 1;
88 module_param_named(btcoex, modparam_btcoex, int, 0444);
89 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistance (default on)");
91 int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
92 module_param_named(verbose, b43_modparam_verbose, int, 0644);
93 MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
96 static const struct ssb_device_id b43_ssb_tbl[] = {
97 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
98 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
99 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
100 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
101 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
102 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
103 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
104 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
105 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
109 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
111 /* Channel and ratetables are shared for all devices.
112 * They can't be const, because ieee80211 puts some precalculated
113 * data in there. This data is the same for all devices, so we don't
114 * get concurrency issues */
115 #define RATETAB_ENT(_rateid, _flags) \
117 .bitrate = B43_RATE_TO_BASE100KBPS(_rateid), \
118 .hw_value = (_rateid), \
123 * NOTE: When changing this, sync with xmit.c's
124 * b43_plcp_get_bitrate_idx_* functions!
126 static struct ieee80211_rate __b43_ratetable[] = {
127 RATETAB_ENT(B43_CCK_RATE_1MB, 0),
128 RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
129 RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
130 RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
131 RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
132 RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
133 RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
134 RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
135 RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
136 RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
137 RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
138 RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
141 #define b43_a_ratetable (__b43_ratetable + 4)
142 #define b43_a_ratetable_size 8
143 #define b43_b_ratetable (__b43_ratetable + 0)
144 #define b43_b_ratetable_size 4
145 #define b43_g_ratetable (__b43_ratetable + 0)
146 #define b43_g_ratetable_size 12
148 #define CHAN4G(_channel, _freq, _flags) { \
149 .band = IEEE80211_BAND_2GHZ, \
150 .center_freq = (_freq), \
151 .hw_value = (_channel), \
153 .max_antenna_gain = 0, \
156 static struct ieee80211_channel b43_2ghz_chantable[] = {
174 #define CHAN5G(_channel, _flags) { \
175 .band = IEEE80211_BAND_5GHZ, \
176 .center_freq = 5000 + (5 * (_channel)), \
177 .hw_value = (_channel), \
179 .max_antenna_gain = 0, \
182 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
183 CHAN5G(32, 0), CHAN5G(34, 0),
184 CHAN5G(36, 0), CHAN5G(38, 0),
185 CHAN5G(40, 0), CHAN5G(42, 0),
186 CHAN5G(44, 0), CHAN5G(46, 0),
187 CHAN5G(48, 0), CHAN5G(50, 0),
188 CHAN5G(52, 0), CHAN5G(54, 0),
189 CHAN5G(56, 0), CHAN5G(58, 0),
190 CHAN5G(60, 0), CHAN5G(62, 0),
191 CHAN5G(64, 0), CHAN5G(66, 0),
192 CHAN5G(68, 0), CHAN5G(70, 0),
193 CHAN5G(72, 0), CHAN5G(74, 0),
194 CHAN5G(76, 0), CHAN5G(78, 0),
195 CHAN5G(80, 0), CHAN5G(82, 0),
196 CHAN5G(84, 0), CHAN5G(86, 0),
197 CHAN5G(88, 0), CHAN5G(90, 0),
198 CHAN5G(92, 0), CHAN5G(94, 0),
199 CHAN5G(96, 0), CHAN5G(98, 0),
200 CHAN5G(100, 0), CHAN5G(102, 0),
201 CHAN5G(104, 0), CHAN5G(106, 0),
202 CHAN5G(108, 0), CHAN5G(110, 0),
203 CHAN5G(112, 0), CHAN5G(114, 0),
204 CHAN5G(116, 0), CHAN5G(118, 0),
205 CHAN5G(120, 0), CHAN5G(122, 0),
206 CHAN5G(124, 0), CHAN5G(126, 0),
207 CHAN5G(128, 0), CHAN5G(130, 0),
208 CHAN5G(132, 0), CHAN5G(134, 0),
209 CHAN5G(136, 0), CHAN5G(138, 0),
210 CHAN5G(140, 0), CHAN5G(142, 0),
211 CHAN5G(144, 0), CHAN5G(145, 0),
212 CHAN5G(146, 0), CHAN5G(147, 0),
213 CHAN5G(148, 0), CHAN5G(149, 0),
214 CHAN5G(150, 0), CHAN5G(151, 0),
215 CHAN5G(152, 0), CHAN5G(153, 0),
216 CHAN5G(154, 0), CHAN5G(155, 0),
217 CHAN5G(156, 0), CHAN5G(157, 0),
218 CHAN5G(158, 0), CHAN5G(159, 0),
219 CHAN5G(160, 0), CHAN5G(161, 0),
220 CHAN5G(162, 0), CHAN5G(163, 0),
221 CHAN5G(164, 0), CHAN5G(165, 0),
222 CHAN5G(166, 0), CHAN5G(168, 0),
223 CHAN5G(170, 0), CHAN5G(172, 0),
224 CHAN5G(174, 0), CHAN5G(176, 0),
225 CHAN5G(178, 0), CHAN5G(180, 0),
226 CHAN5G(182, 0), CHAN5G(184, 0),
227 CHAN5G(186, 0), CHAN5G(188, 0),
228 CHAN5G(190, 0), CHAN5G(192, 0),
229 CHAN5G(194, 0), CHAN5G(196, 0),
230 CHAN5G(198, 0), CHAN5G(200, 0),
231 CHAN5G(202, 0), CHAN5G(204, 0),
232 CHAN5G(206, 0), CHAN5G(208, 0),
233 CHAN5G(210, 0), CHAN5G(212, 0),
234 CHAN5G(214, 0), CHAN5G(216, 0),
235 CHAN5G(218, 0), CHAN5G(220, 0),
236 CHAN5G(222, 0), CHAN5G(224, 0),
237 CHAN5G(226, 0), CHAN5G(228, 0),
240 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
241 CHAN5G(34, 0), CHAN5G(36, 0),
242 CHAN5G(38, 0), CHAN5G(40, 0),
243 CHAN5G(42, 0), CHAN5G(44, 0),
244 CHAN5G(46, 0), CHAN5G(48, 0),
245 CHAN5G(52, 0), CHAN5G(56, 0),
246 CHAN5G(60, 0), CHAN5G(64, 0),
247 CHAN5G(100, 0), CHAN5G(104, 0),
248 CHAN5G(108, 0), CHAN5G(112, 0),
249 CHAN5G(116, 0), CHAN5G(120, 0),
250 CHAN5G(124, 0), CHAN5G(128, 0),
251 CHAN5G(132, 0), CHAN5G(136, 0),
252 CHAN5G(140, 0), CHAN5G(149, 0),
253 CHAN5G(153, 0), CHAN5G(157, 0),
254 CHAN5G(161, 0), CHAN5G(165, 0),
255 CHAN5G(184, 0), CHAN5G(188, 0),
256 CHAN5G(192, 0), CHAN5G(196, 0),
257 CHAN5G(200, 0), CHAN5G(204, 0),
258 CHAN5G(208, 0), CHAN5G(212, 0),
263 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
264 .band = IEEE80211_BAND_5GHZ,
265 .channels = b43_5ghz_nphy_chantable,
266 .n_channels = ARRAY_SIZE(b43_5ghz_nphy_chantable),
267 .bitrates = b43_a_ratetable,
268 .n_bitrates = b43_a_ratetable_size,
271 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
272 .band = IEEE80211_BAND_5GHZ,
273 .channels = b43_5ghz_aphy_chantable,
274 .n_channels = ARRAY_SIZE(b43_5ghz_aphy_chantable),
275 .bitrates = b43_a_ratetable,
276 .n_bitrates = b43_a_ratetable_size,
279 static struct ieee80211_supported_band b43_band_2GHz = {
280 .band = IEEE80211_BAND_2GHZ,
281 .channels = b43_2ghz_chantable,
282 .n_channels = ARRAY_SIZE(b43_2ghz_chantable),
283 .bitrates = b43_g_ratetable,
284 .n_bitrates = b43_g_ratetable_size,
287 static void b43_wireless_core_exit(struct b43_wldev *dev);
288 static int b43_wireless_core_init(struct b43_wldev *dev);
289 static void b43_wireless_core_stop(struct b43_wldev *dev);
290 static int b43_wireless_core_start(struct b43_wldev *dev);
292 static int b43_ratelimit(struct b43_wl *wl)
294 if (!wl || !wl->current_dev)
296 if (b43_status(wl->current_dev) < B43_STAT_STARTED)
298 /* We are up and running.
299 * Ratelimit the messages to avoid DoS over the net. */
300 return net_ratelimit();
303 void b43info(struct b43_wl *wl, const char *fmt, ...)
307 if (b43_modparam_verbose < B43_VERBOSITY_INFO)
309 if (!b43_ratelimit(wl))
312 printk(KERN_INFO "b43-%s: ",
313 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
318 void b43err(struct b43_wl *wl, const char *fmt, ...)
322 if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
324 if (!b43_ratelimit(wl))
327 printk(KERN_ERR "b43-%s ERROR: ",
328 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
333 void b43warn(struct b43_wl *wl, const char *fmt, ...)
337 if (b43_modparam_verbose < B43_VERBOSITY_WARN)
339 if (!b43_ratelimit(wl))
342 printk(KERN_WARNING "b43-%s warning: ",
343 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
348 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
352 if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
355 printk(KERN_DEBUG "b43-%s debug: ",
356 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
361 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
365 B43_WARN_ON(offset % 4 != 0);
367 macctl = b43_read32(dev, B43_MMIO_MACCTL);
368 if (macctl & B43_MACCTL_BE)
371 b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
373 b43_write32(dev, B43_MMIO_RAM_DATA, val);
376 static inline void b43_shm_control_word(struct b43_wldev *dev,
377 u16 routing, u16 offset)
381 /* "offset" is the WORD offset. */
385 b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
388 u32 __b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
392 if (routing == B43_SHM_SHARED) {
393 B43_WARN_ON(offset & 0x0001);
394 if (offset & 0x0003) {
395 /* Unaligned access */
396 b43_shm_control_word(dev, routing, offset >> 2);
397 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
398 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
399 ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
405 b43_shm_control_word(dev, routing, offset);
406 ret = b43_read32(dev, B43_MMIO_SHM_DATA);
411 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
413 struct b43_wl *wl = dev->wl;
417 spin_lock_irqsave(&wl->shm_lock, flags);
418 ret = __b43_shm_read32(dev, routing, offset);
419 spin_unlock_irqrestore(&wl->shm_lock, flags);
424 u16 __b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
428 if (routing == B43_SHM_SHARED) {
429 B43_WARN_ON(offset & 0x0001);
430 if (offset & 0x0003) {
431 /* Unaligned access */
432 b43_shm_control_word(dev, routing, offset >> 2);
433 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
439 b43_shm_control_word(dev, routing, offset);
440 ret = b43_read16(dev, B43_MMIO_SHM_DATA);
445 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
447 struct b43_wl *wl = dev->wl;
451 spin_lock_irqsave(&wl->shm_lock, flags);
452 ret = __b43_shm_read16(dev, routing, offset);
453 spin_unlock_irqrestore(&wl->shm_lock, flags);
458 void __b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
460 if (routing == B43_SHM_SHARED) {
461 B43_WARN_ON(offset & 0x0001);
462 if (offset & 0x0003) {
463 /* Unaligned access */
464 b43_shm_control_word(dev, routing, offset >> 2);
465 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
467 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
468 b43_write16(dev, B43_MMIO_SHM_DATA,
469 (value >> 16) & 0xFFFF);
474 b43_shm_control_word(dev, routing, offset);
475 b43_write32(dev, B43_MMIO_SHM_DATA, value);
478 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
480 struct b43_wl *wl = dev->wl;
483 spin_lock_irqsave(&wl->shm_lock, flags);
484 __b43_shm_write32(dev, routing, offset, value);
485 spin_unlock_irqrestore(&wl->shm_lock, flags);
488 void __b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
490 if (routing == B43_SHM_SHARED) {
491 B43_WARN_ON(offset & 0x0001);
492 if (offset & 0x0003) {
493 /* Unaligned access */
494 b43_shm_control_word(dev, routing, offset >> 2);
495 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
500 b43_shm_control_word(dev, routing, offset);
501 b43_write16(dev, B43_MMIO_SHM_DATA, value);
504 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
506 struct b43_wl *wl = dev->wl;
509 spin_lock_irqsave(&wl->shm_lock, flags);
510 __b43_shm_write16(dev, routing, offset, value);
511 spin_unlock_irqrestore(&wl->shm_lock, flags);
515 u64 b43_hf_read(struct b43_wldev *dev)
519 ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI);
521 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI);
523 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO);
528 /* Write HostFlags */
529 void b43_hf_write(struct b43_wldev *dev, u64 value)
533 lo = (value & 0x00000000FFFFULL);
534 mi = (value & 0x0000FFFF0000ULL) >> 16;
535 hi = (value & 0xFFFF00000000ULL) >> 32;
536 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO, lo);
537 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI, mi);
538 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI, hi);
541 /* Read the firmware capabilities bitmask (Opensource firmware only) */
542 static u16 b43_fwcapa_read(struct b43_wldev *dev)
544 B43_WARN_ON(!dev->fw.opensource);
545 return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
548 void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
552 B43_WARN_ON(dev->dev->id.revision < 3);
554 /* The hardware guarantees us an atomic read, if we
555 * read the low register first. */
556 low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
557 high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
564 static void b43_time_lock(struct b43_wldev *dev)
568 macctl = b43_read32(dev, B43_MMIO_MACCTL);
569 macctl |= B43_MACCTL_TBTTHOLD;
570 b43_write32(dev, B43_MMIO_MACCTL, macctl);
571 /* Commit the write */
572 b43_read32(dev, B43_MMIO_MACCTL);
575 static void b43_time_unlock(struct b43_wldev *dev)
579 macctl = b43_read32(dev, B43_MMIO_MACCTL);
580 macctl &= ~B43_MACCTL_TBTTHOLD;
581 b43_write32(dev, B43_MMIO_MACCTL, macctl);
582 /* Commit the write */
583 b43_read32(dev, B43_MMIO_MACCTL);
586 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
590 B43_WARN_ON(dev->dev->id.revision < 3);
594 /* The hardware guarantees us an atomic write, if we
595 * write the low register first. */
596 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
598 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
602 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
605 b43_tsf_write_locked(dev, tsf);
606 b43_time_unlock(dev);
610 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
612 static const u8 zero_addr[ETH_ALEN] = { 0 };
619 b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
623 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
626 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
629 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
632 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
636 u8 mac_bssid[ETH_ALEN * 2];
640 bssid = dev->wl->bssid;
641 mac = dev->wl->mac_addr;
643 b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
645 memcpy(mac_bssid, mac, ETH_ALEN);
646 memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
648 /* Write our MAC address and BSSID to template ram */
649 for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
650 tmp = (u32) (mac_bssid[i + 0]);
651 tmp |= (u32) (mac_bssid[i + 1]) << 8;
652 tmp |= (u32) (mac_bssid[i + 2]) << 16;
653 tmp |= (u32) (mac_bssid[i + 3]) << 24;
654 b43_ram_write(dev, 0x20 + i, tmp);
658 static void b43_upload_card_macaddress(struct b43_wldev *dev)
660 b43_write_mac_bssid_templates(dev);
661 b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
664 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
666 /* slot_time is in usec. */
667 if (dev->phy.type != B43_PHYTYPE_G)
669 b43_write16(dev, 0x684, 510 + slot_time);
670 b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
673 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
675 b43_set_slot_time(dev, 9);
678 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
680 b43_set_slot_time(dev, 20);
683 /* Synchronize IRQ top- and bottom-half.
684 * IRQs must be masked before calling this.
685 * This must not be called with the irq_lock held.
687 static void b43_synchronize_irq(struct b43_wldev *dev)
689 synchronize_irq(dev->dev->irq);
690 tasklet_kill(&dev->isr_tasklet);
693 /* DummyTransmission function, as documented on
694 * http://bcm-specs.sipsolutions.net/DummyTransmission
696 void b43_dummy_transmission(struct b43_wldev *dev)
698 struct b43_wl *wl = dev->wl;
699 struct b43_phy *phy = &dev->phy;
700 unsigned int i, max_loop;
713 buffer[0] = 0x000201CC;
718 buffer[0] = 0x000B846E;
725 spin_lock_irq(&wl->irq_lock);
726 write_lock(&wl->tx_lock);
728 for (i = 0; i < 5; i++)
729 b43_ram_write(dev, i * 4, buffer[i]);
732 b43_read32(dev, B43_MMIO_MACCTL);
734 b43_write16(dev, 0x0568, 0x0000);
735 b43_write16(dev, 0x07C0, 0x0000);
736 value = ((phy->type == B43_PHYTYPE_A) ? 1 : 0);
737 b43_write16(dev, 0x050C, value);
738 b43_write16(dev, 0x0508, 0x0000);
739 b43_write16(dev, 0x050A, 0x0000);
740 b43_write16(dev, 0x054C, 0x0000);
741 b43_write16(dev, 0x056A, 0x0014);
742 b43_write16(dev, 0x0568, 0x0826);
743 b43_write16(dev, 0x0500, 0x0000);
744 b43_write16(dev, 0x0502, 0x0030);
746 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
747 b43_radio_write16(dev, 0x0051, 0x0017);
748 for (i = 0x00; i < max_loop; i++) {
749 value = b43_read16(dev, 0x050E);
754 for (i = 0x00; i < 0x0A; i++) {
755 value = b43_read16(dev, 0x050E);
760 for (i = 0x00; i < 0x19; i++) {
761 value = b43_read16(dev, 0x0690);
762 if (!(value & 0x0100))
766 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
767 b43_radio_write16(dev, 0x0051, 0x0037);
769 write_unlock(&wl->tx_lock);
770 spin_unlock_irq(&wl->irq_lock);
773 static void key_write(struct b43_wldev *dev,
774 u8 index, u8 algorithm, const u8 *key)
781 /* Key index/algo block */
782 kidx = b43_kidx_to_fw(dev, index);
783 value = ((kidx << 4) | algorithm);
784 b43_shm_write16(dev, B43_SHM_SHARED,
785 B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
787 /* Write the key to the Key Table Pointer offset */
788 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
789 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
791 value |= (u16) (key[i + 1]) << 8;
792 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
796 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
798 u32 addrtmp[2] = { 0, 0, };
799 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
801 if (b43_new_kidx_api(dev))
802 pairwise_keys_start = B43_NR_GROUP_KEYS;
804 B43_WARN_ON(index < pairwise_keys_start);
805 /* We have four default TX keys and possibly four default RX keys.
806 * Physical mac 0 is mapped to physical key 4 or 8, depending
807 * on the firmware version.
808 * So we must adjust the index here.
810 index -= pairwise_keys_start;
811 B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
814 addrtmp[0] = addr[0];
815 addrtmp[0] |= ((u32) (addr[1]) << 8);
816 addrtmp[0] |= ((u32) (addr[2]) << 16);
817 addrtmp[0] |= ((u32) (addr[3]) << 24);
818 addrtmp[1] = addr[4];
819 addrtmp[1] |= ((u32) (addr[5]) << 8);
822 /* Receive match transmitter address (RCMTA) mechanism */
823 b43_shm_write32(dev, B43_SHM_RCMTA,
824 (index * 2) + 0, addrtmp[0]);
825 b43_shm_write16(dev, B43_SHM_RCMTA,
826 (index * 2) + 1, addrtmp[1]);
829 static void do_key_write(struct b43_wldev *dev,
830 u8 index, u8 algorithm,
831 const u8 *key, size_t key_len, const u8 *mac_addr)
833 u8 buf[B43_SEC_KEYSIZE] = { 0, };
834 u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
836 if (b43_new_kidx_api(dev))
837 pairwise_keys_start = B43_NR_GROUP_KEYS;
839 B43_WARN_ON(index >= ARRAY_SIZE(dev->key));
840 B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
842 if (index >= pairwise_keys_start)
843 keymac_write(dev, index, NULL); /* First zero out mac. */
845 memcpy(buf, key, key_len);
846 key_write(dev, index, algorithm, buf);
847 if (index >= pairwise_keys_start)
848 keymac_write(dev, index, mac_addr);
850 dev->key[index].algorithm = algorithm;
853 static int b43_key_write(struct b43_wldev *dev,
854 int index, u8 algorithm,
855 const u8 *key, size_t key_len,
857 struct ieee80211_key_conf *keyconf)
860 int pairwise_keys_start;
862 if (key_len > B43_SEC_KEYSIZE)
864 for (i = 0; i < ARRAY_SIZE(dev->key); i++) {
865 /* Check that we don't already have this key. */
866 B43_WARN_ON(dev->key[i].keyconf == keyconf);
869 /* Pairwise key. Get an empty slot for the key. */
870 if (b43_new_kidx_api(dev))
871 pairwise_keys_start = B43_NR_GROUP_KEYS;
873 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
874 for (i = pairwise_keys_start;
875 i < pairwise_keys_start + B43_NR_PAIRWISE_KEYS;
877 B43_WARN_ON(i >= ARRAY_SIZE(dev->key));
878 if (!dev->key[i].keyconf) {
885 b43warn(dev->wl, "Out of hardware key memory\n");
889 B43_WARN_ON(index > 3);
891 do_key_write(dev, index, algorithm, key, key_len, mac_addr);
892 if ((index <= 3) && !b43_new_kidx_api(dev)) {
894 B43_WARN_ON(mac_addr);
895 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
897 keyconf->hw_key_idx = index;
898 dev->key[index].keyconf = keyconf;
903 static int b43_key_clear(struct b43_wldev *dev, int index)
905 if (B43_WARN_ON((index < 0) || (index >= ARRAY_SIZE(dev->key))))
907 do_key_write(dev, index, B43_SEC_ALGO_NONE,
908 NULL, B43_SEC_KEYSIZE, NULL);
909 if ((index <= 3) && !b43_new_kidx_api(dev)) {
910 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
911 NULL, B43_SEC_KEYSIZE, NULL);
913 dev->key[index].keyconf = NULL;
918 static void b43_clear_keys(struct b43_wldev *dev)
922 if (b43_new_kidx_api(dev))
923 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
925 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
926 for (i = 0; i < count; i++)
927 b43_key_clear(dev, i);
930 static void b43_dump_keymemory(struct b43_wldev *dev)
932 unsigned int i, index, count, offset, pairwise_keys_start;
940 if (!b43_debug(dev, B43_DBG_KEYS))
943 hf = b43_hf_read(dev);
944 b43dbg(dev->wl, "Hardware key memory dump: USEDEFKEYS=%u\n",
945 !!(hf & B43_HF_USEDEFKEYS));
946 if (b43_new_kidx_api(dev)) {
947 pairwise_keys_start = B43_NR_GROUP_KEYS;
948 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
950 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
951 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
953 for (index = 0; index < count; index++) {
954 key = &(dev->key[index]);
955 printk(KERN_DEBUG "Key slot %02u: %s",
956 index, (key->keyconf == NULL) ? " " : "*");
957 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
958 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
959 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
960 printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
963 algo = b43_shm_read16(dev, B43_SHM_SHARED,
964 B43_SHM_SH_KEYIDXBLOCK + (index * 2));
965 printk(" Algo: %04X/%02X", algo, key->algorithm);
967 if (index >= pairwise_keys_start) {
968 rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
969 ((index - pairwise_keys_start) * 2) + 0);
970 rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
971 ((index - pairwise_keys_start) * 2) + 1);
972 *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
973 *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
974 printk(" MAC: %pM", mac);
976 printk(" DEFAULT KEY");
981 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
989 B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
990 (ps_flags & B43_PS_DISABLED));
991 B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
993 if (ps_flags & B43_PS_ENABLED) {
995 } else if (ps_flags & B43_PS_DISABLED) {
998 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
999 // and thus is not an AP and we are associated, set bit 25
1001 if (ps_flags & B43_PS_AWAKE) {
1003 } else if (ps_flags & B43_PS_ASLEEP) {
1006 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1007 // or we are associated, or FIXME, or the latest PS-Poll packet sent was
1008 // successful, set bit26
1011 /* FIXME: For now we force awake-on and hwps-off */
1015 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1017 macctl |= B43_MACCTL_HWPS;
1019 macctl &= ~B43_MACCTL_HWPS;
1021 macctl |= B43_MACCTL_AWAKE;
1023 macctl &= ~B43_MACCTL_AWAKE;
1024 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1026 b43_read32(dev, B43_MMIO_MACCTL);
1027 if (awake && dev->dev->id.revision >= 5) {
1028 /* Wait for the microcode to wake up. */
1029 for (i = 0; i < 100; i++) {
1030 ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1031 B43_SHM_SH_UCODESTAT);
1032 if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1039 void b43_wireless_core_reset(struct b43_wldev *dev, u32 flags)
1044 flags |= B43_TMSLOW_PHYCLKEN;
1045 flags |= B43_TMSLOW_PHYRESET;
1046 ssb_device_enable(dev->dev, flags);
1047 msleep(2); /* Wait for the PLL to turn on. */
1049 /* Now take the PHY out of Reset again */
1050 tmslow = ssb_read32(dev->dev, SSB_TMSLOW);
1051 tmslow |= SSB_TMSLOW_FGC;
1052 tmslow &= ~B43_TMSLOW_PHYRESET;
1053 ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1054 ssb_read32(dev->dev, SSB_TMSLOW); /* flush */
1056 tmslow &= ~SSB_TMSLOW_FGC;
1057 ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1058 ssb_read32(dev->dev, SSB_TMSLOW); /* flush */
1061 /* Turn Analog ON, but only if we already know the PHY-type.
1062 * This protects against very early setup where we don't know the
1063 * PHY-type, yet. wireless_core_reset will be called once again later,
1064 * when we know the PHY-type. */
1066 dev->phy.ops->switch_analog(dev, 1);
1068 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1069 macctl &= ~B43_MACCTL_GMODE;
1070 if (flags & B43_TMSLOW_GMODE)
1071 macctl |= B43_MACCTL_GMODE;
1072 macctl |= B43_MACCTL_IHR_ENABLED;
1073 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1076 static void handle_irq_transmit_status(struct b43_wldev *dev)
1080 struct b43_txstatus stat;
1083 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1084 if (!(v0 & 0x00000001))
1086 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1088 stat.cookie = (v0 >> 16);
1089 stat.seq = (v1 & 0x0000FFFF);
1090 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1091 tmp = (v0 & 0x0000FFFF);
1092 stat.frame_count = ((tmp & 0xF000) >> 12);
1093 stat.rts_count = ((tmp & 0x0F00) >> 8);
1094 stat.supp_reason = ((tmp & 0x001C) >> 2);
1095 stat.pm_indicated = !!(tmp & 0x0080);
1096 stat.intermediate = !!(tmp & 0x0040);
1097 stat.for_ampdu = !!(tmp & 0x0020);
1098 stat.acked = !!(tmp & 0x0002);
1100 b43_handle_txstatus(dev, &stat);
1104 static void drain_txstatus_queue(struct b43_wldev *dev)
1108 if (dev->dev->id.revision < 5)
1110 /* Read all entries from the microcode TXstatus FIFO
1111 * and throw them away.
1114 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1115 if (!(dummy & 0x00000001))
1117 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1121 static u32 b43_jssi_read(struct b43_wldev *dev)
1125 val = b43_shm_read16(dev, B43_SHM_SHARED, 0x08A);
1127 val |= b43_shm_read16(dev, B43_SHM_SHARED, 0x088);
1132 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1134 b43_shm_write16(dev, B43_SHM_SHARED, 0x088, (jssi & 0x0000FFFF));
1135 b43_shm_write16(dev, B43_SHM_SHARED, 0x08A, (jssi & 0xFFFF0000) >> 16);
1138 static void b43_generate_noise_sample(struct b43_wldev *dev)
1140 b43_jssi_write(dev, 0x7F7F7F7F);
1141 b43_write32(dev, B43_MMIO_MACCMD,
1142 b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1145 static void b43_calculate_link_quality(struct b43_wldev *dev)
1147 /* Top half of Link Quality calculation. */
1149 if (dev->phy.type != B43_PHYTYPE_G)
1151 if (dev->noisecalc.calculation_running)
1153 dev->noisecalc.calculation_running = 1;
1154 dev->noisecalc.nr_samples = 0;
1156 b43_generate_noise_sample(dev);
1159 static void handle_irq_noise(struct b43_wldev *dev)
1161 struct b43_phy_g *phy = dev->phy.g;
1167 /* Bottom half of Link Quality calculation. */
1169 if (dev->phy.type != B43_PHYTYPE_G)
1172 /* Possible race condition: It might be possible that the user
1173 * changed to a different channel in the meantime since we
1174 * started the calculation. We ignore that fact, since it's
1175 * not really that much of a problem. The background noise is
1176 * an estimation only anyway. Slightly wrong results will get damped
1177 * by the averaging of the 8 sample rounds. Additionally the
1178 * value is shortlived. So it will be replaced by the next noise
1179 * calculation round soon. */
1181 B43_WARN_ON(!dev->noisecalc.calculation_running);
1182 *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1183 if (noise[0] == 0x7F || noise[1] == 0x7F ||
1184 noise[2] == 0x7F || noise[3] == 0x7F)
1187 /* Get the noise samples. */
1188 B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1189 i = dev->noisecalc.nr_samples;
1190 noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1191 noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1192 noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1193 noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1194 dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1195 dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1196 dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1197 dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1198 dev->noisecalc.nr_samples++;
1199 if (dev->noisecalc.nr_samples == 8) {
1200 /* Calculate the Link Quality by the noise samples. */
1202 for (i = 0; i < 8; i++) {
1203 for (j = 0; j < 4; j++)
1204 average += dev->noisecalc.samples[i][j];
1210 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1211 tmp = (tmp / 128) & 0x1F;
1221 dev->stats.link_noise = average;
1222 dev->noisecalc.calculation_running = 0;
1226 b43_generate_noise_sample(dev);
1229 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1231 if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1234 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1235 b43_power_saving_ctl_bits(dev, 0);
1237 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1241 static void handle_irq_atim_end(struct b43_wldev *dev)
1243 if (dev->dfq_valid) {
1244 b43_write32(dev, B43_MMIO_MACCMD,
1245 b43_read32(dev, B43_MMIO_MACCMD)
1246 | B43_MACCMD_DFQ_VALID);
1251 static void handle_irq_pmq(struct b43_wldev *dev)
1258 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1259 if (!(tmp & 0x00000008))
1262 /* 16bit write is odd, but correct. */
1263 b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1266 static void b43_write_template_common(struct b43_wldev *dev,
1267 const u8 *data, u16 size,
1269 u16 shm_size_offset, u8 rate)
1272 struct b43_plcp_hdr4 plcp;
1275 b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1276 b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1277 ram_offset += sizeof(u32);
1278 /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1279 * So leave the first two bytes of the next write blank.
1281 tmp = (u32) (data[0]) << 16;
1282 tmp |= (u32) (data[1]) << 24;
1283 b43_ram_write(dev, ram_offset, tmp);
1284 ram_offset += sizeof(u32);
1285 for (i = 2; i < size; i += sizeof(u32)) {
1286 tmp = (u32) (data[i + 0]);
1288 tmp |= (u32) (data[i + 1]) << 8;
1290 tmp |= (u32) (data[i + 2]) << 16;
1292 tmp |= (u32) (data[i + 3]) << 24;
1293 b43_ram_write(dev, ram_offset + i - 2, tmp);
1295 b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1296 size + sizeof(struct b43_plcp_hdr6));
1299 /* Check if the use of the antenna that ieee80211 told us to
1300 * use is possible. This will fall back to DEFAULT.
1301 * "antenna_nr" is the antenna identifier we got from ieee80211. */
1302 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1307 if (antenna_nr == 0) {
1308 /* Zero means "use default antenna". That's always OK. */
1312 /* Get the mask of available antennas. */
1314 antenna_mask = dev->dev->bus->sprom.ant_available_bg;
1316 antenna_mask = dev->dev->bus->sprom.ant_available_a;
1318 if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1319 /* This antenna is not available. Fall back to default. */
1326 /* Convert a b43 antenna number value to the PHY TX control value. */
1327 static u16 b43_antenna_to_phyctl(int antenna)
1331 return B43_TXH_PHY_ANT0;
1333 return B43_TXH_PHY_ANT1;
1335 return B43_TXH_PHY_ANT2;
1337 return B43_TXH_PHY_ANT3;
1338 case B43_ANTENNA_AUTO:
1339 return B43_TXH_PHY_ANT01AUTO;
1345 static void b43_write_beacon_template(struct b43_wldev *dev,
1347 u16 shm_size_offset)
1349 unsigned int i, len, variable_len;
1350 const struct ieee80211_mgmt *bcn;
1356 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1358 bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1359 len = min((size_t) dev->wl->current_beacon->len,
1360 0x200 - sizeof(struct b43_plcp_hdr6));
1361 rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1363 b43_write_template_common(dev, (const u8 *)bcn,
1364 len, ram_offset, shm_size_offset, rate);
1366 /* Write the PHY TX control parameters. */
1367 antenna = B43_ANTENNA_DEFAULT;
1368 antenna = b43_antenna_to_phyctl(antenna);
1369 ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1370 /* We can't send beacons with short preamble. Would get PHY errors. */
1371 ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1372 ctl &= ~B43_TXH_PHY_ANT;
1373 ctl &= ~B43_TXH_PHY_ENC;
1375 if (b43_is_cck_rate(rate))
1376 ctl |= B43_TXH_PHY_ENC_CCK;
1378 ctl |= B43_TXH_PHY_ENC_OFDM;
1379 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1381 /* Find the position of the TIM and the DTIM_period value
1382 * and write them to SHM. */
1383 ie = bcn->u.beacon.variable;
1384 variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1385 for (i = 0; i < variable_len - 2; ) {
1386 uint8_t ie_id, ie_len;
1393 /* This is the TIM Information Element */
1395 /* Check whether the ie_len is in the beacon data range. */
1396 if (variable_len < ie_len + 2 + i)
1398 /* A valid TIM is at least 4 bytes long. */
1403 tim_position = sizeof(struct b43_plcp_hdr6);
1404 tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1407 dtim_period = ie[i + 3];
1409 b43_shm_write16(dev, B43_SHM_SHARED,
1410 B43_SHM_SH_TIMBPOS, tim_position);
1411 b43_shm_write16(dev, B43_SHM_SHARED,
1412 B43_SHM_SH_DTIMPER, dtim_period);
1419 * If ucode wants to modify TIM do it behind the beacon, this
1420 * will happen, for example, when doing mesh networking.
1422 b43_shm_write16(dev, B43_SHM_SHARED,
1424 len + sizeof(struct b43_plcp_hdr6));
1425 b43_shm_write16(dev, B43_SHM_SHARED,
1426 B43_SHM_SH_DTIMPER, 0);
1428 b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1431 static void b43_upload_beacon0(struct b43_wldev *dev)
1433 struct b43_wl *wl = dev->wl;
1435 if (wl->beacon0_uploaded)
1437 b43_write_beacon_template(dev, 0x68, 0x18);
1438 wl->beacon0_uploaded = 1;
1441 static void b43_upload_beacon1(struct b43_wldev *dev)
1443 struct b43_wl *wl = dev->wl;
1445 if (wl->beacon1_uploaded)
1447 b43_write_beacon_template(dev, 0x468, 0x1A);
1448 wl->beacon1_uploaded = 1;
1451 static void handle_irq_beacon(struct b43_wldev *dev)
1453 struct b43_wl *wl = dev->wl;
1454 u32 cmd, beacon0_valid, beacon1_valid;
1456 if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1457 !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
1460 /* This is the bottom half of the asynchronous beacon update. */
1462 /* Ignore interrupt in the future. */
1463 dev->irq_mask &= ~B43_IRQ_BEACON;
1465 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1466 beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1467 beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1469 /* Schedule interrupt manually, if busy. */
1470 if (beacon0_valid && beacon1_valid) {
1471 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1472 dev->irq_mask |= B43_IRQ_BEACON;
1476 if (unlikely(wl->beacon_templates_virgin)) {
1477 /* We never uploaded a beacon before.
1478 * Upload both templates now, but only mark one valid. */
1479 wl->beacon_templates_virgin = 0;
1480 b43_upload_beacon0(dev);
1481 b43_upload_beacon1(dev);
1482 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1483 cmd |= B43_MACCMD_BEACON0_VALID;
1484 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1486 if (!beacon0_valid) {
1487 b43_upload_beacon0(dev);
1488 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1489 cmd |= B43_MACCMD_BEACON0_VALID;
1490 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1491 } else if (!beacon1_valid) {
1492 b43_upload_beacon1(dev);
1493 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1494 cmd |= B43_MACCMD_BEACON1_VALID;
1495 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1500 static void b43_beacon_update_trigger_work(struct work_struct *work)
1502 struct b43_wl *wl = container_of(work, struct b43_wl,
1503 beacon_update_trigger);
1504 struct b43_wldev *dev;
1506 mutex_lock(&wl->mutex);
1507 dev = wl->current_dev;
1508 if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1509 spin_lock_irq(&wl->irq_lock);
1510 /* update beacon right away or defer to irq */
1511 handle_irq_beacon(dev);
1512 /* The handler might have updated the IRQ mask. */
1513 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1515 spin_unlock_irq(&wl->irq_lock);
1517 mutex_unlock(&wl->mutex);
1520 /* Asynchronously update the packet templates in template RAM.
1521 * Locking: Requires wl->irq_lock to be locked. */
1522 static void b43_update_templates(struct b43_wl *wl)
1524 struct sk_buff *beacon;
1526 /* This is the top half of the ansynchronous beacon update.
1527 * The bottom half is the beacon IRQ.
1528 * Beacon update must be asynchronous to avoid sending an
1529 * invalid beacon. This can happen for example, if the firmware
1530 * transmits a beacon while we are updating it. */
1532 /* We could modify the existing beacon and set the aid bit in
1533 * the TIM field, but that would probably require resizing and
1534 * moving of data within the beacon template.
1535 * Simply request a new beacon and let mac80211 do the hard work. */
1536 beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1537 if (unlikely(!beacon))
1540 if (wl->current_beacon)
1541 dev_kfree_skb_any(wl->current_beacon);
1542 wl->current_beacon = beacon;
1543 wl->beacon0_uploaded = 0;
1544 wl->beacon1_uploaded = 0;
1545 ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1548 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1551 if (dev->dev->id.revision >= 3) {
1552 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1553 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1555 b43_write16(dev, 0x606, (beacon_int >> 6));
1556 b43_write16(dev, 0x610, beacon_int);
1558 b43_time_unlock(dev);
1559 b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1562 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1566 /* Read the register that contains the reason code for the panic. */
1567 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1568 b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1572 b43dbg(dev->wl, "The panic reason is unknown.\n");
1574 case B43_FWPANIC_DIE:
1575 /* Do not restart the controller or firmware.
1576 * The device is nonfunctional from now on.
1577 * Restarting would result in this panic to trigger again,
1578 * so we avoid that recursion. */
1580 case B43_FWPANIC_RESTART:
1581 b43_controller_restart(dev, "Microcode panic");
1586 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1588 unsigned int i, cnt;
1589 u16 reason, marker_id, marker_line;
1592 /* The proprietary firmware doesn't have this IRQ. */
1593 if (!dev->fw.opensource)
1596 /* Read the register that contains the reason code for this IRQ. */
1597 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1600 case B43_DEBUGIRQ_PANIC:
1601 b43_handle_firmware_panic(dev);
1603 case B43_DEBUGIRQ_DUMP_SHM:
1605 break; /* Only with driver debugging enabled. */
1606 buf = kmalloc(4096, GFP_ATOMIC);
1608 b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1611 for (i = 0; i < 4096; i += 2) {
1612 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1613 buf[i / 2] = cpu_to_le16(tmp);
1615 b43info(dev->wl, "Shared memory dump:\n");
1616 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1617 16, 2, buf, 4096, 1);
1620 case B43_DEBUGIRQ_DUMP_REGS:
1622 break; /* Only with driver debugging enabled. */
1623 b43info(dev->wl, "Microcode register dump:\n");
1624 for (i = 0, cnt = 0; i < 64; i++) {
1625 u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1628 printk("r%02u: 0x%04X ", i, tmp);
1637 case B43_DEBUGIRQ_MARKER:
1639 break; /* Only with driver debugging enabled. */
1640 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1642 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1643 B43_MARKER_LINE_REG);
1644 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1645 "at line number %u\n",
1646 marker_id, marker_line);
1649 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1653 /* Acknowledge the debug-IRQ, so the firmware can continue. */
1654 b43_shm_write16(dev, B43_SHM_SCRATCH,
1655 B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1658 /* Interrupt handler bottom-half */
1659 static void b43_interrupt_tasklet(struct b43_wldev *dev)
1662 u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1663 u32 merged_dma_reason = 0;
1665 unsigned long flags;
1667 spin_lock_irqsave(&dev->wl->irq_lock, flags);
1669 B43_WARN_ON(b43_status(dev) != B43_STAT_STARTED);
1671 reason = dev->irq_reason;
1672 for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1673 dma_reason[i] = dev->dma_reason[i];
1674 merged_dma_reason |= dma_reason[i];
1677 if (unlikely(reason & B43_IRQ_MAC_TXERR))
1678 b43err(dev->wl, "MAC transmission error\n");
1680 if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1681 b43err(dev->wl, "PHY transmission error\n");
1683 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1684 atomic_set(&dev->phy.txerr_cnt,
1685 B43_PHY_TX_BADNESS_LIMIT);
1686 b43err(dev->wl, "Too many PHY TX errors, "
1687 "restarting the controller\n");
1688 b43_controller_restart(dev, "PHY TX errors");
1692 if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK |
1693 B43_DMAIRQ_NONFATALMASK))) {
1694 if (merged_dma_reason & B43_DMAIRQ_FATALMASK) {
1695 b43err(dev->wl, "Fatal DMA error: "
1696 "0x%08X, 0x%08X, 0x%08X, "
1697 "0x%08X, 0x%08X, 0x%08X\n",
1698 dma_reason[0], dma_reason[1],
1699 dma_reason[2], dma_reason[3],
1700 dma_reason[4], dma_reason[5]);
1701 b43_controller_restart(dev, "DMA error");
1703 spin_unlock_irqrestore(&dev->wl->irq_lock, flags);
1706 if (merged_dma_reason & B43_DMAIRQ_NONFATALMASK) {
1707 b43err(dev->wl, "DMA error: "
1708 "0x%08X, 0x%08X, 0x%08X, "
1709 "0x%08X, 0x%08X, 0x%08X\n",
1710 dma_reason[0], dma_reason[1],
1711 dma_reason[2], dma_reason[3],
1712 dma_reason[4], dma_reason[5]);
1716 if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1717 handle_irq_ucode_debug(dev);
1718 if (reason & B43_IRQ_TBTT_INDI)
1719 handle_irq_tbtt_indication(dev);
1720 if (reason & B43_IRQ_ATIM_END)
1721 handle_irq_atim_end(dev);
1722 if (reason & B43_IRQ_BEACON)
1723 handle_irq_beacon(dev);
1724 if (reason & B43_IRQ_PMQ)
1725 handle_irq_pmq(dev);
1726 if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1728 if (reason & B43_IRQ_NOISESAMPLE_OK)
1729 handle_irq_noise(dev);
1731 /* Check the DMA reason registers for received data. */
1732 if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
1733 if (b43_using_pio_transfers(dev))
1734 b43_pio_rx(dev->pio.rx_queue);
1736 b43_dma_rx(dev->dma.rx_ring);
1738 B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1739 B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
1740 B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
1741 B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1742 B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1744 if (reason & B43_IRQ_TX_OK)
1745 handle_irq_transmit_status(dev);
1747 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1749 spin_unlock_irqrestore(&dev->wl->irq_lock, flags);
1752 static void b43_interrupt_ack(struct b43_wldev *dev, u32 reason)
1754 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
1756 b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
1757 b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
1758 b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
1759 b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
1760 b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
1762 b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
1766 /* Interrupt handler top-half */
1767 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
1769 irqreturn_t ret = IRQ_NONE;
1770 struct b43_wldev *dev = dev_id;
1775 spin_lock(&dev->wl->irq_lock);
1777 if (unlikely(b43_status(dev) < B43_STAT_STARTED)) {
1778 /* This can only happen on shared IRQ lines. */
1781 reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1782 if (reason == 0xffffffff) /* shared IRQ */
1785 reason &= dev->irq_mask;
1789 dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
1791 dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
1793 dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
1795 dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
1797 dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
1800 dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
1804 b43_interrupt_ack(dev, reason);
1805 /* disable all IRQs. They are enabled again in the bottom half. */
1806 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
1807 /* save the reason code and call our bottom half. */
1808 dev->irq_reason = reason;
1809 tasklet_schedule(&dev->isr_tasklet);
1812 spin_unlock(&dev->wl->irq_lock);
1817 void b43_do_release_fw(struct b43_firmware_file *fw)
1819 release_firmware(fw->data);
1821 fw->filename = NULL;
1824 static void b43_release_firmware(struct b43_wldev *dev)
1826 b43_do_release_fw(&dev->fw.ucode);
1827 b43_do_release_fw(&dev->fw.pcm);
1828 b43_do_release_fw(&dev->fw.initvals);
1829 b43_do_release_fw(&dev->fw.initvals_band);
1832 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
1836 "http://wireless.kernel.org/en/users/Drivers/b43#devicefirmware " \
1837 "and download the correct firmware for this driver version. " \
1838 "Please carefully read all instructions on this website.\n";
1846 int b43_do_request_fw(struct b43_request_fw_context *ctx,
1848 struct b43_firmware_file *fw)
1850 const struct firmware *blob;
1851 struct b43_fw_header *hdr;
1856 /* Don't fetch anything. Free possibly cached firmware. */
1857 /* FIXME: We should probably keep it anyway, to save some headache
1858 * on suspend/resume with multiband devices. */
1859 b43_do_release_fw(fw);
1863 if ((fw->type == ctx->req_type) &&
1864 (strcmp(fw->filename, name) == 0))
1865 return 0; /* Already have this fw. */
1866 /* Free the cached firmware first. */
1867 /* FIXME: We should probably do this later after we successfully
1868 * got the new fw. This could reduce headache with multiband devices.
1869 * We could also redesign this to cache the firmware for all possible
1870 * bands all the time. */
1871 b43_do_release_fw(fw);
1874 switch (ctx->req_type) {
1875 case B43_FWTYPE_PROPRIETARY:
1876 snprintf(ctx->fwname, sizeof(ctx->fwname),
1878 modparam_fwpostfix, name);
1880 case B43_FWTYPE_OPENSOURCE:
1881 snprintf(ctx->fwname, sizeof(ctx->fwname),
1883 modparam_fwpostfix, name);
1889 err = request_firmware(&blob, ctx->fwname, ctx->dev->dev->dev);
1890 if (err == -ENOENT) {
1891 snprintf(ctx->errors[ctx->req_type],
1892 sizeof(ctx->errors[ctx->req_type]),
1893 "Firmware file \"%s\" not found\n", ctx->fwname);
1896 snprintf(ctx->errors[ctx->req_type],
1897 sizeof(ctx->errors[ctx->req_type]),
1898 "Firmware file \"%s\" request failed (err=%d)\n",
1902 if (blob->size < sizeof(struct b43_fw_header))
1904 hdr = (struct b43_fw_header *)(blob->data);
1905 switch (hdr->type) {
1906 case B43_FW_TYPE_UCODE:
1907 case B43_FW_TYPE_PCM:
1908 size = be32_to_cpu(hdr->size);
1909 if (size != blob->size - sizeof(struct b43_fw_header))
1912 case B43_FW_TYPE_IV:
1921 fw->filename = name;
1922 fw->type = ctx->req_type;
1927 snprintf(ctx->errors[ctx->req_type],
1928 sizeof(ctx->errors[ctx->req_type]),
1929 "Firmware file \"%s\" format error.\n", ctx->fwname);
1930 release_firmware(blob);
1935 static int b43_try_request_fw(struct b43_request_fw_context *ctx)
1937 struct b43_wldev *dev = ctx->dev;
1938 struct b43_firmware *fw = &ctx->dev->fw;
1939 const u8 rev = ctx->dev->dev->id.revision;
1940 const char *filename;
1945 tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
1946 if ((rev >= 5) && (rev <= 10))
1947 filename = "ucode5";
1948 else if ((rev >= 11) && (rev <= 12))
1949 filename = "ucode11";
1951 filename = "ucode13";
1954 err = b43_do_request_fw(ctx, filename, &fw->ucode);
1959 if ((rev >= 5) && (rev <= 10))
1965 fw->pcm_request_failed = 0;
1966 err = b43_do_request_fw(ctx, filename, &fw->pcm);
1967 if (err == -ENOENT) {
1968 /* We did not find a PCM file? Not fatal, but
1969 * core rev <= 10 must do without hwcrypto then. */
1970 fw->pcm_request_failed = 1;
1975 switch (dev->phy.type) {
1977 if ((rev >= 5) && (rev <= 10)) {
1978 if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
1979 filename = "a0g1initvals5";
1981 filename = "a0g0initvals5";
1983 goto err_no_initvals;
1986 if ((rev >= 5) && (rev <= 10))
1987 filename = "b0g0initvals5";
1989 filename = "b0g0initvals13";
1991 goto err_no_initvals;
1994 if ((rev >= 11) && (rev <= 12))
1995 filename = "n0initvals11";
1997 goto err_no_initvals;
2000 goto err_no_initvals;
2002 err = b43_do_request_fw(ctx, filename, &fw->initvals);
2006 /* Get bandswitch initvals */
2007 switch (dev->phy.type) {
2009 if ((rev >= 5) && (rev <= 10)) {
2010 if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2011 filename = "a0g1bsinitvals5";
2013 filename = "a0g0bsinitvals5";
2014 } else if (rev >= 11)
2017 goto err_no_initvals;
2020 if ((rev >= 5) && (rev <= 10))
2021 filename = "b0g0bsinitvals5";
2025 goto err_no_initvals;
2028 if ((rev >= 11) && (rev <= 12))
2029 filename = "n0bsinitvals11";
2031 goto err_no_initvals;
2034 goto err_no_initvals;
2036 err = b43_do_request_fw(ctx, filename, &fw->initvals_band);
2043 err = ctx->fatal_failure = -EOPNOTSUPP;
2044 b43err(dev->wl, "The driver does not know which firmware (ucode) "
2045 "is required for your device (wl-core rev %u)\n", rev);
2049 err = ctx->fatal_failure = -EOPNOTSUPP;
2050 b43err(dev->wl, "The driver does not know which firmware (PCM) "
2051 "is required for your device (wl-core rev %u)\n", rev);
2055 err = ctx->fatal_failure = -EOPNOTSUPP;
2056 b43err(dev->wl, "The driver does not know which firmware (initvals) "
2057 "is required for your device (wl-core rev %u)\n", rev);
2061 /* We failed to load this firmware image. The error message
2062 * already is in ctx->errors. Return and let our caller decide
2067 b43_release_firmware(dev);
2071 static int b43_request_firmware(struct b43_wldev *dev)
2073 struct b43_request_fw_context *ctx;
2078 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2083 ctx->req_type = B43_FWTYPE_PROPRIETARY;
2084 err = b43_try_request_fw(ctx);
2086 goto out; /* Successfully loaded it. */
2087 err = ctx->fatal_failure;
2091 ctx->req_type = B43_FWTYPE_OPENSOURCE;
2092 err = b43_try_request_fw(ctx);
2094 goto out; /* Successfully loaded it. */
2095 err = ctx->fatal_failure;
2099 /* Could not find a usable firmware. Print the errors. */
2100 for (i = 0; i < B43_NR_FWTYPES; i++) {
2101 errmsg = ctx->errors[i];
2103 b43err(dev->wl, errmsg);
2105 b43_print_fw_helptext(dev->wl, 1);
2113 static int b43_upload_microcode(struct b43_wldev *dev)
2115 const size_t hdr_len = sizeof(struct b43_fw_header);
2117 unsigned int i, len;
2118 u16 fwrev, fwpatch, fwdate, fwtime;
2122 /* Jump the microcode PSM to offset 0 */
2123 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2124 B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2125 macctl |= B43_MACCTL_PSM_JMP0;
2126 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2127 /* Zero out all microcode PSM registers and shared memory. */
2128 for (i = 0; i < 64; i++)
2129 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2130 for (i = 0; i < 4096; i += 2)
2131 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2133 /* Upload Microcode. */
2134 data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2135 len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2136 b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2137 for (i = 0; i < len; i++) {
2138 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2142 if (dev->fw.pcm.data) {
2143 /* Upload PCM data. */
2144 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2145 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2146 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2147 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2148 /* No need for autoinc bit in SHM_HW */
2149 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2150 for (i = 0; i < len; i++) {
2151 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2156 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2158 /* Start the microcode PSM */
2159 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2160 macctl &= ~B43_MACCTL_PSM_JMP0;
2161 macctl |= B43_MACCTL_PSM_RUN;
2162 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2164 /* Wait for the microcode to load and respond */
2167 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2168 if (tmp == B43_IRQ_MAC_SUSPENDED)
2172 b43err(dev->wl, "Microcode not responding\n");
2173 b43_print_fw_helptext(dev->wl, 1);
2177 msleep_interruptible(50);
2178 if (signal_pending(current)) {
2183 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON); /* dummy read */
2185 /* Get and check the revisions. */
2186 fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2187 fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2188 fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2189 fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2191 if (fwrev <= 0x128) {
2192 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2193 "binary drivers older than version 4.x is unsupported. "
2194 "You must upgrade your firmware files.\n");
2195 b43_print_fw_helptext(dev->wl, 1);
2199 dev->fw.rev = fwrev;
2200 dev->fw.patch = fwpatch;
2201 dev->fw.opensource = (fwdate == 0xFFFF);
2203 /* Default to use-all-queues. */
2204 dev->wl->hw->queues = dev->wl->mac80211_initially_registered_queues;
2205 dev->qos_enabled = !!modparam_qos;
2206 /* Default to firmware/hardware crypto acceleration. */
2207 dev->hwcrypto_enabled = 1;
2209 if (dev->fw.opensource) {
2212 /* Patchlevel info is encoded in the "time" field. */
2213 dev->fw.patch = fwtime;
2214 b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2215 dev->fw.rev, dev->fw.patch);
2217 fwcapa = b43_fwcapa_read(dev);
2218 if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2219 b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2220 /* Disable hardware crypto and fall back to software crypto. */
2221 dev->hwcrypto_enabled = 0;
2223 if (!(fwcapa & B43_FWCAPA_QOS)) {
2224 b43info(dev->wl, "QoS not supported by firmware\n");
2225 /* Disable QoS. Tweak hw->queues to 1. It will be restored before
2226 * ieee80211_unregister to make sure the networking core can
2227 * properly free possible resources. */
2228 dev->wl->hw->queues = 1;
2229 dev->qos_enabled = 0;
2232 b43info(dev->wl, "Loading firmware version %u.%u "
2233 "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2235 (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2236 (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2237 if (dev->fw.pcm_request_failed) {
2238 b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2239 "Hardware accelerated cryptography is disabled.\n");
2240 b43_print_fw_helptext(dev->wl, 0);
2244 if (b43_is_old_txhdr_format(dev)) {
2245 /* We're over the deadline, but we keep support for old fw
2246 * until it turns out to be in major conflict with something new. */
2247 b43warn(dev->wl, "You are using an old firmware image. "
2248 "Support for old firmware will be removed soon "
2249 "(official deadline was July 2008).\n");
2250 b43_print_fw_helptext(dev->wl, 0);
2256 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2257 macctl &= ~B43_MACCTL_PSM_RUN;
2258 macctl |= B43_MACCTL_PSM_JMP0;
2259 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2264 static int b43_write_initvals(struct b43_wldev *dev,
2265 const struct b43_iv *ivals,
2269 const struct b43_iv *iv;
2274 BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2276 for (i = 0; i < count; i++) {
2277 if (array_size < sizeof(iv->offset_size))
2279 array_size -= sizeof(iv->offset_size);
2280 offset = be16_to_cpu(iv->offset_size);
2281 bit32 = !!(offset & B43_IV_32BIT);
2282 offset &= B43_IV_OFFSET_MASK;
2283 if (offset >= 0x1000)
2288 if (array_size < sizeof(iv->data.d32))
2290 array_size -= sizeof(iv->data.d32);
2292 value = get_unaligned_be32(&iv->data.d32);
2293 b43_write32(dev, offset, value);
2295 iv = (const struct b43_iv *)((const uint8_t *)iv +
2301 if (array_size < sizeof(iv->data.d16))
2303 array_size -= sizeof(iv->data.d16);
2305 value = be16_to_cpu(iv->data.d16);
2306 b43_write16(dev, offset, value);
2308 iv = (const struct b43_iv *)((const uint8_t *)iv +
2319 b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2320 b43_print_fw_helptext(dev->wl, 1);
2325 static int b43_upload_initvals(struct b43_wldev *dev)
2327 const size_t hdr_len = sizeof(struct b43_fw_header);
2328 const struct b43_fw_header *hdr;
2329 struct b43_firmware *fw = &dev->fw;
2330 const struct b43_iv *ivals;
2334 hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2335 ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2336 count = be32_to_cpu(hdr->size);
2337 err = b43_write_initvals(dev, ivals, count,
2338 fw->initvals.data->size - hdr_len);
2341 if (fw->initvals_band.data) {
2342 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2343 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2344 count = be32_to_cpu(hdr->size);
2345 err = b43_write_initvals(dev, ivals, count,
2346 fw->initvals_band.data->size - hdr_len);
2355 /* Initialize the GPIOs
2356 * http://bcm-specs.sipsolutions.net/GPIO
2358 static int b43_gpio_init(struct b43_wldev *dev)
2360 struct ssb_bus *bus = dev->dev->bus;
2361 struct ssb_device *gpiodev, *pcidev = NULL;
2364 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2365 & ~B43_MACCTL_GPOUTSMSK);
2367 b43_write16(dev, B43_MMIO_GPIO_MASK, b43_read16(dev, B43_MMIO_GPIO_MASK)
2372 if (dev->dev->bus->chip_id == 0x4301) {
2376 if (0 /* FIXME: conditional unknown */ ) {
2377 b43_write16(dev, B43_MMIO_GPIO_MASK,
2378 b43_read16(dev, B43_MMIO_GPIO_MASK)
2383 if (dev->dev->bus->sprom.boardflags_lo & B43_BFL_PACTRL) {
2384 b43_write16(dev, B43_MMIO_GPIO_MASK,
2385 b43_read16(dev, B43_MMIO_GPIO_MASK)
2390 if (dev->dev->id.revision >= 2)
2391 mask |= 0x0010; /* FIXME: This is redundant. */
2393 #ifdef CONFIG_SSB_DRIVER_PCICORE
2394 pcidev = bus->pcicore.dev;
2396 gpiodev = bus->chipco.dev ? : pcidev;
2399 ssb_write32(gpiodev, B43_GPIO_CONTROL,
2400 (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2406 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2407 static void b43_gpio_cleanup(struct b43_wldev *dev)
2409 struct ssb_bus *bus = dev->dev->bus;
2410 struct ssb_device *gpiodev, *pcidev = NULL;
2412 #ifdef CONFIG_SSB_DRIVER_PCICORE
2413 pcidev = bus->pcicore.dev;
2415 gpiodev = bus->chipco.dev ? : pcidev;
2418 ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2421 /* http://bcm-specs.sipsolutions.net/EnableMac */
2422 void b43_mac_enable(struct b43_wldev *dev)
2424 if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2427 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2428 B43_SHM_SH_UCODESTAT);
2429 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2430 (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2431 b43err(dev->wl, "b43_mac_enable(): The firmware "
2432 "should be suspended, but current state is %u\n",
2437 dev->mac_suspended--;
2438 B43_WARN_ON(dev->mac_suspended < 0);
2439 if (dev->mac_suspended == 0) {
2440 b43_write32(dev, B43_MMIO_MACCTL,
2441 b43_read32(dev, B43_MMIO_MACCTL)
2442 | B43_MACCTL_ENABLED);
2443 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2444 B43_IRQ_MAC_SUSPENDED);
2446 b43_read32(dev, B43_MMIO_MACCTL);
2447 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2448 b43_power_saving_ctl_bits(dev, 0);
2452 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2453 void b43_mac_suspend(struct b43_wldev *dev)
2459 B43_WARN_ON(dev->mac_suspended < 0);
2461 if (dev->mac_suspended == 0) {
2462 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2463 b43_write32(dev, B43_MMIO_MACCTL,
2464 b43_read32(dev, B43_MMIO_MACCTL)
2465 & ~B43_MACCTL_ENABLED);
2466 /* force pci to flush the write */
2467 b43_read32(dev, B43_MMIO_MACCTL);
2468 for (i = 35; i; i--) {
2469 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2470 if (tmp & B43_IRQ_MAC_SUSPENDED)
2474 /* Hm, it seems this will take some time. Use msleep(). */
2475 for (i = 40; i; i--) {
2476 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2477 if (tmp & B43_IRQ_MAC_SUSPENDED)
2481 b43err(dev->wl, "MAC suspend failed\n");
2484 dev->mac_suspended++;
2487 static void b43_adjust_opmode(struct b43_wldev *dev)
2489 struct b43_wl *wl = dev->wl;
2493 ctl = b43_read32(dev, B43_MMIO_MACCTL);
2494 /* Reset status to STA infrastructure mode. */
2495 ctl &= ~B43_MACCTL_AP;
2496 ctl &= ~B43_MACCTL_KEEP_CTL;
2497 ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2498 ctl &= ~B43_MACCTL_KEEP_BAD;
2499 ctl &= ~B43_MACCTL_PROMISC;
2500 ctl &= ~B43_MACCTL_BEACPROMISC;
2501 ctl |= B43_MACCTL_INFRA;
2503 if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
2504 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
2505 ctl |= B43_MACCTL_AP;
2506 else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
2507 ctl &= ~B43_MACCTL_INFRA;
2509 if (wl->filter_flags & FIF_CONTROL)
2510 ctl |= B43_MACCTL_KEEP_CTL;
2511 if (wl->filter_flags & FIF_FCSFAIL)
2512 ctl |= B43_MACCTL_KEEP_BAD;
2513 if (wl->filter_flags & FIF_PLCPFAIL)
2514 ctl |= B43_MACCTL_KEEP_BADPLCP;
2515 if (wl->filter_flags & FIF_PROMISC_IN_BSS)
2516 ctl |= B43_MACCTL_PROMISC;
2517 if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2518 ctl |= B43_MACCTL_BEACPROMISC;
2520 /* Workaround: On old hardware the HW-MAC-address-filter
2521 * doesn't work properly, so always run promisc in filter
2522 * it in software. */
2523 if (dev->dev->id.revision <= 4)
2524 ctl |= B43_MACCTL_PROMISC;
2526 b43_write32(dev, B43_MMIO_MACCTL, ctl);
2529 if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2530 if (dev->dev->bus->chip_id == 0x4306 &&
2531 dev->dev->bus->chip_rev == 3)
2536 b43_write16(dev, 0x612, cfp_pretbtt);
2539 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
2545 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
2548 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
2550 b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
2551 b43_shm_read16(dev, B43_SHM_SHARED, offset));
2554 static void b43_rate_memory_init(struct b43_wldev *dev)
2556 switch (dev->phy.type) {
2560 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
2561 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
2562 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
2563 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
2564 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
2565 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
2566 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
2567 if (dev->phy.type == B43_PHYTYPE_A)
2571 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
2572 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
2573 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
2574 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
2581 /* Set the default values for the PHY TX Control Words. */
2582 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
2586 ctl |= B43_TXH_PHY_ENC_CCK;
2587 ctl |= B43_TXH_PHY_ANT01AUTO;
2588 ctl |= B43_TXH_PHY_TXPWR;
2590 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
2591 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
2592 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
2595 /* Set the TX-Antenna for management frames sent by firmware. */
2596 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
2601 ant = b43_antenna_to_phyctl(antenna);
2604 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
2605 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2606 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
2607 /* For Probe Resposes */
2608 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
2609 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2610 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
2613 /* This is the opposite of b43_chip_init() */
2614 static void b43_chip_exit(struct b43_wldev *dev)
2617 b43_gpio_cleanup(dev);
2618 /* firmware is released later */
2621 /* Initialize the chip
2622 * http://bcm-specs.sipsolutions.net/ChipInit
2624 static int b43_chip_init(struct b43_wldev *dev)
2626 struct b43_phy *phy = &dev->phy;
2628 u32 value32, macctl;
2631 /* Initialize the MAC control */
2632 macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
2634 macctl |= B43_MACCTL_GMODE;
2635 macctl |= B43_MACCTL_INFRA;
2636 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2638 err = b43_request_firmware(dev);
2641 err = b43_upload_microcode(dev);
2643 goto out; /* firmware is released later */
2645 err = b43_gpio_init(dev);
2647 goto out; /* firmware is released later */
2649 err = b43_upload_initvals(dev);
2651 goto err_gpio_clean;
2653 /* Turn the Analog on and initialize the PHY. */
2654 phy->ops->switch_analog(dev, 1);
2655 err = b43_phy_init(dev);
2657 goto err_gpio_clean;
2659 /* Disable Interference Mitigation. */
2660 if (phy->ops->interf_mitigation)
2661 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
2663 /* Select the antennae */
2664 if (phy->ops->set_rx_antenna)
2665 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
2666 b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
2668 if (phy->type == B43_PHYTYPE_B) {
2669 value16 = b43_read16(dev, 0x005E);
2671 b43_write16(dev, 0x005E, value16);
2673 b43_write32(dev, 0x0100, 0x01000000);
2674 if (dev->dev->id.revision < 5)
2675 b43_write32(dev, 0x010C, 0x01000000);
2677 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2678 & ~B43_MACCTL_INFRA);
2679 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2680 | B43_MACCTL_INFRA);
2682 /* Probe Response Timeout value */
2683 /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
2684 b43_shm_write16(dev, B43_SHM_SHARED, 0x0074, 0x0000);
2686 /* Initially set the wireless operation mode. */
2687 b43_adjust_opmode(dev);
2689 if (dev->dev->id.revision < 3) {
2690 b43_write16(dev, 0x060E, 0x0000);
2691 b43_write16(dev, 0x0610, 0x8000);
2692 b43_write16(dev, 0x0604, 0x0000);
2693 b43_write16(dev, 0x0606, 0x0200);
2695 b43_write32(dev, 0x0188, 0x80000000);
2696 b43_write32(dev, 0x018C, 0x02000000);
2698 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
2699 b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001DC00);
2700 b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
2701 b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
2702 b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
2703 b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
2704 b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
2706 value32 = ssb_read32(dev->dev, SSB_TMSLOW);
2707 value32 |= 0x00100000;
2708 ssb_write32(dev->dev, SSB_TMSLOW, value32);
2710 b43_write16(dev, B43_MMIO_POWERUP_DELAY,
2711 dev->dev->bus->chipco.fast_pwrup_delay);
2714 b43dbg(dev->wl, "Chip initialized\n");
2719 b43_gpio_cleanup(dev);
2723 static void b43_periodic_every60sec(struct b43_wldev *dev)
2725 const struct b43_phy_operations *ops = dev->phy.ops;
2727 if (ops->pwork_60sec)
2728 ops->pwork_60sec(dev);
2730 /* Force check the TX power emission now. */
2731 b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
2734 static void b43_periodic_every30sec(struct b43_wldev *dev)
2736 /* Update device statistics. */
2737 b43_calculate_link_quality(dev);
2740 static void b43_periodic_every15sec(struct b43_wldev *dev)
2742 struct b43_phy *phy = &dev->phy;
2745 if (dev->fw.opensource) {
2746 /* Check if the firmware is still alive.
2747 * It will reset the watchdog counter to 0 in its idle loop. */
2748 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
2749 if (unlikely(wdr)) {
2750 b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
2751 b43_controller_restart(dev, "Firmware watchdog");
2754 b43_shm_write16(dev, B43_SHM_SCRATCH,
2755 B43_WATCHDOG_REG, 1);
2759 if (phy->ops->pwork_15sec)
2760 phy->ops->pwork_15sec(dev);
2762 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
2766 static void do_periodic_work(struct b43_wldev *dev)
2770 state = dev->periodic_state;
2772 b43_periodic_every60sec(dev);
2774 b43_periodic_every30sec(dev);
2775 b43_periodic_every15sec(dev);
2778 /* Periodic work locking policy:
2779 * The whole periodic work handler is protected by
2780 * wl->mutex. If another lock is needed somewhere in the
2781 * pwork callchain, it's aquired in-place, where it's needed.
2783 static void b43_periodic_work_handler(struct work_struct *work)
2785 struct b43_wldev *dev = container_of(work, struct b43_wldev,
2786 periodic_work.work);
2787 struct b43_wl *wl = dev->wl;
2788 unsigned long delay;
2790 mutex_lock(&wl->mutex);
2792 if (unlikely(b43_status(dev) != B43_STAT_STARTED))
2794 if (b43_debug(dev, B43_DBG_PWORK_STOP))
2797 do_periodic_work(dev);
2799 dev->periodic_state++;
2801 if (b43_debug(dev, B43_DBG_PWORK_FAST))
2802 delay = msecs_to_jiffies(50);
2804 delay = round_jiffies_relative(HZ * 15);
2805 ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
2807 mutex_unlock(&wl->mutex);
2810 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
2812 struct delayed_work *work = &dev->periodic_work;
2814 dev->periodic_state = 0;
2815 INIT_DELAYED_WORK(work, b43_periodic_work_handler);
2816 ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
2819 /* Check if communication with the device works correctly. */
2820 static int b43_validate_chipaccess(struct b43_wldev *dev)
2822 u32 v, backup0, backup4;
2824 backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
2825 backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
2827 /* Check for read/write and endianness problems. */
2828 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
2829 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
2831 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
2832 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
2835 /* Check if unaligned 32bit SHM_SHARED access works properly.
2836 * However, don't bail out on failure, because it's noncritical. */
2837 b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
2838 b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
2839 b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
2840 b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
2841 if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
2842 b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
2843 b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
2844 if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
2845 b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
2846 b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
2847 b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
2848 b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
2850 b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
2851 b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
2853 if ((dev->dev->id.revision >= 3) && (dev->dev->id.revision <= 10)) {
2854 /* The 32bit register shadows the two 16bit registers
2855 * with update sideeffects. Validate this. */
2856 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
2857 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
2858 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
2860 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
2863 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
2865 v = b43_read32(dev, B43_MMIO_MACCTL);
2866 v |= B43_MACCTL_GMODE;
2867 if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
2872 b43err(dev->wl, "Failed to validate the chipaccess\n");
2876 static void b43_security_init(struct b43_wldev *dev)
2878 dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
2879 /* KTP is a word address, but we address SHM bytewise.
2880 * So multiply by two.
2883 /* Number of RCMTA address slots */
2884 b43_write16(dev, B43_MMIO_RCMTA_COUNT, B43_NR_PAIRWISE_KEYS);
2885 /* Clear the key memory. */
2886 b43_clear_keys(dev);
2889 #ifdef CONFIG_B43_HWRNG
2890 static int b43_rng_read(struct hwrng *rng, u32 *data)
2892 struct b43_wl *wl = (struct b43_wl *)rng->priv;
2893 unsigned long flags;
2895 /* Don't take wl->mutex here, as it could deadlock with
2896 * hwrng internal locking. It's not needed to take
2897 * wl->mutex here, anyway. */
2899 spin_lock_irqsave(&wl->irq_lock, flags);
2900 *data = b43_read16(wl->current_dev, B43_MMIO_RNG);
2901 spin_unlock_irqrestore(&wl->irq_lock, flags);
2903 return (sizeof(u16));
2905 #endif /* CONFIG_B43_HWRNG */
2907 static void b43_rng_exit(struct b43_wl *wl)
2909 #ifdef CONFIG_B43_HWRNG
2910 if (wl->rng_initialized)
2911 hwrng_unregister(&wl->rng);
2912 #endif /* CONFIG_B43_HWRNG */
2915 static int b43_rng_init(struct b43_wl *wl)
2919 #ifdef CONFIG_B43_HWRNG
2920 snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
2921 "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
2922 wl->rng.name = wl->rng_name;
2923 wl->rng.data_read = b43_rng_read;
2924 wl->rng.priv = (unsigned long)wl;
2925 wl->rng_initialized = 1;
2926 err = hwrng_register(&wl->rng);
2928 wl->rng_initialized = 0;
2929 b43err(wl, "Failed to register the random "
2930 "number generator (%d)\n", err);
2932 #endif /* CONFIG_B43_HWRNG */
2937 static int b43_op_tx(struct ieee80211_hw *hw,
2938 struct sk_buff *skb)
2940 struct b43_wl *wl = hw_to_b43_wl(hw);
2941 struct b43_wldev *dev = wl->current_dev;
2942 unsigned long flags;
2945 if (unlikely(skb->len < 2 + 2 + 6)) {
2946 /* Too short, this can't be a valid frame. */
2949 B43_WARN_ON(skb_shinfo(skb)->nr_frags);
2953 /* Transmissions on seperate queues can run concurrently. */
2954 read_lock_irqsave(&wl->tx_lock, flags);
2957 if (likely(b43_status(dev) >= B43_STAT_STARTED)) {
2958 if (b43_using_pio_transfers(dev))
2959 err = b43_pio_tx(dev, skb);
2961 err = b43_dma_tx(dev, skb);
2964 read_unlock_irqrestore(&wl->tx_lock, flags);
2968 return NETDEV_TX_OK;
2971 /* We can not transmit this packet. Drop it. */
2972 dev_kfree_skb_any(skb);
2973 return NETDEV_TX_OK;
2976 /* Locking: wl->irq_lock */
2977 static void b43_qos_params_upload(struct b43_wldev *dev,
2978 const struct ieee80211_tx_queue_params *p,
2981 u16 params[B43_NR_QOSPARAMS];
2985 bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
2987 memset(¶ms, 0, sizeof(params));
2989 params[B43_QOSPARAM_TXOP] = p->txop * 32;
2990 params[B43_QOSPARAM_CWMIN] = p->cw_min;
2991 params[B43_QOSPARAM_CWMAX] = p->cw_max;
2992 params[B43_QOSPARAM_CWCUR] = p->cw_min;
2993 params[B43_QOSPARAM_AIFS] = p->aifs;
2994 params[B43_QOSPARAM_BSLOTS] = bslots;
2995 params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
2997 for (i = 0; i < ARRAY_SIZE(params); i++) {
2998 if (i == B43_QOSPARAM_STATUS) {
2999 tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3000 shm_offset + (i * 2));
3001 /* Mark the parameters as updated. */
3003 b43_shm_write16(dev, B43_SHM_SHARED,
3004 shm_offset + (i * 2),
3007 b43_shm_write16(dev, B43_SHM_SHARED,
3008 shm_offset + (i * 2),
3014 /* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3015 static const u16 b43_qos_shm_offsets[] = {
3016 /* [mac80211-queue-nr] = SHM_OFFSET, */
3017 [0] = B43_QOS_VOICE,
3018 [1] = B43_QOS_VIDEO,
3019 [2] = B43_QOS_BESTEFFORT,
3020 [3] = B43_QOS_BACKGROUND,
3023 /* Update all QOS parameters in hardware. */
3024 static void b43_qos_upload_all(struct b43_wldev *dev)
3026 struct b43_wl *wl = dev->wl;
3027 struct b43_qos_params *params;
3030 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3031 ARRAY_SIZE(wl->qos_params));
3033 b43_mac_suspend(dev);
3034 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3035 params = &(wl->qos_params[i]);
3036 b43_qos_params_upload(dev, &(params->p),
3037 b43_qos_shm_offsets[i]);
3039 b43_mac_enable(dev);
3042 static void b43_qos_clear(struct b43_wl *wl)
3044 struct b43_qos_params *params;
3047 /* Initialize QoS parameters to sane defaults. */
3049 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3050 ARRAY_SIZE(wl->qos_params));
3052 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3053 params = &(wl->qos_params[i]);
3055 switch (b43_qos_shm_offsets[i]) {
3059 params->p.cw_min = 0x0001;
3060 params->p.cw_max = 0x0001;
3065 params->p.cw_min = 0x0001;
3066 params->p.cw_max = 0x0001;
3068 case B43_QOS_BESTEFFORT:
3071 params->p.cw_min = 0x0001;
3072 params->p.cw_max = 0x03FF;
3074 case B43_QOS_BACKGROUND:
3077 params->p.cw_min = 0x0001;
3078 params->p.cw_max = 0x03FF;
3086 /* Initialize the core's QOS capabilities */
3087 static void b43_qos_init(struct b43_wldev *dev)
3089 /* Upload the current QOS parameters. */
3090 b43_qos_upload_all(dev);
3092 /* Enable QOS support. */
3093 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3094 b43_write16(dev, B43_MMIO_IFSCTL,
3095 b43_read16(dev, B43_MMIO_IFSCTL)
3096 | B43_MMIO_IFSCTL_USE_EDCF);
3099 static int b43_op_conf_tx(struct ieee80211_hw *hw, u16 _queue,
3100 const struct ieee80211_tx_queue_params *params)
3102 struct b43_wl *wl = hw_to_b43_wl(hw);
3103 struct b43_wldev *dev;
3104 unsigned int queue = (unsigned int)_queue;
3107 if (queue >= ARRAY_SIZE(wl->qos_params)) {
3108 /* Queue not available or don't support setting
3109 * params on this queue. Return success to not
3110 * confuse mac80211. */
3113 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3114 ARRAY_SIZE(wl->qos_params));
3116 mutex_lock(&wl->mutex);
3117 dev = wl->current_dev;
3118 if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3121 memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3122 b43_mac_suspend(dev);
3123 b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3124 b43_qos_shm_offsets[queue]);
3125 b43_mac_enable(dev);
3129 mutex_unlock(&wl->mutex);
3134 static int b43_op_get_tx_stats(struct ieee80211_hw *hw,
3135 struct ieee80211_tx_queue_stats *stats)
3137 struct b43_wl *wl = hw_to_b43_wl(hw);
3138 struct b43_wldev *dev = wl->current_dev;
3139 unsigned long flags;
3144 spin_lock_irqsave(&wl->irq_lock, flags);
3145 if (likely(b43_status(dev) >= B43_STAT_STARTED)) {
3146 if (b43_using_pio_transfers(dev))
3147 b43_pio_get_tx_stats(dev, stats);
3149 b43_dma_get_tx_stats(dev, stats);
3152 spin_unlock_irqrestore(&wl->irq_lock, flags);
3157 static int b43_op_get_stats(struct ieee80211_hw *hw,
3158 struct ieee80211_low_level_stats *stats)
3160 struct b43_wl *wl = hw_to_b43_wl(hw);
3161 unsigned long flags;
3163 spin_lock_irqsave(&wl->irq_lock, flags);
3164 memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3165 spin_unlock_irqrestore(&wl->irq_lock, flags);
3170 static u64 b43_op_get_tsf(struct ieee80211_hw *hw)
3172 struct b43_wl *wl = hw_to_b43_wl(hw);
3173 struct b43_wldev *dev;
3176 mutex_lock(&wl->mutex);
3177 spin_lock_irq(&wl->irq_lock);
3178 dev = wl->current_dev;
3180 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3181 b43_tsf_read(dev, &tsf);
3185 spin_unlock_irq(&wl->irq_lock);
3186 mutex_unlock(&wl->mutex);
3191 static void b43_op_set_tsf(struct ieee80211_hw *hw, u64 tsf)
3193 struct b43_wl *wl = hw_to_b43_wl(hw);
3194 struct b43_wldev *dev;
3196 mutex_lock(&wl->mutex);
3197 spin_lock_irq(&wl->irq_lock);
3198 dev = wl->current_dev;
3200 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3201 b43_tsf_write(dev, tsf);
3203 spin_unlock_irq(&wl->irq_lock);
3204 mutex_unlock(&wl->mutex);
3207 static void b43_put_phy_into_reset(struct b43_wldev *dev)
3209 struct ssb_device *sdev = dev->dev;
3212 tmslow = ssb_read32(sdev, SSB_TMSLOW);
3213 tmslow &= ~B43_TMSLOW_GMODE;
3214 tmslow |= B43_TMSLOW_PHYRESET;
3215 tmslow |= SSB_TMSLOW_FGC;
3216 ssb_write32(sdev, SSB_TMSLOW, tmslow);
3219 tmslow = ssb_read32(sdev, SSB_TMSLOW);
3220 tmslow &= ~SSB_TMSLOW_FGC;
3221 tmslow |= B43_TMSLOW_PHYRESET;
3222 ssb_write32(sdev, SSB_TMSLOW, tmslow);
3226 static const char *band_to_string(enum ieee80211_band band)
3229 case IEEE80211_BAND_5GHZ:
3231 case IEEE80211_BAND_2GHZ:
3240 /* Expects wl->mutex locked */
3241 static int b43_switch_band(struct b43_wl *wl, struct ieee80211_channel *chan)
3243 struct b43_wldev *up_dev = NULL;
3244 struct b43_wldev *down_dev;
3245 struct b43_wldev *d;
3247 bool uninitialized_var(gmode);
3250 /* Find a device and PHY which supports the band. */
3251 list_for_each_entry(d, &wl->devlist, list) {
3252 switch (chan->band) {
3253 case IEEE80211_BAND_5GHZ:
3254 if (d->phy.supports_5ghz) {
3259 case IEEE80211_BAND_2GHZ:
3260 if (d->phy.supports_2ghz) {
3273 b43err(wl, "Could not find a device for %s-GHz band operation\n",
3274 band_to_string(chan->band));
3277 if ((up_dev == wl->current_dev) &&
3278 (!!wl->current_dev->phy.gmode == !!gmode)) {
3279 /* This device is already running. */
3282 b43dbg(wl, "Switching to %s-GHz band\n",
3283 band_to_string(chan->band));
3284 down_dev = wl->current_dev;
3286 prev_status = b43_status(down_dev);
3287 /* Shutdown the currently running core. */
3288 if (prev_status >= B43_STAT_STARTED)
3289 b43_wireless_core_stop(down_dev);
3290 if (prev_status >= B43_STAT_INITIALIZED)
3291 b43_wireless_core_exit(down_dev);
3293 if (down_dev != up_dev) {
3294 /* We switch to a different core, so we put PHY into
3295 * RESET on the old core. */
3296 b43_put_phy_into_reset(down_dev);
3299 /* Now start the new core. */
3300 up_dev->phy.gmode = gmode;
3301 if (prev_status >= B43_STAT_INITIALIZED) {
3302 err = b43_wireless_core_init(up_dev);
3304 b43err(wl, "Fatal: Could not initialize device for "
3305 "selected %s-GHz band\n",
3306 band_to_string(chan->band));
3310 if (prev_status >= B43_STAT_STARTED) {
3311 err = b43_wireless_core_start(up_dev);
3313 b43err(wl, "Fatal: Coult not start device for "
3314 "selected %s-GHz band\n",
3315 band_to_string(chan->band));
3316 b43_wireless_core_exit(up_dev);
3320 B43_WARN_ON(b43_status(up_dev) != prev_status);
3322 wl->current_dev = up_dev;
3326 /* Whoops, failed to init the new core. No core is operating now. */
3327 wl->current_dev = NULL;
3331 /* Write the short and long frame retry limit values. */
3332 static void b43_set_retry_limits(struct b43_wldev *dev,
3333 unsigned int short_retry,
3334 unsigned int long_retry)
3336 /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3337 * the chip-internal counter. */
3338 short_retry = min(short_retry, (unsigned int)0xF);
3339 long_retry = min(long_retry, (unsigned int)0xF);
3341 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3343 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3347 static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3349 struct b43_wl *wl = hw_to_b43_wl(hw);
3350 struct b43_wldev *dev;
3351 struct b43_phy *phy;
3352 struct ieee80211_conf *conf = &hw->conf;
3353 unsigned long flags;
3357 mutex_lock(&wl->mutex);
3359 /* Switch the band (if necessary). This might change the active core. */
3360 err = b43_switch_band(wl, conf->channel);
3362 goto out_unlock_mutex;
3363 dev = wl->current_dev;
3366 b43_mac_suspend(dev);
3368 if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
3369 b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
3370 conf->long_frame_max_tx_count);
3371 changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
3373 goto out_mac_enable;
3375 /* Switch to the requested channel.
3376 * The firmware takes care of races with the TX handler. */
3377 if (conf->channel->hw_value != phy->channel)
3378 b43_switch_channel(dev, conf->channel->hw_value);
3380 dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_RADIOTAP);
3382 /* Adjust the desired TX power level. */
3383 if (conf->power_level != 0) {
3384 spin_lock_irqsave(&wl->irq_lock, flags);
3385 if (conf->power_level != phy->desired_txpower) {
3386 phy->desired_txpower = conf->power_level;
3387 b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
3388 B43_TXPWR_IGNORE_TSSI);
3390 spin_unlock_irqrestore(&wl->irq_lock, flags);
3393 /* Antennas for RX and management frame TX. */
3394 antenna = B43_ANTENNA_DEFAULT;
3395 b43_mgmtframe_txantenna(dev, antenna);
3396 antenna = B43_ANTENNA_DEFAULT;
3397 if (phy->ops->set_rx_antenna)
3398 phy->ops->set_rx_antenna(dev, antenna);
3400 if (wl->radio_enabled != phy->radio_on) {
3401 if (wl->radio_enabled) {
3402 b43_software_rfkill(dev, false);
3403 b43info(dev->wl, "Radio turned on by software\n");
3404 if (!dev->radio_hw_enable) {
3405 b43info(dev->wl, "The hardware RF-kill button "
3406 "still turns the radio physically off. "
3407 "Press the button to turn it on.\n");
3410 b43_software_rfkill(dev, true);
3411 b43info(dev->wl, "Radio turned off by software\n");
3416 b43_mac_enable(dev);
3418 mutex_unlock(&wl->mutex);
3423 static void b43_update_basic_rates(struct b43_wldev *dev, u32 brates)
3425 struct ieee80211_supported_band *sband =
3426 dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
3427 struct ieee80211_rate *rate;
3429 u16 basic, direct, offset, basic_offset, rateptr;
3431 for (i = 0; i < sband->n_bitrates; i++) {
3432 rate = &sband->bitrates[i];
3434 if (b43_is_cck_rate(rate->hw_value)) {
3435 direct = B43_SHM_SH_CCKDIRECT;
3436 basic = B43_SHM_SH_CCKBASIC;
3437 offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3440 direct = B43_SHM_SH_OFDMDIRECT;
3441 basic = B43_SHM_SH_OFDMBASIC;
3442 offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3446 rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
3448 if (b43_is_cck_rate(rate->hw_value)) {
3449 basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3450 basic_offset &= 0xF;
3452 basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3453 basic_offset &= 0xF;
3457 * Get the pointer that we need to point to
3458 * from the direct map
3460 rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
3461 direct + 2 * basic_offset);
3462 /* and write it to the basic map */
3463 b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
3468 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
3469 struct ieee80211_vif *vif,
3470 struct ieee80211_bss_conf *conf,
3473 struct b43_wl *wl = hw_to_b43_wl(hw);
3474 struct b43_wldev *dev;
3475 unsigned long flags;
3477 mutex_lock(&wl->mutex);
3479 dev = wl->current_dev;
3480 if (!dev || b43_status(dev) < B43_STAT_STARTED)
3481 goto out_unlock_mutex;
3483 B43_WARN_ON(wl->vif != vif);
3485 spin_lock_irqsave(&wl->irq_lock, flags);
3486 if (changed & BSS_CHANGED_BSSID) {
3488 memcpy(wl->bssid, conf->bssid, ETH_ALEN);
3490 memset(wl->bssid, 0, ETH_ALEN);
3493 if (b43_status(dev) >= B43_STAT_INITIALIZED) {
3494 if (changed & BSS_CHANGED_BEACON &&
3495 (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3496 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
3497 b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
3498 b43_update_templates(wl);
3500 if (changed & BSS_CHANGED_BSSID)
3501 b43_write_mac_bssid_templates(dev);
3503 spin_unlock_irqrestore(&wl->irq_lock, flags);
3505 b43_mac_suspend(dev);
3507 /* Update templates for AP/mesh mode. */
3508 if (changed & BSS_CHANGED_BEACON_INT &&
3509 (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3510 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
3511 b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
3512 b43_set_beacon_int(dev, conf->beacon_int);
3514 if (changed & BSS_CHANGED_BASIC_RATES)
3515 b43_update_basic_rates(dev, conf->basic_rates);
3517 if (changed & BSS_CHANGED_ERP_SLOT) {
3518 if (conf->use_short_slot)
3519 b43_short_slot_timing_enable(dev);
3521 b43_short_slot_timing_disable(dev);
3524 b43_mac_enable(dev);
3526 mutex_unlock(&wl->mutex);
3529 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
3530 struct ieee80211_vif *vif, struct ieee80211_sta *sta,
3531 struct ieee80211_key_conf *key)
3533 struct b43_wl *wl = hw_to_b43_wl(hw);
3534 struct b43_wldev *dev;
3538 static const u8 bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
3540 if (modparam_nohwcrypt)
3541 return -ENOSPC; /* User disabled HW-crypto */
3543 mutex_lock(&wl->mutex);
3544 spin_lock_irq(&wl->irq_lock);
3545 write_lock(&wl->tx_lock);
3546 /* Why do we need all this locking here?
3547 * mutex -> Every config operation must take it.
3548 * irq_lock -> We modify the dev->key array, which is accessed
3549 * in the IRQ handlers.
3550 * tx_lock -> We modify the dev->key array, which is accessed
3551 * in the TX handler.
3554 dev = wl->current_dev;
3556 if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
3559 if (dev->fw.pcm_request_failed || !dev->hwcrypto_enabled) {
3560 /* We don't have firmware for the crypto engine.
3561 * Must use software-crypto. */
3569 if (key->keylen == WLAN_KEY_LEN_WEP40)
3570 algorithm = B43_SEC_ALGO_WEP40;
3572 algorithm = B43_SEC_ALGO_WEP104;
3575 algorithm = B43_SEC_ALGO_TKIP;
3578 algorithm = B43_SEC_ALGO_AES;
3584 index = (u8) (key->keyidx);
3590 if (algorithm == B43_SEC_ALGO_TKIP) {
3591 /* FIXME: No TKIP hardware encryption for now. */
3596 if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
3597 if (WARN_ON(!sta)) {
3601 /* Pairwise key with an assigned MAC address. */
3602 err = b43_key_write(dev, -1, algorithm,
3603 key->key, key->keylen,
3607 err = b43_key_write(dev, index, algorithm,
3608 key->key, key->keylen, NULL, key);
3613 if (algorithm == B43_SEC_ALGO_WEP40 ||
3614 algorithm == B43_SEC_ALGO_WEP104) {
3615 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
3618 b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
3620 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
3623 err = b43_key_clear(dev, key->hw_key_idx);
3634 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
3636 cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
3637 sta ? sta->addr : bcast_addr);
3638 b43_dump_keymemory(dev);
3640 write_unlock(&wl->tx_lock);
3641 spin_unlock_irq(&wl->irq_lock);
3642 mutex_unlock(&wl->mutex);
3647 static void b43_op_configure_filter(struct ieee80211_hw *hw,
3648 unsigned int changed, unsigned int *fflags,
3649 int mc_count, struct dev_addr_list *mc_list)
3651 struct b43_wl *wl = hw_to_b43_wl(hw);
3652 struct b43_wldev *dev = wl->current_dev;
3653 unsigned long flags;
3660 spin_lock_irqsave(&wl->irq_lock, flags);
3661 *fflags &= FIF_PROMISC_IN_BSS |
3667 FIF_BCN_PRBRESP_PROMISC;
3669 changed &= FIF_PROMISC_IN_BSS |
3675 FIF_BCN_PRBRESP_PROMISC;
3677 wl->filter_flags = *fflags;
3679 if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
3680 b43_adjust_opmode(dev);
3681 spin_unlock_irqrestore(&wl->irq_lock, flags);
3684 /* Locking: wl->mutex */
3685 static void b43_wireless_core_stop(struct b43_wldev *dev)
3687 struct b43_wl *wl = dev->wl;
3688 unsigned long flags;
3690 if (b43_status(dev) < B43_STAT_STARTED)
3693 /* Disable and sync interrupts. We must do this before than
3694 * setting the status to INITIALIZED, as the interrupt handler
3695 * won't care about IRQs then. */
3696 spin_lock_irqsave(&wl->irq_lock, flags);
3697 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
3698 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* flush */
3699 spin_unlock_irqrestore(&wl->irq_lock, flags);
3700 b43_synchronize_irq(dev);
3702 write_lock_irqsave(&wl->tx_lock, flags);
3703 b43_set_status(dev, B43_STAT_INITIALIZED);
3704 write_unlock_irqrestore(&wl->tx_lock, flags);
3707 mutex_unlock(&wl->mutex);
3708 /* Must unlock as it would otherwise deadlock. No races here.
3709 * Cancel the possibly running self-rearming periodic work. */
3710 cancel_delayed_work_sync(&dev->periodic_work);
3711 mutex_lock(&wl->mutex);
3713 b43_mac_suspend(dev);
3714 free_irq(dev->dev->irq, dev);
3715 b43dbg(wl, "Wireless interface stopped\n");
3718 /* Locking: wl->mutex */
3719 static int b43_wireless_core_start(struct b43_wldev *dev)
3723 B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
3725 drain_txstatus_queue(dev);
3726 err = request_irq(dev->dev->irq, b43_interrupt_handler,
3727 IRQF_SHARED, KBUILD_MODNAME, dev);
3729 b43err(dev->wl, "Cannot request IRQ-%d\n", dev->dev->irq);
3733 /* We are ready to run. */
3734 b43_set_status(dev, B43_STAT_STARTED);
3736 /* Start data flow (TX/RX). */
3737 b43_mac_enable(dev);
3738 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
3740 /* Start maintainance work */
3741 b43_periodic_tasks_setup(dev);
3743 b43dbg(dev->wl, "Wireless interface started\n");
3748 /* Get PHY and RADIO versioning numbers */
3749 static int b43_phy_versioning(struct b43_wldev *dev)
3751 struct b43_phy *phy = &dev->phy;
3759 int unsupported = 0;
3761 /* Get PHY versioning */
3762 tmp = b43_read16(dev, B43_MMIO_PHY_VER);
3763 analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
3764 phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
3765 phy_rev = (tmp & B43_PHYVER_VERSION);
3772 if (phy_rev != 2 && phy_rev != 4 && phy_rev != 6
3780 #ifdef CONFIG_B43_NPHY
3786 #ifdef CONFIG_B43_PHY_LP
3787 case B43_PHYTYPE_LP:
3796 b43err(dev->wl, "FOUND UNSUPPORTED PHY "
3797 "(Analog %u, Type %u, Revision %u)\n",
3798 analog_type, phy_type, phy_rev);
3801 b43dbg(dev->wl, "Found PHY: Analog %u, Type %u, Revision %u\n",
3802 analog_type, phy_type, phy_rev);
3804 /* Get RADIO versioning */
3805 if (dev->dev->bus->chip_id == 0x4317) {
3806 if (dev->dev->bus->chip_rev == 0)
3808 else if (dev->dev->bus->chip_rev == 1)
3813 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
3814 tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
3815 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
3816 tmp |= (u32)b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH) << 16;
3818 radio_manuf = (tmp & 0x00000FFF);
3819 radio_ver = (tmp & 0x0FFFF000) >> 12;
3820 radio_rev = (tmp & 0xF0000000) >> 28;
3821 if (radio_manuf != 0x17F /* Broadcom */)
3825 if (radio_ver != 0x2060)
3829 if (radio_manuf != 0x17F)
3833 if ((radio_ver & 0xFFF0) != 0x2050)
3837 if (radio_ver != 0x2050)
3841 if (radio_ver != 0x2055 && radio_ver != 0x2056)
3844 case B43_PHYTYPE_LP:
3845 if (radio_ver != 0x2062)
3852 b43err(dev->wl, "FOUND UNSUPPORTED RADIO "
3853 "(Manuf 0x%X, Version 0x%X, Revision %u)\n",
3854 radio_manuf, radio_ver, radio_rev);
3857 b43dbg(dev->wl, "Found Radio: Manuf 0x%X, Version 0x%X, Revision %u\n",
3858 radio_manuf, radio_ver, radio_rev);
3860 phy->radio_manuf = radio_manuf;
3861 phy->radio_ver = radio_ver;
3862 phy->radio_rev = radio_rev;
3864 phy->analog = analog_type;
3865 phy->type = phy_type;
3871 static void setup_struct_phy_for_init(struct b43_wldev *dev,
3872 struct b43_phy *phy)
3874 phy->hardware_power_control = !!modparam_hwpctl;
3875 phy->next_txpwr_check_time = jiffies;
3876 /* PHY TX errors counter. */
3877 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3880 phy->phy_locked = 0;
3881 phy->radio_locked = 0;
3885 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
3889 /* Assume the radio is enabled. If it's not enabled, the state will
3890 * immediately get fixed on the first periodic work run. */
3891 dev->radio_hw_enable = 1;
3894 memset(&dev->stats, 0, sizeof(dev->stats));
3896 setup_struct_phy_for_init(dev, &dev->phy);
3898 /* IRQ related flags */
3899 dev->irq_reason = 0;
3900 memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
3901 dev->irq_mask = B43_IRQ_MASKTEMPLATE;
3902 if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
3903 dev->irq_mask &= ~B43_IRQ_PHY_TXERR;
3905 dev->mac_suspended = 1;
3907 /* Noise calculation context */
3908 memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
3911 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
3913 struct ssb_sprom *sprom = &dev->dev->bus->sprom;
3916 if (!modparam_btcoex)
3918 if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
3920 if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
3923 hf = b43_hf_read(dev);
3924 if (sprom->boardflags_lo & B43_BFL_BTCMOD)
3925 hf |= B43_HF_BTCOEXALT;
3927 hf |= B43_HF_BTCOEX;
3928 b43_hf_write(dev, hf);
3931 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
3933 if (!modparam_btcoex)
3938 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
3940 #ifdef CONFIG_SSB_DRIVER_PCICORE
3941 struct ssb_bus *bus = dev->dev->bus;
3944 if (bus->pcicore.dev &&
3945 bus->pcicore.dev->id.coreid == SSB_DEV_PCI &&
3946 bus->pcicore.dev->id.revision <= 5) {
3947 /* IMCFGLO timeouts workaround. */
3948 tmp = ssb_read32(dev->dev, SSB_IMCFGLO);
3949 tmp &= ~SSB_IMCFGLO_REQTO;
3950 tmp &= ~SSB_IMCFGLO_SERTO;
3951 switch (bus->bustype) {
3952 case SSB_BUSTYPE_PCI:
3953 case SSB_BUSTYPE_PCMCIA:
3956 case SSB_BUSTYPE_SSB:
3960 ssb_write32(dev->dev, SSB_IMCFGLO, tmp);
3962 #endif /* CONFIG_SSB_DRIVER_PCICORE */
3965 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
3969 /* The time value is in microseconds. */
3970 if (dev->phy.type == B43_PHYTYPE_A)
3974 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
3976 if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
3977 pu_delay = max(pu_delay, (u16)2400);
3979 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
3982 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
3983 static void b43_set_pretbtt(struct b43_wldev *dev)
3987 /* The time value is in microseconds. */
3988 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC)) {
3991 if (dev->phy.type == B43_PHYTYPE_A)
3996 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
3997 b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
4000 /* Shutdown a wireless core */
4001 /* Locking: wl->mutex */
4002 static void b43_wireless_core_exit(struct b43_wldev *dev)
4006 B43_WARN_ON(b43_status(dev) > B43_STAT_INITIALIZED);
4007 if (b43_status(dev) != B43_STAT_INITIALIZED)
4009 b43_set_status(dev, B43_STAT_UNINIT);
4011 /* Stop the microcode PSM. */
4012 macctl = b43_read32(dev, B43_MMIO_MACCTL);
4013 macctl &= ~B43_MACCTL_PSM_RUN;
4014 macctl |= B43_MACCTL_PSM_JMP0;
4015 b43_write32(dev, B43_MMIO_MACCTL, macctl);
4017 if (!dev->suspend_in_progress) {
4019 b43_rng_exit(dev->wl);
4024 dev->phy.ops->switch_analog(dev, 0);
4025 if (dev->wl->current_beacon) {
4026 dev_kfree_skb_any(dev->wl->current_beacon);
4027 dev->wl->current_beacon = NULL;
4030 ssb_device_disable(dev->dev, 0);
4031 ssb_bus_may_powerdown(dev->dev->bus);
4034 /* Initialize a wireless core */
4035 static int b43_wireless_core_init(struct b43_wldev *dev)
4037 struct b43_wl *wl = dev->wl;
4038 struct ssb_bus *bus = dev->dev->bus;
4039 struct ssb_sprom *sprom = &bus->sprom;
4040 struct b43_phy *phy = &dev->phy;
4045 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4047 err = ssb_bus_powerup(bus, 0);
4050 if (!ssb_device_is_enabled(dev->dev)) {
4051 tmp = phy->gmode ? B43_TMSLOW_GMODE : 0;
4052 b43_wireless_core_reset(dev, tmp);
4055 /* Reset all data structures. */
4056 setup_struct_wldev_for_init(dev);
4057 phy->ops->prepare_structs(dev);
4059 /* Enable IRQ routing to this device. */
4060 ssb_pcicore_dev_irqvecs_enable(&bus->pcicore, dev->dev);
4062 b43_imcfglo_timeouts_workaround(dev);
4063 b43_bluetooth_coext_disable(dev);
4064 if (phy->ops->prepare_hardware) {
4065 err = phy->ops->prepare_hardware(dev);
4069 err = b43_chip_init(dev);
4072 b43_shm_write16(dev, B43_SHM_SHARED,
4073 B43_SHM_SH_WLCOREREV, dev->dev->id.revision);
4074 hf = b43_hf_read(dev);
4075 if (phy->type == B43_PHYTYPE_G) {
4079 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4080 hf |= B43_HF_OFDMPABOOST;
4082 if (phy->radio_ver == 0x2050) {
4083 if (phy->radio_rev == 6)
4084 hf |= B43_HF_4318TSSI;
4085 if (phy->radio_rev < 6)
4086 hf |= B43_HF_VCORECALC;
4088 if (sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW)
4089 hf |= B43_HF_DSCRQ; /* Disable slowclock requests from ucode. */
4090 #ifdef CONFIG_SSB_DRIVER_PCICORE
4091 if ((bus->bustype == SSB_BUSTYPE_PCI) &&
4092 (bus->pcicore.dev->id.revision <= 10))
4093 hf |= B43_HF_PCISCW; /* PCI slow clock workaround. */
4095 hf &= ~B43_HF_SKCFPUP;
4096 b43_hf_write(dev, hf);
4098 b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4099 B43_DEFAULT_LONG_RETRY_LIMIT);
4100 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4101 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4103 /* Disable sending probe responses from firmware.
4104 * Setting the MaxTime to one usec will always trigger
4105 * a timeout, so we never send any probe resp.
4106 * A timeout of zero is infinite. */
4107 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4109 b43_rate_memory_init(dev);
4110 b43_set_phytxctl_defaults(dev);
4112 /* Minimum Contention Window */
4113 if (phy->type == B43_PHYTYPE_B) {
4114 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4116 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4118 /* Maximum Contention Window */
4119 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4121 if ((dev->dev->bus->bustype == SSB_BUSTYPE_PCMCIA) || B43_FORCE_PIO) {
4122 dev->__using_pio_transfers = 1;
4123 err = b43_pio_init(dev);
4125 dev->__using_pio_transfers = 0;
4126 err = b43_dma_init(dev);
4131 b43_set_synth_pu_delay(dev, 1);
4132 b43_bluetooth_coext_enable(dev);
4134 ssb_bus_powerup(bus, !(sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW));
4135 b43_upload_card_macaddress(dev);
4136 b43_security_init(dev);
4137 if (!dev->suspend_in_progress)
4140 b43_set_status(dev, B43_STAT_INITIALIZED);
4142 if (!dev->suspend_in_progress)
4150 ssb_bus_may_powerdown(bus);
4151 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4155 static int b43_op_add_interface(struct ieee80211_hw *hw,
4156 struct ieee80211_if_init_conf *conf)
4158 struct b43_wl *wl = hw_to_b43_wl(hw);
4159 struct b43_wldev *dev;
4160 unsigned long flags;
4161 int err = -EOPNOTSUPP;
4163 /* TODO: allow WDS/AP devices to coexist */
4165 if (conf->type != NL80211_IFTYPE_AP &&
4166 conf->type != NL80211_IFTYPE_MESH_POINT &&
4167 conf->type != NL80211_IFTYPE_STATION &&
4168 conf->type != NL80211_IFTYPE_WDS &&
4169 conf->type != NL80211_IFTYPE_ADHOC)
4172 mutex_lock(&wl->mutex);
4174 goto out_mutex_unlock;
4176 b43dbg(wl, "Adding Interface type %d\n", conf->type);
4178 dev = wl->current_dev;
4180 wl->vif = conf->vif;
4181 wl->if_type = conf->type;
4182 memcpy(wl->mac_addr, conf->mac_addr, ETH_ALEN);
4184 spin_lock_irqsave(&wl->irq_lock, flags);
4185 b43_adjust_opmode(dev);
4186 b43_set_pretbtt(dev);
4187 b43_set_synth_pu_delay(dev, 0);
4188 b43_upload_card_macaddress(dev);
4189 spin_unlock_irqrestore(&wl->irq_lock, flags);
4193 mutex_unlock(&wl->mutex);
4198 static void b43_op_remove_interface(struct ieee80211_hw *hw,
4199 struct ieee80211_if_init_conf *conf)
4201 struct b43_wl *wl = hw_to_b43_wl(hw);
4202 struct b43_wldev *dev = wl->current_dev;
4203 unsigned long flags;
4205 b43dbg(wl, "Removing Interface type %d\n", conf->type);
4207 mutex_lock(&wl->mutex);
4209 B43_WARN_ON(!wl->operating);
4210 B43_WARN_ON(wl->vif != conf->vif);
4215 spin_lock_irqsave(&wl->irq_lock, flags);
4216 b43_adjust_opmode(dev);
4217 memset(wl->mac_addr, 0, ETH_ALEN);
4218 b43_upload_card_macaddress(dev);
4219 spin_unlock_irqrestore(&wl->irq_lock, flags);
4221 mutex_unlock(&wl->mutex);
4224 static int b43_op_start(struct ieee80211_hw *hw)
4226 struct b43_wl *wl = hw_to_b43_wl(hw);
4227 struct b43_wldev *dev = wl->current_dev;
4231 /* Kill all old instance specific information to make sure
4232 * the card won't use it in the short timeframe between start
4233 * and mac80211 reconfiguring it. */
4234 memset(wl->bssid, 0, ETH_ALEN);
4235 memset(wl->mac_addr, 0, ETH_ALEN);
4236 wl->filter_flags = 0;
4237 wl->radiotap_enabled = 0;
4239 wl->beacon0_uploaded = 0;
4240 wl->beacon1_uploaded = 0;
4241 wl->beacon_templates_virgin = 1;
4242 wl->radio_enabled = 1;
4244 mutex_lock(&wl->mutex);
4246 if (b43_status(dev) < B43_STAT_INITIALIZED) {
4247 err = b43_wireless_core_init(dev);
4249 goto out_mutex_unlock;
4253 if (b43_status(dev) < B43_STAT_STARTED) {
4254 err = b43_wireless_core_start(dev);
4257 b43_wireless_core_exit(dev);
4258 goto out_mutex_unlock;
4262 /* XXX: only do if device doesn't support rfkill irq */
4263 wiphy_rfkill_start_polling(hw->wiphy);
4266 mutex_unlock(&wl->mutex);
4271 static void b43_op_stop(struct ieee80211_hw *hw)
4273 struct b43_wl *wl = hw_to_b43_wl(hw);
4274 struct b43_wldev *dev = wl->current_dev;
4276 cancel_work_sync(&(wl->beacon_update_trigger));
4278 mutex_lock(&wl->mutex);
4279 if (b43_status(dev) >= B43_STAT_STARTED)
4280 b43_wireless_core_stop(dev);
4281 b43_wireless_core_exit(dev);
4282 wl->radio_enabled = 0;
4283 mutex_unlock(&wl->mutex);
4285 cancel_work_sync(&(wl->txpower_adjust_work));
4288 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
4289 struct ieee80211_sta *sta, bool set)
4291 struct b43_wl *wl = hw_to_b43_wl(hw);
4292 unsigned long flags;
4294 spin_lock_irqsave(&wl->irq_lock, flags);
4295 b43_update_templates(wl);
4296 spin_unlock_irqrestore(&wl->irq_lock, flags);
4301 static void b43_op_sta_notify(struct ieee80211_hw *hw,
4302 struct ieee80211_vif *vif,
4303 enum sta_notify_cmd notify_cmd,
4304 struct ieee80211_sta *sta)
4306 struct b43_wl *wl = hw_to_b43_wl(hw);
4308 B43_WARN_ON(!vif || wl->vif != vif);
4311 static void b43_op_sw_scan_start_notifier(struct ieee80211_hw *hw)
4313 struct b43_wl *wl = hw_to_b43_wl(hw);
4314 struct b43_wldev *dev;
4316 mutex_lock(&wl->mutex);
4317 dev = wl->current_dev;
4318 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4319 /* Disable CFP update during scan on other channels. */
4320 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_SKCFPUP);
4322 mutex_unlock(&wl->mutex);
4325 static void b43_op_sw_scan_complete_notifier(struct ieee80211_hw *hw)
4327 struct b43_wl *wl = hw_to_b43_wl(hw);
4328 struct b43_wldev *dev;
4330 mutex_lock(&wl->mutex);
4331 dev = wl->current_dev;
4332 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4333 /* Re-enable CFP update. */
4334 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_SKCFPUP);
4336 mutex_unlock(&wl->mutex);
4339 static const struct ieee80211_ops b43_hw_ops = {
4341 .conf_tx = b43_op_conf_tx,
4342 .add_interface = b43_op_add_interface,
4343 .remove_interface = b43_op_remove_interface,
4344 .config = b43_op_config,
4345 .bss_info_changed = b43_op_bss_info_changed,
4346 .configure_filter = b43_op_configure_filter,
4347 .set_key = b43_op_set_key,
4348 .get_stats = b43_op_get_stats,
4349 .get_tx_stats = b43_op_get_tx_stats,
4350 .get_tsf = b43_op_get_tsf,
4351 .set_tsf = b43_op_set_tsf,
4352 .start = b43_op_start,
4353 .stop = b43_op_stop,
4354 .set_tim = b43_op_beacon_set_tim,
4355 .sta_notify = b43_op_sta_notify,
4356 .sw_scan_start = b43_op_sw_scan_start_notifier,
4357 .sw_scan_complete = b43_op_sw_scan_complete_notifier,
4358 .rfkill_poll = b43_rfkill_poll,
4361 /* Hard-reset the chip. Do not call this directly.
4362 * Use b43_controller_restart()
4364 static void b43_chip_reset(struct work_struct *work)
4366 struct b43_wldev *dev =
4367 container_of(work, struct b43_wldev, restart_work);
4368 struct b43_wl *wl = dev->wl;
4372 mutex_lock(&wl->mutex);
4374 prev_status = b43_status(dev);
4375 /* Bring the device down... */
4376 if (prev_status >= B43_STAT_STARTED)
4377 b43_wireless_core_stop(dev);
4378 if (prev_status >= B43_STAT_INITIALIZED)
4379 b43_wireless_core_exit(dev);
4381 /* ...and up again. */
4382 if (prev_status >= B43_STAT_INITIALIZED) {
4383 err = b43_wireless_core_init(dev);
4387 if (prev_status >= B43_STAT_STARTED) {
4388 err = b43_wireless_core_start(dev);
4390 b43_wireless_core_exit(dev);
4396 wl->current_dev = NULL; /* Failed to init the dev. */
4397 mutex_unlock(&wl->mutex);
4399 b43err(wl, "Controller restart FAILED\n");
4401 b43info(wl, "Controller restarted\n");
4404 static int b43_setup_bands(struct b43_wldev *dev,
4405 bool have_2ghz_phy, bool have_5ghz_phy)
4407 struct ieee80211_hw *hw = dev->wl->hw;
4410 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &b43_band_2GHz;
4411 if (dev->phy.type == B43_PHYTYPE_N) {
4413 hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_nphy;
4416 hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
4419 dev->phy.supports_2ghz = have_2ghz_phy;
4420 dev->phy.supports_5ghz = have_5ghz_phy;
4425 static void b43_wireless_core_detach(struct b43_wldev *dev)
4427 /* We release firmware that late to not be required to re-request
4428 * is all the time when we reinit the core. */
4429 b43_release_firmware(dev);
4433 static int b43_wireless_core_attach(struct b43_wldev *dev)
4435 struct b43_wl *wl = dev->wl;
4436 struct ssb_bus *bus = dev->dev->bus;
4437 struct pci_dev *pdev = bus->host_pci;
4439 bool have_2ghz_phy = 0, have_5ghz_phy = 0;
4442 /* Do NOT do any device initialization here.
4443 * Do it in wireless_core_init() instead.
4444 * This function is for gathering basic information about the HW, only.
4445 * Also some structs may be set up here. But most likely you want to have
4446 * that in core_init(), too.
4449 err = ssb_bus_powerup(bus, 0);
4451 b43err(wl, "Bus powerup failed\n");
4454 /* Get the PHY type. */
4455 if (dev->dev->id.revision >= 5) {
4458 tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
4459 have_2ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY);
4460 have_5ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_5GHZ_PHY);
4464 dev->phy.gmode = have_2ghz_phy;
4465 dev->phy.radio_on = 1;
4466 tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4467 b43_wireless_core_reset(dev, tmp);
4469 err = b43_phy_versioning(dev);
4472 /* Check if this device supports multiband. */
4474 (pdev->device != 0x4312 &&
4475 pdev->device != 0x4319 && pdev->device != 0x4324)) {
4476 /* No multiband support. */
4479 switch (dev->phy.type) {
4485 case B43_PHYTYPE_LP:
4492 if (dev->phy.type == B43_PHYTYPE_A) {
4494 b43err(wl, "IEEE 802.11a devices are unsupported\n");
4498 if (1 /* disable A-PHY */) {
4499 /* FIXME: For now we disable the A-PHY on multi-PHY devices. */
4500 if (dev->phy.type != B43_PHYTYPE_N) {
4506 err = b43_phy_allocate(dev);
4510 dev->phy.gmode = have_2ghz_phy;
4511 tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4512 b43_wireless_core_reset(dev, tmp);
4514 err = b43_validate_chipaccess(dev);
4517 err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
4521 /* Now set some default "current_dev" */
4522 if (!wl->current_dev)
4523 wl->current_dev = dev;
4524 INIT_WORK(&dev->restart_work, b43_chip_reset);
4526 dev->phy.ops->switch_analog(dev, 0);
4527 ssb_device_disable(dev->dev, 0);
4528 ssb_bus_may_powerdown(bus);
4536 ssb_bus_may_powerdown(bus);
4540 static void b43_one_core_detach(struct ssb_device *dev)
4542 struct b43_wldev *wldev;
4545 /* Do not cancel ieee80211-workqueue based work here.
4546 * See comment in b43_remove(). */
4548 wldev = ssb_get_drvdata(dev);
4550 b43_debugfs_remove_device(wldev);
4551 b43_wireless_core_detach(wldev);
4552 list_del(&wldev->list);
4554 ssb_set_drvdata(dev, NULL);
4558 static int b43_one_core_attach(struct ssb_device *dev, struct b43_wl *wl)
4560 struct b43_wldev *wldev;
4561 struct pci_dev *pdev;
4564 if (!list_empty(&wl->devlist)) {
4565 /* We are not the first core on this chip. */
4566 pdev = dev->bus->host_pci;
4567 /* Only special chips support more than one wireless
4568 * core, although some of the other chips have more than
4569 * one wireless core as well. Check for this and
4573 ((pdev->device != 0x4321) &&
4574 (pdev->device != 0x4313) && (pdev->device != 0x431A))) {
4575 b43dbg(wl, "Ignoring unconnected 802.11 core\n");
4580 wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
4586 b43_set_status(wldev, B43_STAT_UNINIT);
4587 wldev->bad_frames_preempt = modparam_bad_frames_preempt;
4588 tasklet_init(&wldev->isr_tasklet,
4589 (void (*)(unsigned long))b43_interrupt_tasklet,
4590 (unsigned long)wldev);
4591 INIT_LIST_HEAD(&wldev->list);
4593 err = b43_wireless_core_attach(wldev);
4595 goto err_kfree_wldev;
4597 list_add(&wldev->list, &wl->devlist);
4599 ssb_set_drvdata(dev, wldev);
4600 b43_debugfs_add_device(wldev);
4610 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice) ( \
4611 (pdev->vendor == PCI_VENDOR_ID_##_vendor) && \
4612 (pdev->device == _device) && \
4613 (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) && \
4614 (pdev->subsystem_device == _subdevice) )
4616 static void b43_sprom_fixup(struct ssb_bus *bus)
4618 struct pci_dev *pdev;
4620 /* boardflags workarounds */
4621 if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
4622 bus->chip_id == 0x4301 && bus->boardinfo.rev == 0x74)
4623 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
4624 if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
4625 bus->boardinfo.type == 0x4E && bus->boardinfo.rev > 0x40)
4626 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
4627 if (bus->bustype == SSB_BUSTYPE_PCI) {
4628 pdev = bus->host_pci;
4629 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
4630 IS_PDEV(pdev, BROADCOM, 0x4320, DELL, 0x0003) ||
4631 IS_PDEV(pdev, BROADCOM, 0x4320, HP, 0x12f8) ||
4632 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
4633 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
4634 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
4635 IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
4636 bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
4640 static void b43_wireless_exit(struct ssb_device *dev, struct b43_wl *wl)
4642 struct ieee80211_hw *hw = wl->hw;
4644 ssb_set_devtypedata(dev, NULL);
4645 ieee80211_free_hw(hw);
4648 static int b43_wireless_init(struct ssb_device *dev)
4650 struct ssb_sprom *sprom = &dev->bus->sprom;
4651 struct ieee80211_hw *hw;
4655 b43_sprom_fixup(dev->bus);
4657 hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
4659 b43err(NULL, "Could not allocate ieee80211 device\n");
4662 wl = hw_to_b43_wl(hw);
4665 hw->flags = IEEE80211_HW_RX_INCLUDES_FCS |
4666 IEEE80211_HW_SIGNAL_DBM |
4667 IEEE80211_HW_NOISE_DBM;
4669 hw->wiphy->interface_modes =
4670 BIT(NL80211_IFTYPE_AP) |
4671 BIT(NL80211_IFTYPE_MESH_POINT) |
4672 BIT(NL80211_IFTYPE_STATION) |
4673 BIT(NL80211_IFTYPE_WDS) |
4674 BIT(NL80211_IFTYPE_ADHOC);
4676 hw->queues = modparam_qos ? 4 : 1;
4677 wl->mac80211_initially_registered_queues = hw->queues;
4679 SET_IEEE80211_DEV(hw, dev->dev);
4680 if (is_valid_ether_addr(sprom->et1mac))
4681 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
4683 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
4685 /* Initialize struct b43_wl */
4687 spin_lock_init(&wl->irq_lock);
4688 rwlock_init(&wl->tx_lock);
4689 spin_lock_init(&wl->leds_lock);
4690 spin_lock_init(&wl->shm_lock);
4691 mutex_init(&wl->mutex);
4692 INIT_LIST_HEAD(&wl->devlist);
4693 INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
4694 INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
4696 ssb_set_devtypedata(dev, wl);
4697 b43info(wl, "Broadcom %04X WLAN found (core revision %u)\n",
4698 dev->bus->chip_id, dev->id.revision);
4704 static int b43_probe(struct ssb_device *dev, const struct ssb_device_id *id)
4710 wl = ssb_get_devtypedata(dev);
4712 /* Probing the first core. Must setup common struct b43_wl */
4714 err = b43_wireless_init(dev);
4717 wl = ssb_get_devtypedata(dev);
4720 err = b43_one_core_attach(dev, wl);
4722 goto err_wireless_exit;
4725 err = ieee80211_register_hw(wl->hw);
4727 goto err_one_core_detach;
4733 err_one_core_detach:
4734 b43_one_core_detach(dev);
4737 b43_wireless_exit(dev, wl);
4741 static void b43_remove(struct ssb_device *dev)
4743 struct b43_wl *wl = ssb_get_devtypedata(dev);
4744 struct b43_wldev *wldev = ssb_get_drvdata(dev);
4746 /* We must cancel any work here before unregistering from ieee80211,
4747 * as the ieee80211 unreg will destroy the workqueue. */
4748 cancel_work_sync(&wldev->restart_work);
4751 if (wl->current_dev == wldev) {
4752 /* Restore the queues count before unregistering, because firmware detect
4753 * might have modified it. Restoring is important, so the networking
4754 * stack can properly free resources. */
4755 wl->hw->queues = wl->mac80211_initially_registered_queues;
4756 ieee80211_unregister_hw(wl->hw);
4759 b43_one_core_detach(dev);
4761 if (list_empty(&wl->devlist)) {
4762 /* Last core on the chip unregistered.
4763 * We can destroy common struct b43_wl.
4765 b43_wireless_exit(dev, wl);
4769 /* Perform a hardware reset. This can be called from any context. */
4770 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
4772 /* Must avoid requeueing, if we are in shutdown. */
4773 if (b43_status(dev) < B43_STAT_INITIALIZED)
4775 b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
4776 ieee80211_queue_work(dev->wl->hw, &dev->restart_work);
4781 static int b43_suspend(struct ssb_device *dev, pm_message_t state)
4783 struct b43_wldev *wldev = ssb_get_drvdata(dev);
4784 struct b43_wl *wl = wldev->wl;
4786 b43dbg(wl, "Suspending...\n");
4788 mutex_lock(&wl->mutex);
4789 wldev->suspend_in_progress = true;
4790 wldev->suspend_init_status = b43_status(wldev);
4791 if (wldev->suspend_init_status >= B43_STAT_STARTED)
4792 b43_wireless_core_stop(wldev);
4793 if (wldev->suspend_init_status >= B43_STAT_INITIALIZED)
4794 b43_wireless_core_exit(wldev);
4795 mutex_unlock(&wl->mutex);
4797 b43dbg(wl, "Device suspended.\n");
4802 static int b43_resume(struct ssb_device *dev)
4804 struct b43_wldev *wldev = ssb_get_drvdata(dev);
4805 struct b43_wl *wl = wldev->wl;
4808 b43dbg(wl, "Resuming...\n");
4810 mutex_lock(&wl->mutex);
4811 if (wldev->suspend_init_status >= B43_STAT_INITIALIZED) {
4812 err = b43_wireless_core_init(wldev);
4814 b43err(wl, "Resume failed at core init\n");
4818 if (wldev->suspend_init_status >= B43_STAT_STARTED) {
4819 err = b43_wireless_core_start(wldev);
4821 b43_leds_exit(wldev);
4822 b43_rng_exit(wldev->wl);
4823 b43_wireless_core_exit(wldev);
4824 b43err(wl, "Resume failed at core start\n");
4828 b43dbg(wl, "Device resumed.\n");
4830 wldev->suspend_in_progress = false;
4831 mutex_unlock(&wl->mutex);
4835 #else /* CONFIG_PM */
4836 # define b43_suspend NULL
4837 # define b43_resume NULL
4838 #endif /* CONFIG_PM */
4840 static struct ssb_driver b43_ssb_driver = {
4841 .name = KBUILD_MODNAME,
4842 .id_table = b43_ssb_tbl,
4844 .remove = b43_remove,
4845 .suspend = b43_suspend,
4846 .resume = b43_resume,
4849 static void b43_print_driverinfo(void)
4851 const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
4854 #ifdef CONFIG_B43_PCI_AUTOSELECT
4857 #ifdef CONFIG_B43_PCMCIA
4860 #ifdef CONFIG_B43_NPHY
4863 #ifdef CONFIG_B43_LEDS
4866 printk(KERN_INFO "Broadcom 43xx driver loaded "
4867 "[ Features: %s%s%s%s, Firmware-ID: "
4868 B43_SUPPORTED_FIRMWARE_ID " ]\n",
4869 feat_pci, feat_pcmcia, feat_nphy,
4873 static int __init b43_init(void)
4878 err = b43_pcmcia_init();
4881 err = ssb_driver_register(&b43_ssb_driver);
4883 goto err_pcmcia_exit;
4884 b43_print_driverinfo();
4895 static void __exit b43_exit(void)
4897 ssb_driver_unregister(&b43_ssb_driver);
4902 module_init(b43_init)
4903 module_exit(b43_exit)
git.openpandora.org / pandora-kernel.git / blob