3 Broadcom B43 wireless driver
5 Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6 Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7 Copyright (c) 2005, 2006 Michael Buesch <mb@bu3sch.de>
8 Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9 Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
11 Some parts of the code in this file are derived from the ipw2200
12 driver Copyright(c) 2003 - 2004 Intel Corporation.
14 This program is free software; you can redistribute it and/or modify
15 it under the terms of the GNU General Public License as published by
16 the Free Software Foundation; either version 2 of the License, or
17 (at your option) any later version.
19 This program is distributed in the hope that it will be useful,
20 but WITHOUT ANY WARRANTY; without even the implied warranty of
21 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 GNU General Public License for more details.
24 You should have received a copy of the GNU General Public License
25 along with this program; see the file COPYING. If not, write to
26 the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
27 Boston, MA 02110-1301, USA.
31 #include <linux/delay.h>
32 #include <linux/init.h>
33 #include <linux/moduleparam.h>
34 #include <linux/if_arp.h>
35 #include <linux/etherdevice.h>
36 #include <linux/version.h>
37 #include <linux/firmware.h>
38 #include <linux/wireless.h>
39 #include <linux/workqueue.h>
40 #include <linux/skbuff.h>
42 #include <linux/dma-mapping.h>
43 #include <asm/unaligned.h>
57 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
58 MODULE_AUTHOR("Martin Langer");
59 MODULE_AUTHOR("Stefano Brivio");
60 MODULE_AUTHOR("Michael Buesch");
61 MODULE_LICENSE("GPL");
63 MODULE_FIRMWARE(B43_SUPPORTED_FIRMWARE_ID);
66 static int modparam_bad_frames_preempt;
67 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
68 MODULE_PARM_DESC(bad_frames_preempt,
69 "enable(1) / disable(0) Bad Frames Preemption");
71 static char modparam_fwpostfix[16];
72 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
73 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
75 static int modparam_hwpctl;
76 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
77 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
79 static int modparam_nohwcrypt;
80 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
81 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
83 int b43_modparam_qos = 1;
84 module_param_named(qos, b43_modparam_qos, int, 0444);
85 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
87 static int modparam_btcoex = 1;
88 module_param_named(btcoex, modparam_btcoex, int, 0444);
89 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistance (default on)");
92 static const struct ssb_device_id b43_ssb_tbl[] = {
93 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
94 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
95 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
96 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
97 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
98 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
99 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
103 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
105 /* Channel and ratetables are shared for all devices.
106 * They can't be const, because ieee80211 puts some precalculated
107 * data in there. This data is the same for all devices, so we don't
108 * get concurrency issues */
109 #define RATETAB_ENT(_rateid, _flags) \
111 .bitrate = B43_RATE_TO_BASE100KBPS(_rateid), \
112 .hw_value = (_rateid), \
117 * NOTE: When changing this, sync with xmit.c's
118 * b43_plcp_get_bitrate_idx_* functions!
120 static struct ieee80211_rate __b43_ratetable[] = {
121 RATETAB_ENT(B43_CCK_RATE_1MB, 0),
122 RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
123 RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
124 RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
125 RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
126 RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
127 RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
128 RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
129 RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
130 RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
131 RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
132 RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
135 #define b43_a_ratetable (__b43_ratetable + 4)
136 #define b43_a_ratetable_size 8
137 #define b43_b_ratetable (__b43_ratetable + 0)
138 #define b43_b_ratetable_size 4
139 #define b43_g_ratetable (__b43_ratetable + 0)
140 #define b43_g_ratetable_size 12
142 #define CHAN4G(_channel, _freq, _flags) { \
143 .band = IEEE80211_BAND_2GHZ, \
144 .center_freq = (_freq), \
145 .hw_value = (_channel), \
147 .max_antenna_gain = 0, \
150 static struct ieee80211_channel b43_2ghz_chantable[] = {
168 #define CHAN5G(_channel, _flags) { \
169 .band = IEEE80211_BAND_5GHZ, \
170 .center_freq = 5000 + (5 * (_channel)), \
171 .hw_value = (_channel), \
173 .max_antenna_gain = 0, \
176 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
177 CHAN5G(32, 0), CHAN5G(34, 0),
178 CHAN5G(36, 0), CHAN5G(38, 0),
179 CHAN5G(40, 0), CHAN5G(42, 0),
180 CHAN5G(44, 0), CHAN5G(46, 0),
181 CHAN5G(48, 0), CHAN5G(50, 0),
182 CHAN5G(52, 0), CHAN5G(54, 0),
183 CHAN5G(56, 0), CHAN5G(58, 0),
184 CHAN5G(60, 0), CHAN5G(62, 0),
185 CHAN5G(64, 0), CHAN5G(66, 0),
186 CHAN5G(68, 0), CHAN5G(70, 0),
187 CHAN5G(72, 0), CHAN5G(74, 0),
188 CHAN5G(76, 0), CHAN5G(78, 0),
189 CHAN5G(80, 0), CHAN5G(82, 0),
190 CHAN5G(84, 0), CHAN5G(86, 0),
191 CHAN5G(88, 0), CHAN5G(90, 0),
192 CHAN5G(92, 0), CHAN5G(94, 0),
193 CHAN5G(96, 0), CHAN5G(98, 0),
194 CHAN5G(100, 0), CHAN5G(102, 0),
195 CHAN5G(104, 0), CHAN5G(106, 0),
196 CHAN5G(108, 0), CHAN5G(110, 0),
197 CHAN5G(112, 0), CHAN5G(114, 0),
198 CHAN5G(116, 0), CHAN5G(118, 0),
199 CHAN5G(120, 0), CHAN5G(122, 0),
200 CHAN5G(124, 0), CHAN5G(126, 0),
201 CHAN5G(128, 0), CHAN5G(130, 0),
202 CHAN5G(132, 0), CHAN5G(134, 0),
203 CHAN5G(136, 0), CHAN5G(138, 0),
204 CHAN5G(140, 0), CHAN5G(142, 0),
205 CHAN5G(144, 0), CHAN5G(145, 0),
206 CHAN5G(146, 0), CHAN5G(147, 0),
207 CHAN5G(148, 0), CHAN5G(149, 0),
208 CHAN5G(150, 0), CHAN5G(151, 0),
209 CHAN5G(152, 0), CHAN5G(153, 0),
210 CHAN5G(154, 0), CHAN5G(155, 0),
211 CHAN5G(156, 0), CHAN5G(157, 0),
212 CHAN5G(158, 0), CHAN5G(159, 0),
213 CHAN5G(160, 0), CHAN5G(161, 0),
214 CHAN5G(162, 0), CHAN5G(163, 0),
215 CHAN5G(164, 0), CHAN5G(165, 0),
216 CHAN5G(166, 0), CHAN5G(168, 0),
217 CHAN5G(170, 0), CHAN5G(172, 0),
218 CHAN5G(174, 0), CHAN5G(176, 0),
219 CHAN5G(178, 0), CHAN5G(180, 0),
220 CHAN5G(182, 0), CHAN5G(184, 0),
221 CHAN5G(186, 0), CHAN5G(188, 0),
222 CHAN5G(190, 0), CHAN5G(192, 0),
223 CHAN5G(194, 0), CHAN5G(196, 0),
224 CHAN5G(198, 0), CHAN5G(200, 0),
225 CHAN5G(202, 0), CHAN5G(204, 0),
226 CHAN5G(206, 0), CHAN5G(208, 0),
227 CHAN5G(210, 0), CHAN5G(212, 0),
228 CHAN5G(214, 0), CHAN5G(216, 0),
229 CHAN5G(218, 0), CHAN5G(220, 0),
230 CHAN5G(222, 0), CHAN5G(224, 0),
231 CHAN5G(226, 0), CHAN5G(228, 0),
234 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
235 CHAN5G(34, 0), CHAN5G(36, 0),
236 CHAN5G(38, 0), CHAN5G(40, 0),
237 CHAN5G(42, 0), CHAN5G(44, 0),
238 CHAN5G(46, 0), CHAN5G(48, 0),
239 CHAN5G(52, 0), CHAN5G(56, 0),
240 CHAN5G(60, 0), CHAN5G(64, 0),
241 CHAN5G(100, 0), CHAN5G(104, 0),
242 CHAN5G(108, 0), CHAN5G(112, 0),
243 CHAN5G(116, 0), CHAN5G(120, 0),
244 CHAN5G(124, 0), CHAN5G(128, 0),
245 CHAN5G(132, 0), CHAN5G(136, 0),
246 CHAN5G(140, 0), CHAN5G(149, 0),
247 CHAN5G(153, 0), CHAN5G(157, 0),
248 CHAN5G(161, 0), CHAN5G(165, 0),
249 CHAN5G(184, 0), CHAN5G(188, 0),
250 CHAN5G(192, 0), CHAN5G(196, 0),
251 CHAN5G(200, 0), CHAN5G(204, 0),
252 CHAN5G(208, 0), CHAN5G(212, 0),
257 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
258 .band = IEEE80211_BAND_5GHZ,
259 .channels = b43_5ghz_nphy_chantable,
260 .n_channels = ARRAY_SIZE(b43_5ghz_nphy_chantable),
261 .bitrates = b43_a_ratetable,
262 .n_bitrates = b43_a_ratetable_size,
265 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
266 .band = IEEE80211_BAND_5GHZ,
267 .channels = b43_5ghz_aphy_chantable,
268 .n_channels = ARRAY_SIZE(b43_5ghz_aphy_chantable),
269 .bitrates = b43_a_ratetable,
270 .n_bitrates = b43_a_ratetable_size,
273 static struct ieee80211_supported_band b43_band_2GHz = {
274 .band = IEEE80211_BAND_2GHZ,
275 .channels = b43_2ghz_chantable,
276 .n_channels = ARRAY_SIZE(b43_2ghz_chantable),
277 .bitrates = b43_g_ratetable,
278 .n_bitrates = b43_g_ratetable_size,
281 static void b43_wireless_core_exit(struct b43_wldev *dev);
282 static int b43_wireless_core_init(struct b43_wldev *dev);
283 static void b43_wireless_core_stop(struct b43_wldev *dev);
284 static int b43_wireless_core_start(struct b43_wldev *dev);
286 static int b43_ratelimit(struct b43_wl *wl)
288 if (!wl || !wl->current_dev)
290 if (b43_status(wl->current_dev) < B43_STAT_STARTED)
292 /* We are up and running.
293 * Ratelimit the messages to avoid DoS over the net. */
294 return net_ratelimit();
297 void b43info(struct b43_wl *wl, const char *fmt, ...)
301 if (!b43_ratelimit(wl))
304 printk(KERN_INFO "b43-%s: ",
305 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
310 void b43err(struct b43_wl *wl, const char *fmt, ...)
314 if (!b43_ratelimit(wl))
317 printk(KERN_ERR "b43-%s ERROR: ",
318 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
323 void b43warn(struct b43_wl *wl, const char *fmt, ...)
327 if (!b43_ratelimit(wl))
330 printk(KERN_WARNING "b43-%s warning: ",
331 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
337 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
342 printk(KERN_DEBUG "b43-%s debug: ",
343 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
349 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
353 B43_WARN_ON(offset % 4 != 0);
355 macctl = b43_read32(dev, B43_MMIO_MACCTL);
356 if (macctl & B43_MACCTL_BE)
359 b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
361 b43_write32(dev, B43_MMIO_RAM_DATA, val);
364 static inline void b43_shm_control_word(struct b43_wldev *dev,
365 u16 routing, u16 offset)
369 /* "offset" is the WORD offset. */
373 b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
376 u32 __b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
380 if (routing == B43_SHM_SHARED) {
381 B43_WARN_ON(offset & 0x0001);
382 if (offset & 0x0003) {
383 /* Unaligned access */
384 b43_shm_control_word(dev, routing, offset >> 2);
385 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
387 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
388 ret |= b43_read16(dev, B43_MMIO_SHM_DATA);
394 b43_shm_control_word(dev, routing, offset);
395 ret = b43_read32(dev, B43_MMIO_SHM_DATA);
400 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
402 struct b43_wl *wl = dev->wl;
406 spin_lock_irqsave(&wl->shm_lock, flags);
407 ret = __b43_shm_read32(dev, routing, offset);
408 spin_unlock_irqrestore(&wl->shm_lock, flags);
413 u16 __b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
417 if (routing == B43_SHM_SHARED) {
418 B43_WARN_ON(offset & 0x0001);
419 if (offset & 0x0003) {
420 /* Unaligned access */
421 b43_shm_control_word(dev, routing, offset >> 2);
422 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
428 b43_shm_control_word(dev, routing, offset);
429 ret = b43_read16(dev, B43_MMIO_SHM_DATA);
434 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
436 struct b43_wl *wl = dev->wl;
440 spin_lock_irqsave(&wl->shm_lock, flags);
441 ret = __b43_shm_read16(dev, routing, offset);
442 spin_unlock_irqrestore(&wl->shm_lock, flags);
447 void __b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
449 if (routing == B43_SHM_SHARED) {
450 B43_WARN_ON(offset & 0x0001);
451 if (offset & 0x0003) {
452 /* Unaligned access */
453 b43_shm_control_word(dev, routing, offset >> 2);
454 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
455 (value >> 16) & 0xffff);
456 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
457 b43_write16(dev, B43_MMIO_SHM_DATA, value & 0xffff);
462 b43_shm_control_word(dev, routing, offset);
463 b43_write32(dev, B43_MMIO_SHM_DATA, value);
466 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
468 struct b43_wl *wl = dev->wl;
471 spin_lock_irqsave(&wl->shm_lock, flags);
472 __b43_shm_write32(dev, routing, offset, value);
473 spin_unlock_irqrestore(&wl->shm_lock, flags);
476 void __b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
478 if (routing == B43_SHM_SHARED) {
479 B43_WARN_ON(offset & 0x0001);
480 if (offset & 0x0003) {
481 /* Unaligned access */
482 b43_shm_control_word(dev, routing, offset >> 2);
483 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
488 b43_shm_control_word(dev, routing, offset);
489 b43_write16(dev, B43_MMIO_SHM_DATA, value);
492 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
494 struct b43_wl *wl = dev->wl;
497 spin_lock_irqsave(&wl->shm_lock, flags);
498 __b43_shm_write16(dev, routing, offset, value);
499 spin_unlock_irqrestore(&wl->shm_lock, flags);
503 u64 b43_hf_read(struct b43_wldev * dev)
507 ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI);
509 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI);
511 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO);
516 /* Write HostFlags */
517 void b43_hf_write(struct b43_wldev *dev, u64 value)
521 lo = (value & 0x00000000FFFFULL);
522 mi = (value & 0x0000FFFF0000ULL) >> 16;
523 hi = (value & 0xFFFF00000000ULL) >> 32;
524 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO, lo);
525 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI, mi);
526 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI, hi);
529 void b43_tsf_read(struct b43_wldev *dev, u64 * tsf)
531 /* We need to be careful. As we read the TSF from multiple
532 * registers, we should take care of register overflows.
533 * In theory, the whole tsf read process should be atomic.
534 * We try to be atomic here, by restaring the read process,
535 * if any of the high registers changed (overflew).
537 if (dev->dev->id.revision >= 3) {
538 u32 low, high, high2;
541 high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
542 low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
543 high2 = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
544 } while (unlikely(high != high2));
552 u16 test1, test2, test3;
555 v3 = b43_read16(dev, B43_MMIO_TSF_3);
556 v2 = b43_read16(dev, B43_MMIO_TSF_2);
557 v1 = b43_read16(dev, B43_MMIO_TSF_1);
558 v0 = b43_read16(dev, B43_MMIO_TSF_0);
560 test3 = b43_read16(dev, B43_MMIO_TSF_3);
561 test2 = b43_read16(dev, B43_MMIO_TSF_2);
562 test1 = b43_read16(dev, B43_MMIO_TSF_1);
563 } while (v3 != test3 || v2 != test2 || v1 != test1);
577 static void b43_time_lock(struct b43_wldev *dev)
581 macctl = b43_read32(dev, B43_MMIO_MACCTL);
582 macctl |= B43_MACCTL_TBTTHOLD;
583 b43_write32(dev, B43_MMIO_MACCTL, macctl);
584 /* Commit the write */
585 b43_read32(dev, B43_MMIO_MACCTL);
588 static void b43_time_unlock(struct b43_wldev *dev)
592 macctl = b43_read32(dev, B43_MMIO_MACCTL);
593 macctl &= ~B43_MACCTL_TBTTHOLD;
594 b43_write32(dev, B43_MMIO_MACCTL, macctl);
595 /* Commit the write */
596 b43_read32(dev, B43_MMIO_MACCTL);
599 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
601 /* Be careful with the in-progress timer.
602 * First zero out the low register, so we have a full
603 * register-overflow duration to complete the operation.
605 if (dev->dev->id.revision >= 3) {
606 u32 lo = (tsf & 0x00000000FFFFFFFFULL);
607 u32 hi = (tsf & 0xFFFFFFFF00000000ULL) >> 32;
609 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, 0);
611 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, hi);
613 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, lo);
615 u16 v0 = (tsf & 0x000000000000FFFFULL);
616 u16 v1 = (tsf & 0x00000000FFFF0000ULL) >> 16;
617 u16 v2 = (tsf & 0x0000FFFF00000000ULL) >> 32;
618 u16 v3 = (tsf & 0xFFFF000000000000ULL) >> 48;
620 b43_write16(dev, B43_MMIO_TSF_0, 0);
622 b43_write16(dev, B43_MMIO_TSF_3, v3);
624 b43_write16(dev, B43_MMIO_TSF_2, v2);
626 b43_write16(dev, B43_MMIO_TSF_1, v1);
628 b43_write16(dev, B43_MMIO_TSF_0, v0);
632 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
635 b43_tsf_write_locked(dev, tsf);
636 b43_time_unlock(dev);
640 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 * mac)
642 static const u8 zero_addr[ETH_ALEN] = { 0 };
649 b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
653 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
656 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
659 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
662 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
666 u8 mac_bssid[ETH_ALEN * 2];
670 bssid = dev->wl->bssid;
671 mac = dev->wl->mac_addr;
673 b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
675 memcpy(mac_bssid, mac, ETH_ALEN);
676 memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
678 /* Write our MAC address and BSSID to template ram */
679 for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
680 tmp = (u32) (mac_bssid[i + 0]);
681 tmp |= (u32) (mac_bssid[i + 1]) << 8;
682 tmp |= (u32) (mac_bssid[i + 2]) << 16;
683 tmp |= (u32) (mac_bssid[i + 3]) << 24;
684 b43_ram_write(dev, 0x20 + i, tmp);
688 static void b43_upload_card_macaddress(struct b43_wldev *dev)
690 b43_write_mac_bssid_templates(dev);
691 b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
694 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
696 /* slot_time is in usec. */
697 if (dev->phy.type != B43_PHYTYPE_G)
699 b43_write16(dev, 0x684, 510 + slot_time);
700 b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
703 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
705 b43_set_slot_time(dev, 9);
709 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
711 b43_set_slot_time(dev, 20);
715 /* Enable a Generic IRQ. "mask" is the mask of which IRQs to enable.
716 * Returns the _previously_ enabled IRQ mask.
718 static inline u32 b43_interrupt_enable(struct b43_wldev *dev, u32 mask)
722 old_mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
723 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, old_mask | mask);
728 /* Disable a Generic IRQ. "mask" is the mask of which IRQs to disable.
729 * Returns the _previously_ enabled IRQ mask.
731 static inline u32 b43_interrupt_disable(struct b43_wldev *dev, u32 mask)
735 old_mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
736 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, old_mask & ~mask);
741 /* Synchronize IRQ top- and bottom-half.
742 * IRQs must be masked before calling this.
743 * This must not be called with the irq_lock held.
745 static void b43_synchronize_irq(struct b43_wldev *dev)
747 synchronize_irq(dev->dev->irq);
748 tasklet_kill(&dev->isr_tasklet);
751 /* DummyTransmission function, as documented on
752 * http://bcm-specs.sipsolutions.net/DummyTransmission
754 void b43_dummy_transmission(struct b43_wldev *dev)
756 struct b43_wl *wl = dev->wl;
757 struct b43_phy *phy = &dev->phy;
758 unsigned int i, max_loop;
771 buffer[0] = 0x000201CC;
776 buffer[0] = 0x000B846E;
783 spin_lock_irq(&wl->irq_lock);
784 write_lock(&wl->tx_lock);
786 for (i = 0; i < 5; i++)
787 b43_ram_write(dev, i * 4, buffer[i]);
790 b43_read32(dev, B43_MMIO_MACCTL);
792 b43_write16(dev, 0x0568, 0x0000);
793 b43_write16(dev, 0x07C0, 0x0000);
794 value = ((phy->type == B43_PHYTYPE_A) ? 1 : 0);
795 b43_write16(dev, 0x050C, value);
796 b43_write16(dev, 0x0508, 0x0000);
797 b43_write16(dev, 0x050A, 0x0000);
798 b43_write16(dev, 0x054C, 0x0000);
799 b43_write16(dev, 0x056A, 0x0014);
800 b43_write16(dev, 0x0568, 0x0826);
801 b43_write16(dev, 0x0500, 0x0000);
802 b43_write16(dev, 0x0502, 0x0030);
804 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
805 b43_radio_write16(dev, 0x0051, 0x0017);
806 for (i = 0x00; i < max_loop; i++) {
807 value = b43_read16(dev, 0x050E);
812 for (i = 0x00; i < 0x0A; i++) {
813 value = b43_read16(dev, 0x050E);
818 for (i = 0x00; i < 0x0A; i++) {
819 value = b43_read16(dev, 0x0690);
820 if (!(value & 0x0100))
824 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
825 b43_radio_write16(dev, 0x0051, 0x0037);
827 write_unlock(&wl->tx_lock);
828 spin_unlock_irq(&wl->irq_lock);
831 static void key_write(struct b43_wldev *dev,
832 u8 index, u8 algorithm, const u8 * key)
839 /* Key index/algo block */
840 kidx = b43_kidx_to_fw(dev, index);
841 value = ((kidx << 4) | algorithm);
842 b43_shm_write16(dev, B43_SHM_SHARED,
843 B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
845 /* Write the key to the Key Table Pointer offset */
846 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
847 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
849 value |= (u16) (key[i + 1]) << 8;
850 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
854 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 * addr)
856 u32 addrtmp[2] = { 0, 0, };
857 u8 per_sta_keys_start = 8;
859 if (b43_new_kidx_api(dev))
860 per_sta_keys_start = 4;
862 B43_WARN_ON(index < per_sta_keys_start);
863 /* We have two default TX keys and possibly two default RX keys.
864 * Physical mac 0 is mapped to physical key 4 or 8, depending
865 * on the firmware version.
866 * So we must adjust the index here.
868 index -= per_sta_keys_start;
871 addrtmp[0] = addr[0];
872 addrtmp[0] |= ((u32) (addr[1]) << 8);
873 addrtmp[0] |= ((u32) (addr[2]) << 16);
874 addrtmp[0] |= ((u32) (addr[3]) << 24);
875 addrtmp[1] = addr[4];
876 addrtmp[1] |= ((u32) (addr[5]) << 8);
879 if (dev->dev->id.revision >= 5) {
880 /* Receive match transmitter address mechanism */
881 b43_shm_write32(dev, B43_SHM_RCMTA,
882 (index * 2) + 0, addrtmp[0]);
883 b43_shm_write16(dev, B43_SHM_RCMTA,
884 (index * 2) + 1, addrtmp[1]);
886 /* RXE (Receive Engine) and
887 * PSM (Programmable State Machine) mechanism
890 /* TODO write to RCM 16, 19, 22 and 25 */
892 b43_shm_write32(dev, B43_SHM_SHARED,
893 B43_SHM_SH_PSM + (index * 6) + 0,
895 b43_shm_write16(dev, B43_SHM_SHARED,
896 B43_SHM_SH_PSM + (index * 6) + 4,
902 static void do_key_write(struct b43_wldev *dev,
903 u8 index, u8 algorithm,
904 const u8 * key, size_t key_len, const u8 * mac_addr)
906 u8 buf[B43_SEC_KEYSIZE] = { 0, };
907 u8 per_sta_keys_start = 8;
909 if (b43_new_kidx_api(dev))
910 per_sta_keys_start = 4;
912 B43_WARN_ON(index >= dev->max_nr_keys);
913 B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
915 if (index >= per_sta_keys_start)
916 keymac_write(dev, index, NULL); /* First zero out mac. */
918 memcpy(buf, key, key_len);
919 key_write(dev, index, algorithm, buf);
920 if (index >= per_sta_keys_start)
921 keymac_write(dev, index, mac_addr);
923 dev->key[index].algorithm = algorithm;
926 static int b43_key_write(struct b43_wldev *dev,
927 int index, u8 algorithm,
928 const u8 * key, size_t key_len,
930 struct ieee80211_key_conf *keyconf)
935 if (key_len > B43_SEC_KEYSIZE)
937 for (i = 0; i < dev->max_nr_keys; i++) {
938 /* Check that we don't already have this key. */
939 B43_WARN_ON(dev->key[i].keyconf == keyconf);
942 /* Either pairwise key or address is 00:00:00:00:00:00
943 * for transmit-only keys. Search the index. */
944 if (b43_new_kidx_api(dev))
948 for (i = sta_keys_start; i < dev->max_nr_keys; i++) {
949 if (!dev->key[i].keyconf) {
956 b43err(dev->wl, "Out of hardware key memory\n");
960 B43_WARN_ON(index > 3);
962 do_key_write(dev, index, algorithm, key, key_len, mac_addr);
963 if ((index <= 3) && !b43_new_kidx_api(dev)) {
965 B43_WARN_ON(mac_addr);
966 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
968 keyconf->hw_key_idx = index;
969 dev->key[index].keyconf = keyconf;
974 static int b43_key_clear(struct b43_wldev *dev, int index)
976 if (B43_WARN_ON((index < 0) || (index >= dev->max_nr_keys)))
978 do_key_write(dev, index, B43_SEC_ALGO_NONE,
979 NULL, B43_SEC_KEYSIZE, NULL);
980 if ((index <= 3) && !b43_new_kidx_api(dev)) {
981 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
982 NULL, B43_SEC_KEYSIZE, NULL);
984 dev->key[index].keyconf = NULL;
989 static void b43_clear_keys(struct b43_wldev *dev)
993 for (i = 0; i < dev->max_nr_keys; i++)
994 b43_key_clear(dev, i);
997 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1005 B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1006 (ps_flags & B43_PS_DISABLED));
1007 B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1009 if (ps_flags & B43_PS_ENABLED) {
1011 } else if (ps_flags & B43_PS_DISABLED) {
1014 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1015 // and thus is not an AP and we are associated, set bit 25
1017 if (ps_flags & B43_PS_AWAKE) {
1019 } else if (ps_flags & B43_PS_ASLEEP) {
1022 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1023 // or we are associated, or FIXME, or the latest PS-Poll packet sent was
1024 // successful, set bit26
1027 /* FIXME: For now we force awake-on and hwps-off */
1031 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1033 macctl |= B43_MACCTL_HWPS;
1035 macctl &= ~B43_MACCTL_HWPS;
1037 macctl |= B43_MACCTL_AWAKE;
1039 macctl &= ~B43_MACCTL_AWAKE;
1040 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1042 b43_read32(dev, B43_MMIO_MACCTL);
1043 if (awake && dev->dev->id.revision >= 5) {
1044 /* Wait for the microcode to wake up. */
1045 for (i = 0; i < 100; i++) {
1046 ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1047 B43_SHM_SH_UCODESTAT);
1048 if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1055 /* Turn the Analog ON/OFF */
1056 static void b43_switch_analog(struct b43_wldev *dev, int on)
1058 switch (dev->phy.type) {
1061 b43_write16(dev, B43_MMIO_PHY0, on ? 0 : 0xF4);
1064 b43_phy_write(dev, B43_NPHY_AFECTL_OVER,
1072 void b43_wireless_core_reset(struct b43_wldev *dev, u32 flags)
1077 flags |= B43_TMSLOW_PHYCLKEN;
1078 flags |= B43_TMSLOW_PHYRESET;
1079 ssb_device_enable(dev->dev, flags);
1080 msleep(2); /* Wait for the PLL to turn on. */
1082 /* Now take the PHY out of Reset again */
1083 tmslow = ssb_read32(dev->dev, SSB_TMSLOW);
1084 tmslow |= SSB_TMSLOW_FGC;
1085 tmslow &= ~B43_TMSLOW_PHYRESET;
1086 ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1087 ssb_read32(dev->dev, SSB_TMSLOW); /* flush */
1089 tmslow &= ~SSB_TMSLOW_FGC;
1090 ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1091 ssb_read32(dev->dev, SSB_TMSLOW); /* flush */
1094 /* Turn Analog ON */
1095 b43_switch_analog(dev, 1);
1097 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1098 macctl &= ~B43_MACCTL_GMODE;
1099 if (flags & B43_TMSLOW_GMODE)
1100 macctl |= B43_MACCTL_GMODE;
1101 macctl |= B43_MACCTL_IHR_ENABLED;
1102 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1105 static void handle_irq_transmit_status(struct b43_wldev *dev)
1109 struct b43_txstatus stat;
1112 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1113 if (!(v0 & 0x00000001))
1115 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1117 stat.cookie = (v0 >> 16);
1118 stat.seq = (v1 & 0x0000FFFF);
1119 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1120 tmp = (v0 & 0x0000FFFF);
1121 stat.frame_count = ((tmp & 0xF000) >> 12);
1122 stat.rts_count = ((tmp & 0x0F00) >> 8);
1123 stat.supp_reason = ((tmp & 0x001C) >> 2);
1124 stat.pm_indicated = !!(tmp & 0x0080);
1125 stat.intermediate = !!(tmp & 0x0040);
1126 stat.for_ampdu = !!(tmp & 0x0020);
1127 stat.acked = !!(tmp & 0x0002);
1129 b43_handle_txstatus(dev, &stat);
1133 static void drain_txstatus_queue(struct b43_wldev *dev)
1137 if (dev->dev->id.revision < 5)
1139 /* Read all entries from the microcode TXstatus FIFO
1140 * and throw them away.
1143 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1144 if (!(dummy & 0x00000001))
1146 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1150 static u32 b43_jssi_read(struct b43_wldev *dev)
1154 val = b43_shm_read16(dev, B43_SHM_SHARED, 0x08A);
1156 val |= b43_shm_read16(dev, B43_SHM_SHARED, 0x088);
1161 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1163 b43_shm_write16(dev, B43_SHM_SHARED, 0x088, (jssi & 0x0000FFFF));
1164 b43_shm_write16(dev, B43_SHM_SHARED, 0x08A, (jssi & 0xFFFF0000) >> 16);
1167 static void b43_generate_noise_sample(struct b43_wldev *dev)
1169 b43_jssi_write(dev, 0x7F7F7F7F);
1170 b43_write32(dev, B43_MMIO_MACCMD,
1171 b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1174 static void b43_calculate_link_quality(struct b43_wldev *dev)
1176 /* Top half of Link Quality calculation. */
1178 if (dev->noisecalc.calculation_running)
1180 dev->noisecalc.calculation_running = 1;
1181 dev->noisecalc.nr_samples = 0;
1183 b43_generate_noise_sample(dev);
1186 static void handle_irq_noise(struct b43_wldev *dev)
1188 struct b43_phy *phy = &dev->phy;
1194 /* Bottom half of Link Quality calculation. */
1196 /* Possible race condition: It might be possible that the user
1197 * changed to a different channel in the meantime since we
1198 * started the calculation. We ignore that fact, since it's
1199 * not really that much of a problem. The background noise is
1200 * an estimation only anyway. Slightly wrong results will get damped
1201 * by the averaging of the 8 sample rounds. Additionally the
1202 * value is shortlived. So it will be replaced by the next noise
1203 * calculation round soon. */
1205 B43_WARN_ON(!dev->noisecalc.calculation_running);
1206 *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1207 if (noise[0] == 0x7F || noise[1] == 0x7F ||
1208 noise[2] == 0x7F || noise[3] == 0x7F)
1211 /* Get the noise samples. */
1212 B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1213 i = dev->noisecalc.nr_samples;
1214 noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1215 noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1216 noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1217 noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1218 dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1219 dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1220 dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1221 dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1222 dev->noisecalc.nr_samples++;
1223 if (dev->noisecalc.nr_samples == 8) {
1224 /* Calculate the Link Quality by the noise samples. */
1226 for (i = 0; i < 8; i++) {
1227 for (j = 0; j < 4; j++)
1228 average += dev->noisecalc.samples[i][j];
1234 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1235 tmp = (tmp / 128) & 0x1F;
1245 dev->stats.link_noise = average;
1246 dev->noisecalc.calculation_running = 0;
1250 b43_generate_noise_sample(dev);
1253 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1255 if (b43_is_mode(dev->wl, IEEE80211_IF_TYPE_AP)) {
1258 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1259 b43_power_saving_ctl_bits(dev, 0);
1261 if (b43_is_mode(dev->wl, IEEE80211_IF_TYPE_IBSS))
1265 static void handle_irq_atim_end(struct b43_wldev *dev)
1267 if (dev->dfq_valid) {
1268 b43_write32(dev, B43_MMIO_MACCMD,
1269 b43_read32(dev, B43_MMIO_MACCMD)
1270 | B43_MACCMD_DFQ_VALID);
1275 static void handle_irq_pmq(struct b43_wldev *dev)
1282 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1283 if (!(tmp & 0x00000008))
1286 /* 16bit write is odd, but correct. */
1287 b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1290 static void b43_write_template_common(struct b43_wldev *dev,
1291 const u8 * data, u16 size,
1293 u16 shm_size_offset, u8 rate)
1296 struct b43_plcp_hdr4 plcp;
1299 b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1300 b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1301 ram_offset += sizeof(u32);
1302 /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1303 * So leave the first two bytes of the next write blank.
1305 tmp = (u32) (data[0]) << 16;
1306 tmp |= (u32) (data[1]) << 24;
1307 b43_ram_write(dev, ram_offset, tmp);
1308 ram_offset += sizeof(u32);
1309 for (i = 2; i < size; i += sizeof(u32)) {
1310 tmp = (u32) (data[i + 0]);
1312 tmp |= (u32) (data[i + 1]) << 8;
1314 tmp |= (u32) (data[i + 2]) << 16;
1316 tmp |= (u32) (data[i + 3]) << 24;
1317 b43_ram_write(dev, ram_offset + i - 2, tmp);
1319 b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1320 size + sizeof(struct b43_plcp_hdr6));
1323 /* Check if the use of the antenna that ieee80211 told us to
1324 * use is possible. This will fall back to DEFAULT.
1325 * "antenna_nr" is the antenna identifier we got from ieee80211. */
1326 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1331 if (antenna_nr == 0) {
1332 /* Zero means "use default antenna". That's always OK. */
1336 /* Get the mask of available antennas. */
1338 antenna_mask = dev->dev->bus->sprom.ant_available_bg;
1340 antenna_mask = dev->dev->bus->sprom.ant_available_a;
1342 if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1343 /* This antenna is not available. Fall back to default. */
1350 static int b43_antenna_from_ieee80211(struct b43_wldev *dev, u8 antenna)
1352 antenna = b43_ieee80211_antenna_sanitize(dev, antenna);
1354 case 0: /* default/diversity */
1355 return B43_ANTENNA_DEFAULT;
1356 case 1: /* Antenna 0 */
1357 return B43_ANTENNA0;
1358 case 2: /* Antenna 1 */
1359 return B43_ANTENNA1;
1360 case 3: /* Antenna 2 */
1361 return B43_ANTENNA2;
1362 case 4: /* Antenna 3 */
1363 return B43_ANTENNA3;
1365 return B43_ANTENNA_DEFAULT;
1369 /* Convert a b43 antenna number value to the PHY TX control value. */
1370 static u16 b43_antenna_to_phyctl(int antenna)
1374 return B43_TXH_PHY_ANT0;
1376 return B43_TXH_PHY_ANT1;
1378 return B43_TXH_PHY_ANT2;
1380 return B43_TXH_PHY_ANT3;
1381 case B43_ANTENNA_AUTO:
1382 return B43_TXH_PHY_ANT01AUTO;
1388 static void b43_write_beacon_template(struct b43_wldev *dev,
1390 u16 shm_size_offset)
1392 unsigned int i, len, variable_len;
1393 const struct ieee80211_mgmt *bcn;
1399 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1401 bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1402 len = min((size_t) dev->wl->current_beacon->len,
1403 0x200 - sizeof(struct b43_plcp_hdr6));
1404 rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1406 b43_write_template_common(dev, (const u8 *)bcn,
1407 len, ram_offset, shm_size_offset, rate);
1409 /* Write the PHY TX control parameters. */
1410 antenna = b43_antenna_from_ieee80211(dev, info->antenna_sel_tx);
1411 antenna = b43_antenna_to_phyctl(antenna);
1412 ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1413 /* We can't send beacons with short preamble. Would get PHY errors. */
1414 ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1415 ctl &= ~B43_TXH_PHY_ANT;
1416 ctl &= ~B43_TXH_PHY_ENC;
1418 if (b43_is_cck_rate(rate))
1419 ctl |= B43_TXH_PHY_ENC_CCK;
1421 ctl |= B43_TXH_PHY_ENC_OFDM;
1422 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1424 /* Find the position of the TIM and the DTIM_period value
1425 * and write them to SHM. */
1426 ie = bcn->u.beacon.variable;
1427 variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1428 for (i = 0; i < variable_len - 2; ) {
1429 uint8_t ie_id, ie_len;
1436 /* This is the TIM Information Element */
1438 /* Check whether the ie_len is in the beacon data range. */
1439 if (variable_len < ie_len + 2 + i)
1441 /* A valid TIM is at least 4 bytes long. */
1446 tim_position = sizeof(struct b43_plcp_hdr6);
1447 tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1450 dtim_period = ie[i + 3];
1452 b43_shm_write16(dev, B43_SHM_SHARED,
1453 B43_SHM_SH_TIMBPOS, tim_position);
1454 b43_shm_write16(dev, B43_SHM_SHARED,
1455 B43_SHM_SH_DTIMPER, dtim_period);
1462 * If ucode wants to modify TIM do it behind the beacon, this
1463 * will happen, for example, when doing mesh networking.
1465 b43_shm_write16(dev, B43_SHM_SHARED,
1467 len + sizeof(struct b43_plcp_hdr6));
1468 b43_shm_write16(dev, B43_SHM_SHARED,
1469 B43_SHM_SH_DTIMPER, 0);
1471 b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1474 static void b43_write_probe_resp_plcp(struct b43_wldev *dev,
1475 u16 shm_offset, u16 size,
1476 struct ieee80211_rate *rate)
1478 struct b43_plcp_hdr4 plcp;
1483 b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate->hw_value);
1484 dur = ieee80211_generic_frame_duration(dev->wl->hw,
1487 /* Write PLCP in two parts and timing for packet transfer */
1488 tmp = le32_to_cpu(plcp.data);
1489 b43_shm_write16(dev, B43_SHM_SHARED, shm_offset, tmp & 0xFFFF);
1490 b43_shm_write16(dev, B43_SHM_SHARED, shm_offset + 2, tmp >> 16);
1491 b43_shm_write16(dev, B43_SHM_SHARED, shm_offset + 6, le16_to_cpu(dur));
1494 /* Instead of using custom probe response template, this function
1495 * just patches custom beacon template by:
1496 * 1) Changing packet type
1497 * 2) Patching duration field
1500 static const u8 * b43_generate_probe_resp(struct b43_wldev *dev,
1502 struct ieee80211_rate *rate)
1506 u16 src_size, elem_size, src_pos, dest_pos;
1508 struct ieee80211_hdr *hdr;
1511 src_size = dev->wl->current_beacon->len;
1512 src_data = (const u8 *)dev->wl->current_beacon->data;
1514 /* Get the start offset of the variable IEs in the packet. */
1515 ie_start = offsetof(struct ieee80211_mgmt, u.probe_resp.variable);
1516 B43_WARN_ON(ie_start != offsetof(struct ieee80211_mgmt, u.beacon.variable));
1518 if (B43_WARN_ON(src_size < ie_start))
1521 dest_data = kmalloc(src_size, GFP_ATOMIC);
1522 if (unlikely(!dest_data))
1525 /* Copy the static data and all Information Elements, except the TIM. */
1526 memcpy(dest_data, src_data, ie_start);
1528 dest_pos = ie_start;
1529 for ( ; src_pos < src_size - 2; src_pos += elem_size) {
1530 elem_size = src_data[src_pos + 1] + 2;
1531 if (src_data[src_pos] == 5) {
1532 /* This is the TIM. */
1535 memcpy(dest_data + dest_pos, src_data + src_pos,
1537 dest_pos += elem_size;
1539 *dest_size = dest_pos;
1540 hdr = (struct ieee80211_hdr *)dest_data;
1542 /* Set the frame control. */
1543 hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
1544 IEEE80211_STYPE_PROBE_RESP);
1545 dur = ieee80211_generic_frame_duration(dev->wl->hw,
1546 dev->wl->vif, *dest_size,
1548 hdr->duration_id = dur;
1553 static void b43_write_probe_resp_template(struct b43_wldev *dev,
1555 u16 shm_size_offset,
1556 struct ieee80211_rate *rate)
1558 const u8 *probe_resp_data;
1561 size = dev->wl->current_beacon->len;
1562 probe_resp_data = b43_generate_probe_resp(dev, &size, rate);
1563 if (unlikely(!probe_resp_data))
1566 /* Looks like PLCP headers plus packet timings are stored for
1567 * all possible basic rates
1569 b43_write_probe_resp_plcp(dev, 0x31A, size, &b43_b_ratetable[0]);
1570 b43_write_probe_resp_plcp(dev, 0x32C, size, &b43_b_ratetable[1]);
1571 b43_write_probe_resp_plcp(dev, 0x33E, size, &b43_b_ratetable[2]);
1572 b43_write_probe_resp_plcp(dev, 0x350, size, &b43_b_ratetable[3]);
1574 size = min((size_t) size, 0x200 - sizeof(struct b43_plcp_hdr6));
1575 b43_write_template_common(dev, probe_resp_data,
1576 size, ram_offset, shm_size_offset,
1578 kfree(probe_resp_data);
1581 static void b43_upload_beacon0(struct b43_wldev *dev)
1583 struct b43_wl *wl = dev->wl;
1585 if (wl->beacon0_uploaded)
1587 b43_write_beacon_template(dev, 0x68, 0x18);
1588 /* FIXME: Probe resp upload doesn't really belong here,
1589 * but we don't use that feature anyway. */
1590 b43_write_probe_resp_template(dev, 0x268, 0x4A,
1591 &__b43_ratetable[3]);
1592 wl->beacon0_uploaded = 1;
1595 static void b43_upload_beacon1(struct b43_wldev *dev)
1597 struct b43_wl *wl = dev->wl;
1599 if (wl->beacon1_uploaded)
1601 b43_write_beacon_template(dev, 0x468, 0x1A);
1602 wl->beacon1_uploaded = 1;
1605 static void handle_irq_beacon(struct b43_wldev *dev)
1607 struct b43_wl *wl = dev->wl;
1608 u32 cmd, beacon0_valid, beacon1_valid;
1610 if (!b43_is_mode(wl, IEEE80211_IF_TYPE_AP) &&
1611 !b43_is_mode(wl, IEEE80211_IF_TYPE_MESH_POINT))
1614 /* This is the bottom half of the asynchronous beacon update. */
1616 /* Ignore interrupt in the future. */
1617 dev->irq_savedstate &= ~B43_IRQ_BEACON;
1619 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1620 beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1621 beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1623 /* Schedule interrupt manually, if busy. */
1624 if (beacon0_valid && beacon1_valid) {
1625 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1626 dev->irq_savedstate |= B43_IRQ_BEACON;
1630 if (unlikely(wl->beacon_templates_virgin)) {
1631 /* We never uploaded a beacon before.
1632 * Upload both templates now, but only mark one valid. */
1633 wl->beacon_templates_virgin = 0;
1634 b43_upload_beacon0(dev);
1635 b43_upload_beacon1(dev);
1636 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1637 cmd |= B43_MACCMD_BEACON0_VALID;
1638 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1640 if (!beacon0_valid) {
1641 b43_upload_beacon0(dev);
1642 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1643 cmd |= B43_MACCMD_BEACON0_VALID;
1644 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1645 } else if (!beacon1_valid) {
1646 b43_upload_beacon1(dev);
1647 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1648 cmd |= B43_MACCMD_BEACON1_VALID;
1649 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1654 static void b43_beacon_update_trigger_work(struct work_struct *work)
1656 struct b43_wl *wl = container_of(work, struct b43_wl,
1657 beacon_update_trigger);
1658 struct b43_wldev *dev;
1660 mutex_lock(&wl->mutex);
1661 dev = wl->current_dev;
1662 if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1663 spin_lock_irq(&wl->irq_lock);
1664 /* update beacon right away or defer to irq */
1665 dev->irq_savedstate = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
1666 handle_irq_beacon(dev);
1667 /* The handler might have updated the IRQ mask. */
1668 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK,
1669 dev->irq_savedstate);
1671 spin_unlock_irq(&wl->irq_lock);
1673 mutex_unlock(&wl->mutex);
1676 /* Asynchronously update the packet templates in template RAM.
1677 * Locking: Requires wl->irq_lock to be locked. */
1678 static void b43_update_templates(struct b43_wl *wl, struct sk_buff *beacon)
1680 /* This is the top half of the ansynchronous beacon update.
1681 * The bottom half is the beacon IRQ.
1682 * Beacon update must be asynchronous to avoid sending an
1683 * invalid beacon. This can happen for example, if the firmware
1684 * transmits a beacon while we are updating it. */
1686 if (wl->current_beacon)
1687 dev_kfree_skb_any(wl->current_beacon);
1688 wl->current_beacon = beacon;
1689 wl->beacon0_uploaded = 0;
1690 wl->beacon1_uploaded = 0;
1691 queue_work(wl->hw->workqueue, &wl->beacon_update_trigger);
1694 static void b43_set_ssid(struct b43_wldev *dev, const u8 * ssid, u8 ssid_len)
1699 len = min((u16) ssid_len, (u16) 0x100);
1700 for (i = 0; i < len; i += sizeof(u32)) {
1701 tmp = (u32) (ssid[i + 0]);
1703 tmp |= (u32) (ssid[i + 1]) << 8;
1705 tmp |= (u32) (ssid[i + 2]) << 16;
1707 tmp |= (u32) (ssid[i + 3]) << 24;
1708 b43_shm_write32(dev, B43_SHM_SHARED, 0x380 + i, tmp);
1710 b43_shm_write16(dev, B43_SHM_SHARED, 0x48, len);
1713 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1716 if (dev->dev->id.revision >= 3) {
1717 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1718 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1720 b43_write16(dev, 0x606, (beacon_int >> 6));
1721 b43_write16(dev, 0x610, beacon_int);
1723 b43_time_unlock(dev);
1724 b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1727 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1731 /* Read the register that contains the reason code for the panic. */
1732 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1733 b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1737 b43dbg(dev->wl, "The panic reason is unknown.\n");
1739 case B43_FWPANIC_DIE:
1740 /* Do not restart the controller or firmware.
1741 * The device is nonfunctional from now on.
1742 * Restarting would result in this panic to trigger again,
1743 * so we avoid that recursion. */
1745 case B43_FWPANIC_RESTART:
1746 b43_controller_restart(dev, "Microcode panic");
1751 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1753 unsigned int i, cnt;
1754 u16 reason, marker_id, marker_line;
1757 /* The proprietary firmware doesn't have this IRQ. */
1758 if (!dev->fw.opensource)
1761 /* Read the register that contains the reason code for this IRQ. */
1762 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1765 case B43_DEBUGIRQ_PANIC:
1766 b43_handle_firmware_panic(dev);
1768 case B43_DEBUGIRQ_DUMP_SHM:
1770 break; /* Only with driver debugging enabled. */
1771 buf = kmalloc(4096, GFP_ATOMIC);
1773 b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1776 for (i = 0; i < 4096; i += 2) {
1777 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1778 buf[i / 2] = cpu_to_le16(tmp);
1780 b43info(dev->wl, "Shared memory dump:\n");
1781 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1782 16, 2, buf, 4096, 1);
1785 case B43_DEBUGIRQ_DUMP_REGS:
1787 break; /* Only with driver debugging enabled. */
1788 b43info(dev->wl, "Microcode register dump:\n");
1789 for (i = 0, cnt = 0; i < 64; i++) {
1790 u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1793 printk("r%02u: 0x%04X ", i, tmp);
1802 case B43_DEBUGIRQ_MARKER:
1804 break; /* Only with driver debugging enabled. */
1805 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1807 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1808 B43_MARKER_LINE_REG);
1809 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1810 "at line number %u\n",
1811 marker_id, marker_line);
1814 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1818 /* Acknowledge the debug-IRQ, so the firmware can continue. */
1819 b43_shm_write16(dev, B43_SHM_SCRATCH,
1820 B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1823 /* Interrupt handler bottom-half */
1824 static void b43_interrupt_tasklet(struct b43_wldev *dev)
1827 u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1828 u32 merged_dma_reason = 0;
1830 unsigned long flags;
1832 spin_lock_irqsave(&dev->wl->irq_lock, flags);
1834 B43_WARN_ON(b43_status(dev) != B43_STAT_STARTED);
1836 reason = dev->irq_reason;
1837 for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1838 dma_reason[i] = dev->dma_reason[i];
1839 merged_dma_reason |= dma_reason[i];
1842 if (unlikely(reason & B43_IRQ_MAC_TXERR))
1843 b43err(dev->wl, "MAC transmission error\n");
1845 if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1846 b43err(dev->wl, "PHY transmission error\n");
1848 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1849 atomic_set(&dev->phy.txerr_cnt,
1850 B43_PHY_TX_BADNESS_LIMIT);
1851 b43err(dev->wl, "Too many PHY TX errors, "
1852 "restarting the controller\n");
1853 b43_controller_restart(dev, "PHY TX errors");
1857 if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK |
1858 B43_DMAIRQ_NONFATALMASK))) {
1859 if (merged_dma_reason & B43_DMAIRQ_FATALMASK) {
1860 b43err(dev->wl, "Fatal DMA error: "
1861 "0x%08X, 0x%08X, 0x%08X, "
1862 "0x%08X, 0x%08X, 0x%08X\n",
1863 dma_reason[0], dma_reason[1],
1864 dma_reason[2], dma_reason[3],
1865 dma_reason[4], dma_reason[5]);
1866 b43_controller_restart(dev, "DMA error");
1868 spin_unlock_irqrestore(&dev->wl->irq_lock, flags);
1871 if (merged_dma_reason & B43_DMAIRQ_NONFATALMASK) {
1872 b43err(dev->wl, "DMA error: "
1873 "0x%08X, 0x%08X, 0x%08X, "
1874 "0x%08X, 0x%08X, 0x%08X\n",
1875 dma_reason[0], dma_reason[1],
1876 dma_reason[2], dma_reason[3],
1877 dma_reason[4], dma_reason[5]);
1881 if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1882 handle_irq_ucode_debug(dev);
1883 if (reason & B43_IRQ_TBTT_INDI)
1884 handle_irq_tbtt_indication(dev);
1885 if (reason & B43_IRQ_ATIM_END)
1886 handle_irq_atim_end(dev);
1887 if (reason & B43_IRQ_BEACON)
1888 handle_irq_beacon(dev);
1889 if (reason & B43_IRQ_PMQ)
1890 handle_irq_pmq(dev);
1891 if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1893 if (reason & B43_IRQ_NOISESAMPLE_OK)
1894 handle_irq_noise(dev);
1896 /* Check the DMA reason registers for received data. */
1897 if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
1898 if (b43_using_pio_transfers(dev))
1899 b43_pio_rx(dev->pio.rx_queue);
1901 b43_dma_rx(dev->dma.rx_ring);
1903 B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1904 B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
1905 B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
1906 B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1907 B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1909 if (reason & B43_IRQ_TX_OK)
1910 handle_irq_transmit_status(dev);
1912 b43_interrupt_enable(dev, dev->irq_savedstate);
1914 spin_unlock_irqrestore(&dev->wl->irq_lock, flags);
1917 static void b43_interrupt_ack(struct b43_wldev *dev, u32 reason)
1919 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
1921 b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
1922 b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
1923 b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
1924 b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
1925 b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
1926 b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
1929 /* Interrupt handler top-half */
1930 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
1932 irqreturn_t ret = IRQ_NONE;
1933 struct b43_wldev *dev = dev_id;
1939 spin_lock(&dev->wl->irq_lock);
1941 if (b43_status(dev) < B43_STAT_STARTED)
1943 reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1944 if (reason == 0xffffffff) /* shared IRQ */
1947 reason &= b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
1951 dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
1953 dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
1955 dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
1957 dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
1959 dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
1961 dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
1964 b43_interrupt_ack(dev, reason);
1965 /* disable all IRQs. They are enabled again in the bottom half. */
1966 dev->irq_savedstate = b43_interrupt_disable(dev, B43_IRQ_ALL);
1967 /* save the reason code and call our bottom half. */
1968 dev->irq_reason = reason;
1969 tasklet_schedule(&dev->isr_tasklet);
1972 spin_unlock(&dev->wl->irq_lock);
1977 static void do_release_fw(struct b43_firmware_file *fw)
1979 release_firmware(fw->data);
1981 fw->filename = NULL;
1984 static void b43_release_firmware(struct b43_wldev *dev)
1986 do_release_fw(&dev->fw.ucode);
1987 do_release_fw(&dev->fw.pcm);
1988 do_release_fw(&dev->fw.initvals);
1989 do_release_fw(&dev->fw.initvals_band);
1992 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
1996 text = "You must go to "
1997 "http://linuxwireless.org/en/users/Drivers/b43#devicefirmware "
1998 "and download the latest firmware (version 4).\n";
2005 static int do_request_fw(struct b43_wldev *dev,
2007 struct b43_firmware_file *fw,
2010 char path[sizeof(modparam_fwpostfix) + 32];
2011 const struct firmware *blob;
2012 struct b43_fw_header *hdr;
2017 /* Don't fetch anything. Free possibly cached firmware. */
2022 if (strcmp(fw->filename, name) == 0)
2023 return 0; /* Already have this fw. */
2024 /* Free the cached firmware first. */
2028 snprintf(path, ARRAY_SIZE(path),
2030 modparam_fwpostfix, name);
2031 err = request_firmware(&blob, path, dev->dev->dev);
2032 if (err == -ENOENT) {
2034 b43err(dev->wl, "Firmware file \"%s\" not found\n",
2039 b43err(dev->wl, "Firmware file \"%s\" request failed (err=%d)\n",
2043 if (blob->size < sizeof(struct b43_fw_header))
2045 hdr = (struct b43_fw_header *)(blob->data);
2046 switch (hdr->type) {
2047 case B43_FW_TYPE_UCODE:
2048 case B43_FW_TYPE_PCM:
2049 size = be32_to_cpu(hdr->size);
2050 if (size != blob->size - sizeof(struct b43_fw_header))
2053 case B43_FW_TYPE_IV:
2062 fw->filename = name;
2067 b43err(dev->wl, "Firmware file \"%s\" format error.\n", path);
2068 release_firmware(blob);
2073 static int b43_request_firmware(struct b43_wldev *dev)
2075 struct b43_firmware *fw = &dev->fw;
2076 const u8 rev = dev->dev->id.revision;
2077 const char *filename;
2082 tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
2083 if ((rev >= 5) && (rev <= 10))
2084 filename = "ucode5";
2085 else if ((rev >= 11) && (rev <= 12))
2086 filename = "ucode11";
2088 filename = "ucode13";
2091 err = do_request_fw(dev, filename, &fw->ucode, 0);
2096 if ((rev >= 5) && (rev <= 10))
2102 fw->pcm_request_failed = 0;
2103 err = do_request_fw(dev, filename, &fw->pcm, 1);
2104 if (err == -ENOENT) {
2105 /* We did not find a PCM file? Not fatal, but
2106 * core rev <= 10 must do without hwcrypto then. */
2107 fw->pcm_request_failed = 1;
2112 switch (dev->phy.type) {
2114 if ((rev >= 5) && (rev <= 10)) {
2115 if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2116 filename = "a0g1initvals5";
2118 filename = "a0g0initvals5";
2120 goto err_no_initvals;
2123 if ((rev >= 5) && (rev <= 10))
2124 filename = "b0g0initvals5";
2126 filename = "b0g0initvals13";
2128 goto err_no_initvals;
2131 if ((rev >= 11) && (rev <= 12))
2132 filename = "n0initvals11";
2134 goto err_no_initvals;
2137 goto err_no_initvals;
2139 err = do_request_fw(dev, filename, &fw->initvals, 0);
2143 /* Get bandswitch initvals */
2144 switch (dev->phy.type) {
2146 if ((rev >= 5) && (rev <= 10)) {
2147 if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2148 filename = "a0g1bsinitvals5";
2150 filename = "a0g0bsinitvals5";
2151 } else if (rev >= 11)
2154 goto err_no_initvals;
2157 if ((rev >= 5) && (rev <= 10))
2158 filename = "b0g0bsinitvals5";
2162 goto err_no_initvals;
2165 if ((rev >= 11) && (rev <= 12))
2166 filename = "n0bsinitvals11";
2168 goto err_no_initvals;
2171 goto err_no_initvals;
2173 err = do_request_fw(dev, filename, &fw->initvals_band, 0);
2180 b43_print_fw_helptext(dev->wl, 1);
2185 b43err(dev->wl, "No microcode available for core rev %u\n", rev);
2190 b43err(dev->wl, "No PCM available for core rev %u\n", rev);
2195 b43err(dev->wl, "No Initial Values firmware file for PHY %u, "
2196 "core rev %u\n", dev->phy.type, rev);
2200 b43_release_firmware(dev);
2204 static int b43_upload_microcode(struct b43_wldev *dev)
2206 const size_t hdr_len = sizeof(struct b43_fw_header);
2208 unsigned int i, len;
2209 u16 fwrev, fwpatch, fwdate, fwtime;
2213 /* Jump the microcode PSM to offset 0 */
2214 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2215 B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2216 macctl |= B43_MACCTL_PSM_JMP0;
2217 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2218 /* Zero out all microcode PSM registers and shared memory. */
2219 for (i = 0; i < 64; i++)
2220 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2221 for (i = 0; i < 4096; i += 2)
2222 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2224 /* Upload Microcode. */
2225 data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2226 len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2227 b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2228 for (i = 0; i < len; i++) {
2229 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2233 if (dev->fw.pcm.data) {
2234 /* Upload PCM data. */
2235 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2236 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2237 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2238 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2239 /* No need for autoinc bit in SHM_HW */
2240 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2241 for (i = 0; i < len; i++) {
2242 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2247 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2249 /* Start the microcode PSM */
2250 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2251 macctl &= ~B43_MACCTL_PSM_JMP0;
2252 macctl |= B43_MACCTL_PSM_RUN;
2253 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2255 /* Wait for the microcode to load and respond */
2258 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2259 if (tmp == B43_IRQ_MAC_SUSPENDED)
2263 b43err(dev->wl, "Microcode not responding\n");
2264 b43_print_fw_helptext(dev->wl, 1);
2268 msleep_interruptible(50);
2269 if (signal_pending(current)) {
2274 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON); /* dummy read */
2276 /* Get and check the revisions. */
2277 fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2278 fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2279 fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2280 fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2282 if (fwrev <= 0x128) {
2283 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2284 "binary drivers older than version 4.x is unsupported. "
2285 "You must upgrade your firmware files.\n");
2286 b43_print_fw_helptext(dev->wl, 1);
2290 dev->fw.rev = fwrev;
2291 dev->fw.patch = fwpatch;
2292 dev->fw.opensource = (fwdate == 0xFFFF);
2294 if (dev->fw.opensource) {
2295 /* Patchlevel info is encoded in the "time" field. */
2296 dev->fw.patch = fwtime;
2297 b43info(dev->wl, "Loading OpenSource firmware version %u.%u%s\n",
2298 dev->fw.rev, dev->fw.patch,
2299 dev->fw.pcm_request_failed ? " (Hardware crypto not supported)" : "");
2301 b43info(dev->wl, "Loading firmware version %u.%u "
2302 "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2304 (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2305 (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2306 if (dev->fw.pcm_request_failed) {
2307 b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2308 "Hardware accelerated cryptography is disabled.\n");
2309 b43_print_fw_helptext(dev->wl, 0);
2313 if (b43_is_old_txhdr_format(dev)) {
2314 b43warn(dev->wl, "You are using an old firmware image. "
2315 "Support for old firmware will be removed in July 2008.\n");
2316 b43_print_fw_helptext(dev->wl, 0);
2322 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2323 macctl &= ~B43_MACCTL_PSM_RUN;
2324 macctl |= B43_MACCTL_PSM_JMP0;
2325 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2330 static int b43_write_initvals(struct b43_wldev *dev,
2331 const struct b43_iv *ivals,
2335 const struct b43_iv *iv;
2340 BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2342 for (i = 0; i < count; i++) {
2343 if (array_size < sizeof(iv->offset_size))
2345 array_size -= sizeof(iv->offset_size);
2346 offset = be16_to_cpu(iv->offset_size);
2347 bit32 = !!(offset & B43_IV_32BIT);
2348 offset &= B43_IV_OFFSET_MASK;
2349 if (offset >= 0x1000)
2354 if (array_size < sizeof(iv->data.d32))
2356 array_size -= sizeof(iv->data.d32);
2358 value = get_unaligned_be32(&iv->data.d32);
2359 b43_write32(dev, offset, value);
2361 iv = (const struct b43_iv *)((const uint8_t *)iv +
2367 if (array_size < sizeof(iv->data.d16))
2369 array_size -= sizeof(iv->data.d16);
2371 value = be16_to_cpu(iv->data.d16);
2372 b43_write16(dev, offset, value);
2374 iv = (const struct b43_iv *)((const uint8_t *)iv +
2385 b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2386 b43_print_fw_helptext(dev->wl, 1);
2391 static int b43_upload_initvals(struct b43_wldev *dev)
2393 const size_t hdr_len = sizeof(struct b43_fw_header);
2394 const struct b43_fw_header *hdr;
2395 struct b43_firmware *fw = &dev->fw;
2396 const struct b43_iv *ivals;
2400 hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2401 ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2402 count = be32_to_cpu(hdr->size);
2403 err = b43_write_initvals(dev, ivals, count,
2404 fw->initvals.data->size - hdr_len);
2407 if (fw->initvals_band.data) {
2408 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2409 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2410 count = be32_to_cpu(hdr->size);
2411 err = b43_write_initvals(dev, ivals, count,
2412 fw->initvals_band.data->size - hdr_len);
2421 /* Initialize the GPIOs
2422 * http://bcm-specs.sipsolutions.net/GPIO
2424 static int b43_gpio_init(struct b43_wldev *dev)
2426 struct ssb_bus *bus = dev->dev->bus;
2427 struct ssb_device *gpiodev, *pcidev = NULL;
2430 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2431 & ~B43_MACCTL_GPOUTSMSK);
2433 b43_write16(dev, B43_MMIO_GPIO_MASK, b43_read16(dev, B43_MMIO_GPIO_MASK)
2438 if (dev->dev->bus->chip_id == 0x4301) {
2442 if (0 /* FIXME: conditional unknown */ ) {
2443 b43_write16(dev, B43_MMIO_GPIO_MASK,
2444 b43_read16(dev, B43_MMIO_GPIO_MASK)
2449 if (dev->dev->bus->sprom.boardflags_lo & B43_BFL_PACTRL) {
2450 b43_write16(dev, B43_MMIO_GPIO_MASK,
2451 b43_read16(dev, B43_MMIO_GPIO_MASK)
2456 if (dev->dev->id.revision >= 2)
2457 mask |= 0x0010; /* FIXME: This is redundant. */
2459 #ifdef CONFIG_SSB_DRIVER_PCICORE
2460 pcidev = bus->pcicore.dev;
2462 gpiodev = bus->chipco.dev ? : pcidev;
2465 ssb_write32(gpiodev, B43_GPIO_CONTROL,
2466 (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2472 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2473 static void b43_gpio_cleanup(struct b43_wldev *dev)
2475 struct ssb_bus *bus = dev->dev->bus;
2476 struct ssb_device *gpiodev, *pcidev = NULL;
2478 #ifdef CONFIG_SSB_DRIVER_PCICORE
2479 pcidev = bus->pcicore.dev;
2481 gpiodev = bus->chipco.dev ? : pcidev;
2484 ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2487 /* http://bcm-specs.sipsolutions.net/EnableMac */
2488 void b43_mac_enable(struct b43_wldev *dev)
2490 dev->mac_suspended--;
2491 B43_WARN_ON(dev->mac_suspended < 0);
2492 if (dev->mac_suspended == 0) {
2493 b43_write32(dev, B43_MMIO_MACCTL,
2494 b43_read32(dev, B43_MMIO_MACCTL)
2495 | B43_MACCTL_ENABLED);
2496 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2497 B43_IRQ_MAC_SUSPENDED);
2499 b43_read32(dev, B43_MMIO_MACCTL);
2500 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2501 b43_power_saving_ctl_bits(dev, 0);
2505 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2506 void b43_mac_suspend(struct b43_wldev *dev)
2512 B43_WARN_ON(dev->mac_suspended < 0);
2514 if (dev->mac_suspended == 0) {
2515 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2516 b43_write32(dev, B43_MMIO_MACCTL,
2517 b43_read32(dev, B43_MMIO_MACCTL)
2518 & ~B43_MACCTL_ENABLED);
2519 /* force pci to flush the write */
2520 b43_read32(dev, B43_MMIO_MACCTL);
2521 for (i = 35; i; i--) {
2522 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2523 if (tmp & B43_IRQ_MAC_SUSPENDED)
2527 /* Hm, it seems this will take some time. Use msleep(). */
2528 for (i = 40; i; i--) {
2529 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2530 if (tmp & B43_IRQ_MAC_SUSPENDED)
2534 b43err(dev->wl, "MAC suspend failed\n");
2537 dev->mac_suspended++;
2540 static void b43_adjust_opmode(struct b43_wldev *dev)
2542 struct b43_wl *wl = dev->wl;
2546 ctl = b43_read32(dev, B43_MMIO_MACCTL);
2547 /* Reset status to STA infrastructure mode. */
2548 ctl &= ~B43_MACCTL_AP;
2549 ctl &= ~B43_MACCTL_KEEP_CTL;
2550 ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2551 ctl &= ~B43_MACCTL_KEEP_BAD;
2552 ctl &= ~B43_MACCTL_PROMISC;
2553 ctl &= ~B43_MACCTL_BEACPROMISC;
2554 ctl |= B43_MACCTL_INFRA;
2556 if (b43_is_mode(wl, IEEE80211_IF_TYPE_AP) ||
2557 b43_is_mode(wl, IEEE80211_IF_TYPE_MESH_POINT))
2558 ctl |= B43_MACCTL_AP;
2559 else if (b43_is_mode(wl, IEEE80211_IF_TYPE_IBSS))
2560 ctl &= ~B43_MACCTL_INFRA;
2562 if (wl->filter_flags & FIF_CONTROL)
2563 ctl |= B43_MACCTL_KEEP_CTL;
2564 if (wl->filter_flags & FIF_FCSFAIL)
2565 ctl |= B43_MACCTL_KEEP_BAD;
2566 if (wl->filter_flags & FIF_PLCPFAIL)
2567 ctl |= B43_MACCTL_KEEP_BADPLCP;
2568 if (wl->filter_flags & FIF_PROMISC_IN_BSS)
2569 ctl |= B43_MACCTL_PROMISC;
2570 if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2571 ctl |= B43_MACCTL_BEACPROMISC;
2573 /* Workaround: On old hardware the HW-MAC-address-filter
2574 * doesn't work properly, so always run promisc in filter
2575 * it in software. */
2576 if (dev->dev->id.revision <= 4)
2577 ctl |= B43_MACCTL_PROMISC;
2579 b43_write32(dev, B43_MMIO_MACCTL, ctl);
2582 if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2583 if (dev->dev->bus->chip_id == 0x4306 &&
2584 dev->dev->bus->chip_rev == 3)
2589 b43_write16(dev, 0x612, cfp_pretbtt);
2592 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
2598 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
2601 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
2603 b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
2604 b43_shm_read16(dev, B43_SHM_SHARED, offset));
2607 static void b43_rate_memory_init(struct b43_wldev *dev)
2609 switch (dev->phy.type) {
2613 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
2614 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
2615 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
2616 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
2617 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
2618 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
2619 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
2620 if (dev->phy.type == B43_PHYTYPE_A)
2624 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
2625 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
2626 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
2627 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
2634 /* Set the default values for the PHY TX Control Words. */
2635 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
2639 ctl |= B43_TXH_PHY_ENC_CCK;
2640 ctl |= B43_TXH_PHY_ANT01AUTO;
2641 ctl |= B43_TXH_PHY_TXPWR;
2643 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
2644 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
2645 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
2648 /* Set the TX-Antenna for management frames sent by firmware. */
2649 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
2654 ant = b43_antenna_to_phyctl(antenna);
2657 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
2658 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2659 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
2660 /* For Probe Resposes */
2661 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
2662 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2663 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
2666 /* This is the opposite of b43_chip_init() */
2667 static void b43_chip_exit(struct b43_wldev *dev)
2669 b43_radio_turn_off(dev, 1);
2670 b43_gpio_cleanup(dev);
2671 b43_lo_g_cleanup(dev);
2672 /* firmware is released later */
2675 /* Initialize the chip
2676 * http://bcm-specs.sipsolutions.net/ChipInit
2678 static int b43_chip_init(struct b43_wldev *dev)
2680 struct b43_phy *phy = &dev->phy;
2682 u32 value32, macctl;
2685 /* Initialize the MAC control */
2686 macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
2688 macctl |= B43_MACCTL_GMODE;
2689 macctl |= B43_MACCTL_INFRA;
2690 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2692 err = b43_request_firmware(dev);
2695 err = b43_upload_microcode(dev);
2697 goto out; /* firmware is released later */
2699 err = b43_gpio_init(dev);
2701 goto out; /* firmware is released later */
2703 err = b43_upload_initvals(dev);
2705 goto err_gpio_clean;
2706 b43_radio_turn_on(dev);
2708 b43_write16(dev, 0x03E6, 0x0000);
2709 err = b43_phy_init(dev);
2713 /* Select initial Interference Mitigation. */
2714 tmp = phy->interfmode;
2715 phy->interfmode = B43_INTERFMODE_NONE;
2716 b43_radio_set_interference_mitigation(dev, tmp);
2718 b43_set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
2719 b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
2721 if (phy->type == B43_PHYTYPE_B) {
2722 value16 = b43_read16(dev, 0x005E);
2724 b43_write16(dev, 0x005E, value16);
2726 b43_write32(dev, 0x0100, 0x01000000);
2727 if (dev->dev->id.revision < 5)
2728 b43_write32(dev, 0x010C, 0x01000000);
2730 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2731 & ~B43_MACCTL_INFRA);
2732 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2733 | B43_MACCTL_INFRA);
2735 /* Probe Response Timeout value */
2736 /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
2737 b43_shm_write16(dev, B43_SHM_SHARED, 0x0074, 0x0000);
2739 /* Initially set the wireless operation mode. */
2740 b43_adjust_opmode(dev);
2742 if (dev->dev->id.revision < 3) {
2743 b43_write16(dev, 0x060E, 0x0000);
2744 b43_write16(dev, 0x0610, 0x8000);
2745 b43_write16(dev, 0x0604, 0x0000);
2746 b43_write16(dev, 0x0606, 0x0200);
2748 b43_write32(dev, 0x0188, 0x80000000);
2749 b43_write32(dev, 0x018C, 0x02000000);
2751 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
2752 b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001DC00);
2753 b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
2754 b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
2755 b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
2756 b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
2757 b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
2759 value32 = ssb_read32(dev->dev, SSB_TMSLOW);
2760 value32 |= 0x00100000;
2761 ssb_write32(dev->dev, SSB_TMSLOW, value32);
2763 b43_write16(dev, B43_MMIO_POWERUP_DELAY,
2764 dev->dev->bus->chipco.fast_pwrup_delay);
2767 b43dbg(dev->wl, "Chip initialized\n");
2772 b43_radio_turn_off(dev, 1);
2774 b43_gpio_cleanup(dev);
2778 static void b43_periodic_every60sec(struct b43_wldev *dev)
2780 struct b43_phy *phy = &dev->phy;
2782 if (phy->type != B43_PHYTYPE_G)
2784 if (dev->dev->bus->sprom.boardflags_lo & B43_BFL_RSSI) {
2785 b43_mac_suspend(dev);
2786 b43_calc_nrssi_slope(dev);
2787 if ((phy->radio_ver == 0x2050) && (phy->radio_rev == 8)) {
2788 u8 old_chan = phy->channel;
2790 /* VCO Calibration */
2792 b43_radio_selectchannel(dev, 1, 0);
2794 b43_radio_selectchannel(dev, 13, 0);
2795 b43_radio_selectchannel(dev, old_chan, 0);
2797 b43_mac_enable(dev);
2801 static void b43_periodic_every30sec(struct b43_wldev *dev)
2803 /* Update device statistics. */
2804 b43_calculate_link_quality(dev);
2807 static void b43_periodic_every15sec(struct b43_wldev *dev)
2809 struct b43_phy *phy = &dev->phy;
2812 if (dev->fw.opensource) {
2813 /* Check if the firmware is still alive.
2814 * It will reset the watchdog counter to 0 in its idle loop. */
2815 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
2816 if (unlikely(wdr)) {
2817 b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
2818 b43_controller_restart(dev, "Firmware watchdog");
2821 b43_shm_write16(dev, B43_SHM_SCRATCH,
2822 B43_WATCHDOG_REG, 1);
2826 if (phy->type == B43_PHYTYPE_G) {
2827 //TODO: update_aci_moving_average
2828 if (phy->aci_enable && phy->aci_wlan_automatic) {
2829 b43_mac_suspend(dev);
2830 if (!phy->aci_enable && 1 /*TODO: not scanning? */ ) {
2831 if (0 /*TODO: bunch of conditions */ ) {
2832 b43_radio_set_interference_mitigation
2833 (dev, B43_INTERFMODE_MANUALWLAN);
2835 } else if (1 /*TODO*/) {
2837 if ((aci_average > 1000) && !(b43_radio_aci_scan(dev))) {
2838 b43_radio_set_interference_mitigation(dev,
2839 B43_INTERFMODE_NONE);
2843 b43_mac_enable(dev);
2844 } else if (phy->interfmode == B43_INTERFMODE_NONWLAN &&
2846 //TODO: implement rev1 workaround
2849 b43_phy_xmitpower(dev); //FIXME: unless scanning?
2850 b43_lo_g_maintanance_work(dev);
2851 //TODO for APHY (temperature?)
2853 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
2857 static void do_periodic_work(struct b43_wldev *dev)
2861 state = dev->periodic_state;
2863 b43_periodic_every60sec(dev);
2865 b43_periodic_every30sec(dev);
2866 b43_periodic_every15sec(dev);
2869 /* Periodic work locking policy:
2870 * The whole periodic work handler is protected by
2871 * wl->mutex. If another lock is needed somewhere in the
2872 * pwork callchain, it's aquired in-place, where it's needed.
2874 static void b43_periodic_work_handler(struct work_struct *work)
2876 struct b43_wldev *dev = container_of(work, struct b43_wldev,
2877 periodic_work.work);
2878 struct b43_wl *wl = dev->wl;
2879 unsigned long delay;
2881 mutex_lock(&wl->mutex);
2883 if (unlikely(b43_status(dev) != B43_STAT_STARTED))
2885 if (b43_debug(dev, B43_DBG_PWORK_STOP))
2888 do_periodic_work(dev);
2890 dev->periodic_state++;
2892 if (b43_debug(dev, B43_DBG_PWORK_FAST))
2893 delay = msecs_to_jiffies(50);
2895 delay = round_jiffies_relative(HZ * 15);
2896 queue_delayed_work(wl->hw->workqueue, &dev->periodic_work, delay);
2898 mutex_unlock(&wl->mutex);
2901 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
2903 struct delayed_work *work = &dev->periodic_work;
2905 dev->periodic_state = 0;
2906 INIT_DELAYED_WORK(work, b43_periodic_work_handler);
2907 queue_delayed_work(dev->wl->hw->workqueue, work, 0);
2910 /* Check if communication with the device works correctly. */
2911 static int b43_validate_chipaccess(struct b43_wldev *dev)
2915 backup = b43_shm_read32(dev, B43_SHM_SHARED, 0);
2917 /* Check for read/write and endianness problems. */
2918 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
2919 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
2921 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
2922 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
2925 b43_shm_write32(dev, B43_SHM_SHARED, 0, backup);
2927 if ((dev->dev->id.revision >= 3) && (dev->dev->id.revision <= 10)) {
2928 /* The 32bit register shadows the two 16bit registers
2929 * with update sideeffects. Validate this. */
2930 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
2931 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
2932 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
2934 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
2937 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
2939 v = b43_read32(dev, B43_MMIO_MACCTL);
2940 v |= B43_MACCTL_GMODE;
2941 if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
2946 b43err(dev->wl, "Failed to validate the chipaccess\n");
2950 static void b43_security_init(struct b43_wldev *dev)
2952 dev->max_nr_keys = (dev->dev->id.revision >= 5) ? 58 : 20;
2953 B43_WARN_ON(dev->max_nr_keys > ARRAY_SIZE(dev->key));
2954 dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
2955 /* KTP is a word address, but we address SHM bytewise.
2956 * So multiply by two.
2959 if (dev->dev->id.revision >= 5) {
2960 /* Number of RCMTA address slots */
2961 b43_write16(dev, B43_MMIO_RCMTA_COUNT, dev->max_nr_keys - 8);
2963 b43_clear_keys(dev);
2966 static int b43_rng_read(struct hwrng *rng, u32 * data)
2968 struct b43_wl *wl = (struct b43_wl *)rng->priv;
2969 unsigned long flags;
2971 /* Don't take wl->mutex here, as it could deadlock with
2972 * hwrng internal locking. It's not needed to take
2973 * wl->mutex here, anyway. */
2975 spin_lock_irqsave(&wl->irq_lock, flags);
2976 *data = b43_read16(wl->current_dev, B43_MMIO_RNG);
2977 spin_unlock_irqrestore(&wl->irq_lock, flags);
2979 return (sizeof(u16));
2982 static void b43_rng_exit(struct b43_wl *wl)
2984 if (wl->rng_initialized)
2985 hwrng_unregister(&wl->rng);
2988 static int b43_rng_init(struct b43_wl *wl)
2992 snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
2993 "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
2994 wl->rng.name = wl->rng_name;
2995 wl->rng.data_read = b43_rng_read;
2996 wl->rng.priv = (unsigned long)wl;
2997 wl->rng_initialized = 1;
2998 err = hwrng_register(&wl->rng);
3000 wl->rng_initialized = 0;
3001 b43err(wl, "Failed to register the random "
3002 "number generator (%d)\n", err);
3008 static int b43_op_tx(struct ieee80211_hw *hw,
3009 struct sk_buff *skb)
3011 struct b43_wl *wl = hw_to_b43_wl(hw);
3012 struct b43_wldev *dev = wl->current_dev;
3013 unsigned long flags;
3016 if (unlikely(skb->len < 2 + 2 + 6)) {
3017 /* Too short, this can't be a valid frame. */
3018 dev_kfree_skb_any(skb);
3019 return NETDEV_TX_OK;
3021 B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3023 return NETDEV_TX_BUSY;
3025 /* Transmissions on seperate queues can run concurrently. */
3026 read_lock_irqsave(&wl->tx_lock, flags);
3029 if (likely(b43_status(dev) >= B43_STAT_STARTED)) {
3030 if (b43_using_pio_transfers(dev))
3031 err = b43_pio_tx(dev, skb);
3033 err = b43_dma_tx(dev, skb);
3036 read_unlock_irqrestore(&wl->tx_lock, flags);
3039 return NETDEV_TX_BUSY;
3040 return NETDEV_TX_OK;
3043 /* Locking: wl->irq_lock */
3044 static void b43_qos_params_upload(struct b43_wldev *dev,
3045 const struct ieee80211_tx_queue_params *p,
3048 u16 params[B43_NR_QOSPARAMS];
3049 int cw_min, cw_max, aifs, bslots, tmp;
3052 const u16 aCWmin = 0x0001;
3053 const u16 aCWmax = 0x03FF;
3055 /* Calculate the default values for the parameters, if needed. */
3056 switch (shm_offset) {
3058 aifs = (p->aifs == -1) ? 2 : p->aifs;
3059 cw_min = (p->cw_min == 0) ? ((aCWmin + 1) / 4 - 1) : p->cw_min;
3060 cw_max = (p->cw_max == 0) ? ((aCWmin + 1) / 2 - 1) : p->cw_max;
3063 aifs = (p->aifs == -1) ? 2 : p->aifs;
3064 cw_min = (p->cw_min == 0) ? ((aCWmin + 1) / 2 - 1) : p->cw_min;
3065 cw_max = (p->cw_max == 0) ? aCWmin : p->cw_max;
3067 case B43_QOS_BESTEFFORT:
3068 aifs = (p->aifs == -1) ? 3 : p->aifs;
3069 cw_min = (p->cw_min == 0) ? aCWmin : p->cw_min;
3070 cw_max = (p->cw_max == 0) ? aCWmax : p->cw_max;
3072 case B43_QOS_BACKGROUND:
3073 aifs = (p->aifs == -1) ? 7 : p->aifs;
3074 cw_min = (p->cw_min == 0) ? aCWmin : p->cw_min;
3075 cw_max = (p->cw_max == 0) ? aCWmax : p->cw_max;
3085 bslots = b43_read16(dev, B43_MMIO_RNG) % cw_min;
3087 memset(¶ms, 0, sizeof(params));
3089 params[B43_QOSPARAM_TXOP] = p->txop * 32;
3090 params[B43_QOSPARAM_CWMIN] = cw_min;
3091 params[B43_QOSPARAM_CWMAX] = cw_max;
3092 params[B43_QOSPARAM_CWCUR] = cw_min;
3093 params[B43_QOSPARAM_AIFS] = aifs;
3094 params[B43_QOSPARAM_BSLOTS] = bslots;
3095 params[B43_QOSPARAM_REGGAP] = bslots + aifs;
3097 for (i = 0; i < ARRAY_SIZE(params); i++) {
3098 if (i == B43_QOSPARAM_STATUS) {
3099 tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3100 shm_offset + (i * 2));
3101 /* Mark the parameters as updated. */
3103 b43_shm_write16(dev, B43_SHM_SHARED,
3104 shm_offset + (i * 2),
3107 b43_shm_write16(dev, B43_SHM_SHARED,
3108 shm_offset + (i * 2),
3114 /* Update the QOS parameters in hardware. */
3115 static void b43_qos_update(struct b43_wldev *dev)
3117 struct b43_wl *wl = dev->wl;
3118 struct b43_qos_params *params;
3119 unsigned long flags;
3122 /* Mapping of mac80211 queues to b43 SHM offsets. */
3123 static const u16 qos_shm_offsets[] = {
3124 [0] = B43_QOS_VOICE,
3125 [1] = B43_QOS_VIDEO,
3126 [2] = B43_QOS_BESTEFFORT,
3127 [3] = B43_QOS_BACKGROUND,
3129 BUILD_BUG_ON(ARRAY_SIZE(qos_shm_offsets) != ARRAY_SIZE(wl->qos_params));
3131 b43_mac_suspend(dev);
3132 spin_lock_irqsave(&wl->irq_lock, flags);
3134 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3135 params = &(wl->qos_params[i]);
3136 if (params->need_hw_update) {
3137 b43_qos_params_upload(dev, &(params->p),
3138 qos_shm_offsets[i]);
3139 params->need_hw_update = 0;
3143 spin_unlock_irqrestore(&wl->irq_lock, flags);
3144 b43_mac_enable(dev);
3147 static void b43_qos_clear(struct b43_wl *wl)
3149 struct b43_qos_params *params;
3152 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3153 params = &(wl->qos_params[i]);
3155 memset(&(params->p), 0, sizeof(params->p));
3156 params->p.aifs = -1;
3157 params->need_hw_update = 1;
3161 /* Initialize the core's QOS capabilities */
3162 static void b43_qos_init(struct b43_wldev *dev)
3164 struct b43_wl *wl = dev->wl;
3167 /* Upload the current QOS parameters. */
3168 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++)
3169 wl->qos_params[i].need_hw_update = 1;
3170 b43_qos_update(dev);
3172 /* Enable QOS support. */
3173 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3174 b43_write16(dev, B43_MMIO_IFSCTL,
3175 b43_read16(dev, B43_MMIO_IFSCTL)
3176 | B43_MMIO_IFSCTL_USE_EDCF);
3179 static void b43_qos_update_work(struct work_struct *work)
3181 struct b43_wl *wl = container_of(work, struct b43_wl, qos_update_work);
3182 struct b43_wldev *dev;
3184 mutex_lock(&wl->mutex);
3185 dev = wl->current_dev;
3186 if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED)))
3187 b43_qos_update(dev);
3188 mutex_unlock(&wl->mutex);
3191 static int b43_op_conf_tx(struct ieee80211_hw *hw, u16 _queue,
3192 const struct ieee80211_tx_queue_params *params)
3194 struct b43_wl *wl = hw_to_b43_wl(hw);
3195 unsigned long flags;
3196 unsigned int queue = (unsigned int)_queue;
3197 struct b43_qos_params *p;
3199 if (queue >= ARRAY_SIZE(wl->qos_params)) {
3200 /* Queue not available or don't support setting
3201 * params on this queue. Return success to not
3202 * confuse mac80211. */
3206 spin_lock_irqsave(&wl->irq_lock, flags);
3207 p = &(wl->qos_params[queue]);
3208 memcpy(&(p->p), params, sizeof(p->p));
3209 p->need_hw_update = 1;
3210 spin_unlock_irqrestore(&wl->irq_lock, flags);
3212 queue_work(hw->workqueue, &wl->qos_update_work);
3217 static int b43_op_get_tx_stats(struct ieee80211_hw *hw,
3218 struct ieee80211_tx_queue_stats *stats)
3220 struct b43_wl *wl = hw_to_b43_wl(hw);
3221 struct b43_wldev *dev = wl->current_dev;
3222 unsigned long flags;
3227 spin_lock_irqsave(&wl->irq_lock, flags);
3228 if (likely(b43_status(dev) >= B43_STAT_STARTED)) {
3229 if (b43_using_pio_transfers(dev))
3230 b43_pio_get_tx_stats(dev, stats);
3232 b43_dma_get_tx_stats(dev, stats);
3235 spin_unlock_irqrestore(&wl->irq_lock, flags);
3240 static int b43_op_get_stats(struct ieee80211_hw *hw,
3241 struct ieee80211_low_level_stats *stats)
3243 struct b43_wl *wl = hw_to_b43_wl(hw);
3244 unsigned long flags;
3246 spin_lock_irqsave(&wl->irq_lock, flags);
3247 memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3248 spin_unlock_irqrestore(&wl->irq_lock, flags);
3253 static void b43_put_phy_into_reset(struct b43_wldev *dev)
3255 struct ssb_device *sdev = dev->dev;
3258 tmslow = ssb_read32(sdev, SSB_TMSLOW);
3259 tmslow &= ~B43_TMSLOW_GMODE;
3260 tmslow |= B43_TMSLOW_PHYRESET;
3261 tmslow |= SSB_TMSLOW_FGC;
3262 ssb_write32(sdev, SSB_TMSLOW, tmslow);
3265 tmslow = ssb_read32(sdev, SSB_TMSLOW);
3266 tmslow &= ~SSB_TMSLOW_FGC;
3267 tmslow |= B43_TMSLOW_PHYRESET;
3268 ssb_write32(sdev, SSB_TMSLOW, tmslow);
3272 static const char * band_to_string(enum ieee80211_band band)
3275 case IEEE80211_BAND_5GHZ:
3277 case IEEE80211_BAND_2GHZ:
3286 /* Expects wl->mutex locked */
3287 static int b43_switch_band(struct b43_wl *wl, struct ieee80211_channel *chan)
3289 struct b43_wldev *up_dev = NULL;
3290 struct b43_wldev *down_dev;
3291 struct b43_wldev *d;
3296 /* Find a device and PHY which supports the band. */
3297 list_for_each_entry(d, &wl->devlist, list) {
3298 switch (chan->band) {
3299 case IEEE80211_BAND_5GHZ:
3300 if (d->phy.supports_5ghz) {
3305 case IEEE80211_BAND_2GHZ:
3306 if (d->phy.supports_2ghz) {
3319 b43err(wl, "Could not find a device for %s-GHz band operation\n",
3320 band_to_string(chan->band));
3323 if ((up_dev == wl->current_dev) &&
3324 (!!wl->current_dev->phy.gmode == !!gmode)) {
3325 /* This device is already running. */
3328 b43dbg(wl, "Switching to %s-GHz band\n",
3329 band_to_string(chan->band));
3330 down_dev = wl->current_dev;
3332 prev_status = b43_status(down_dev);
3333 /* Shutdown the currently running core. */
3334 if (prev_status >= B43_STAT_STARTED)
3335 b43_wireless_core_stop(down_dev);
3336 if (prev_status >= B43_STAT_INITIALIZED)
3337 b43_wireless_core_exit(down_dev);
3339 if (down_dev != up_dev) {
3340 /* We switch to a different core, so we put PHY into
3341 * RESET on the old core. */
3342 b43_put_phy_into_reset(down_dev);
3345 /* Now start the new core. */
3346 up_dev->phy.gmode = gmode;
3347 if (prev_status >= B43_STAT_INITIALIZED) {
3348 err = b43_wireless_core_init(up_dev);
3350 b43err(wl, "Fatal: Could not initialize device for "
3351 "selected %s-GHz band\n",
3352 band_to_string(chan->band));
3356 if (prev_status >= B43_STAT_STARTED) {
3357 err = b43_wireless_core_start(up_dev);
3359 b43err(wl, "Fatal: Coult not start device for "
3360 "selected %s-GHz band\n",
3361 band_to_string(chan->band));
3362 b43_wireless_core_exit(up_dev);
3366 B43_WARN_ON(b43_status(up_dev) != prev_status);
3368 wl->current_dev = up_dev;
3372 /* Whoops, failed to init the new core. No core is operating now. */
3373 wl->current_dev = NULL;
3377 static int b43_op_config(struct ieee80211_hw *hw, struct ieee80211_conf *conf)
3379 struct b43_wl *wl = hw_to_b43_wl(hw);
3380 struct b43_wldev *dev;
3381 struct b43_phy *phy;
3382 unsigned long flags;
3387 mutex_lock(&wl->mutex);
3389 /* Switch the band (if necessary). This might change the active core. */
3390 err = b43_switch_band(wl, conf->channel);
3392 goto out_unlock_mutex;
3393 dev = wl->current_dev;
3396 /* Disable IRQs while reconfiguring the device.
3397 * This makes it possible to drop the spinlock throughout
3398 * the reconfiguration process. */
3399 spin_lock_irqsave(&wl->irq_lock, flags);
3400 if (b43_status(dev) < B43_STAT_STARTED) {
3401 spin_unlock_irqrestore(&wl->irq_lock, flags);
3402 goto out_unlock_mutex;
3404 savedirqs = b43_interrupt_disable(dev, B43_IRQ_ALL);
3405 spin_unlock_irqrestore(&wl->irq_lock, flags);
3406 b43_synchronize_irq(dev);
3408 /* Switch to the requested channel.
3409 * The firmware takes care of races with the TX handler. */
3410 if (conf->channel->hw_value != phy->channel)
3411 b43_radio_selectchannel(dev, conf->channel->hw_value, 0);
3413 /* Enable/Disable ShortSlot timing. */
3414 if ((!!(conf->flags & IEEE80211_CONF_SHORT_SLOT_TIME)) !=
3416 B43_WARN_ON(phy->type != B43_PHYTYPE_G);
3417 if (conf->flags & IEEE80211_CONF_SHORT_SLOT_TIME)
3418 b43_short_slot_timing_enable(dev);
3420 b43_short_slot_timing_disable(dev);
3423 dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_RADIOTAP);
3425 /* Adjust the desired TX power level. */
3426 if (conf->power_level != 0) {
3427 if (conf->power_level != phy->power_level) {
3428 phy->power_level = conf->power_level;
3429 b43_phy_xmitpower(dev);
3433 /* Antennas for RX and management frame TX. */
3434 antenna = b43_antenna_from_ieee80211(dev, conf->antenna_sel_tx);
3435 b43_mgmtframe_txantenna(dev, antenna);
3436 antenna = b43_antenna_from_ieee80211(dev, conf->antenna_sel_rx);
3437 b43_set_rx_antenna(dev, antenna);
3439 /* Update templates for AP/mesh mode. */
3440 if (b43_is_mode(wl, IEEE80211_IF_TYPE_AP) ||
3441 b43_is_mode(wl, IEEE80211_IF_TYPE_MESH_POINT))
3442 b43_set_beacon_int(dev, conf->beacon_int);
3444 if (!!conf->radio_enabled != phy->radio_on) {
3445 if (conf->radio_enabled) {
3446 b43_radio_turn_on(dev);
3447 b43info(dev->wl, "Radio turned on by software\n");
3448 if (!dev->radio_hw_enable) {
3449 b43info(dev->wl, "The hardware RF-kill button "
3450 "still turns the radio physically off. "
3451 "Press the button to turn it on.\n");
3454 b43_radio_turn_off(dev, 0);
3455 b43info(dev->wl, "Radio turned off by software\n");
3459 spin_lock_irqsave(&wl->irq_lock, flags);
3460 b43_interrupt_enable(dev, savedirqs);
3462 spin_unlock_irqrestore(&wl->irq_lock, flags);
3464 mutex_unlock(&wl->mutex);
3469 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
3470 const u8 *local_addr, const u8 *addr,
3471 struct ieee80211_key_conf *key)
3473 struct b43_wl *wl = hw_to_b43_wl(hw);
3474 struct b43_wldev *dev;
3475 unsigned long flags;
3479 DECLARE_MAC_BUF(mac);
3481 if (modparam_nohwcrypt)
3482 return -ENOSPC; /* User disabled HW-crypto */
3484 mutex_lock(&wl->mutex);
3485 spin_lock_irqsave(&wl->irq_lock, flags);
3487 dev = wl->current_dev;
3489 if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
3492 if (dev->fw.pcm_request_failed) {
3493 /* We don't have firmware for the crypto engine.
3494 * Must use software-crypto. */
3502 if (key->keylen == 5)
3503 algorithm = B43_SEC_ALGO_WEP40;
3505 algorithm = B43_SEC_ALGO_WEP104;
3508 algorithm = B43_SEC_ALGO_TKIP;
3511 algorithm = B43_SEC_ALGO_AES;
3517 index = (u8) (key->keyidx);
3523 if (algorithm == B43_SEC_ALGO_TKIP) {
3524 /* FIXME: No TKIP hardware encryption for now. */
3529 if (is_broadcast_ether_addr(addr)) {
3530 /* addr is FF:FF:FF:FF:FF:FF for default keys */
3531 err = b43_key_write(dev, index, algorithm,
3532 key->key, key->keylen, NULL, key);
3535 * either pairwise key or address is 00:00:00:00:00:00
3536 * for transmit-only keys
3538 err = b43_key_write(dev, -1, algorithm,
3539 key->key, key->keylen, addr, key);
3544 if (algorithm == B43_SEC_ALGO_WEP40 ||
3545 algorithm == B43_SEC_ALGO_WEP104) {
3546 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
3549 b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
3551 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
3554 err = b43_key_clear(dev, key->hw_key_idx);
3563 spin_unlock_irqrestore(&wl->irq_lock, flags);
3564 mutex_unlock(&wl->mutex);
3566 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
3568 cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
3569 print_mac(mac, addr));
3574 static void b43_op_configure_filter(struct ieee80211_hw *hw,
3575 unsigned int changed, unsigned int *fflags,
3576 int mc_count, struct dev_addr_list *mc_list)
3578 struct b43_wl *wl = hw_to_b43_wl(hw);
3579 struct b43_wldev *dev = wl->current_dev;
3580 unsigned long flags;
3587 spin_lock_irqsave(&wl->irq_lock, flags);
3588 *fflags &= FIF_PROMISC_IN_BSS |
3594 FIF_BCN_PRBRESP_PROMISC;
3596 changed &= FIF_PROMISC_IN_BSS |
3602 FIF_BCN_PRBRESP_PROMISC;
3604 wl->filter_flags = *fflags;
3606 if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
3607 b43_adjust_opmode(dev);
3608 spin_unlock_irqrestore(&wl->irq_lock, flags);
3611 static int b43_op_config_interface(struct ieee80211_hw *hw,
3612 struct ieee80211_vif *vif,
3613 struct ieee80211_if_conf *conf)
3615 struct b43_wl *wl = hw_to_b43_wl(hw);
3616 struct b43_wldev *dev = wl->current_dev;
3617 unsigned long flags;
3621 mutex_lock(&wl->mutex);
3622 spin_lock_irqsave(&wl->irq_lock, flags);
3623 B43_WARN_ON(wl->vif != vif);
3625 memcpy(wl->bssid, conf->bssid, ETH_ALEN);
3627 memset(wl->bssid, 0, ETH_ALEN);
3628 if (b43_status(dev) >= B43_STAT_INITIALIZED) {
3629 if (b43_is_mode(wl, IEEE80211_IF_TYPE_AP) ||
3630 b43_is_mode(wl, IEEE80211_IF_TYPE_MESH_POINT)) {
3631 B43_WARN_ON(conf->type != wl->if_type);
3632 b43_set_ssid(dev, conf->ssid, conf->ssid_len);
3634 b43_update_templates(wl, conf->beacon);
3636 b43_write_mac_bssid_templates(dev);
3638 spin_unlock_irqrestore(&wl->irq_lock, flags);
3639 mutex_unlock(&wl->mutex);
3644 /* Locking: wl->mutex */
3645 static void b43_wireless_core_stop(struct b43_wldev *dev)
3647 struct b43_wl *wl = dev->wl;
3648 unsigned long flags;
3650 if (b43_status(dev) < B43_STAT_STARTED)
3653 /* Disable and sync interrupts. We must do this before than
3654 * setting the status to INITIALIZED, as the interrupt handler
3655 * won't care about IRQs then. */
3656 spin_lock_irqsave(&wl->irq_lock, flags);
3657 dev->irq_savedstate = b43_interrupt_disable(dev, B43_IRQ_ALL);
3658 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* flush */
3659 spin_unlock_irqrestore(&wl->irq_lock, flags);
3660 b43_synchronize_irq(dev);
3662 write_lock_irqsave(&wl->tx_lock, flags);
3663 b43_set_status(dev, B43_STAT_INITIALIZED);
3664 write_unlock_irqrestore(&wl->tx_lock, flags);
3667 mutex_unlock(&wl->mutex);
3668 /* Must unlock as it would otherwise deadlock. No races here.
3669 * Cancel the possibly running self-rearming periodic work. */
3670 cancel_delayed_work_sync(&dev->periodic_work);
3671 mutex_lock(&wl->mutex);
3673 b43_mac_suspend(dev);
3674 free_irq(dev->dev->irq, dev);
3675 b43dbg(wl, "Wireless interface stopped\n");
3678 /* Locking: wl->mutex */
3679 static int b43_wireless_core_start(struct b43_wldev *dev)
3683 B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
3685 drain_txstatus_queue(dev);
3686 err = request_irq(dev->dev->irq, b43_interrupt_handler,
3687 IRQF_SHARED, KBUILD_MODNAME, dev);
3689 b43err(dev->wl, "Cannot request IRQ-%d\n", dev->dev->irq);
3693 /* We are ready to run. */
3694 b43_set_status(dev, B43_STAT_STARTED);
3696 /* Start data flow (TX/RX). */
3697 b43_mac_enable(dev);
3698 b43_interrupt_enable(dev, dev->irq_savedstate);
3700 /* Start maintainance work */
3701 b43_periodic_tasks_setup(dev);
3703 b43dbg(dev->wl, "Wireless interface started\n");
3708 /* Get PHY and RADIO versioning numbers */
3709 static int b43_phy_versioning(struct b43_wldev *dev)
3711 struct b43_phy *phy = &dev->phy;
3719 int unsupported = 0;
3721 /* Get PHY versioning */
3722 tmp = b43_read16(dev, B43_MMIO_PHY_VER);
3723 analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
3724 phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
3725 phy_rev = (tmp & B43_PHYVER_VERSION);
3732 if (phy_rev != 2 && phy_rev != 4 && phy_rev != 6
3740 #ifdef CONFIG_B43_NPHY
3750 b43err(dev->wl, "FOUND UNSUPPORTED PHY "
3751 "(Analog %u, Type %u, Revision %u)\n",
3752 analog_type, phy_type, phy_rev);
3755 b43dbg(dev->wl, "Found PHY: Analog %u, Type %u, Revision %u\n",
3756 analog_type, phy_type, phy_rev);
3758 /* Get RADIO versioning */
3759 if (dev->dev->bus->chip_id == 0x4317) {
3760 if (dev->dev->bus->chip_rev == 0)
3762 else if (dev->dev->bus->chip_rev == 1)
3767 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
3768 tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
3769 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
3770 tmp |= (u32)b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH) << 16;
3772 radio_manuf = (tmp & 0x00000FFF);
3773 radio_ver = (tmp & 0x0FFFF000) >> 12;
3774 radio_rev = (tmp & 0xF0000000) >> 28;
3775 if (radio_manuf != 0x17F /* Broadcom */)
3779 if (radio_ver != 0x2060)
3783 if (radio_manuf != 0x17F)
3787 if ((radio_ver & 0xFFF0) != 0x2050)
3791 if (radio_ver != 0x2050)
3795 if (radio_ver != 0x2055)
3802 b43err(dev->wl, "FOUND UNSUPPORTED RADIO "
3803 "(Manuf 0x%X, Version 0x%X, Revision %u)\n",
3804 radio_manuf, radio_ver, radio_rev);
3807 b43dbg(dev->wl, "Found Radio: Manuf 0x%X, Version 0x%X, Revision %u\n",
3808 radio_manuf, radio_ver, radio_rev);
3810 phy->radio_manuf = radio_manuf;
3811 phy->radio_ver = radio_ver;
3812 phy->radio_rev = radio_rev;
3814 phy->analog = analog_type;
3815 phy->type = phy_type;
3821 static void setup_struct_phy_for_init(struct b43_wldev *dev,
3822 struct b43_phy *phy)
3824 struct b43_txpower_lo_control *lo;
3827 memset(phy->minlowsig, 0xFF, sizeof(phy->minlowsig));
3828 memset(phy->minlowsigpos, 0, sizeof(phy->minlowsigpos));
3830 phy->aci_enable = 0;
3831 phy->aci_wlan_automatic = 0;
3832 phy->aci_hw_rssi = 0;
3834 phy->radio_off_context.valid = 0;
3836 lo = phy->lo_control;
3838 memset(lo, 0, sizeof(*(phy->lo_control)));
3840 INIT_LIST_HEAD(&lo->calib_list);
3842 phy->max_lb_gain = 0;
3843 phy->trsw_rx_gain = 0;
3844 phy->txpwr_offset = 0;
3847 phy->nrssislope = 0;
3848 for (i = 0; i < ARRAY_SIZE(phy->nrssi); i++)
3849 phy->nrssi[i] = -1000;
3850 for (i = 0; i < ARRAY_SIZE(phy->nrssi_lt); i++)
3851 phy->nrssi_lt[i] = i;
3853 phy->lofcal = 0xFFFF;
3854 phy->initval = 0xFFFF;
3856 phy->interfmode = B43_INTERFMODE_NONE;
3857 phy->channel = 0xFF;
3859 phy->hardware_power_control = !!modparam_hwpctl;
3861 /* PHY TX errors counter. */
3862 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3864 /* OFDM-table address caching. */
3865 phy->ofdmtab_addr_direction = B43_OFDMTAB_DIRECTION_UNKNOWN;
3868 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
3872 /* Assume the radio is enabled. If it's not enabled, the state will
3873 * immediately get fixed on the first periodic work run. */
3874 dev->radio_hw_enable = 1;
3877 memset(&dev->stats, 0, sizeof(dev->stats));
3879 setup_struct_phy_for_init(dev, &dev->phy);
3881 /* IRQ related flags */
3882 dev->irq_reason = 0;
3883 memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
3884 dev->irq_savedstate = B43_IRQ_MASKTEMPLATE;
3886 dev->mac_suspended = 1;
3888 /* Noise calculation context */
3889 memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
3892 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
3894 struct ssb_sprom *sprom = &dev->dev->bus->sprom;
3897 if (!modparam_btcoex)
3899 if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
3901 if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
3904 hf = b43_hf_read(dev);
3905 if (sprom->boardflags_lo & B43_BFL_BTCMOD)
3906 hf |= B43_HF_BTCOEXALT;
3908 hf |= B43_HF_BTCOEX;
3909 b43_hf_write(dev, hf);
3912 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
3914 if (!modparam_btcoex)
3919 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
3921 #ifdef CONFIG_SSB_DRIVER_PCICORE
3922 struct ssb_bus *bus = dev->dev->bus;
3925 if (bus->pcicore.dev &&
3926 bus->pcicore.dev->id.coreid == SSB_DEV_PCI &&
3927 bus->pcicore.dev->id.revision <= 5) {
3928 /* IMCFGLO timeouts workaround. */
3929 tmp = ssb_read32(dev->dev, SSB_IMCFGLO);
3930 tmp &= ~SSB_IMCFGLO_REQTO;
3931 tmp &= ~SSB_IMCFGLO_SERTO;
3932 switch (bus->bustype) {
3933 case SSB_BUSTYPE_PCI:
3934 case SSB_BUSTYPE_PCMCIA:
3937 case SSB_BUSTYPE_SSB:
3941 ssb_write32(dev->dev, SSB_IMCFGLO, tmp);
3943 #endif /* CONFIG_SSB_DRIVER_PCICORE */
3946 /* Write the short and long frame retry limit values. */
3947 static void b43_set_retry_limits(struct b43_wldev *dev,
3948 unsigned int short_retry,
3949 unsigned int long_retry)
3951 /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3952 * the chip-internal counter. */
3953 short_retry = min(short_retry, (unsigned int)0xF);
3954 long_retry = min(long_retry, (unsigned int)0xF);
3956 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3958 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3962 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
3966 /* The time value is in microseconds. */
3967 if (dev->phy.type == B43_PHYTYPE_A)
3971 if (b43_is_mode(dev->wl, IEEE80211_IF_TYPE_IBSS) || idle)
3973 if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
3974 pu_delay = max(pu_delay, (u16)2400);
3976 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
3979 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
3980 static void b43_set_pretbtt(struct b43_wldev *dev)
3984 /* The time value is in microseconds. */
3985 if (b43_is_mode(dev->wl, IEEE80211_IF_TYPE_IBSS)) {
3988 if (dev->phy.type == B43_PHYTYPE_A)
3993 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
3994 b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
3997 /* Shutdown a wireless core */
3998 /* Locking: wl->mutex */
3999 static void b43_wireless_core_exit(struct b43_wldev *dev)
4001 struct b43_phy *phy = &dev->phy;
4004 B43_WARN_ON(b43_status(dev) > B43_STAT_INITIALIZED);
4005 if (b43_status(dev) != B43_STAT_INITIALIZED)
4007 b43_set_status(dev, B43_STAT_UNINIT);
4009 /* Stop the microcode PSM. */
4010 macctl = b43_read32(dev, B43_MMIO_MACCTL);
4011 macctl &= ~B43_MACCTL_PSM_RUN;
4012 macctl |= B43_MACCTL_PSM_JMP0;
4013 b43_write32(dev, B43_MMIO_MACCTL, macctl);
4015 if (!dev->suspend_in_progress) {
4017 b43_rng_exit(dev->wl);
4022 b43_radio_turn_off(dev, 1);
4023 b43_switch_analog(dev, 0);
4024 if (phy->dyn_tssi_tbl)
4025 kfree(phy->tssi2dbm);
4026 kfree(phy->lo_control);
4027 phy->lo_control = NULL;
4028 if (dev->wl->current_beacon) {
4029 dev_kfree_skb_any(dev->wl->current_beacon);
4030 dev->wl->current_beacon = NULL;
4033 ssb_device_disable(dev->dev, 0);
4034 ssb_bus_may_powerdown(dev->dev->bus);
4037 /* Initialize a wireless core */
4038 static int b43_wireless_core_init(struct b43_wldev *dev)
4040 struct b43_wl *wl = dev->wl;
4041 struct ssb_bus *bus = dev->dev->bus;
4042 struct ssb_sprom *sprom = &bus->sprom;
4043 struct b43_phy *phy = &dev->phy;
4048 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4050 err = ssb_bus_powerup(bus, 0);
4053 if (!ssb_device_is_enabled(dev->dev)) {
4054 tmp = phy->gmode ? B43_TMSLOW_GMODE : 0;
4055 b43_wireless_core_reset(dev, tmp);
4058 if ((phy->type == B43_PHYTYPE_B) || (phy->type == B43_PHYTYPE_G)) {
4060 kzalloc(sizeof(*(phy->lo_control)), GFP_KERNEL);
4061 if (!phy->lo_control) {
4066 setup_struct_wldev_for_init(dev);
4068 err = b43_phy_init_tssi2dbm_table(dev);
4070 goto err_kfree_lo_control;
4072 /* Enable IRQ routing to this device. */
4073 ssb_pcicore_dev_irqvecs_enable(&bus->pcicore, dev->dev);
4075 b43_imcfglo_timeouts_workaround(dev);
4076 b43_bluetooth_coext_disable(dev);
4077 b43_phy_early_init(dev);
4078 err = b43_chip_init(dev);
4080 goto err_kfree_tssitbl;
4081 b43_shm_write16(dev, B43_SHM_SHARED,
4082 B43_SHM_SH_WLCOREREV, dev->dev->id.revision);
4083 hf = b43_hf_read(dev);
4084 if (phy->type == B43_PHYTYPE_G) {
4088 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4089 hf |= B43_HF_OFDMPABOOST;
4090 } else if (phy->type == B43_PHYTYPE_B) {
4092 if (phy->rev >= 2 && phy->radio_ver == 0x2050)
4095 b43_hf_write(dev, hf);
4097 b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4098 B43_DEFAULT_LONG_RETRY_LIMIT);
4099 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4100 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4102 /* Disable sending probe responses from firmware.
4103 * Setting the MaxTime to one usec will always trigger
4104 * a timeout, so we never send any probe resp.
4105 * A timeout of zero is infinite. */
4106 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4108 b43_rate_memory_init(dev);
4109 b43_set_phytxctl_defaults(dev);
4111 /* Minimum Contention Window */
4112 if (phy->type == B43_PHYTYPE_B) {
4113 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4115 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4117 /* Maximum Contention Window */
4118 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4120 if ((dev->dev->bus->bustype == SSB_BUSTYPE_PCMCIA) || B43_FORCE_PIO) {
4121 dev->__using_pio_transfers = 1;
4122 err = b43_pio_init(dev);
4124 dev->__using_pio_transfers = 0;
4125 err = b43_dma_init(dev);
4130 b43_set_synth_pu_delay(dev, 1);
4131 b43_bluetooth_coext_enable(dev);
4133 ssb_bus_powerup(bus, 1); /* Enable dynamic PCTL */
4134 b43_upload_card_macaddress(dev);
4135 b43_security_init(dev);
4136 if (!dev->suspend_in_progress)
4139 b43_set_status(dev, B43_STAT_INITIALIZED);
4141 if (!dev->suspend_in_progress)
4149 if (phy->dyn_tssi_tbl)
4150 kfree(phy->tssi2dbm);
4151 err_kfree_lo_control:
4152 kfree(phy->lo_control);
4153 phy->lo_control = NULL;
4155 ssb_bus_may_powerdown(bus);
4156 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4160 static int b43_op_add_interface(struct ieee80211_hw *hw,
4161 struct ieee80211_if_init_conf *conf)
4163 struct b43_wl *wl = hw_to_b43_wl(hw);
4164 struct b43_wldev *dev;
4165 unsigned long flags;
4166 int err = -EOPNOTSUPP;
4168 /* TODO: allow WDS/AP devices to coexist */
4170 if (conf->type != IEEE80211_IF_TYPE_AP &&
4171 conf->type != IEEE80211_IF_TYPE_MESH_POINT &&
4172 conf->type != IEEE80211_IF_TYPE_STA &&
4173 conf->type != IEEE80211_IF_TYPE_WDS &&
4174 conf->type != IEEE80211_IF_TYPE_IBSS)
4177 mutex_lock(&wl->mutex);
4179 goto out_mutex_unlock;
4181 b43dbg(wl, "Adding Interface type %d\n", conf->type);
4183 dev = wl->current_dev;
4185 wl->vif = conf->vif;
4186 wl->if_type = conf->type;
4187 memcpy(wl->mac_addr, conf->mac_addr, ETH_ALEN);
4189 spin_lock_irqsave(&wl->irq_lock, flags);
4190 b43_adjust_opmode(dev);
4191 b43_set_pretbtt(dev);
4192 b43_set_synth_pu_delay(dev, 0);
4193 b43_upload_card_macaddress(dev);
4194 spin_unlock_irqrestore(&wl->irq_lock, flags);
4198 mutex_unlock(&wl->mutex);
4203 static void b43_op_remove_interface(struct ieee80211_hw *hw,
4204 struct ieee80211_if_init_conf *conf)
4206 struct b43_wl *wl = hw_to_b43_wl(hw);
4207 struct b43_wldev *dev = wl->current_dev;
4208 unsigned long flags;
4210 b43dbg(wl, "Removing Interface type %d\n", conf->type);
4212 mutex_lock(&wl->mutex);
4214 B43_WARN_ON(!wl->operating);
4215 B43_WARN_ON(wl->vif != conf->vif);
4220 spin_lock_irqsave(&wl->irq_lock, flags);
4221 b43_adjust_opmode(dev);
4222 memset(wl->mac_addr, 0, ETH_ALEN);
4223 b43_upload_card_macaddress(dev);
4224 spin_unlock_irqrestore(&wl->irq_lock, flags);
4226 mutex_unlock(&wl->mutex);
4229 static int b43_op_start(struct ieee80211_hw *hw)
4231 struct b43_wl *wl = hw_to_b43_wl(hw);
4232 struct b43_wldev *dev = wl->current_dev;
4235 bool do_rfkill_exit = 0;
4237 /* Kill all old instance specific information to make sure
4238 * the card won't use it in the short timeframe between start
4239 * and mac80211 reconfiguring it. */
4240 memset(wl->bssid, 0, ETH_ALEN);
4241 memset(wl->mac_addr, 0, ETH_ALEN);
4242 wl->filter_flags = 0;
4243 wl->radiotap_enabled = 0;
4245 wl->beacon0_uploaded = 0;
4246 wl->beacon1_uploaded = 0;
4247 wl->beacon_templates_virgin = 1;
4249 /* First register RFkill.
4250 * LEDs that are registered later depend on it. */
4251 b43_rfkill_init(dev);
4253 mutex_lock(&wl->mutex);
4255 if (b43_status(dev) < B43_STAT_INITIALIZED) {
4256 err = b43_wireless_core_init(dev);
4259 goto out_mutex_unlock;
4264 if (b43_status(dev) < B43_STAT_STARTED) {
4265 err = b43_wireless_core_start(dev);
4268 b43_wireless_core_exit(dev);
4270 goto out_mutex_unlock;
4275 mutex_unlock(&wl->mutex);
4278 b43_rfkill_exit(dev);
4283 static void b43_op_stop(struct ieee80211_hw *hw)
4285 struct b43_wl *wl = hw_to_b43_wl(hw);
4286 struct b43_wldev *dev = wl->current_dev;
4288 b43_rfkill_exit(dev);
4289 cancel_work_sync(&(wl->qos_update_work));
4290 cancel_work_sync(&(wl->beacon_update_trigger));
4292 mutex_lock(&wl->mutex);
4293 if (b43_status(dev) >= B43_STAT_STARTED)
4294 b43_wireless_core_stop(dev);
4295 b43_wireless_core_exit(dev);
4296 mutex_unlock(&wl->mutex);
4299 static int b43_op_set_retry_limit(struct ieee80211_hw *hw,
4300 u32 short_retry_limit, u32 long_retry_limit)
4302 struct b43_wl *wl = hw_to_b43_wl(hw);
4303 struct b43_wldev *dev;
4306 mutex_lock(&wl->mutex);
4307 dev = wl->current_dev;
4308 if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED))) {
4312 b43_set_retry_limits(dev, short_retry_limit, long_retry_limit);
4314 mutex_unlock(&wl->mutex);
4319 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw, int aid, int set)
4321 struct b43_wl *wl = hw_to_b43_wl(hw);
4322 struct sk_buff *beacon;
4323 unsigned long flags;
4325 /* We could modify the existing beacon and set the aid bit in
4326 * the TIM field, but that would probably require resizing and
4327 * moving of data within the beacon template.
4328 * Simply request a new beacon and let mac80211 do the hard work. */
4329 beacon = ieee80211_beacon_get(hw, wl->vif);
4330 if (unlikely(!beacon))
4332 spin_lock_irqsave(&wl->irq_lock, flags);
4333 b43_update_templates(wl, beacon);
4334 spin_unlock_irqrestore(&wl->irq_lock, flags);
4339 static int b43_op_ibss_beacon_update(struct ieee80211_hw *hw,
4340 struct sk_buff *beacon)
4342 struct b43_wl *wl = hw_to_b43_wl(hw);
4343 unsigned long flags;
4345 spin_lock_irqsave(&wl->irq_lock, flags);
4346 b43_update_templates(wl, beacon);
4347 spin_unlock_irqrestore(&wl->irq_lock, flags);
4352 static void b43_op_sta_notify(struct ieee80211_hw *hw,
4353 struct ieee80211_vif *vif,
4354 enum sta_notify_cmd notify_cmd,
4357 struct b43_wl *wl = hw_to_b43_wl(hw);
4359 B43_WARN_ON(!vif || wl->vif != vif);
4362 static const struct ieee80211_ops b43_hw_ops = {
4364 .conf_tx = b43_op_conf_tx,
4365 .add_interface = b43_op_add_interface,
4366 .remove_interface = b43_op_remove_interface,
4367 .config = b43_op_config,
4368 .config_interface = b43_op_config_interface,
4369 .configure_filter = b43_op_configure_filter,
4370 .set_key = b43_op_set_key,
4371 .get_stats = b43_op_get_stats,
4372 .get_tx_stats = b43_op_get_tx_stats,
4373 .start = b43_op_start,
4374 .stop = b43_op_stop,
4375 .set_retry_limit = b43_op_set_retry_limit,
4376 .set_tim = b43_op_beacon_set_tim,
4377 .beacon_update = b43_op_ibss_beacon_update,
4378 .sta_notify = b43_op_sta_notify,
4381 /* Hard-reset the chip. Do not call this directly.
4382 * Use b43_controller_restart()
4384 static void b43_chip_reset(struct work_struct *work)
4386 struct b43_wldev *dev =
4387 container_of(work, struct b43_wldev, restart_work);
4388 struct b43_wl *wl = dev->wl;
4392 mutex_lock(&wl->mutex);
4394 prev_status = b43_status(dev);
4395 /* Bring the device down... */
4396 if (prev_status >= B43_STAT_STARTED)
4397 b43_wireless_core_stop(dev);
4398 if (prev_status >= B43_STAT_INITIALIZED)
4399 b43_wireless_core_exit(dev);
4401 /* ...and up again. */
4402 if (prev_status >= B43_STAT_INITIALIZED) {
4403 err = b43_wireless_core_init(dev);
4407 if (prev_status >= B43_STAT_STARTED) {
4408 err = b43_wireless_core_start(dev);
4410 b43_wireless_core_exit(dev);
4416 wl->current_dev = NULL; /* Failed to init the dev. */
4417 mutex_unlock(&wl->mutex);
4419 b43err(wl, "Controller restart FAILED\n");
4421 b43info(wl, "Controller restarted\n");
4424 static int b43_setup_bands(struct b43_wldev *dev,
4425 bool have_2ghz_phy, bool have_5ghz_phy)
4427 struct ieee80211_hw *hw = dev->wl->hw;
4430 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &b43_band_2GHz;
4431 if (dev->phy.type == B43_PHYTYPE_N) {
4433 hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_nphy;
4436 hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
4439 dev->phy.supports_2ghz = have_2ghz_phy;
4440 dev->phy.supports_5ghz = have_5ghz_phy;
4445 static void b43_wireless_core_detach(struct b43_wldev *dev)
4447 /* We release firmware that late to not be required to re-request
4448 * is all the time when we reinit the core. */
4449 b43_release_firmware(dev);
4452 static int b43_wireless_core_attach(struct b43_wldev *dev)
4454 struct b43_wl *wl = dev->wl;
4455 struct ssb_bus *bus = dev->dev->bus;
4456 struct pci_dev *pdev = bus->host_pci;
4458 bool have_2ghz_phy = 0, have_5ghz_phy = 0;
4461 /* Do NOT do any device initialization here.
4462 * Do it in wireless_core_init() instead.
4463 * This function is for gathering basic information about the HW, only.
4464 * Also some structs may be set up here. But most likely you want to have
4465 * that in core_init(), too.
4468 err = ssb_bus_powerup(bus, 0);
4470 b43err(wl, "Bus powerup failed\n");
4473 /* Get the PHY type. */
4474 if (dev->dev->id.revision >= 5) {
4477 tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
4478 have_2ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY);
4479 have_5ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_5GHZ_PHY);
4483 dev->phy.gmode = have_2ghz_phy;
4484 tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4485 b43_wireless_core_reset(dev, tmp);
4487 err = b43_phy_versioning(dev);
4490 /* Check if this device supports multiband. */
4492 (pdev->device != 0x4312 &&
4493 pdev->device != 0x4319 && pdev->device != 0x4324)) {
4494 /* No multiband support. */
4497 switch (dev->phy.type) {
4509 if (dev->phy.type == B43_PHYTYPE_A) {
4511 b43err(wl, "IEEE 802.11a devices are unsupported\n");
4515 if (1 /* disable A-PHY */) {
4516 /* FIXME: For now we disable the A-PHY on multi-PHY devices. */
4517 if (dev->phy.type != B43_PHYTYPE_N) {
4523 dev->phy.gmode = have_2ghz_phy;
4524 tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4525 b43_wireless_core_reset(dev, tmp);
4527 err = b43_validate_chipaccess(dev);
4530 err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
4534 /* Now set some default "current_dev" */
4535 if (!wl->current_dev)
4536 wl->current_dev = dev;
4537 INIT_WORK(&dev->restart_work, b43_chip_reset);
4539 b43_radio_turn_off(dev, 1);
4540 b43_switch_analog(dev, 0);
4541 ssb_device_disable(dev->dev, 0);
4542 ssb_bus_may_powerdown(bus);
4548 ssb_bus_may_powerdown(bus);
4552 static void b43_one_core_detach(struct ssb_device *dev)
4554 struct b43_wldev *wldev;
4557 /* Do not cancel ieee80211-workqueue based work here.
4558 * See comment in b43_remove(). */
4560 wldev = ssb_get_drvdata(dev);
4562 b43_debugfs_remove_device(wldev);
4563 b43_wireless_core_detach(wldev);
4564 list_del(&wldev->list);
4566 ssb_set_drvdata(dev, NULL);
4570 static int b43_one_core_attach(struct ssb_device *dev, struct b43_wl *wl)
4572 struct b43_wldev *wldev;
4573 struct pci_dev *pdev;
4576 if (!list_empty(&wl->devlist)) {
4577 /* We are not the first core on this chip. */
4578 pdev = dev->bus->host_pci;
4579 /* Only special chips support more than one wireless
4580 * core, although some of the other chips have more than
4581 * one wireless core as well. Check for this and
4585 ((pdev->device != 0x4321) &&
4586 (pdev->device != 0x4313) && (pdev->device != 0x431A))) {
4587 b43dbg(wl, "Ignoring unconnected 802.11 core\n");
4592 wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
4598 b43_set_status(wldev, B43_STAT_UNINIT);
4599 wldev->bad_frames_preempt = modparam_bad_frames_preempt;
4600 tasklet_init(&wldev->isr_tasklet,
4601 (void (*)(unsigned long))b43_interrupt_tasklet,
4602 (unsigned long)wldev);
4603 INIT_LIST_HEAD(&wldev->list);
4605 err = b43_wireless_core_attach(wldev);
4607 goto err_kfree_wldev;
4609 list_add(&wldev->list, &wl->devlist);
4611 ssb_set_drvdata(dev, wldev);
4612 b43_debugfs_add_device(wldev);
4622 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice) ( \
4623 (pdev->vendor == PCI_VENDOR_ID_##_vendor) && \
4624 (pdev->device == _device) && \
4625 (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) && \
4626 (pdev->subsystem_device == _subdevice) )
4628 static void b43_sprom_fixup(struct ssb_bus *bus)
4630 struct pci_dev *pdev;
4632 /* boardflags workarounds */
4633 if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
4634 bus->chip_id == 0x4301 && bus->boardinfo.rev == 0x74)
4635 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
4636 if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
4637 bus->boardinfo.type == 0x4E && bus->boardinfo.rev > 0x40)
4638 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
4639 if (bus->bustype == SSB_BUSTYPE_PCI) {
4640 pdev = bus->host_pci;
4641 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
4642 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
4643 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013))
4644 bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
4648 static void b43_wireless_exit(struct ssb_device *dev, struct b43_wl *wl)
4650 struct ieee80211_hw *hw = wl->hw;
4652 ssb_set_devtypedata(dev, NULL);
4653 ieee80211_free_hw(hw);
4656 static int b43_wireless_init(struct ssb_device *dev)
4658 struct ssb_sprom *sprom = &dev->bus->sprom;
4659 struct ieee80211_hw *hw;
4663 b43_sprom_fixup(dev->bus);
4665 hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
4667 b43err(NULL, "Could not allocate ieee80211 device\n");
4672 hw->flags = IEEE80211_HW_HOST_GEN_BEACON_TEMPLATE |
4673 IEEE80211_HW_RX_INCLUDES_FCS |
4674 IEEE80211_HW_SIGNAL_DBM |
4675 IEEE80211_HW_NOISE_DBM;
4677 hw->queues = b43_modparam_qos ? 4 : 1;
4678 SET_IEEE80211_DEV(hw, dev->dev);
4679 if (is_valid_ether_addr(sprom->et1mac))
4680 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
4682 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
4684 /* Get and initialize struct b43_wl */
4685 wl = hw_to_b43_wl(hw);
4686 memset(wl, 0, sizeof(*wl));
4688 spin_lock_init(&wl->irq_lock);
4689 rwlock_init(&wl->tx_lock);
4690 spin_lock_init(&wl->leds_lock);
4691 spin_lock_init(&wl->shm_lock);
4692 mutex_init(&wl->mutex);
4693 INIT_LIST_HEAD(&wl->devlist);
4694 INIT_WORK(&wl->qos_update_work, b43_qos_update_work);
4695 INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
4697 ssb_set_devtypedata(dev, wl);
4698 b43info(wl, "Broadcom %04X WLAN found\n", dev->bus->chip_id);
4704 static int b43_probe(struct ssb_device *dev, const struct ssb_device_id *id)
4710 wl = ssb_get_devtypedata(dev);
4712 /* Probing the first core. Must setup common struct b43_wl */
4714 err = b43_wireless_init(dev);
4717 wl = ssb_get_devtypedata(dev);
4720 err = b43_one_core_attach(dev, wl);
4722 goto err_wireless_exit;
4725 err = ieee80211_register_hw(wl->hw);
4727 goto err_one_core_detach;
4733 err_one_core_detach:
4734 b43_one_core_detach(dev);
4737 b43_wireless_exit(dev, wl);
4741 static void b43_remove(struct ssb_device *dev)
4743 struct b43_wl *wl = ssb_get_devtypedata(dev);
4744 struct b43_wldev *wldev = ssb_get_drvdata(dev);
4746 /* We must cancel any work here before unregistering from ieee80211,
4747 * as the ieee80211 unreg will destroy the workqueue. */
4748 cancel_work_sync(&wldev->restart_work);
4751 if (wl->current_dev == wldev)
4752 ieee80211_unregister_hw(wl->hw);
4754 b43_one_core_detach(dev);
4756 if (list_empty(&wl->devlist)) {
4757 /* Last core on the chip unregistered.
4758 * We can destroy common struct b43_wl.
4760 b43_wireless_exit(dev, wl);
4764 /* Perform a hardware reset. This can be called from any context. */
4765 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
4767 /* Must avoid requeueing, if we are in shutdown. */
4768 if (b43_status(dev) < B43_STAT_INITIALIZED)
4770 b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
4771 queue_work(dev->wl->hw->workqueue, &dev->restart_work);
4776 static int b43_suspend(struct ssb_device *dev, pm_message_t state)
4778 struct b43_wldev *wldev = ssb_get_drvdata(dev);
4779 struct b43_wl *wl = wldev->wl;
4781 b43dbg(wl, "Suspending...\n");
4783 mutex_lock(&wl->mutex);
4784 wldev->suspend_in_progress = true;
4785 wldev->suspend_init_status = b43_status(wldev);
4786 if (wldev->suspend_init_status >= B43_STAT_STARTED)
4787 b43_wireless_core_stop(wldev);
4788 if (wldev->suspend_init_status >= B43_STAT_INITIALIZED)
4789 b43_wireless_core_exit(wldev);
4790 mutex_unlock(&wl->mutex);
4792 b43dbg(wl, "Device suspended.\n");
4797 static int b43_resume(struct ssb_device *dev)
4799 struct b43_wldev *wldev = ssb_get_drvdata(dev);
4800 struct b43_wl *wl = wldev->wl;
4803 b43dbg(wl, "Resuming...\n");
4805 mutex_lock(&wl->mutex);
4806 if (wldev->suspend_init_status >= B43_STAT_INITIALIZED) {
4807 err = b43_wireless_core_init(wldev);
4809 b43err(wl, "Resume failed at core init\n");
4813 if (wldev->suspend_init_status >= B43_STAT_STARTED) {
4814 err = b43_wireless_core_start(wldev);
4816 b43_leds_exit(wldev);
4817 b43_rng_exit(wldev->wl);
4818 b43_wireless_core_exit(wldev);
4819 b43err(wl, "Resume failed at core start\n");
4823 b43dbg(wl, "Device resumed.\n");
4825 wldev->suspend_in_progress = false;
4826 mutex_unlock(&wl->mutex);
4830 #else /* CONFIG_PM */
4831 # define b43_suspend NULL
4832 # define b43_resume NULL
4833 #endif /* CONFIG_PM */
4835 static struct ssb_driver b43_ssb_driver = {
4836 .name = KBUILD_MODNAME,
4837 .id_table = b43_ssb_tbl,
4839 .remove = b43_remove,
4840 .suspend = b43_suspend,
4841 .resume = b43_resume,
4844 static void b43_print_driverinfo(void)
4846 const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
4847 *feat_leds = "", *feat_rfkill = "";
4849 #ifdef CONFIG_B43_PCI_AUTOSELECT
4852 #ifdef CONFIG_B43_PCMCIA
4855 #ifdef CONFIG_B43_NPHY
4858 #ifdef CONFIG_B43_LEDS
4861 #ifdef CONFIG_B43_RFKILL
4864 printk(KERN_INFO "Broadcom 43xx driver loaded "
4865 "[ Features: %s%s%s%s%s, Firmware-ID: "
4866 B43_SUPPORTED_FIRMWARE_ID " ]\n",
4867 feat_pci, feat_pcmcia, feat_nphy,
4868 feat_leds, feat_rfkill);
4871 static int __init b43_init(void)
4876 err = b43_pcmcia_init();
4879 err = ssb_driver_register(&b43_ssb_driver);
4881 goto err_pcmcia_exit;
4882 b43_print_driverinfo();
4893 static void __exit b43_exit(void)
4895 ssb_driver_unregister(&b43_ssb_driver);
4900 module_init(b43_init)
4901 module_exit(b43_exit)
git.openpandora.org / pandora-kernel.git / blob