3 Broadcom B43 wireless driver
5 Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6 Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7 Copyright (c) 2005-2009 Michael Buesch <mb@bu3sch.de>
8 Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9 Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
11 Some parts of the code in this file are derived from the ipw2200
12 driver Copyright(c) 2003 - 2004 Intel Corporation.
14 This program is free software; you can redistribute it and/or modify
15 it under the terms of the GNU General Public License as published by
16 the Free Software Foundation; either version 2 of the License, or
17 (at your option) any later version.
19 This program is distributed in the hope that it will be useful,
20 but WITHOUT ANY WARRANTY; without even the implied warranty of
21 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 GNU General Public License for more details.
24 You should have received a copy of the GNU General Public License
25 along with this program; see the file COPYING. If not, write to
26 the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
27 Boston, MA 02110-1301, USA.
31 #include <linux/delay.h>
32 #include <linux/init.h>
33 #include <linux/moduleparam.h>
34 #include <linux/if_arp.h>
35 #include <linux/etherdevice.h>
36 #include <linux/firmware.h>
37 #include <linux/wireless.h>
38 #include <linux/workqueue.h>
39 #include <linux/skbuff.h>
41 #include <linux/dma-mapping.h>
42 #include <asm/unaligned.h>
47 #include "phy_common.h"
57 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
58 MODULE_AUTHOR("Martin Langer");
59 MODULE_AUTHOR("Stefano Brivio");
60 MODULE_AUTHOR("Michael Buesch");
61 MODULE_LICENSE("GPL");
63 MODULE_FIRMWARE(B43_SUPPORTED_FIRMWARE_ID);
66 static int modparam_bad_frames_preempt;
67 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
68 MODULE_PARM_DESC(bad_frames_preempt,
69 "enable(1) / disable(0) Bad Frames Preemption");
71 static char modparam_fwpostfix[16];
72 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
73 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
75 static int modparam_hwpctl;
76 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
77 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
79 static int modparam_nohwcrypt;
80 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
81 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
83 static int modparam_qos = 1;
84 module_param_named(qos, modparam_qos, int, 0444);
85 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
87 static int modparam_btcoex = 1;
88 module_param_named(btcoex, modparam_btcoex, int, 0444);
89 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistance (default on)");
91 int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
92 module_param_named(verbose, b43_modparam_verbose, int, 0644);
93 MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
96 static const struct ssb_device_id b43_ssb_tbl[] = {
97 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
98 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
99 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
100 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
101 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
102 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
103 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
104 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
105 SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
109 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
111 /* Channel and ratetables are shared for all devices.
112 * They can't be const, because ieee80211 puts some precalculated
113 * data in there. This data is the same for all devices, so we don't
114 * get concurrency issues */
115 #define RATETAB_ENT(_rateid, _flags) \
117 .bitrate = B43_RATE_TO_BASE100KBPS(_rateid), \
118 .hw_value = (_rateid), \
123 * NOTE: When changing this, sync with xmit.c's
124 * b43_plcp_get_bitrate_idx_* functions!
126 static struct ieee80211_rate __b43_ratetable[] = {
127 RATETAB_ENT(B43_CCK_RATE_1MB, 0),
128 RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
129 RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
130 RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
131 RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
132 RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
133 RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
134 RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
135 RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
136 RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
137 RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
138 RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
141 #define b43_a_ratetable (__b43_ratetable + 4)
142 #define b43_a_ratetable_size 8
143 #define b43_b_ratetable (__b43_ratetable + 0)
144 #define b43_b_ratetable_size 4
145 #define b43_g_ratetable (__b43_ratetable + 0)
146 #define b43_g_ratetable_size 12
148 #define CHAN4G(_channel, _freq, _flags) { \
149 .band = IEEE80211_BAND_2GHZ, \
150 .center_freq = (_freq), \
151 .hw_value = (_channel), \
153 .max_antenna_gain = 0, \
156 static struct ieee80211_channel b43_2ghz_chantable[] = {
174 #define CHAN5G(_channel, _flags) { \
175 .band = IEEE80211_BAND_5GHZ, \
176 .center_freq = 5000 + (5 * (_channel)), \
177 .hw_value = (_channel), \
179 .max_antenna_gain = 0, \
182 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
183 CHAN5G(32, 0), CHAN5G(34, 0),
184 CHAN5G(36, 0), CHAN5G(38, 0),
185 CHAN5G(40, 0), CHAN5G(42, 0),
186 CHAN5G(44, 0), CHAN5G(46, 0),
187 CHAN5G(48, 0), CHAN5G(50, 0),
188 CHAN5G(52, 0), CHAN5G(54, 0),
189 CHAN5G(56, 0), CHAN5G(58, 0),
190 CHAN5G(60, 0), CHAN5G(62, 0),
191 CHAN5G(64, 0), CHAN5G(66, 0),
192 CHAN5G(68, 0), CHAN5G(70, 0),
193 CHAN5G(72, 0), CHAN5G(74, 0),
194 CHAN5G(76, 0), CHAN5G(78, 0),
195 CHAN5G(80, 0), CHAN5G(82, 0),
196 CHAN5G(84, 0), CHAN5G(86, 0),
197 CHAN5G(88, 0), CHAN5G(90, 0),
198 CHAN5G(92, 0), CHAN5G(94, 0),
199 CHAN5G(96, 0), CHAN5G(98, 0),
200 CHAN5G(100, 0), CHAN5G(102, 0),
201 CHAN5G(104, 0), CHAN5G(106, 0),
202 CHAN5G(108, 0), CHAN5G(110, 0),
203 CHAN5G(112, 0), CHAN5G(114, 0),
204 CHAN5G(116, 0), CHAN5G(118, 0),
205 CHAN5G(120, 0), CHAN5G(122, 0),
206 CHAN5G(124, 0), CHAN5G(126, 0),
207 CHAN5G(128, 0), CHAN5G(130, 0),
208 CHAN5G(132, 0), CHAN5G(134, 0),
209 CHAN5G(136, 0), CHAN5G(138, 0),
210 CHAN5G(140, 0), CHAN5G(142, 0),
211 CHAN5G(144, 0), CHAN5G(145, 0),
212 CHAN5G(146, 0), CHAN5G(147, 0),
213 CHAN5G(148, 0), CHAN5G(149, 0),
214 CHAN5G(150, 0), CHAN5G(151, 0),
215 CHAN5G(152, 0), CHAN5G(153, 0),
216 CHAN5G(154, 0), CHAN5G(155, 0),
217 CHAN5G(156, 0), CHAN5G(157, 0),
218 CHAN5G(158, 0), CHAN5G(159, 0),
219 CHAN5G(160, 0), CHAN5G(161, 0),
220 CHAN5G(162, 0), CHAN5G(163, 0),
221 CHAN5G(164, 0), CHAN5G(165, 0),
222 CHAN5G(166, 0), CHAN5G(168, 0),
223 CHAN5G(170, 0), CHAN5G(172, 0),
224 CHAN5G(174, 0), CHAN5G(176, 0),
225 CHAN5G(178, 0), CHAN5G(180, 0),
226 CHAN5G(182, 0), CHAN5G(184, 0),
227 CHAN5G(186, 0), CHAN5G(188, 0),
228 CHAN5G(190, 0), CHAN5G(192, 0),
229 CHAN5G(194, 0), CHAN5G(196, 0),
230 CHAN5G(198, 0), CHAN5G(200, 0),
231 CHAN5G(202, 0), CHAN5G(204, 0),
232 CHAN5G(206, 0), CHAN5G(208, 0),
233 CHAN5G(210, 0), CHAN5G(212, 0),
234 CHAN5G(214, 0), CHAN5G(216, 0),
235 CHAN5G(218, 0), CHAN5G(220, 0),
236 CHAN5G(222, 0), CHAN5G(224, 0),
237 CHAN5G(226, 0), CHAN5G(228, 0),
240 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
241 CHAN5G(34, 0), CHAN5G(36, 0),
242 CHAN5G(38, 0), CHAN5G(40, 0),
243 CHAN5G(42, 0), CHAN5G(44, 0),
244 CHAN5G(46, 0), CHAN5G(48, 0),
245 CHAN5G(52, 0), CHAN5G(56, 0),
246 CHAN5G(60, 0), CHAN5G(64, 0),
247 CHAN5G(100, 0), CHAN5G(104, 0),
248 CHAN5G(108, 0), CHAN5G(112, 0),
249 CHAN5G(116, 0), CHAN5G(120, 0),
250 CHAN5G(124, 0), CHAN5G(128, 0),
251 CHAN5G(132, 0), CHAN5G(136, 0),
252 CHAN5G(140, 0), CHAN5G(149, 0),
253 CHAN5G(153, 0), CHAN5G(157, 0),
254 CHAN5G(161, 0), CHAN5G(165, 0),
255 CHAN5G(184, 0), CHAN5G(188, 0),
256 CHAN5G(192, 0), CHAN5G(196, 0),
257 CHAN5G(200, 0), CHAN5G(204, 0),
258 CHAN5G(208, 0), CHAN5G(212, 0),
263 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
264 .band = IEEE80211_BAND_5GHZ,
265 .channels = b43_5ghz_nphy_chantable,
266 .n_channels = ARRAY_SIZE(b43_5ghz_nphy_chantable),
267 .bitrates = b43_a_ratetable,
268 .n_bitrates = b43_a_ratetable_size,
271 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
272 .band = IEEE80211_BAND_5GHZ,
273 .channels = b43_5ghz_aphy_chantable,
274 .n_channels = ARRAY_SIZE(b43_5ghz_aphy_chantable),
275 .bitrates = b43_a_ratetable,
276 .n_bitrates = b43_a_ratetable_size,
279 static struct ieee80211_supported_band b43_band_2GHz = {
280 .band = IEEE80211_BAND_2GHZ,
281 .channels = b43_2ghz_chantable,
282 .n_channels = ARRAY_SIZE(b43_2ghz_chantable),
283 .bitrates = b43_g_ratetable,
284 .n_bitrates = b43_g_ratetable_size,
287 static void b43_wireless_core_exit(struct b43_wldev *dev);
288 static int b43_wireless_core_init(struct b43_wldev *dev);
289 static void b43_wireless_core_stop(struct b43_wldev *dev);
290 static int b43_wireless_core_start(struct b43_wldev *dev);
292 static int b43_ratelimit(struct b43_wl *wl)
294 if (!wl || !wl->current_dev)
296 if (b43_status(wl->current_dev) < B43_STAT_STARTED)
298 /* We are up and running.
299 * Ratelimit the messages to avoid DoS over the net. */
300 return net_ratelimit();
303 void b43info(struct b43_wl *wl, const char *fmt, ...)
307 if (b43_modparam_verbose < B43_VERBOSITY_INFO)
309 if (!b43_ratelimit(wl))
312 printk(KERN_INFO "b43-%s: ",
313 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
318 void b43err(struct b43_wl *wl, const char *fmt, ...)
322 if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
324 if (!b43_ratelimit(wl))
327 printk(KERN_ERR "b43-%s ERROR: ",
328 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
333 void b43warn(struct b43_wl *wl, const char *fmt, ...)
337 if (b43_modparam_verbose < B43_VERBOSITY_WARN)
339 if (!b43_ratelimit(wl))
342 printk(KERN_WARNING "b43-%s warning: ",
343 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
348 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
352 if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
355 printk(KERN_DEBUG "b43-%s debug: ",
356 (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
361 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
365 B43_WARN_ON(offset % 4 != 0);
367 macctl = b43_read32(dev, B43_MMIO_MACCTL);
368 if (macctl & B43_MACCTL_BE)
371 b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
373 b43_write32(dev, B43_MMIO_RAM_DATA, val);
376 static inline void b43_shm_control_word(struct b43_wldev *dev,
377 u16 routing, u16 offset)
381 /* "offset" is the WORD offset. */
385 b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
388 u32 __b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
392 if (routing == B43_SHM_SHARED) {
393 B43_WARN_ON(offset & 0x0001);
394 if (offset & 0x0003) {
395 /* Unaligned access */
396 b43_shm_control_word(dev, routing, offset >> 2);
397 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
398 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
399 ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
405 b43_shm_control_word(dev, routing, offset);
406 ret = b43_read32(dev, B43_MMIO_SHM_DATA);
411 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
413 struct b43_wl *wl = dev->wl;
417 spin_lock_irqsave(&wl->shm_lock, flags);
418 ret = __b43_shm_read32(dev, routing, offset);
419 spin_unlock_irqrestore(&wl->shm_lock, flags);
424 u16 __b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
428 if (routing == B43_SHM_SHARED) {
429 B43_WARN_ON(offset & 0x0001);
430 if (offset & 0x0003) {
431 /* Unaligned access */
432 b43_shm_control_word(dev, routing, offset >> 2);
433 ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
439 b43_shm_control_word(dev, routing, offset);
440 ret = b43_read16(dev, B43_MMIO_SHM_DATA);
445 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
447 struct b43_wl *wl = dev->wl;
451 spin_lock_irqsave(&wl->shm_lock, flags);
452 ret = __b43_shm_read16(dev, routing, offset);
453 spin_unlock_irqrestore(&wl->shm_lock, flags);
458 void __b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
460 if (routing == B43_SHM_SHARED) {
461 B43_WARN_ON(offset & 0x0001);
462 if (offset & 0x0003) {
463 /* Unaligned access */
464 b43_shm_control_word(dev, routing, offset >> 2);
465 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
467 b43_shm_control_word(dev, routing, (offset >> 2) + 1);
468 b43_write16(dev, B43_MMIO_SHM_DATA,
469 (value >> 16) & 0xFFFF);
474 b43_shm_control_word(dev, routing, offset);
475 b43_write32(dev, B43_MMIO_SHM_DATA, value);
478 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
480 struct b43_wl *wl = dev->wl;
483 spin_lock_irqsave(&wl->shm_lock, flags);
484 __b43_shm_write32(dev, routing, offset, value);
485 spin_unlock_irqrestore(&wl->shm_lock, flags);
488 void __b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
490 if (routing == B43_SHM_SHARED) {
491 B43_WARN_ON(offset & 0x0001);
492 if (offset & 0x0003) {
493 /* Unaligned access */
494 b43_shm_control_word(dev, routing, offset >> 2);
495 b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
500 b43_shm_control_word(dev, routing, offset);
501 b43_write16(dev, B43_MMIO_SHM_DATA, value);
504 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
506 struct b43_wl *wl = dev->wl;
509 spin_lock_irqsave(&wl->shm_lock, flags);
510 __b43_shm_write16(dev, routing, offset, value);
511 spin_unlock_irqrestore(&wl->shm_lock, flags);
515 u64 b43_hf_read(struct b43_wldev *dev)
519 ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI);
521 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI);
523 ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO);
528 /* Write HostFlags */
529 void b43_hf_write(struct b43_wldev *dev, u64 value)
533 lo = (value & 0x00000000FFFFULL);
534 mi = (value & 0x0000FFFF0000ULL) >> 16;
535 hi = (value & 0xFFFF00000000ULL) >> 32;
536 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO, lo);
537 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI, mi);
538 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI, hi);
541 /* Read the firmware capabilities bitmask (Opensource firmware only) */
542 static u16 b43_fwcapa_read(struct b43_wldev *dev)
544 B43_WARN_ON(!dev->fw.opensource);
545 return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
548 void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
552 B43_WARN_ON(dev->dev->id.revision < 3);
554 /* The hardware guarantees us an atomic read, if we
555 * read the low register first. */
556 low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
557 high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
564 static void b43_time_lock(struct b43_wldev *dev)
568 macctl = b43_read32(dev, B43_MMIO_MACCTL);
569 macctl |= B43_MACCTL_TBTTHOLD;
570 b43_write32(dev, B43_MMIO_MACCTL, macctl);
571 /* Commit the write */
572 b43_read32(dev, B43_MMIO_MACCTL);
575 static void b43_time_unlock(struct b43_wldev *dev)
579 macctl = b43_read32(dev, B43_MMIO_MACCTL);
580 macctl &= ~B43_MACCTL_TBTTHOLD;
581 b43_write32(dev, B43_MMIO_MACCTL, macctl);
582 /* Commit the write */
583 b43_read32(dev, B43_MMIO_MACCTL);
586 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
590 B43_WARN_ON(dev->dev->id.revision < 3);
594 /* The hardware guarantees us an atomic write, if we
595 * write the low register first. */
596 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
598 b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
602 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
605 b43_tsf_write_locked(dev, tsf);
606 b43_time_unlock(dev);
610 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
612 static const u8 zero_addr[ETH_ALEN] = { 0 };
619 b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
623 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
626 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
629 b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
632 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
636 u8 mac_bssid[ETH_ALEN * 2];
640 bssid = dev->wl->bssid;
641 mac = dev->wl->mac_addr;
643 b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
645 memcpy(mac_bssid, mac, ETH_ALEN);
646 memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
648 /* Write our MAC address and BSSID to template ram */
649 for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
650 tmp = (u32) (mac_bssid[i + 0]);
651 tmp |= (u32) (mac_bssid[i + 1]) << 8;
652 tmp |= (u32) (mac_bssid[i + 2]) << 16;
653 tmp |= (u32) (mac_bssid[i + 3]) << 24;
654 b43_ram_write(dev, 0x20 + i, tmp);
658 static void b43_upload_card_macaddress(struct b43_wldev *dev)
660 b43_write_mac_bssid_templates(dev);
661 b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
664 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
666 /* slot_time is in usec. */
667 if (dev->phy.type != B43_PHYTYPE_G)
669 b43_write16(dev, 0x684, 510 + slot_time);
670 b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
673 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
675 b43_set_slot_time(dev, 9);
678 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
680 b43_set_slot_time(dev, 20);
683 /* Synchronize IRQ top- and bottom-half.
684 * IRQs must be masked before calling this.
685 * This must not be called with the irq_lock held.
687 static void b43_synchronize_irq(struct b43_wldev *dev)
689 synchronize_irq(dev->dev->irq);
690 tasklet_kill(&dev->isr_tasklet);
693 /* DummyTransmission function, as documented on
694 * http://bcm-specs.sipsolutions.net/DummyTransmission
696 void b43_dummy_transmission(struct b43_wldev *dev)
698 struct b43_wl *wl = dev->wl;
699 struct b43_phy *phy = &dev->phy;
700 unsigned int i, max_loop;
713 buffer[0] = 0x000201CC;
718 buffer[0] = 0x000B846E;
725 spin_lock_irq(&wl->irq_lock);
726 write_lock(&wl->tx_lock);
728 for (i = 0; i < 5; i++)
729 b43_ram_write(dev, i * 4, buffer[i]);
732 b43_read32(dev, B43_MMIO_MACCTL);
734 b43_write16(dev, 0x0568, 0x0000);
735 b43_write16(dev, 0x07C0, 0x0000);
736 value = ((phy->type == B43_PHYTYPE_A) ? 1 : 0);
737 b43_write16(dev, 0x050C, value);
738 b43_write16(dev, 0x0508, 0x0000);
739 b43_write16(dev, 0x050A, 0x0000);
740 b43_write16(dev, 0x054C, 0x0000);
741 b43_write16(dev, 0x056A, 0x0014);
742 b43_write16(dev, 0x0568, 0x0826);
743 b43_write16(dev, 0x0500, 0x0000);
744 b43_write16(dev, 0x0502, 0x0030);
746 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
747 b43_radio_write16(dev, 0x0051, 0x0017);
748 for (i = 0x00; i < max_loop; i++) {
749 value = b43_read16(dev, 0x050E);
754 for (i = 0x00; i < 0x0A; i++) {
755 value = b43_read16(dev, 0x050E);
760 for (i = 0x00; i < 0x19; i++) {
761 value = b43_read16(dev, 0x0690);
762 if (!(value & 0x0100))
766 if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
767 b43_radio_write16(dev, 0x0051, 0x0037);
769 write_unlock(&wl->tx_lock);
770 spin_unlock_irq(&wl->irq_lock);
773 static void key_write(struct b43_wldev *dev,
774 u8 index, u8 algorithm, const u8 *key)
781 /* Key index/algo block */
782 kidx = b43_kidx_to_fw(dev, index);
783 value = ((kidx << 4) | algorithm);
784 b43_shm_write16(dev, B43_SHM_SHARED,
785 B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
787 /* Write the key to the Key Table Pointer offset */
788 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
789 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
791 value |= (u16) (key[i + 1]) << 8;
792 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
796 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
798 u32 addrtmp[2] = { 0, 0, };
799 u8 per_sta_keys_start = 8;
801 if (b43_new_kidx_api(dev))
802 per_sta_keys_start = 4;
804 B43_WARN_ON(index < per_sta_keys_start);
805 /* We have two default TX keys and possibly two default RX keys.
806 * Physical mac 0 is mapped to physical key 4 or 8, depending
807 * on the firmware version.
808 * So we must adjust the index here.
810 index -= per_sta_keys_start;
813 addrtmp[0] = addr[0];
814 addrtmp[0] |= ((u32) (addr[1]) << 8);
815 addrtmp[0] |= ((u32) (addr[2]) << 16);
816 addrtmp[0] |= ((u32) (addr[3]) << 24);
817 addrtmp[1] = addr[4];
818 addrtmp[1] |= ((u32) (addr[5]) << 8);
821 if (dev->dev->id.revision >= 5) {
822 /* Receive match transmitter address mechanism */
823 b43_shm_write32(dev, B43_SHM_RCMTA,
824 (index * 2) + 0, addrtmp[0]);
825 b43_shm_write16(dev, B43_SHM_RCMTA,
826 (index * 2) + 1, addrtmp[1]);
828 /* RXE (Receive Engine) and
829 * PSM (Programmable State Machine) mechanism
832 /* TODO write to RCM 16, 19, 22 and 25 */
834 b43_shm_write32(dev, B43_SHM_SHARED,
835 B43_SHM_SH_PSM + (index * 6) + 0,
837 b43_shm_write16(dev, B43_SHM_SHARED,
838 B43_SHM_SH_PSM + (index * 6) + 4,
844 static void do_key_write(struct b43_wldev *dev,
845 u8 index, u8 algorithm,
846 const u8 *key, size_t key_len, const u8 *mac_addr)
848 u8 buf[B43_SEC_KEYSIZE] = { 0, };
849 u8 per_sta_keys_start = 8;
851 if (b43_new_kidx_api(dev))
852 per_sta_keys_start = 4;
854 B43_WARN_ON(index >= dev->max_nr_keys);
855 B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
857 if (index >= per_sta_keys_start)
858 keymac_write(dev, index, NULL); /* First zero out mac. */
860 memcpy(buf, key, key_len);
861 key_write(dev, index, algorithm, buf);
862 if (index >= per_sta_keys_start)
863 keymac_write(dev, index, mac_addr);
865 dev->key[index].algorithm = algorithm;
868 static int b43_key_write(struct b43_wldev *dev,
869 int index, u8 algorithm,
870 const u8 *key, size_t key_len,
872 struct ieee80211_key_conf *keyconf)
877 if (key_len > B43_SEC_KEYSIZE)
879 for (i = 0; i < dev->max_nr_keys; i++) {
880 /* Check that we don't already have this key. */
881 B43_WARN_ON(dev->key[i].keyconf == keyconf);
884 /* Pairwise key. Get an empty slot for the key. */
885 if (b43_new_kidx_api(dev))
889 for (i = sta_keys_start; i < dev->max_nr_keys; i++) {
890 if (!dev->key[i].keyconf) {
897 b43warn(dev->wl, "Out of hardware key memory\n");
901 B43_WARN_ON(index > 3);
903 do_key_write(dev, index, algorithm, key, key_len, mac_addr);
904 if ((index <= 3) && !b43_new_kidx_api(dev)) {
906 B43_WARN_ON(mac_addr);
907 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
909 keyconf->hw_key_idx = index;
910 dev->key[index].keyconf = keyconf;
915 static int b43_key_clear(struct b43_wldev *dev, int index)
917 if (B43_WARN_ON((index < 0) || (index >= dev->max_nr_keys)))
919 do_key_write(dev, index, B43_SEC_ALGO_NONE,
920 NULL, B43_SEC_KEYSIZE, NULL);
921 if ((index <= 3) && !b43_new_kidx_api(dev)) {
922 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
923 NULL, B43_SEC_KEYSIZE, NULL);
925 dev->key[index].keyconf = NULL;
930 static void b43_clear_keys(struct b43_wldev *dev)
934 for (i = 0; i < dev->max_nr_keys; i++)
935 b43_key_clear(dev, i);
938 static void b43_dump_keymemory(struct b43_wldev *dev)
940 unsigned int i, index, offset;
948 if (!b43_debug(dev, B43_DBG_KEYS))
951 hf = b43_hf_read(dev);
952 b43dbg(dev->wl, "Hardware key memory dump: USEDEFKEYS=%u\n",
953 !!(hf & B43_HF_USEDEFKEYS));
954 for (index = 0; index < dev->max_nr_keys; index++) {
955 key = &(dev->key[index]);
956 printk(KERN_DEBUG "Key slot %02u: %s",
957 index, (key->keyconf == NULL) ? " " : "*");
958 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
959 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
960 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
961 printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
964 algo = b43_shm_read16(dev, B43_SHM_SHARED,
965 B43_SHM_SH_KEYIDXBLOCK + (index * 2));
966 printk(" Algo: %04X/%02X", algo, key->algorithm);
969 rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
970 ((index - 4) * 2) + 0);
971 rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
972 ((index - 4) * 2) + 1);
973 *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
974 *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
975 printk(" MAC: %pM", mac);
977 printk(" DEFAULT KEY");
982 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
990 B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
991 (ps_flags & B43_PS_DISABLED));
992 B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
994 if (ps_flags & B43_PS_ENABLED) {
996 } else if (ps_flags & B43_PS_DISABLED) {
999 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1000 // and thus is not an AP and we are associated, set bit 25
1002 if (ps_flags & B43_PS_AWAKE) {
1004 } else if (ps_flags & B43_PS_ASLEEP) {
1007 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1008 // or we are associated, or FIXME, or the latest PS-Poll packet sent was
1009 // successful, set bit26
1012 /* FIXME: For now we force awake-on and hwps-off */
1016 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1018 macctl |= B43_MACCTL_HWPS;
1020 macctl &= ~B43_MACCTL_HWPS;
1022 macctl |= B43_MACCTL_AWAKE;
1024 macctl &= ~B43_MACCTL_AWAKE;
1025 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1027 b43_read32(dev, B43_MMIO_MACCTL);
1028 if (awake && dev->dev->id.revision >= 5) {
1029 /* Wait for the microcode to wake up. */
1030 for (i = 0; i < 100; i++) {
1031 ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1032 B43_SHM_SH_UCODESTAT);
1033 if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1040 void b43_wireless_core_reset(struct b43_wldev *dev, u32 flags)
1045 flags |= B43_TMSLOW_PHYCLKEN;
1046 flags |= B43_TMSLOW_PHYRESET;
1047 ssb_device_enable(dev->dev, flags);
1048 msleep(2); /* Wait for the PLL to turn on. */
1050 /* Now take the PHY out of Reset again */
1051 tmslow = ssb_read32(dev->dev, SSB_TMSLOW);
1052 tmslow |= SSB_TMSLOW_FGC;
1053 tmslow &= ~B43_TMSLOW_PHYRESET;
1054 ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1055 ssb_read32(dev->dev, SSB_TMSLOW); /* flush */
1057 tmslow &= ~SSB_TMSLOW_FGC;
1058 ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1059 ssb_read32(dev->dev, SSB_TMSLOW); /* flush */
1062 /* Turn Analog ON, but only if we already know the PHY-type.
1063 * This protects against very early setup where we don't know the
1064 * PHY-type, yet. wireless_core_reset will be called once again later,
1065 * when we know the PHY-type. */
1067 dev->phy.ops->switch_analog(dev, 1);
1069 macctl = b43_read32(dev, B43_MMIO_MACCTL);
1070 macctl &= ~B43_MACCTL_GMODE;
1071 if (flags & B43_TMSLOW_GMODE)
1072 macctl |= B43_MACCTL_GMODE;
1073 macctl |= B43_MACCTL_IHR_ENABLED;
1074 b43_write32(dev, B43_MMIO_MACCTL, macctl);
1077 static void handle_irq_transmit_status(struct b43_wldev *dev)
1081 struct b43_txstatus stat;
1084 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1085 if (!(v0 & 0x00000001))
1087 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1089 stat.cookie = (v0 >> 16);
1090 stat.seq = (v1 & 0x0000FFFF);
1091 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1092 tmp = (v0 & 0x0000FFFF);
1093 stat.frame_count = ((tmp & 0xF000) >> 12);
1094 stat.rts_count = ((tmp & 0x0F00) >> 8);
1095 stat.supp_reason = ((tmp & 0x001C) >> 2);
1096 stat.pm_indicated = !!(tmp & 0x0080);
1097 stat.intermediate = !!(tmp & 0x0040);
1098 stat.for_ampdu = !!(tmp & 0x0020);
1099 stat.acked = !!(tmp & 0x0002);
1101 b43_handle_txstatus(dev, &stat);
1105 static void drain_txstatus_queue(struct b43_wldev *dev)
1109 if (dev->dev->id.revision < 5)
1111 /* Read all entries from the microcode TXstatus FIFO
1112 * and throw them away.
1115 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1116 if (!(dummy & 0x00000001))
1118 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1122 static u32 b43_jssi_read(struct b43_wldev *dev)
1126 val = b43_shm_read16(dev, B43_SHM_SHARED, 0x08A);
1128 val |= b43_shm_read16(dev, B43_SHM_SHARED, 0x088);
1133 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1135 b43_shm_write16(dev, B43_SHM_SHARED, 0x088, (jssi & 0x0000FFFF));
1136 b43_shm_write16(dev, B43_SHM_SHARED, 0x08A, (jssi & 0xFFFF0000) >> 16);
1139 static void b43_generate_noise_sample(struct b43_wldev *dev)
1141 b43_jssi_write(dev, 0x7F7F7F7F);
1142 b43_write32(dev, B43_MMIO_MACCMD,
1143 b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1146 static void b43_calculate_link_quality(struct b43_wldev *dev)
1148 /* Top half of Link Quality calculation. */
1150 if (dev->phy.type != B43_PHYTYPE_G)
1152 if (dev->noisecalc.calculation_running)
1154 dev->noisecalc.calculation_running = 1;
1155 dev->noisecalc.nr_samples = 0;
1157 b43_generate_noise_sample(dev);
1160 static void handle_irq_noise(struct b43_wldev *dev)
1162 struct b43_phy_g *phy = dev->phy.g;
1168 /* Bottom half of Link Quality calculation. */
1170 if (dev->phy.type != B43_PHYTYPE_G)
1173 /* Possible race condition: It might be possible that the user
1174 * changed to a different channel in the meantime since we
1175 * started the calculation. We ignore that fact, since it's
1176 * not really that much of a problem. The background noise is
1177 * an estimation only anyway. Slightly wrong results will get damped
1178 * by the averaging of the 8 sample rounds. Additionally the
1179 * value is shortlived. So it will be replaced by the next noise
1180 * calculation round soon. */
1182 B43_WARN_ON(!dev->noisecalc.calculation_running);
1183 *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1184 if (noise[0] == 0x7F || noise[1] == 0x7F ||
1185 noise[2] == 0x7F || noise[3] == 0x7F)
1188 /* Get the noise samples. */
1189 B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1190 i = dev->noisecalc.nr_samples;
1191 noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1192 noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1193 noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1194 noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1195 dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1196 dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1197 dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1198 dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1199 dev->noisecalc.nr_samples++;
1200 if (dev->noisecalc.nr_samples == 8) {
1201 /* Calculate the Link Quality by the noise samples. */
1203 for (i = 0; i < 8; i++) {
1204 for (j = 0; j < 4; j++)
1205 average += dev->noisecalc.samples[i][j];
1211 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1212 tmp = (tmp / 128) & 0x1F;
1222 dev->stats.link_noise = average;
1223 dev->noisecalc.calculation_running = 0;
1227 b43_generate_noise_sample(dev);
1230 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1232 if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1235 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1236 b43_power_saving_ctl_bits(dev, 0);
1238 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1242 static void handle_irq_atim_end(struct b43_wldev *dev)
1244 if (dev->dfq_valid) {
1245 b43_write32(dev, B43_MMIO_MACCMD,
1246 b43_read32(dev, B43_MMIO_MACCMD)
1247 | B43_MACCMD_DFQ_VALID);
1252 static void handle_irq_pmq(struct b43_wldev *dev)
1259 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1260 if (!(tmp & 0x00000008))
1263 /* 16bit write is odd, but correct. */
1264 b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1267 static void b43_write_template_common(struct b43_wldev *dev,
1268 const u8 *data, u16 size,
1270 u16 shm_size_offset, u8 rate)
1273 struct b43_plcp_hdr4 plcp;
1276 b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1277 b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1278 ram_offset += sizeof(u32);
1279 /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1280 * So leave the first two bytes of the next write blank.
1282 tmp = (u32) (data[0]) << 16;
1283 tmp |= (u32) (data[1]) << 24;
1284 b43_ram_write(dev, ram_offset, tmp);
1285 ram_offset += sizeof(u32);
1286 for (i = 2; i < size; i += sizeof(u32)) {
1287 tmp = (u32) (data[i + 0]);
1289 tmp |= (u32) (data[i + 1]) << 8;
1291 tmp |= (u32) (data[i + 2]) << 16;
1293 tmp |= (u32) (data[i + 3]) << 24;
1294 b43_ram_write(dev, ram_offset + i - 2, tmp);
1296 b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1297 size + sizeof(struct b43_plcp_hdr6));
1300 /* Check if the use of the antenna that ieee80211 told us to
1301 * use is possible. This will fall back to DEFAULT.
1302 * "antenna_nr" is the antenna identifier we got from ieee80211. */
1303 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1308 if (antenna_nr == 0) {
1309 /* Zero means "use default antenna". That's always OK. */
1313 /* Get the mask of available antennas. */
1315 antenna_mask = dev->dev->bus->sprom.ant_available_bg;
1317 antenna_mask = dev->dev->bus->sprom.ant_available_a;
1319 if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1320 /* This antenna is not available. Fall back to default. */
1327 /* Convert a b43 antenna number value to the PHY TX control value. */
1328 static u16 b43_antenna_to_phyctl(int antenna)
1332 return B43_TXH_PHY_ANT0;
1334 return B43_TXH_PHY_ANT1;
1336 return B43_TXH_PHY_ANT2;
1338 return B43_TXH_PHY_ANT3;
1339 case B43_ANTENNA_AUTO:
1340 return B43_TXH_PHY_ANT01AUTO;
1346 static void b43_write_beacon_template(struct b43_wldev *dev,
1348 u16 shm_size_offset)
1350 unsigned int i, len, variable_len;
1351 const struct ieee80211_mgmt *bcn;
1357 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1359 bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1360 len = min((size_t) dev->wl->current_beacon->len,
1361 0x200 - sizeof(struct b43_plcp_hdr6));
1362 rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1364 b43_write_template_common(dev, (const u8 *)bcn,
1365 len, ram_offset, shm_size_offset, rate);
1367 /* Write the PHY TX control parameters. */
1368 antenna = B43_ANTENNA_DEFAULT;
1369 antenna = b43_antenna_to_phyctl(antenna);
1370 ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1371 /* We can't send beacons with short preamble. Would get PHY errors. */
1372 ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1373 ctl &= ~B43_TXH_PHY_ANT;
1374 ctl &= ~B43_TXH_PHY_ENC;
1376 if (b43_is_cck_rate(rate))
1377 ctl |= B43_TXH_PHY_ENC_CCK;
1379 ctl |= B43_TXH_PHY_ENC_OFDM;
1380 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1382 /* Find the position of the TIM and the DTIM_period value
1383 * and write them to SHM. */
1384 ie = bcn->u.beacon.variable;
1385 variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1386 for (i = 0; i < variable_len - 2; ) {
1387 uint8_t ie_id, ie_len;
1394 /* This is the TIM Information Element */
1396 /* Check whether the ie_len is in the beacon data range. */
1397 if (variable_len < ie_len + 2 + i)
1399 /* A valid TIM is at least 4 bytes long. */
1404 tim_position = sizeof(struct b43_plcp_hdr6);
1405 tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1408 dtim_period = ie[i + 3];
1410 b43_shm_write16(dev, B43_SHM_SHARED,
1411 B43_SHM_SH_TIMBPOS, tim_position);
1412 b43_shm_write16(dev, B43_SHM_SHARED,
1413 B43_SHM_SH_DTIMPER, dtim_period);
1420 * If ucode wants to modify TIM do it behind the beacon, this
1421 * will happen, for example, when doing mesh networking.
1423 b43_shm_write16(dev, B43_SHM_SHARED,
1425 len + sizeof(struct b43_plcp_hdr6));
1426 b43_shm_write16(dev, B43_SHM_SHARED,
1427 B43_SHM_SH_DTIMPER, 0);
1429 b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1432 static void b43_write_probe_resp_plcp(struct b43_wldev *dev,
1433 u16 shm_offset, u16 size,
1434 struct ieee80211_rate *rate)
1436 struct b43_plcp_hdr4 plcp;
1441 b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate->hw_value);
1442 dur = ieee80211_generic_frame_duration(dev->wl->hw,
1445 /* Write PLCP in two parts and timing for packet transfer */
1446 tmp = le32_to_cpu(plcp.data);
1447 b43_shm_write16(dev, B43_SHM_SHARED, shm_offset, tmp & 0xFFFF);
1448 b43_shm_write16(dev, B43_SHM_SHARED, shm_offset + 2, tmp >> 16);
1449 b43_shm_write16(dev, B43_SHM_SHARED, shm_offset + 6, le16_to_cpu(dur));
1452 /* Instead of using custom probe response template, this function
1453 * just patches custom beacon template by:
1454 * 1) Changing packet type
1455 * 2) Patching duration field
1458 static const u8 *b43_generate_probe_resp(struct b43_wldev *dev,
1460 struct ieee80211_rate *rate)
1464 u16 src_size, elem_size, src_pos, dest_pos;
1466 struct ieee80211_hdr *hdr;
1469 src_size = dev->wl->current_beacon->len;
1470 src_data = (const u8 *)dev->wl->current_beacon->data;
1472 /* Get the start offset of the variable IEs in the packet. */
1473 ie_start = offsetof(struct ieee80211_mgmt, u.probe_resp.variable);
1474 B43_WARN_ON(ie_start != offsetof(struct ieee80211_mgmt, u.beacon.variable));
1476 if (B43_WARN_ON(src_size < ie_start))
1479 dest_data = kmalloc(src_size, GFP_ATOMIC);
1480 if (unlikely(!dest_data))
1483 /* Copy the static data and all Information Elements, except the TIM. */
1484 memcpy(dest_data, src_data, ie_start);
1486 dest_pos = ie_start;
1487 for ( ; src_pos < src_size - 2; src_pos += elem_size) {
1488 elem_size = src_data[src_pos + 1] + 2;
1489 if (src_data[src_pos] == 5) {
1490 /* This is the TIM. */
1493 memcpy(dest_data + dest_pos, src_data + src_pos,
1495 dest_pos += elem_size;
1497 *dest_size = dest_pos;
1498 hdr = (struct ieee80211_hdr *)dest_data;
1500 /* Set the frame control. */
1501 hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
1502 IEEE80211_STYPE_PROBE_RESP);
1503 dur = ieee80211_generic_frame_duration(dev->wl->hw,
1504 dev->wl->vif, *dest_size,
1506 hdr->duration_id = dur;
1511 static void b43_write_probe_resp_template(struct b43_wldev *dev,
1513 u16 shm_size_offset,
1514 struct ieee80211_rate *rate)
1516 const u8 *probe_resp_data;
1519 size = dev->wl->current_beacon->len;
1520 probe_resp_data = b43_generate_probe_resp(dev, &size, rate);
1521 if (unlikely(!probe_resp_data))
1524 /* Looks like PLCP headers plus packet timings are stored for
1525 * all possible basic rates
1527 /* FIXME this is the wrong offset : it goes in tkip rx phase1 shm */
1529 b43_write_probe_resp_plcp(dev, 0x31A, size, &b43_b_ratetable[0]);
1530 b43_write_probe_resp_plcp(dev, 0x32C, size, &b43_b_ratetable[1]);
1531 b43_write_probe_resp_plcp(dev, 0x33E, size, &b43_b_ratetable[2]);
1532 b43_write_probe_resp_plcp(dev, 0x350, size, &b43_b_ratetable[3]);
1535 size = min((size_t) size, 0x200 - sizeof(struct b43_plcp_hdr6));
1536 b43_write_template_common(dev, probe_resp_data,
1537 size, ram_offset, shm_size_offset,
1539 kfree(probe_resp_data);
1542 static void b43_upload_beacon0(struct b43_wldev *dev)
1544 struct b43_wl *wl = dev->wl;
1546 if (wl->beacon0_uploaded)
1548 b43_write_beacon_template(dev, 0x68, 0x18);
1549 /* FIXME: Probe resp upload doesn't really belong here,
1550 * but we don't use that feature anyway. */
1551 b43_write_probe_resp_template(dev, 0x268, 0x4A,
1552 &__b43_ratetable[3]);
1553 wl->beacon0_uploaded = 1;
1556 static void b43_upload_beacon1(struct b43_wldev *dev)
1558 struct b43_wl *wl = dev->wl;
1560 if (wl->beacon1_uploaded)
1562 b43_write_beacon_template(dev, 0x468, 0x1A);
1563 wl->beacon1_uploaded = 1;
1566 static void handle_irq_beacon(struct b43_wldev *dev)
1568 struct b43_wl *wl = dev->wl;
1569 u32 cmd, beacon0_valid, beacon1_valid;
1571 if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1572 !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
1575 /* This is the bottom half of the asynchronous beacon update. */
1577 /* Ignore interrupt in the future. */
1578 dev->irq_mask &= ~B43_IRQ_BEACON;
1580 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1581 beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1582 beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1584 /* Schedule interrupt manually, if busy. */
1585 if (beacon0_valid && beacon1_valid) {
1586 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1587 dev->irq_mask |= B43_IRQ_BEACON;
1591 if (unlikely(wl->beacon_templates_virgin)) {
1592 /* We never uploaded a beacon before.
1593 * Upload both templates now, but only mark one valid. */
1594 wl->beacon_templates_virgin = 0;
1595 b43_upload_beacon0(dev);
1596 b43_upload_beacon1(dev);
1597 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1598 cmd |= B43_MACCMD_BEACON0_VALID;
1599 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1601 if (!beacon0_valid) {
1602 b43_upload_beacon0(dev);
1603 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1604 cmd |= B43_MACCMD_BEACON0_VALID;
1605 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1606 } else if (!beacon1_valid) {
1607 b43_upload_beacon1(dev);
1608 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1609 cmd |= B43_MACCMD_BEACON1_VALID;
1610 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1615 static void b43_beacon_update_trigger_work(struct work_struct *work)
1617 struct b43_wl *wl = container_of(work, struct b43_wl,
1618 beacon_update_trigger);
1619 struct b43_wldev *dev;
1621 mutex_lock(&wl->mutex);
1622 dev = wl->current_dev;
1623 if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1624 spin_lock_irq(&wl->irq_lock);
1625 /* update beacon right away or defer to irq */
1626 handle_irq_beacon(dev);
1627 /* The handler might have updated the IRQ mask. */
1628 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1630 spin_unlock_irq(&wl->irq_lock);
1632 mutex_unlock(&wl->mutex);
1635 /* Asynchronously update the packet templates in template RAM.
1636 * Locking: Requires wl->irq_lock to be locked. */
1637 static void b43_update_templates(struct b43_wl *wl)
1639 struct sk_buff *beacon;
1641 /* This is the top half of the ansynchronous beacon update.
1642 * The bottom half is the beacon IRQ.
1643 * Beacon update must be asynchronous to avoid sending an
1644 * invalid beacon. This can happen for example, if the firmware
1645 * transmits a beacon while we are updating it. */
1647 /* We could modify the existing beacon and set the aid bit in
1648 * the TIM field, but that would probably require resizing and
1649 * moving of data within the beacon template.
1650 * Simply request a new beacon and let mac80211 do the hard work. */
1651 beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1652 if (unlikely(!beacon))
1655 if (wl->current_beacon)
1656 dev_kfree_skb_any(wl->current_beacon);
1657 wl->current_beacon = beacon;
1658 wl->beacon0_uploaded = 0;
1659 wl->beacon1_uploaded = 0;
1660 ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1663 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1666 if (dev->dev->id.revision >= 3) {
1667 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1668 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1670 b43_write16(dev, 0x606, (beacon_int >> 6));
1671 b43_write16(dev, 0x610, beacon_int);
1673 b43_time_unlock(dev);
1674 b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1677 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1681 /* Read the register that contains the reason code for the panic. */
1682 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1683 b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1687 b43dbg(dev->wl, "The panic reason is unknown.\n");
1689 case B43_FWPANIC_DIE:
1690 /* Do not restart the controller or firmware.
1691 * The device is nonfunctional from now on.
1692 * Restarting would result in this panic to trigger again,
1693 * so we avoid that recursion. */
1695 case B43_FWPANIC_RESTART:
1696 b43_controller_restart(dev, "Microcode panic");
1701 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1703 unsigned int i, cnt;
1704 u16 reason, marker_id, marker_line;
1707 /* The proprietary firmware doesn't have this IRQ. */
1708 if (!dev->fw.opensource)
1711 /* Read the register that contains the reason code for this IRQ. */
1712 reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1715 case B43_DEBUGIRQ_PANIC:
1716 b43_handle_firmware_panic(dev);
1718 case B43_DEBUGIRQ_DUMP_SHM:
1720 break; /* Only with driver debugging enabled. */
1721 buf = kmalloc(4096, GFP_ATOMIC);
1723 b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1726 for (i = 0; i < 4096; i += 2) {
1727 u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1728 buf[i / 2] = cpu_to_le16(tmp);
1730 b43info(dev->wl, "Shared memory dump:\n");
1731 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1732 16, 2, buf, 4096, 1);
1735 case B43_DEBUGIRQ_DUMP_REGS:
1737 break; /* Only with driver debugging enabled. */
1738 b43info(dev->wl, "Microcode register dump:\n");
1739 for (i = 0, cnt = 0; i < 64; i++) {
1740 u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1743 printk("r%02u: 0x%04X ", i, tmp);
1752 case B43_DEBUGIRQ_MARKER:
1754 break; /* Only with driver debugging enabled. */
1755 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1757 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1758 B43_MARKER_LINE_REG);
1759 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1760 "at line number %u\n",
1761 marker_id, marker_line);
1764 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1768 /* Acknowledge the debug-IRQ, so the firmware can continue. */
1769 b43_shm_write16(dev, B43_SHM_SCRATCH,
1770 B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1773 /* Interrupt handler bottom-half */
1774 static void b43_interrupt_tasklet(struct b43_wldev *dev)
1777 u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1778 u32 merged_dma_reason = 0;
1780 unsigned long flags;
1782 spin_lock_irqsave(&dev->wl->irq_lock, flags);
1784 B43_WARN_ON(b43_status(dev) != B43_STAT_STARTED);
1786 reason = dev->irq_reason;
1787 for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1788 dma_reason[i] = dev->dma_reason[i];
1789 merged_dma_reason |= dma_reason[i];
1792 if (unlikely(reason & B43_IRQ_MAC_TXERR))
1793 b43err(dev->wl, "MAC transmission error\n");
1795 if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1796 b43err(dev->wl, "PHY transmission error\n");
1798 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1799 atomic_set(&dev->phy.txerr_cnt,
1800 B43_PHY_TX_BADNESS_LIMIT);
1801 b43err(dev->wl, "Too many PHY TX errors, "
1802 "restarting the controller\n");
1803 b43_controller_restart(dev, "PHY TX errors");
1807 if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK |
1808 B43_DMAIRQ_NONFATALMASK))) {
1809 if (merged_dma_reason & B43_DMAIRQ_FATALMASK) {
1810 b43err(dev->wl, "Fatal DMA error: "
1811 "0x%08X, 0x%08X, 0x%08X, "
1812 "0x%08X, 0x%08X, 0x%08X\n",
1813 dma_reason[0], dma_reason[1],
1814 dma_reason[2], dma_reason[3],
1815 dma_reason[4], dma_reason[5]);
1816 b43_controller_restart(dev, "DMA error");
1818 spin_unlock_irqrestore(&dev->wl->irq_lock, flags);
1821 if (merged_dma_reason & B43_DMAIRQ_NONFATALMASK) {
1822 b43err(dev->wl, "DMA error: "
1823 "0x%08X, 0x%08X, 0x%08X, "
1824 "0x%08X, 0x%08X, 0x%08X\n",
1825 dma_reason[0], dma_reason[1],
1826 dma_reason[2], dma_reason[3],
1827 dma_reason[4], dma_reason[5]);
1831 if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1832 handle_irq_ucode_debug(dev);
1833 if (reason & B43_IRQ_TBTT_INDI)
1834 handle_irq_tbtt_indication(dev);
1835 if (reason & B43_IRQ_ATIM_END)
1836 handle_irq_atim_end(dev);
1837 if (reason & B43_IRQ_BEACON)
1838 handle_irq_beacon(dev);
1839 if (reason & B43_IRQ_PMQ)
1840 handle_irq_pmq(dev);
1841 if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1843 if (reason & B43_IRQ_NOISESAMPLE_OK)
1844 handle_irq_noise(dev);
1846 /* Check the DMA reason registers for received data. */
1847 if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
1848 if (b43_using_pio_transfers(dev))
1849 b43_pio_rx(dev->pio.rx_queue);
1851 b43_dma_rx(dev->dma.rx_ring);
1853 B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1854 B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
1855 B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
1856 B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1857 B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1859 if (reason & B43_IRQ_TX_OK)
1860 handle_irq_transmit_status(dev);
1862 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1864 spin_unlock_irqrestore(&dev->wl->irq_lock, flags);
1867 static void b43_interrupt_ack(struct b43_wldev *dev, u32 reason)
1869 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
1871 b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
1872 b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
1873 b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
1874 b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
1875 b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
1877 b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
1881 /* Interrupt handler top-half */
1882 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
1884 irqreturn_t ret = IRQ_NONE;
1885 struct b43_wldev *dev = dev_id;
1890 spin_lock(&dev->wl->irq_lock);
1892 if (unlikely(b43_status(dev) < B43_STAT_STARTED)) {
1893 /* This can only happen on shared IRQ lines. */
1896 reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1897 if (reason == 0xffffffff) /* shared IRQ */
1900 reason &= dev->irq_mask;
1904 dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
1906 dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
1908 dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
1910 dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
1912 dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
1915 dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
1919 b43_interrupt_ack(dev, reason);
1920 /* disable all IRQs. They are enabled again in the bottom half. */
1921 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
1922 /* save the reason code and call our bottom half. */
1923 dev->irq_reason = reason;
1924 tasklet_schedule(&dev->isr_tasklet);
1927 spin_unlock(&dev->wl->irq_lock);
1932 void b43_do_release_fw(struct b43_firmware_file *fw)
1934 release_firmware(fw->data);
1936 fw->filename = NULL;
1939 static void b43_release_firmware(struct b43_wldev *dev)
1941 b43_do_release_fw(&dev->fw.ucode);
1942 b43_do_release_fw(&dev->fw.pcm);
1943 b43_do_release_fw(&dev->fw.initvals);
1944 b43_do_release_fw(&dev->fw.initvals_band);
1947 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
1951 "http://wireless.kernel.org/en/users/Drivers/b43#devicefirmware " \
1952 "and download the correct firmware for this driver version. " \
1953 "Please carefully read all instructions on this website.\n";
1961 int b43_do_request_fw(struct b43_request_fw_context *ctx,
1963 struct b43_firmware_file *fw)
1965 const struct firmware *blob;
1966 struct b43_fw_header *hdr;
1971 /* Don't fetch anything. Free possibly cached firmware. */
1972 /* FIXME: We should probably keep it anyway, to save some headache
1973 * on suspend/resume with multiband devices. */
1974 b43_do_release_fw(fw);
1978 if ((fw->type == ctx->req_type) &&
1979 (strcmp(fw->filename, name) == 0))
1980 return 0; /* Already have this fw. */
1981 /* Free the cached firmware first. */
1982 /* FIXME: We should probably do this later after we successfully
1983 * got the new fw. This could reduce headache with multiband devices.
1984 * We could also redesign this to cache the firmware for all possible
1985 * bands all the time. */
1986 b43_do_release_fw(fw);
1989 switch (ctx->req_type) {
1990 case B43_FWTYPE_PROPRIETARY:
1991 snprintf(ctx->fwname, sizeof(ctx->fwname),
1993 modparam_fwpostfix, name);
1995 case B43_FWTYPE_OPENSOURCE:
1996 snprintf(ctx->fwname, sizeof(ctx->fwname),
1998 modparam_fwpostfix, name);
2004 err = request_firmware(&blob, ctx->fwname, ctx->dev->dev->dev);
2005 if (err == -ENOENT) {
2006 snprintf(ctx->errors[ctx->req_type],
2007 sizeof(ctx->errors[ctx->req_type]),
2008 "Firmware file \"%s\" not found\n", ctx->fwname);
2011 snprintf(ctx->errors[ctx->req_type],
2012 sizeof(ctx->errors[ctx->req_type]),
2013 "Firmware file \"%s\" request failed (err=%d)\n",
2017 if (blob->size < sizeof(struct b43_fw_header))
2019 hdr = (struct b43_fw_header *)(blob->data);
2020 switch (hdr->type) {
2021 case B43_FW_TYPE_UCODE:
2022 case B43_FW_TYPE_PCM:
2023 size = be32_to_cpu(hdr->size);
2024 if (size != blob->size - sizeof(struct b43_fw_header))
2027 case B43_FW_TYPE_IV:
2036 fw->filename = name;
2037 fw->type = ctx->req_type;
2042 snprintf(ctx->errors[ctx->req_type],
2043 sizeof(ctx->errors[ctx->req_type]),
2044 "Firmware file \"%s\" format error.\n", ctx->fwname);
2045 release_firmware(blob);
2050 static int b43_try_request_fw(struct b43_request_fw_context *ctx)
2052 struct b43_wldev *dev = ctx->dev;
2053 struct b43_firmware *fw = &ctx->dev->fw;
2054 const u8 rev = ctx->dev->dev->id.revision;
2055 const char *filename;
2060 tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
2061 if ((rev >= 5) && (rev <= 10))
2062 filename = "ucode5";
2063 else if ((rev >= 11) && (rev <= 12))
2064 filename = "ucode11";
2066 filename = "ucode13";
2069 err = b43_do_request_fw(ctx, filename, &fw->ucode);
2074 if ((rev >= 5) && (rev <= 10))
2080 fw->pcm_request_failed = 0;
2081 err = b43_do_request_fw(ctx, filename, &fw->pcm);
2082 if (err == -ENOENT) {
2083 /* We did not find a PCM file? Not fatal, but
2084 * core rev <= 10 must do without hwcrypto then. */
2085 fw->pcm_request_failed = 1;
2090 switch (dev->phy.type) {
2092 if ((rev >= 5) && (rev <= 10)) {
2093 if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2094 filename = "a0g1initvals5";
2096 filename = "a0g0initvals5";
2098 goto err_no_initvals;
2101 if ((rev >= 5) && (rev <= 10))
2102 filename = "b0g0initvals5";
2104 filename = "b0g0initvals13";
2106 goto err_no_initvals;
2109 if ((rev >= 11) && (rev <= 12))
2110 filename = "n0initvals11";
2112 goto err_no_initvals;
2115 goto err_no_initvals;
2117 err = b43_do_request_fw(ctx, filename, &fw->initvals);
2121 /* Get bandswitch initvals */
2122 switch (dev->phy.type) {
2124 if ((rev >= 5) && (rev <= 10)) {
2125 if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2126 filename = "a0g1bsinitvals5";
2128 filename = "a0g0bsinitvals5";
2129 } else if (rev >= 11)
2132 goto err_no_initvals;
2135 if ((rev >= 5) && (rev <= 10))
2136 filename = "b0g0bsinitvals5";
2140 goto err_no_initvals;
2143 if ((rev >= 11) && (rev <= 12))
2144 filename = "n0bsinitvals11";
2146 goto err_no_initvals;
2149 goto err_no_initvals;
2151 err = b43_do_request_fw(ctx, filename, &fw->initvals_band);
2158 err = ctx->fatal_failure = -EOPNOTSUPP;
2159 b43err(dev->wl, "The driver does not know which firmware (ucode) "
2160 "is required for your device (wl-core rev %u)\n", rev);
2164 err = ctx->fatal_failure = -EOPNOTSUPP;
2165 b43err(dev->wl, "The driver does not know which firmware (PCM) "
2166 "is required for your device (wl-core rev %u)\n", rev);
2170 err = ctx->fatal_failure = -EOPNOTSUPP;
2171 b43err(dev->wl, "The driver does not know which firmware (initvals) "
2172 "is required for your device (wl-core rev %u)\n", rev);
2176 /* We failed to load this firmware image. The error message
2177 * already is in ctx->errors. Return and let our caller decide
2182 b43_release_firmware(dev);
2186 static int b43_request_firmware(struct b43_wldev *dev)
2188 struct b43_request_fw_context *ctx;
2193 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2198 ctx->req_type = B43_FWTYPE_PROPRIETARY;
2199 err = b43_try_request_fw(ctx);
2201 goto out; /* Successfully loaded it. */
2202 err = ctx->fatal_failure;
2206 ctx->req_type = B43_FWTYPE_OPENSOURCE;
2207 err = b43_try_request_fw(ctx);
2209 goto out; /* Successfully loaded it. */
2210 err = ctx->fatal_failure;
2214 /* Could not find a usable firmware. Print the errors. */
2215 for (i = 0; i < B43_NR_FWTYPES; i++) {
2216 errmsg = ctx->errors[i];
2218 b43err(dev->wl, errmsg);
2220 b43_print_fw_helptext(dev->wl, 1);
2228 static int b43_upload_microcode(struct b43_wldev *dev)
2230 const size_t hdr_len = sizeof(struct b43_fw_header);
2232 unsigned int i, len;
2233 u16 fwrev, fwpatch, fwdate, fwtime;
2237 /* Jump the microcode PSM to offset 0 */
2238 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2239 B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2240 macctl |= B43_MACCTL_PSM_JMP0;
2241 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2242 /* Zero out all microcode PSM registers and shared memory. */
2243 for (i = 0; i < 64; i++)
2244 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2245 for (i = 0; i < 4096; i += 2)
2246 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2248 /* Upload Microcode. */
2249 data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2250 len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2251 b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2252 for (i = 0; i < len; i++) {
2253 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2257 if (dev->fw.pcm.data) {
2258 /* Upload PCM data. */
2259 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2260 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2261 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2262 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2263 /* No need for autoinc bit in SHM_HW */
2264 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2265 for (i = 0; i < len; i++) {
2266 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2271 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2273 /* Start the microcode PSM */
2274 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2275 macctl &= ~B43_MACCTL_PSM_JMP0;
2276 macctl |= B43_MACCTL_PSM_RUN;
2277 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2279 /* Wait for the microcode to load and respond */
2282 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2283 if (tmp == B43_IRQ_MAC_SUSPENDED)
2287 b43err(dev->wl, "Microcode not responding\n");
2288 b43_print_fw_helptext(dev->wl, 1);
2292 msleep_interruptible(50);
2293 if (signal_pending(current)) {
2298 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON); /* dummy read */
2300 /* Get and check the revisions. */
2301 fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2302 fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2303 fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2304 fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2306 if (fwrev <= 0x128) {
2307 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2308 "binary drivers older than version 4.x is unsupported. "
2309 "You must upgrade your firmware files.\n");
2310 b43_print_fw_helptext(dev->wl, 1);
2314 dev->fw.rev = fwrev;
2315 dev->fw.patch = fwpatch;
2316 dev->fw.opensource = (fwdate == 0xFFFF);
2318 /* Default to use-all-queues. */
2319 dev->wl->hw->queues = dev->wl->mac80211_initially_registered_queues;
2320 dev->qos_enabled = !!modparam_qos;
2321 /* Default to firmware/hardware crypto acceleration. */
2322 dev->hwcrypto_enabled = 1;
2324 if (dev->fw.opensource) {
2327 /* Patchlevel info is encoded in the "time" field. */
2328 dev->fw.patch = fwtime;
2329 b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2330 dev->fw.rev, dev->fw.patch);
2332 fwcapa = b43_fwcapa_read(dev);
2333 if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2334 b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2335 /* Disable hardware crypto and fall back to software crypto. */
2336 dev->hwcrypto_enabled = 0;
2338 if (!(fwcapa & B43_FWCAPA_QOS)) {
2339 b43info(dev->wl, "QoS not supported by firmware\n");
2340 /* Disable QoS. Tweak hw->queues to 1. It will be restored before
2341 * ieee80211_unregister to make sure the networking core can
2342 * properly free possible resources. */
2343 dev->wl->hw->queues = 1;
2344 dev->qos_enabled = 0;
2347 b43info(dev->wl, "Loading firmware version %u.%u "
2348 "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2350 (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2351 (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2352 if (dev->fw.pcm_request_failed) {
2353 b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2354 "Hardware accelerated cryptography is disabled.\n");
2355 b43_print_fw_helptext(dev->wl, 0);
2359 if (b43_is_old_txhdr_format(dev)) {
2360 /* We're over the deadline, but we keep support for old fw
2361 * until it turns out to be in major conflict with something new. */
2362 b43warn(dev->wl, "You are using an old firmware image. "
2363 "Support for old firmware will be removed soon "
2364 "(official deadline was July 2008).\n");
2365 b43_print_fw_helptext(dev->wl, 0);
2371 macctl = b43_read32(dev, B43_MMIO_MACCTL);
2372 macctl &= ~B43_MACCTL_PSM_RUN;
2373 macctl |= B43_MACCTL_PSM_JMP0;
2374 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2379 static int b43_write_initvals(struct b43_wldev *dev,
2380 const struct b43_iv *ivals,
2384 const struct b43_iv *iv;
2389 BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2391 for (i = 0; i < count; i++) {
2392 if (array_size < sizeof(iv->offset_size))
2394 array_size -= sizeof(iv->offset_size);
2395 offset = be16_to_cpu(iv->offset_size);
2396 bit32 = !!(offset & B43_IV_32BIT);
2397 offset &= B43_IV_OFFSET_MASK;
2398 if (offset >= 0x1000)
2403 if (array_size < sizeof(iv->data.d32))
2405 array_size -= sizeof(iv->data.d32);
2407 value = get_unaligned_be32(&iv->data.d32);
2408 b43_write32(dev, offset, value);
2410 iv = (const struct b43_iv *)((const uint8_t *)iv +
2416 if (array_size < sizeof(iv->data.d16))
2418 array_size -= sizeof(iv->data.d16);
2420 value = be16_to_cpu(iv->data.d16);
2421 b43_write16(dev, offset, value);
2423 iv = (const struct b43_iv *)((const uint8_t *)iv +
2434 b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2435 b43_print_fw_helptext(dev->wl, 1);
2440 static int b43_upload_initvals(struct b43_wldev *dev)
2442 const size_t hdr_len = sizeof(struct b43_fw_header);
2443 const struct b43_fw_header *hdr;
2444 struct b43_firmware *fw = &dev->fw;
2445 const struct b43_iv *ivals;
2449 hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2450 ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2451 count = be32_to_cpu(hdr->size);
2452 err = b43_write_initvals(dev, ivals, count,
2453 fw->initvals.data->size - hdr_len);
2456 if (fw->initvals_band.data) {
2457 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2458 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2459 count = be32_to_cpu(hdr->size);
2460 err = b43_write_initvals(dev, ivals, count,
2461 fw->initvals_band.data->size - hdr_len);
2470 /* Initialize the GPIOs
2471 * http://bcm-specs.sipsolutions.net/GPIO
2473 static int b43_gpio_init(struct b43_wldev *dev)
2475 struct ssb_bus *bus = dev->dev->bus;
2476 struct ssb_device *gpiodev, *pcidev = NULL;
2479 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2480 & ~B43_MACCTL_GPOUTSMSK);
2482 b43_write16(dev, B43_MMIO_GPIO_MASK, b43_read16(dev, B43_MMIO_GPIO_MASK)
2487 if (dev->dev->bus->chip_id == 0x4301) {
2491 if (0 /* FIXME: conditional unknown */ ) {
2492 b43_write16(dev, B43_MMIO_GPIO_MASK,
2493 b43_read16(dev, B43_MMIO_GPIO_MASK)
2498 if (dev->dev->bus->sprom.boardflags_lo & B43_BFL_PACTRL) {
2499 b43_write16(dev, B43_MMIO_GPIO_MASK,
2500 b43_read16(dev, B43_MMIO_GPIO_MASK)
2505 if (dev->dev->id.revision >= 2)
2506 mask |= 0x0010; /* FIXME: This is redundant. */
2508 #ifdef CONFIG_SSB_DRIVER_PCICORE
2509 pcidev = bus->pcicore.dev;
2511 gpiodev = bus->chipco.dev ? : pcidev;
2514 ssb_write32(gpiodev, B43_GPIO_CONTROL,
2515 (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2521 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2522 static void b43_gpio_cleanup(struct b43_wldev *dev)
2524 struct ssb_bus *bus = dev->dev->bus;
2525 struct ssb_device *gpiodev, *pcidev = NULL;
2527 #ifdef CONFIG_SSB_DRIVER_PCICORE
2528 pcidev = bus->pcicore.dev;
2530 gpiodev = bus->chipco.dev ? : pcidev;
2533 ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2536 /* http://bcm-specs.sipsolutions.net/EnableMac */
2537 void b43_mac_enable(struct b43_wldev *dev)
2539 if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2542 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2543 B43_SHM_SH_UCODESTAT);
2544 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2545 (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2546 b43err(dev->wl, "b43_mac_enable(): The firmware "
2547 "should be suspended, but current state is %u\n",
2552 dev->mac_suspended--;
2553 B43_WARN_ON(dev->mac_suspended < 0);
2554 if (dev->mac_suspended == 0) {
2555 b43_write32(dev, B43_MMIO_MACCTL,
2556 b43_read32(dev, B43_MMIO_MACCTL)
2557 | B43_MACCTL_ENABLED);
2558 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2559 B43_IRQ_MAC_SUSPENDED);
2561 b43_read32(dev, B43_MMIO_MACCTL);
2562 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2563 b43_power_saving_ctl_bits(dev, 0);
2567 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2568 void b43_mac_suspend(struct b43_wldev *dev)
2574 B43_WARN_ON(dev->mac_suspended < 0);
2576 if (dev->mac_suspended == 0) {
2577 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2578 b43_write32(dev, B43_MMIO_MACCTL,
2579 b43_read32(dev, B43_MMIO_MACCTL)
2580 & ~B43_MACCTL_ENABLED);
2581 /* force pci to flush the write */
2582 b43_read32(dev, B43_MMIO_MACCTL);
2583 for (i = 35; i; i--) {
2584 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2585 if (tmp & B43_IRQ_MAC_SUSPENDED)
2589 /* Hm, it seems this will take some time. Use msleep(). */
2590 for (i = 40; i; i--) {
2591 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2592 if (tmp & B43_IRQ_MAC_SUSPENDED)
2596 b43err(dev->wl, "MAC suspend failed\n");
2599 dev->mac_suspended++;
2602 static void b43_adjust_opmode(struct b43_wldev *dev)
2604 struct b43_wl *wl = dev->wl;
2608 ctl = b43_read32(dev, B43_MMIO_MACCTL);
2609 /* Reset status to STA infrastructure mode. */
2610 ctl &= ~B43_MACCTL_AP;
2611 ctl &= ~B43_MACCTL_KEEP_CTL;
2612 ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2613 ctl &= ~B43_MACCTL_KEEP_BAD;
2614 ctl &= ~B43_MACCTL_PROMISC;
2615 ctl &= ~B43_MACCTL_BEACPROMISC;
2616 ctl |= B43_MACCTL_INFRA;
2618 if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
2619 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
2620 ctl |= B43_MACCTL_AP;
2621 else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
2622 ctl &= ~B43_MACCTL_INFRA;
2624 if (wl->filter_flags & FIF_CONTROL)
2625 ctl |= B43_MACCTL_KEEP_CTL;
2626 if (wl->filter_flags & FIF_FCSFAIL)
2627 ctl |= B43_MACCTL_KEEP_BAD;
2628 if (wl->filter_flags & FIF_PLCPFAIL)
2629 ctl |= B43_MACCTL_KEEP_BADPLCP;
2630 if (wl->filter_flags & FIF_PROMISC_IN_BSS)
2631 ctl |= B43_MACCTL_PROMISC;
2632 if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2633 ctl |= B43_MACCTL_BEACPROMISC;
2635 /* Workaround: On old hardware the HW-MAC-address-filter
2636 * doesn't work properly, so always run promisc in filter
2637 * it in software. */
2638 if (dev->dev->id.revision <= 4)
2639 ctl |= B43_MACCTL_PROMISC;
2641 b43_write32(dev, B43_MMIO_MACCTL, ctl);
2644 if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2645 if (dev->dev->bus->chip_id == 0x4306 &&
2646 dev->dev->bus->chip_rev == 3)
2651 b43_write16(dev, 0x612, cfp_pretbtt);
2654 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
2660 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
2663 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
2665 b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
2666 b43_shm_read16(dev, B43_SHM_SHARED, offset));
2669 static void b43_rate_memory_init(struct b43_wldev *dev)
2671 switch (dev->phy.type) {
2675 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
2676 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
2677 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
2678 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
2679 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
2680 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
2681 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
2682 if (dev->phy.type == B43_PHYTYPE_A)
2686 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
2687 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
2688 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
2689 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
2696 /* Set the default values for the PHY TX Control Words. */
2697 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
2701 ctl |= B43_TXH_PHY_ENC_CCK;
2702 ctl |= B43_TXH_PHY_ANT01AUTO;
2703 ctl |= B43_TXH_PHY_TXPWR;
2705 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
2706 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
2707 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
2710 /* Set the TX-Antenna for management frames sent by firmware. */
2711 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
2716 ant = b43_antenna_to_phyctl(antenna);
2719 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
2720 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2721 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
2722 /* For Probe Resposes */
2723 tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
2724 tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2725 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
2728 /* This is the opposite of b43_chip_init() */
2729 static void b43_chip_exit(struct b43_wldev *dev)
2732 b43_gpio_cleanup(dev);
2733 /* firmware is released later */
2736 /* Initialize the chip
2737 * http://bcm-specs.sipsolutions.net/ChipInit
2739 static int b43_chip_init(struct b43_wldev *dev)
2741 struct b43_phy *phy = &dev->phy;
2743 u32 value32, macctl;
2746 /* Initialize the MAC control */
2747 macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
2749 macctl |= B43_MACCTL_GMODE;
2750 macctl |= B43_MACCTL_INFRA;
2751 b43_write32(dev, B43_MMIO_MACCTL, macctl);
2753 err = b43_request_firmware(dev);
2756 err = b43_upload_microcode(dev);
2758 goto out; /* firmware is released later */
2760 err = b43_gpio_init(dev);
2762 goto out; /* firmware is released later */
2764 err = b43_upload_initvals(dev);
2766 goto err_gpio_clean;
2768 /* Turn the Analog on and initialize the PHY. */
2769 phy->ops->switch_analog(dev, 1);
2770 err = b43_phy_init(dev);
2772 goto err_gpio_clean;
2774 /* Disable Interference Mitigation. */
2775 if (phy->ops->interf_mitigation)
2776 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
2778 /* Select the antennae */
2779 if (phy->ops->set_rx_antenna)
2780 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
2781 b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
2783 if (phy->type == B43_PHYTYPE_B) {
2784 value16 = b43_read16(dev, 0x005E);
2786 b43_write16(dev, 0x005E, value16);
2788 b43_write32(dev, 0x0100, 0x01000000);
2789 if (dev->dev->id.revision < 5)
2790 b43_write32(dev, 0x010C, 0x01000000);
2792 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2793 & ~B43_MACCTL_INFRA);
2794 b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2795 | B43_MACCTL_INFRA);
2797 /* Probe Response Timeout value */
2798 /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
2799 b43_shm_write16(dev, B43_SHM_SHARED, 0x0074, 0x0000);
2801 /* Initially set the wireless operation mode. */
2802 b43_adjust_opmode(dev);
2804 if (dev->dev->id.revision < 3) {
2805 b43_write16(dev, 0x060E, 0x0000);
2806 b43_write16(dev, 0x0610, 0x8000);
2807 b43_write16(dev, 0x0604, 0x0000);
2808 b43_write16(dev, 0x0606, 0x0200);
2810 b43_write32(dev, 0x0188, 0x80000000);
2811 b43_write32(dev, 0x018C, 0x02000000);
2813 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
2814 b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001DC00);
2815 b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
2816 b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
2817 b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
2818 b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
2819 b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
2821 value32 = ssb_read32(dev->dev, SSB_TMSLOW);
2822 value32 |= 0x00100000;
2823 ssb_write32(dev->dev, SSB_TMSLOW, value32);
2825 b43_write16(dev, B43_MMIO_POWERUP_DELAY,
2826 dev->dev->bus->chipco.fast_pwrup_delay);
2829 b43dbg(dev->wl, "Chip initialized\n");
2834 b43_gpio_cleanup(dev);
2838 static void b43_periodic_every60sec(struct b43_wldev *dev)
2840 const struct b43_phy_operations *ops = dev->phy.ops;
2842 if (ops->pwork_60sec)
2843 ops->pwork_60sec(dev);
2845 /* Force check the TX power emission now. */
2846 b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
2849 static void b43_periodic_every30sec(struct b43_wldev *dev)
2851 /* Update device statistics. */
2852 b43_calculate_link_quality(dev);
2855 static void b43_periodic_every15sec(struct b43_wldev *dev)
2857 struct b43_phy *phy = &dev->phy;
2860 if (dev->fw.opensource) {
2861 /* Check if the firmware is still alive.
2862 * It will reset the watchdog counter to 0 in its idle loop. */
2863 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
2864 if (unlikely(wdr)) {
2865 b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
2866 b43_controller_restart(dev, "Firmware watchdog");
2869 b43_shm_write16(dev, B43_SHM_SCRATCH,
2870 B43_WATCHDOG_REG, 1);
2874 if (phy->ops->pwork_15sec)
2875 phy->ops->pwork_15sec(dev);
2877 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
2881 static void do_periodic_work(struct b43_wldev *dev)
2885 state = dev->periodic_state;
2887 b43_periodic_every60sec(dev);
2889 b43_periodic_every30sec(dev);
2890 b43_periodic_every15sec(dev);
2893 /* Periodic work locking policy:
2894 * The whole periodic work handler is protected by
2895 * wl->mutex. If another lock is needed somewhere in the
2896 * pwork callchain, it's aquired in-place, where it's needed.
2898 static void b43_periodic_work_handler(struct work_struct *work)
2900 struct b43_wldev *dev = container_of(work, struct b43_wldev,
2901 periodic_work.work);
2902 struct b43_wl *wl = dev->wl;
2903 unsigned long delay;
2905 mutex_lock(&wl->mutex);
2907 if (unlikely(b43_status(dev) != B43_STAT_STARTED))
2909 if (b43_debug(dev, B43_DBG_PWORK_STOP))
2912 do_periodic_work(dev);
2914 dev->periodic_state++;
2916 if (b43_debug(dev, B43_DBG_PWORK_FAST))
2917 delay = msecs_to_jiffies(50);
2919 delay = round_jiffies_relative(HZ * 15);
2920 ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
2922 mutex_unlock(&wl->mutex);
2925 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
2927 struct delayed_work *work = &dev->periodic_work;
2929 dev->periodic_state = 0;
2930 INIT_DELAYED_WORK(work, b43_periodic_work_handler);
2931 ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
2934 /* Check if communication with the device works correctly. */
2935 static int b43_validate_chipaccess(struct b43_wldev *dev)
2937 u32 v, backup0, backup4;
2939 backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
2940 backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
2942 /* Check for read/write and endianness problems. */
2943 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
2944 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
2946 b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
2947 if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
2950 /* Check if unaligned 32bit SHM_SHARED access works properly.
2951 * However, don't bail out on failure, because it's noncritical. */
2952 b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
2953 b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
2954 b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
2955 b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
2956 if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
2957 b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
2958 b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
2959 if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
2960 b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
2961 b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
2962 b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
2963 b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
2965 b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
2966 b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
2968 if ((dev->dev->id.revision >= 3) && (dev->dev->id.revision <= 10)) {
2969 /* The 32bit register shadows the two 16bit registers
2970 * with update sideeffects. Validate this. */
2971 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
2972 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
2973 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
2975 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
2978 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
2980 v = b43_read32(dev, B43_MMIO_MACCTL);
2981 v |= B43_MACCTL_GMODE;
2982 if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
2987 b43err(dev->wl, "Failed to validate the chipaccess\n");
2991 static void b43_security_init(struct b43_wldev *dev)
2993 dev->max_nr_keys = (dev->dev->id.revision >= 5) ? 58 : 20;
2994 B43_WARN_ON(dev->max_nr_keys > ARRAY_SIZE(dev->key));
2995 dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
2996 /* KTP is a word address, but we address SHM bytewise.
2997 * So multiply by two.
3000 if (dev->dev->id.revision >= 5) {
3001 /* Number of RCMTA address slots */
3002 b43_write16(dev, B43_MMIO_RCMTA_COUNT, dev->max_nr_keys - 8);
3004 b43_clear_keys(dev);
3007 #ifdef CONFIG_B43_HWRNG
3008 static int b43_rng_read(struct hwrng *rng, u32 *data)
3010 struct b43_wl *wl = (struct b43_wl *)rng->priv;
3011 unsigned long flags;
3013 /* Don't take wl->mutex here, as it could deadlock with
3014 * hwrng internal locking. It's not needed to take
3015 * wl->mutex here, anyway. */
3017 spin_lock_irqsave(&wl->irq_lock, flags);
3018 *data = b43_read16(wl->current_dev, B43_MMIO_RNG);
3019 spin_unlock_irqrestore(&wl->irq_lock, flags);
3021 return (sizeof(u16));
3023 #endif /* CONFIG_B43_HWRNG */
3025 static void b43_rng_exit(struct b43_wl *wl)
3027 #ifdef CONFIG_B43_HWRNG
3028 if (wl->rng_initialized)
3029 hwrng_unregister(&wl->rng);
3030 #endif /* CONFIG_B43_HWRNG */
3033 static int b43_rng_init(struct b43_wl *wl)
3037 #ifdef CONFIG_B43_HWRNG
3038 snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3039 "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3040 wl->rng.name = wl->rng_name;
3041 wl->rng.data_read = b43_rng_read;
3042 wl->rng.priv = (unsigned long)wl;
3043 wl->rng_initialized = 1;
3044 err = hwrng_register(&wl->rng);
3046 wl->rng_initialized = 0;
3047 b43err(wl, "Failed to register the random "
3048 "number generator (%d)\n", err);
3050 #endif /* CONFIG_B43_HWRNG */
3055 static int b43_op_tx(struct ieee80211_hw *hw,
3056 struct sk_buff *skb)
3058 struct b43_wl *wl = hw_to_b43_wl(hw);
3059 struct b43_wldev *dev = wl->current_dev;
3060 unsigned long flags;
3063 if (unlikely(skb->len < 2 + 2 + 6)) {
3064 /* Too short, this can't be a valid frame. */
3067 B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3071 /* Transmissions on seperate queues can run concurrently. */
3072 read_lock_irqsave(&wl->tx_lock, flags);
3075 if (likely(b43_status(dev) >= B43_STAT_STARTED)) {
3076 if (b43_using_pio_transfers(dev))
3077 err = b43_pio_tx(dev, skb);
3079 err = b43_dma_tx(dev, skb);
3082 read_unlock_irqrestore(&wl->tx_lock, flags);
3086 return NETDEV_TX_OK;
3089 /* We can not transmit this packet. Drop it. */
3090 dev_kfree_skb_any(skb);
3091 return NETDEV_TX_OK;
3094 /* Locking: wl->irq_lock */
3095 static void b43_qos_params_upload(struct b43_wldev *dev,
3096 const struct ieee80211_tx_queue_params *p,
3099 u16 params[B43_NR_QOSPARAMS];
3103 bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3105 memset(¶ms, 0, sizeof(params));
3107 params[B43_QOSPARAM_TXOP] = p->txop * 32;
3108 params[B43_QOSPARAM_CWMIN] = p->cw_min;
3109 params[B43_QOSPARAM_CWMAX] = p->cw_max;
3110 params[B43_QOSPARAM_CWCUR] = p->cw_min;
3111 params[B43_QOSPARAM_AIFS] = p->aifs;
3112 params[B43_QOSPARAM_BSLOTS] = bslots;
3113 params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3115 for (i = 0; i < ARRAY_SIZE(params); i++) {
3116 if (i == B43_QOSPARAM_STATUS) {
3117 tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3118 shm_offset + (i * 2));
3119 /* Mark the parameters as updated. */
3121 b43_shm_write16(dev, B43_SHM_SHARED,
3122 shm_offset + (i * 2),
3125 b43_shm_write16(dev, B43_SHM_SHARED,
3126 shm_offset + (i * 2),
3132 /* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3133 static const u16 b43_qos_shm_offsets[] = {
3134 /* [mac80211-queue-nr] = SHM_OFFSET, */
3135 [0] = B43_QOS_VOICE,
3136 [1] = B43_QOS_VIDEO,
3137 [2] = B43_QOS_BESTEFFORT,
3138 [3] = B43_QOS_BACKGROUND,
3141 /* Update all QOS parameters in hardware. */
3142 static void b43_qos_upload_all(struct b43_wldev *dev)
3144 struct b43_wl *wl = dev->wl;
3145 struct b43_qos_params *params;
3148 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3149 ARRAY_SIZE(wl->qos_params));
3151 b43_mac_suspend(dev);
3152 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3153 params = &(wl->qos_params[i]);
3154 b43_qos_params_upload(dev, &(params->p),
3155 b43_qos_shm_offsets[i]);
3157 b43_mac_enable(dev);
3160 static void b43_qos_clear(struct b43_wl *wl)
3162 struct b43_qos_params *params;
3165 /* Initialize QoS parameters to sane defaults. */
3167 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3168 ARRAY_SIZE(wl->qos_params));
3170 for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3171 params = &(wl->qos_params[i]);
3173 switch (b43_qos_shm_offsets[i]) {
3177 params->p.cw_min = 0x0001;
3178 params->p.cw_max = 0x0001;
3183 params->p.cw_min = 0x0001;
3184 params->p.cw_max = 0x0001;
3186 case B43_QOS_BESTEFFORT:
3189 params->p.cw_min = 0x0001;
3190 params->p.cw_max = 0x03FF;
3192 case B43_QOS_BACKGROUND:
3195 params->p.cw_min = 0x0001;
3196 params->p.cw_max = 0x03FF;
3204 /* Initialize the core's QOS capabilities */
3205 static void b43_qos_init(struct b43_wldev *dev)
3207 /* Upload the current QOS parameters. */
3208 b43_qos_upload_all(dev);
3210 /* Enable QOS support. */
3211 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3212 b43_write16(dev, B43_MMIO_IFSCTL,
3213 b43_read16(dev, B43_MMIO_IFSCTL)
3214 | B43_MMIO_IFSCTL_USE_EDCF);
3217 static int b43_op_conf_tx(struct ieee80211_hw *hw, u16 _queue,
3218 const struct ieee80211_tx_queue_params *params)
3220 struct b43_wl *wl = hw_to_b43_wl(hw);
3221 struct b43_wldev *dev;
3222 unsigned int queue = (unsigned int)_queue;
3225 if (queue >= ARRAY_SIZE(wl->qos_params)) {
3226 /* Queue not available or don't support setting
3227 * params on this queue. Return success to not
3228 * confuse mac80211. */
3231 BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3232 ARRAY_SIZE(wl->qos_params));
3234 mutex_lock(&wl->mutex);
3235 dev = wl->current_dev;
3236 if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3239 memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3240 b43_mac_suspend(dev);
3241 b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3242 b43_qos_shm_offsets[queue]);
3243 b43_mac_enable(dev);
3247 mutex_unlock(&wl->mutex);
3252 static int b43_op_get_tx_stats(struct ieee80211_hw *hw,
3253 struct ieee80211_tx_queue_stats *stats)
3255 struct b43_wl *wl = hw_to_b43_wl(hw);
3256 struct b43_wldev *dev = wl->current_dev;
3257 unsigned long flags;
3262 spin_lock_irqsave(&wl->irq_lock, flags);
3263 if (likely(b43_status(dev) >= B43_STAT_STARTED)) {
3264 if (b43_using_pio_transfers(dev))
3265 b43_pio_get_tx_stats(dev, stats);
3267 b43_dma_get_tx_stats(dev, stats);
3270 spin_unlock_irqrestore(&wl->irq_lock, flags);
3275 static int b43_op_get_stats(struct ieee80211_hw *hw,
3276 struct ieee80211_low_level_stats *stats)
3278 struct b43_wl *wl = hw_to_b43_wl(hw);
3279 unsigned long flags;
3281 spin_lock_irqsave(&wl->irq_lock, flags);
3282 memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3283 spin_unlock_irqrestore(&wl->irq_lock, flags);
3288 static u64 b43_op_get_tsf(struct ieee80211_hw *hw)
3290 struct b43_wl *wl = hw_to_b43_wl(hw);
3291 struct b43_wldev *dev;
3294 mutex_lock(&wl->mutex);
3295 spin_lock_irq(&wl->irq_lock);
3296 dev = wl->current_dev;
3298 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3299 b43_tsf_read(dev, &tsf);
3303 spin_unlock_irq(&wl->irq_lock);
3304 mutex_unlock(&wl->mutex);
3309 static void b43_op_set_tsf(struct ieee80211_hw *hw, u64 tsf)
3311 struct b43_wl *wl = hw_to_b43_wl(hw);
3312 struct b43_wldev *dev;
3314 mutex_lock(&wl->mutex);
3315 spin_lock_irq(&wl->irq_lock);
3316 dev = wl->current_dev;
3318 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3319 b43_tsf_write(dev, tsf);
3321 spin_unlock_irq(&wl->irq_lock);
3322 mutex_unlock(&wl->mutex);
3325 static void b43_put_phy_into_reset(struct b43_wldev *dev)
3327 struct ssb_device *sdev = dev->dev;
3330 tmslow = ssb_read32(sdev, SSB_TMSLOW);
3331 tmslow &= ~B43_TMSLOW_GMODE;
3332 tmslow |= B43_TMSLOW_PHYRESET;
3333 tmslow |= SSB_TMSLOW_FGC;
3334 ssb_write32(sdev, SSB_TMSLOW, tmslow);
3337 tmslow = ssb_read32(sdev, SSB_TMSLOW);
3338 tmslow &= ~SSB_TMSLOW_FGC;
3339 tmslow |= B43_TMSLOW_PHYRESET;
3340 ssb_write32(sdev, SSB_TMSLOW, tmslow);
3344 static const char *band_to_string(enum ieee80211_band band)
3347 case IEEE80211_BAND_5GHZ:
3349 case IEEE80211_BAND_2GHZ:
3358 /* Expects wl->mutex locked */
3359 static int b43_switch_band(struct b43_wl *wl, struct ieee80211_channel *chan)
3361 struct b43_wldev *up_dev = NULL;
3362 struct b43_wldev *down_dev;
3363 struct b43_wldev *d;
3365 bool uninitialized_var(gmode);
3368 /* Find a device and PHY which supports the band. */
3369 list_for_each_entry(d, &wl->devlist, list) {
3370 switch (chan->band) {
3371 case IEEE80211_BAND_5GHZ:
3372 if (d->phy.supports_5ghz) {
3377 case IEEE80211_BAND_2GHZ:
3378 if (d->phy.supports_2ghz) {
3391 b43err(wl, "Could not find a device for %s-GHz band operation\n",
3392 band_to_string(chan->band));
3395 if ((up_dev == wl->current_dev) &&
3396 (!!wl->current_dev->phy.gmode == !!gmode)) {
3397 /* This device is already running. */
3400 b43dbg(wl, "Switching to %s-GHz band\n",
3401 band_to_string(chan->band));
3402 down_dev = wl->current_dev;
3404 prev_status = b43_status(down_dev);
3405 /* Shutdown the currently running core. */
3406 if (prev_status >= B43_STAT_STARTED)
3407 b43_wireless_core_stop(down_dev);
3408 if (prev_status >= B43_STAT_INITIALIZED)
3409 b43_wireless_core_exit(down_dev);
3411 if (down_dev != up_dev) {
3412 /* We switch to a different core, so we put PHY into
3413 * RESET on the old core. */
3414 b43_put_phy_into_reset(down_dev);
3417 /* Now start the new core. */
3418 up_dev->phy.gmode = gmode;
3419 if (prev_status >= B43_STAT_INITIALIZED) {
3420 err = b43_wireless_core_init(up_dev);
3422 b43err(wl, "Fatal: Could not initialize device for "
3423 "selected %s-GHz band\n",
3424 band_to_string(chan->band));
3428 if (prev_status >= B43_STAT_STARTED) {
3429 err = b43_wireless_core_start(up_dev);
3431 b43err(wl, "Fatal: Coult not start device for "
3432 "selected %s-GHz band\n",
3433 band_to_string(chan->band));
3434 b43_wireless_core_exit(up_dev);
3438 B43_WARN_ON(b43_status(up_dev) != prev_status);
3440 wl->current_dev = up_dev;
3444 /* Whoops, failed to init the new core. No core is operating now. */
3445 wl->current_dev = NULL;
3449 /* Write the short and long frame retry limit values. */
3450 static void b43_set_retry_limits(struct b43_wldev *dev,
3451 unsigned int short_retry,
3452 unsigned int long_retry)
3454 /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3455 * the chip-internal counter. */
3456 short_retry = min(short_retry, (unsigned int)0xF);
3457 long_retry = min(long_retry, (unsigned int)0xF);
3459 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3461 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3465 static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3467 struct b43_wl *wl = hw_to_b43_wl(hw);
3468 struct b43_wldev *dev;
3469 struct b43_phy *phy;
3470 struct ieee80211_conf *conf = &hw->conf;
3471 unsigned long flags;
3475 mutex_lock(&wl->mutex);
3477 /* Switch the band (if necessary). This might change the active core. */
3478 err = b43_switch_band(wl, conf->channel);
3480 goto out_unlock_mutex;
3481 dev = wl->current_dev;
3484 b43_mac_suspend(dev);
3486 if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
3487 b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
3488 conf->long_frame_max_tx_count);
3489 changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
3491 goto out_mac_enable;
3493 /* Switch to the requested channel.
3494 * The firmware takes care of races with the TX handler. */
3495 if (conf->channel->hw_value != phy->channel)
3496 b43_switch_channel(dev, conf->channel->hw_value);
3498 dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_RADIOTAP);
3500 /* Adjust the desired TX power level. */
3501 if (conf->power_level != 0) {
3502 spin_lock_irqsave(&wl->irq_lock, flags);
3503 if (conf->power_level != phy->desired_txpower) {
3504 phy->desired_txpower = conf->power_level;
3505 b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
3506 B43_TXPWR_IGNORE_TSSI);
3508 spin_unlock_irqrestore(&wl->irq_lock, flags);
3511 /* Antennas for RX and management frame TX. */
3512 antenna = B43_ANTENNA_DEFAULT;
3513 b43_mgmtframe_txantenna(dev, antenna);
3514 antenna = B43_ANTENNA_DEFAULT;
3515 if (phy->ops->set_rx_antenna)
3516 phy->ops->set_rx_antenna(dev, antenna);
3518 if (wl->radio_enabled != phy->radio_on) {
3519 if (wl->radio_enabled) {
3520 b43_software_rfkill(dev, false);
3521 b43info(dev->wl, "Radio turned on by software\n");
3522 if (!dev->radio_hw_enable) {
3523 b43info(dev->wl, "The hardware RF-kill button "
3524 "still turns the radio physically off. "
3525 "Press the button to turn it on.\n");
3528 b43_software_rfkill(dev, true);
3529 b43info(dev->wl, "Radio turned off by software\n");
3534 b43_mac_enable(dev);
3536 mutex_unlock(&wl->mutex);
3541 static void b43_update_basic_rates(struct b43_wldev *dev, u32 brates)
3543 struct ieee80211_supported_band *sband =
3544 dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
3545 struct ieee80211_rate *rate;
3547 u16 basic, direct, offset, basic_offset, rateptr;
3549 for (i = 0; i < sband->n_bitrates; i++) {
3550 rate = &sband->bitrates[i];
3552 if (b43_is_cck_rate(rate->hw_value)) {
3553 direct = B43_SHM_SH_CCKDIRECT;
3554 basic = B43_SHM_SH_CCKBASIC;
3555 offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3558 direct = B43_SHM_SH_OFDMDIRECT;
3559 basic = B43_SHM_SH_OFDMBASIC;
3560 offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3564 rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
3566 if (b43_is_cck_rate(rate->hw_value)) {
3567 basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3568 basic_offset &= 0xF;
3570 basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3571 basic_offset &= 0xF;
3575 * Get the pointer that we need to point to
3576 * from the direct map
3578 rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
3579 direct + 2 * basic_offset);
3580 /* and write it to the basic map */
3581 b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
3586 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
3587 struct ieee80211_vif *vif,
3588 struct ieee80211_bss_conf *conf,
3591 struct b43_wl *wl = hw_to_b43_wl(hw);
3592 struct b43_wldev *dev;
3593 unsigned long flags;
3595 mutex_lock(&wl->mutex);
3597 dev = wl->current_dev;
3598 if (!dev || b43_status(dev) < B43_STAT_STARTED)
3599 goto out_unlock_mutex;
3601 B43_WARN_ON(wl->vif != vif);
3603 spin_lock_irqsave(&wl->irq_lock, flags);
3604 if (changed & BSS_CHANGED_BSSID) {
3606 memcpy(wl->bssid, conf->bssid, ETH_ALEN);
3608 memset(wl->bssid, 0, ETH_ALEN);
3611 if (b43_status(dev) >= B43_STAT_INITIALIZED) {
3612 if (changed & BSS_CHANGED_BEACON &&
3613 (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3614 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
3615 b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
3616 b43_update_templates(wl);
3618 if (changed & BSS_CHANGED_BSSID)
3619 b43_write_mac_bssid_templates(dev);
3621 spin_unlock_irqrestore(&wl->irq_lock, flags);
3623 b43_mac_suspend(dev);
3625 /* Update templates for AP/mesh mode. */
3626 if (changed & BSS_CHANGED_BEACON_INT &&
3627 (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3628 b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
3629 b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
3630 b43_set_beacon_int(dev, conf->beacon_int);
3632 if (changed & BSS_CHANGED_BASIC_RATES)
3633 b43_update_basic_rates(dev, conf->basic_rates);
3635 if (changed & BSS_CHANGED_ERP_SLOT) {
3636 if (conf->use_short_slot)
3637 b43_short_slot_timing_enable(dev);
3639 b43_short_slot_timing_disable(dev);
3642 b43_mac_enable(dev);
3644 mutex_unlock(&wl->mutex);
3647 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
3648 struct ieee80211_vif *vif, struct ieee80211_sta *sta,
3649 struct ieee80211_key_conf *key)
3651 struct b43_wl *wl = hw_to_b43_wl(hw);
3652 struct b43_wldev *dev;
3656 static const u8 bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
3658 if (modparam_nohwcrypt)
3659 return -ENOSPC; /* User disabled HW-crypto */
3661 mutex_lock(&wl->mutex);
3662 spin_lock_irq(&wl->irq_lock);
3663 write_lock(&wl->tx_lock);
3664 /* Why do we need all this locking here?
3665 * mutex -> Every config operation must take it.
3666 * irq_lock -> We modify the dev->key array, which is accessed
3667 * in the IRQ handlers.
3668 * tx_lock -> We modify the dev->key array, which is accessed
3669 * in the TX handler.
3672 dev = wl->current_dev;
3674 if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
3677 if (dev->fw.pcm_request_failed || !dev->hwcrypto_enabled) {
3678 /* We don't have firmware for the crypto engine.
3679 * Must use software-crypto. */
3687 if (key->keylen == WLAN_KEY_LEN_WEP40)
3688 algorithm = B43_SEC_ALGO_WEP40;
3690 algorithm = B43_SEC_ALGO_WEP104;
3693 algorithm = B43_SEC_ALGO_TKIP;
3696 algorithm = B43_SEC_ALGO_AES;
3702 index = (u8) (key->keyidx);
3708 if (algorithm == B43_SEC_ALGO_TKIP) {
3709 /* FIXME: No TKIP hardware encryption for now. */
3714 if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
3715 if (WARN_ON(!sta)) {
3719 /* Pairwise key with an assigned MAC address. */
3720 err = b43_key_write(dev, -1, algorithm,
3721 key->key, key->keylen,
3725 err = b43_key_write(dev, index, algorithm,
3726 key->key, key->keylen, NULL, key);
3731 if (algorithm == B43_SEC_ALGO_WEP40 ||
3732 algorithm == B43_SEC_ALGO_WEP104) {
3733 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
3736 b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
3738 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
3741 err = b43_key_clear(dev, key->hw_key_idx);
3752 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
3754 cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
3755 sta ? sta->addr : bcast_addr);
3756 b43_dump_keymemory(dev);
3758 write_unlock(&wl->tx_lock);
3759 spin_unlock_irq(&wl->irq_lock);
3760 mutex_unlock(&wl->mutex);
3765 static void b43_op_configure_filter(struct ieee80211_hw *hw,
3766 unsigned int changed, unsigned int *fflags,
3767 int mc_count, struct dev_addr_list *mc_list)
3769 struct b43_wl *wl = hw_to_b43_wl(hw);
3770 struct b43_wldev *dev = wl->current_dev;
3771 unsigned long flags;
3778 spin_lock_irqsave(&wl->irq_lock, flags);
3779 *fflags &= FIF_PROMISC_IN_BSS |
3785 FIF_BCN_PRBRESP_PROMISC;
3787 changed &= FIF_PROMISC_IN_BSS |
3793 FIF_BCN_PRBRESP_PROMISC;
3795 wl->filter_flags = *fflags;
3797 if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
3798 b43_adjust_opmode(dev);
3799 spin_unlock_irqrestore(&wl->irq_lock, flags);
3802 /* Locking: wl->mutex */
3803 static void b43_wireless_core_stop(struct b43_wldev *dev)
3805 struct b43_wl *wl = dev->wl;
3806 unsigned long flags;
3808 if (b43_status(dev) < B43_STAT_STARTED)
3811 /* Disable and sync interrupts. We must do this before than
3812 * setting the status to INITIALIZED, as the interrupt handler
3813 * won't care about IRQs then. */
3814 spin_lock_irqsave(&wl->irq_lock, flags);
3815 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
3816 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* flush */
3817 spin_unlock_irqrestore(&wl->irq_lock, flags);
3818 b43_synchronize_irq(dev);
3820 write_lock_irqsave(&wl->tx_lock, flags);
3821 b43_set_status(dev, B43_STAT_INITIALIZED);
3822 write_unlock_irqrestore(&wl->tx_lock, flags);
3825 mutex_unlock(&wl->mutex);
3826 /* Must unlock as it would otherwise deadlock. No races here.
3827 * Cancel the possibly running self-rearming periodic work. */
3828 cancel_delayed_work_sync(&dev->periodic_work);
3829 mutex_lock(&wl->mutex);
3831 b43_mac_suspend(dev);
3832 free_irq(dev->dev->irq, dev);
3833 b43dbg(wl, "Wireless interface stopped\n");
3836 /* Locking: wl->mutex */
3837 static int b43_wireless_core_start(struct b43_wldev *dev)
3841 B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
3843 drain_txstatus_queue(dev);
3844 err = request_irq(dev->dev->irq, b43_interrupt_handler,
3845 IRQF_SHARED, KBUILD_MODNAME, dev);
3847 b43err(dev->wl, "Cannot request IRQ-%d\n", dev->dev->irq);
3851 /* We are ready to run. */
3852 b43_set_status(dev, B43_STAT_STARTED);
3854 /* Start data flow (TX/RX). */
3855 b43_mac_enable(dev);
3856 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
3858 /* Start maintainance work */
3859 b43_periodic_tasks_setup(dev);
3861 b43dbg(dev->wl, "Wireless interface started\n");
3866 /* Get PHY and RADIO versioning numbers */
3867 static int b43_phy_versioning(struct b43_wldev *dev)
3869 struct b43_phy *phy = &dev->phy;
3877 int unsupported = 0;
3879 /* Get PHY versioning */
3880 tmp = b43_read16(dev, B43_MMIO_PHY_VER);
3881 analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
3882 phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
3883 phy_rev = (tmp & B43_PHYVER_VERSION);
3890 if (phy_rev != 2 && phy_rev != 4 && phy_rev != 6
3898 #ifdef CONFIG_B43_NPHY
3904 #ifdef CONFIG_B43_PHY_LP
3905 case B43_PHYTYPE_LP:
3914 b43err(dev->wl, "FOUND UNSUPPORTED PHY "
3915 "(Analog %u, Type %u, Revision %u)\n",
3916 analog_type, phy_type, phy_rev);
3919 b43dbg(dev->wl, "Found PHY: Analog %u, Type %u, Revision %u\n",
3920 analog_type, phy_type, phy_rev);
3922 /* Get RADIO versioning */
3923 if (dev->dev->bus->chip_id == 0x4317) {
3924 if (dev->dev->bus->chip_rev == 0)
3926 else if (dev->dev->bus->chip_rev == 1)
3931 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
3932 tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
3933 b43_write16(dev, B43_MMIO_RADIO_CONTROL, B43_RADIOCTL_ID);
3934 tmp |= (u32)b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH) << 16;
3936 radio_manuf = (tmp & 0x00000FFF);
3937 radio_ver = (tmp & 0x0FFFF000) >> 12;
3938 radio_rev = (tmp & 0xF0000000) >> 28;
3939 if (radio_manuf != 0x17F /* Broadcom */)
3943 if (radio_ver != 0x2060)
3947 if (radio_manuf != 0x17F)
3951 if ((radio_ver & 0xFFF0) != 0x2050)
3955 if (radio_ver != 0x2050)
3959 if (radio_ver != 0x2055 && radio_ver != 0x2056)
3962 case B43_PHYTYPE_LP:
3963 if (radio_ver != 0x2062)
3970 b43err(dev->wl, "FOUND UNSUPPORTED RADIO "
3971 "(Manuf 0x%X, Version 0x%X, Revision %u)\n",
3972 radio_manuf, radio_ver, radio_rev);
3975 b43dbg(dev->wl, "Found Radio: Manuf 0x%X, Version 0x%X, Revision %u\n",
3976 radio_manuf, radio_ver, radio_rev);
3978 phy->radio_manuf = radio_manuf;
3979 phy->radio_ver = radio_ver;
3980 phy->radio_rev = radio_rev;
3982 phy->analog = analog_type;
3983 phy->type = phy_type;
3989 static void setup_struct_phy_for_init(struct b43_wldev *dev,
3990 struct b43_phy *phy)
3992 phy->hardware_power_control = !!modparam_hwpctl;
3993 phy->next_txpwr_check_time = jiffies;
3994 /* PHY TX errors counter. */
3995 atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3998 phy->phy_locked = 0;
3999 phy->radio_locked = 0;
4003 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
4007 /* Assume the radio is enabled. If it's not enabled, the state will
4008 * immediately get fixed on the first periodic work run. */
4009 dev->radio_hw_enable = 1;
4012 memset(&dev->stats, 0, sizeof(dev->stats));
4014 setup_struct_phy_for_init(dev, &dev->phy);
4016 /* IRQ related flags */
4017 dev->irq_reason = 0;
4018 memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
4019 dev->irq_mask = B43_IRQ_MASKTEMPLATE;
4020 if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
4021 dev->irq_mask &= ~B43_IRQ_PHY_TXERR;
4023 dev->mac_suspended = 1;
4025 /* Noise calculation context */
4026 memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
4029 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
4031 struct ssb_sprom *sprom = &dev->dev->bus->sprom;
4034 if (!modparam_btcoex)
4036 if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
4038 if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
4041 hf = b43_hf_read(dev);
4042 if (sprom->boardflags_lo & B43_BFL_BTCMOD)
4043 hf |= B43_HF_BTCOEXALT;
4045 hf |= B43_HF_BTCOEX;
4046 b43_hf_write(dev, hf);
4049 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
4051 if (!modparam_btcoex)
4056 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
4058 #ifdef CONFIG_SSB_DRIVER_PCICORE
4059 struct ssb_bus *bus = dev->dev->bus;
4062 if (bus->pcicore.dev &&
4063 bus->pcicore.dev->id.coreid == SSB_DEV_PCI &&
4064 bus->pcicore.dev->id.revision <= 5) {
4065 /* IMCFGLO timeouts workaround. */
4066 tmp = ssb_read32(dev->dev, SSB_IMCFGLO);
4067 tmp &= ~SSB_IMCFGLO_REQTO;
4068 tmp &= ~SSB_IMCFGLO_SERTO;
4069 switch (bus->bustype) {
4070 case SSB_BUSTYPE_PCI:
4071 case SSB_BUSTYPE_PCMCIA:
4074 case SSB_BUSTYPE_SSB:
4078 ssb_write32(dev->dev, SSB_IMCFGLO, tmp);
4080 #endif /* CONFIG_SSB_DRIVER_PCICORE */
4083 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
4087 /* The time value is in microseconds. */
4088 if (dev->phy.type == B43_PHYTYPE_A)
4092 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
4094 if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
4095 pu_delay = max(pu_delay, (u16)2400);
4097 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
4100 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
4101 static void b43_set_pretbtt(struct b43_wldev *dev)
4105 /* The time value is in microseconds. */
4106 if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC)) {
4109 if (dev->phy.type == B43_PHYTYPE_A)
4114 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
4115 b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
4118 /* Shutdown a wireless core */
4119 /* Locking: wl->mutex */
4120 static void b43_wireless_core_exit(struct b43_wldev *dev)
4124 B43_WARN_ON(b43_status(dev) > B43_STAT_INITIALIZED);
4125 if (b43_status(dev) != B43_STAT_INITIALIZED)
4127 b43_set_status(dev, B43_STAT_UNINIT);
4129 /* Stop the microcode PSM. */
4130 macctl = b43_read32(dev, B43_MMIO_MACCTL);
4131 macctl &= ~B43_MACCTL_PSM_RUN;
4132 macctl |= B43_MACCTL_PSM_JMP0;
4133 b43_write32(dev, B43_MMIO_MACCTL, macctl);
4135 if (!dev->suspend_in_progress) {
4137 b43_rng_exit(dev->wl);
4142 dev->phy.ops->switch_analog(dev, 0);
4143 if (dev->wl->current_beacon) {
4144 dev_kfree_skb_any(dev->wl->current_beacon);
4145 dev->wl->current_beacon = NULL;
4148 ssb_device_disable(dev->dev, 0);
4149 ssb_bus_may_powerdown(dev->dev->bus);
4152 /* Initialize a wireless core */
4153 static int b43_wireless_core_init(struct b43_wldev *dev)
4155 struct b43_wl *wl = dev->wl;
4156 struct ssb_bus *bus = dev->dev->bus;
4157 struct ssb_sprom *sprom = &bus->sprom;
4158 struct b43_phy *phy = &dev->phy;
4163 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4165 err = ssb_bus_powerup(bus, 0);
4168 if (!ssb_device_is_enabled(dev->dev)) {
4169 tmp = phy->gmode ? B43_TMSLOW_GMODE : 0;
4170 b43_wireless_core_reset(dev, tmp);
4173 /* Reset all data structures. */
4174 setup_struct_wldev_for_init(dev);
4175 phy->ops->prepare_structs(dev);
4177 /* Enable IRQ routing to this device. */
4178 ssb_pcicore_dev_irqvecs_enable(&bus->pcicore, dev->dev);
4180 b43_imcfglo_timeouts_workaround(dev);
4181 b43_bluetooth_coext_disable(dev);
4182 if (phy->ops->prepare_hardware) {
4183 err = phy->ops->prepare_hardware(dev);
4187 err = b43_chip_init(dev);
4190 b43_shm_write16(dev, B43_SHM_SHARED,
4191 B43_SHM_SH_WLCOREREV, dev->dev->id.revision);
4192 hf = b43_hf_read(dev);
4193 if (phy->type == B43_PHYTYPE_G) {
4197 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4198 hf |= B43_HF_OFDMPABOOST;
4200 if (phy->radio_ver == 0x2050) {
4201 if (phy->radio_rev == 6)
4202 hf |= B43_HF_4318TSSI;
4203 if (phy->radio_rev < 6)
4204 hf |= B43_HF_VCORECALC;
4206 if (sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW)
4207 hf |= B43_HF_DSCRQ; /* Disable slowclock requests from ucode. */
4208 #ifdef CONFIG_SSB_DRIVER_PCICORE
4209 if ((bus->bustype == SSB_BUSTYPE_PCI) &&
4210 (bus->pcicore.dev->id.revision <= 10))
4211 hf |= B43_HF_PCISCW; /* PCI slow clock workaround. */
4213 hf &= ~B43_HF_SKCFPUP;
4214 b43_hf_write(dev, hf);
4216 b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4217 B43_DEFAULT_LONG_RETRY_LIMIT);
4218 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4219 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4221 /* Disable sending probe responses from firmware.
4222 * Setting the MaxTime to one usec will always trigger
4223 * a timeout, so we never send any probe resp.
4224 * A timeout of zero is infinite. */
4225 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4227 b43_rate_memory_init(dev);
4228 b43_set_phytxctl_defaults(dev);
4230 /* Minimum Contention Window */
4231 if (phy->type == B43_PHYTYPE_B) {
4232 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4234 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4236 /* Maximum Contention Window */
4237 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4239 if ((dev->dev->bus->bustype == SSB_BUSTYPE_PCMCIA) || B43_FORCE_PIO) {
4240 dev->__using_pio_transfers = 1;
4241 err = b43_pio_init(dev);
4243 dev->__using_pio_transfers = 0;
4244 err = b43_dma_init(dev);
4249 b43_set_synth_pu_delay(dev, 1);
4250 b43_bluetooth_coext_enable(dev);
4252 ssb_bus_powerup(bus, !(sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW));
4253 b43_upload_card_macaddress(dev);
4254 b43_security_init(dev);
4255 if (!dev->suspend_in_progress)
4258 b43_set_status(dev, B43_STAT_INITIALIZED);
4260 if (!dev->suspend_in_progress)
4268 ssb_bus_may_powerdown(bus);
4269 B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4273 static int b43_op_add_interface(struct ieee80211_hw *hw,
4274 struct ieee80211_if_init_conf *conf)
4276 struct b43_wl *wl = hw_to_b43_wl(hw);
4277 struct b43_wldev *dev;
4278 unsigned long flags;
4279 int err = -EOPNOTSUPP;
4281 /* TODO: allow WDS/AP devices to coexist */
4283 if (conf->type != NL80211_IFTYPE_AP &&
4284 conf->type != NL80211_IFTYPE_MESH_POINT &&
4285 conf->type != NL80211_IFTYPE_STATION &&
4286 conf->type != NL80211_IFTYPE_WDS &&
4287 conf->type != NL80211_IFTYPE_ADHOC)
4290 mutex_lock(&wl->mutex);
4292 goto out_mutex_unlock;
4294 b43dbg(wl, "Adding Interface type %d\n", conf->type);
4296 dev = wl->current_dev;
4298 wl->vif = conf->vif;
4299 wl->if_type = conf->type;
4300 memcpy(wl->mac_addr, conf->mac_addr, ETH_ALEN);
4302 spin_lock_irqsave(&wl->irq_lock, flags);
4303 b43_adjust_opmode(dev);
4304 b43_set_pretbtt(dev);
4305 b43_set_synth_pu_delay(dev, 0);
4306 b43_upload_card_macaddress(dev);
4307 spin_unlock_irqrestore(&wl->irq_lock, flags);
4311 mutex_unlock(&wl->mutex);
4316 static void b43_op_remove_interface(struct ieee80211_hw *hw,
4317 struct ieee80211_if_init_conf *conf)
4319 struct b43_wl *wl = hw_to_b43_wl(hw);
4320 struct b43_wldev *dev = wl->current_dev;
4321 unsigned long flags;
4323 b43dbg(wl, "Removing Interface type %d\n", conf->type);
4325 mutex_lock(&wl->mutex);
4327 B43_WARN_ON(!wl->operating);
4328 B43_WARN_ON(wl->vif != conf->vif);
4333 spin_lock_irqsave(&wl->irq_lock, flags);
4334 b43_adjust_opmode(dev);
4335 memset(wl->mac_addr, 0, ETH_ALEN);
4336 b43_upload_card_macaddress(dev);
4337 spin_unlock_irqrestore(&wl->irq_lock, flags);
4339 mutex_unlock(&wl->mutex);
4342 static int b43_op_start(struct ieee80211_hw *hw)
4344 struct b43_wl *wl = hw_to_b43_wl(hw);
4345 struct b43_wldev *dev = wl->current_dev;
4349 /* Kill all old instance specific information to make sure
4350 * the card won't use it in the short timeframe between start
4351 * and mac80211 reconfiguring it. */
4352 memset(wl->bssid, 0, ETH_ALEN);
4353 memset(wl->mac_addr, 0, ETH_ALEN);
4354 wl->filter_flags = 0;
4355 wl->radiotap_enabled = 0;
4357 wl->beacon0_uploaded = 0;
4358 wl->beacon1_uploaded = 0;
4359 wl->beacon_templates_virgin = 1;
4360 wl->radio_enabled = 1;
4362 mutex_lock(&wl->mutex);
4364 if (b43_status(dev) < B43_STAT_INITIALIZED) {
4365 err = b43_wireless_core_init(dev);
4367 goto out_mutex_unlock;
4371 if (b43_status(dev) < B43_STAT_STARTED) {
4372 err = b43_wireless_core_start(dev);
4375 b43_wireless_core_exit(dev);
4376 goto out_mutex_unlock;
4380 /* XXX: only do if device doesn't support rfkill irq */
4381 wiphy_rfkill_start_polling(hw->wiphy);
4384 mutex_unlock(&wl->mutex);
4389 static void b43_op_stop(struct ieee80211_hw *hw)
4391 struct b43_wl *wl = hw_to_b43_wl(hw);
4392 struct b43_wldev *dev = wl->current_dev;
4394 cancel_work_sync(&(wl->beacon_update_trigger));
4396 mutex_lock(&wl->mutex);
4397 if (b43_status(dev) >= B43_STAT_STARTED)
4398 b43_wireless_core_stop(dev);
4399 b43_wireless_core_exit(dev);
4400 wl->radio_enabled = 0;
4401 mutex_unlock(&wl->mutex);
4403 cancel_work_sync(&(wl->txpower_adjust_work));
4406 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
4407 struct ieee80211_sta *sta, bool set)
4409 struct b43_wl *wl = hw_to_b43_wl(hw);
4410 unsigned long flags;
4412 spin_lock_irqsave(&wl->irq_lock, flags);
4413 b43_update_templates(wl);
4414 spin_unlock_irqrestore(&wl->irq_lock, flags);
4419 static void b43_op_sta_notify(struct ieee80211_hw *hw,
4420 struct ieee80211_vif *vif,
4421 enum sta_notify_cmd notify_cmd,
4422 struct ieee80211_sta *sta)
4424 struct b43_wl *wl = hw_to_b43_wl(hw);
4426 B43_WARN_ON(!vif || wl->vif != vif);
4429 static void b43_op_sw_scan_start_notifier(struct ieee80211_hw *hw)
4431 struct b43_wl *wl = hw_to_b43_wl(hw);
4432 struct b43_wldev *dev;
4434 mutex_lock(&wl->mutex);
4435 dev = wl->current_dev;
4436 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4437 /* Disable CFP update during scan on other channels. */
4438 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_SKCFPUP);
4440 mutex_unlock(&wl->mutex);
4443 static void b43_op_sw_scan_complete_notifier(struct ieee80211_hw *hw)
4445 struct b43_wl *wl = hw_to_b43_wl(hw);
4446 struct b43_wldev *dev;
4448 mutex_lock(&wl->mutex);
4449 dev = wl->current_dev;
4450 if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4451 /* Re-enable CFP update. */
4452 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_SKCFPUP);
4454 mutex_unlock(&wl->mutex);
4457 static const struct ieee80211_ops b43_hw_ops = {
4459 .conf_tx = b43_op_conf_tx,
4460 .add_interface = b43_op_add_interface,
4461 .remove_interface = b43_op_remove_interface,
4462 .config = b43_op_config,
4463 .bss_info_changed = b43_op_bss_info_changed,
4464 .configure_filter = b43_op_configure_filter,
4465 .set_key = b43_op_set_key,
4466 .get_stats = b43_op_get_stats,
4467 .get_tx_stats = b43_op_get_tx_stats,
4468 .get_tsf = b43_op_get_tsf,
4469 .set_tsf = b43_op_set_tsf,
4470 .start = b43_op_start,
4471 .stop = b43_op_stop,
4472 .set_tim = b43_op_beacon_set_tim,
4473 .sta_notify = b43_op_sta_notify,
4474 .sw_scan_start = b43_op_sw_scan_start_notifier,
4475 .sw_scan_complete = b43_op_sw_scan_complete_notifier,
4476 .rfkill_poll = b43_rfkill_poll,
4479 /* Hard-reset the chip. Do not call this directly.
4480 * Use b43_controller_restart()
4482 static void b43_chip_reset(struct work_struct *work)
4484 struct b43_wldev *dev =
4485 container_of(work, struct b43_wldev, restart_work);
4486 struct b43_wl *wl = dev->wl;
4490 mutex_lock(&wl->mutex);
4492 prev_status = b43_status(dev);
4493 /* Bring the device down... */
4494 if (prev_status >= B43_STAT_STARTED)
4495 b43_wireless_core_stop(dev);
4496 if (prev_status >= B43_STAT_INITIALIZED)
4497 b43_wireless_core_exit(dev);
4499 /* ...and up again. */
4500 if (prev_status >= B43_STAT_INITIALIZED) {
4501 err = b43_wireless_core_init(dev);
4505 if (prev_status >= B43_STAT_STARTED) {
4506 err = b43_wireless_core_start(dev);
4508 b43_wireless_core_exit(dev);
4514 wl->current_dev = NULL; /* Failed to init the dev. */
4515 mutex_unlock(&wl->mutex);
4517 b43err(wl, "Controller restart FAILED\n");
4519 b43info(wl, "Controller restarted\n");
4522 static int b43_setup_bands(struct b43_wldev *dev,
4523 bool have_2ghz_phy, bool have_5ghz_phy)
4525 struct ieee80211_hw *hw = dev->wl->hw;
4528 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &b43_band_2GHz;
4529 if (dev->phy.type == B43_PHYTYPE_N) {
4531 hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_nphy;
4534 hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
4537 dev->phy.supports_2ghz = have_2ghz_phy;
4538 dev->phy.supports_5ghz = have_5ghz_phy;
4543 static void b43_wireless_core_detach(struct b43_wldev *dev)
4545 /* We release firmware that late to not be required to re-request
4546 * is all the time when we reinit the core. */
4547 b43_release_firmware(dev);
4551 static int b43_wireless_core_attach(struct b43_wldev *dev)
4553 struct b43_wl *wl = dev->wl;
4554 struct ssb_bus *bus = dev->dev->bus;
4555 struct pci_dev *pdev = bus->host_pci;
4557 bool have_2ghz_phy = 0, have_5ghz_phy = 0;
4560 /* Do NOT do any device initialization here.
4561 * Do it in wireless_core_init() instead.
4562 * This function is for gathering basic information about the HW, only.
4563 * Also some structs may be set up here. But most likely you want to have
4564 * that in core_init(), too.
4567 err = ssb_bus_powerup(bus, 0);
4569 b43err(wl, "Bus powerup failed\n");
4572 /* Get the PHY type. */
4573 if (dev->dev->id.revision >= 5) {
4576 tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
4577 have_2ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY);
4578 have_5ghz_phy = !!(tmshigh & B43_TMSHIGH_HAVE_5GHZ_PHY);
4582 dev->phy.gmode = have_2ghz_phy;
4583 dev->phy.radio_on = 1;
4584 tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4585 b43_wireless_core_reset(dev, tmp);
4587 err = b43_phy_versioning(dev);
4590 /* Check if this device supports multiband. */
4592 (pdev->device != 0x4312 &&
4593 pdev->device != 0x4319 && pdev->device != 0x4324)) {
4594 /* No multiband support. */
4597 switch (dev->phy.type) {
4603 case B43_PHYTYPE_LP:
4610 if (dev->phy.type == B43_PHYTYPE_A) {
4612 b43err(wl, "IEEE 802.11a devices are unsupported\n");
4616 if (1 /* disable A-PHY */) {
4617 /* FIXME: For now we disable the A-PHY on multi-PHY devices. */
4618 if (dev->phy.type != B43_PHYTYPE_N) {
4624 err = b43_phy_allocate(dev);
4628 dev->phy.gmode = have_2ghz_phy;
4629 tmp = dev->phy.gmode ? B43_TMSLOW_GMODE : 0;
4630 b43_wireless_core_reset(dev, tmp);
4632 err = b43_validate_chipaccess(dev);
4635 err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
4639 /* Now set some default "current_dev" */
4640 if (!wl->current_dev)
4641 wl->current_dev = dev;
4642 INIT_WORK(&dev->restart_work, b43_chip_reset);
4644 dev->phy.ops->switch_analog(dev, 0);
4645 ssb_device_disable(dev->dev, 0);
4646 ssb_bus_may_powerdown(bus);
4654 ssb_bus_may_powerdown(bus);
4658 static void b43_one_core_detach(struct ssb_device *dev)
4660 struct b43_wldev *wldev;
4663 /* Do not cancel ieee80211-workqueue based work here.
4664 * See comment in b43_remove(). */
4666 wldev = ssb_get_drvdata(dev);
4668 b43_debugfs_remove_device(wldev);
4669 b43_wireless_core_detach(wldev);
4670 list_del(&wldev->list);
4672 ssb_set_drvdata(dev, NULL);
4676 static int b43_one_core_attach(struct ssb_device *dev, struct b43_wl *wl)
4678 struct b43_wldev *wldev;
4679 struct pci_dev *pdev;
4682 if (!list_empty(&wl->devlist)) {
4683 /* We are not the first core on this chip. */
4684 pdev = dev->bus->host_pci;
4685 /* Only special chips support more than one wireless
4686 * core, although some of the other chips have more than
4687 * one wireless core as well. Check for this and
4691 ((pdev->device != 0x4321) &&
4692 (pdev->device != 0x4313) && (pdev->device != 0x431A))) {
4693 b43dbg(wl, "Ignoring unconnected 802.11 core\n");
4698 wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
4704 b43_set_status(wldev, B43_STAT_UNINIT);
4705 wldev->bad_frames_preempt = modparam_bad_frames_preempt;
4706 tasklet_init(&wldev->isr_tasklet,
4707 (void (*)(unsigned long))b43_interrupt_tasklet,
4708 (unsigned long)wldev);
4709 INIT_LIST_HEAD(&wldev->list);
4711 err = b43_wireless_core_attach(wldev);
4713 goto err_kfree_wldev;
4715 list_add(&wldev->list, &wl->devlist);
4717 ssb_set_drvdata(dev, wldev);
4718 b43_debugfs_add_device(wldev);
4728 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice) ( \
4729 (pdev->vendor == PCI_VENDOR_ID_##_vendor) && \
4730 (pdev->device == _device) && \
4731 (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) && \
4732 (pdev->subsystem_device == _subdevice) )
4734 static void b43_sprom_fixup(struct ssb_bus *bus)
4736 struct pci_dev *pdev;
4738 /* boardflags workarounds */
4739 if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
4740 bus->chip_id == 0x4301 && bus->boardinfo.rev == 0x74)
4741 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
4742 if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
4743 bus->boardinfo.type == 0x4E && bus->boardinfo.rev > 0x40)
4744 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
4745 if (bus->bustype == SSB_BUSTYPE_PCI) {
4746 pdev = bus->host_pci;
4747 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
4748 IS_PDEV(pdev, BROADCOM, 0x4320, DELL, 0x0003) ||
4749 IS_PDEV(pdev, BROADCOM, 0x4320, HP, 0x12f8) ||
4750 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
4751 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
4752 IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
4753 IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
4754 bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
4758 static void b43_wireless_exit(struct ssb_device *dev, struct b43_wl *wl)
4760 struct ieee80211_hw *hw = wl->hw;
4762 ssb_set_devtypedata(dev, NULL);
4763 ieee80211_free_hw(hw);
4766 static int b43_wireless_init(struct ssb_device *dev)
4768 struct ssb_sprom *sprom = &dev->bus->sprom;
4769 struct ieee80211_hw *hw;
4773 b43_sprom_fixup(dev->bus);
4775 hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
4777 b43err(NULL, "Could not allocate ieee80211 device\n");
4780 wl = hw_to_b43_wl(hw);
4783 hw->flags = IEEE80211_HW_RX_INCLUDES_FCS |
4784 IEEE80211_HW_SIGNAL_DBM |
4785 IEEE80211_HW_NOISE_DBM;
4787 hw->wiphy->interface_modes =
4788 BIT(NL80211_IFTYPE_AP) |
4789 BIT(NL80211_IFTYPE_MESH_POINT) |
4790 BIT(NL80211_IFTYPE_STATION) |
4791 BIT(NL80211_IFTYPE_WDS) |
4792 BIT(NL80211_IFTYPE_ADHOC);
4794 hw->queues = modparam_qos ? 4 : 1;
4795 wl->mac80211_initially_registered_queues = hw->queues;
4797 SET_IEEE80211_DEV(hw, dev->dev);
4798 if (is_valid_ether_addr(sprom->et1mac))
4799 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
4801 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
4803 /* Initialize struct b43_wl */
4805 spin_lock_init(&wl->irq_lock);
4806 rwlock_init(&wl->tx_lock);
4807 spin_lock_init(&wl->leds_lock);
4808 spin_lock_init(&wl->shm_lock);
4809 mutex_init(&wl->mutex);
4810 INIT_LIST_HEAD(&wl->devlist);
4811 INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
4812 INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
4814 ssb_set_devtypedata(dev, wl);
4815 b43info(wl, "Broadcom %04X WLAN found (core revision %u)\n",
4816 dev->bus->chip_id, dev->id.revision);
4822 static int b43_probe(struct ssb_device *dev, const struct ssb_device_id *id)
4828 wl = ssb_get_devtypedata(dev);
4830 /* Probing the first core. Must setup common struct b43_wl */
4832 err = b43_wireless_init(dev);
4835 wl = ssb_get_devtypedata(dev);
4838 err = b43_one_core_attach(dev, wl);
4840 goto err_wireless_exit;
4843 err = ieee80211_register_hw(wl->hw);
4845 goto err_one_core_detach;
4851 err_one_core_detach:
4852 b43_one_core_detach(dev);
4855 b43_wireless_exit(dev, wl);
4859 static void b43_remove(struct ssb_device *dev)
4861 struct b43_wl *wl = ssb_get_devtypedata(dev);
4862 struct b43_wldev *wldev = ssb_get_drvdata(dev);
4864 /* We must cancel any work here before unregistering from ieee80211,
4865 * as the ieee80211 unreg will destroy the workqueue. */
4866 cancel_work_sync(&wldev->restart_work);
4869 if (wl->current_dev == wldev) {
4870 /* Restore the queues count before unregistering, because firmware detect
4871 * might have modified it. Restoring is important, so the networking
4872 * stack can properly free resources. */
4873 wl->hw->queues = wl->mac80211_initially_registered_queues;
4874 ieee80211_unregister_hw(wl->hw);
4877 b43_one_core_detach(dev);
4879 if (list_empty(&wl->devlist)) {
4880 /* Last core on the chip unregistered.
4881 * We can destroy common struct b43_wl.
4883 b43_wireless_exit(dev, wl);
4887 /* Perform a hardware reset. This can be called from any context. */
4888 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
4890 /* Must avoid requeueing, if we are in shutdown. */
4891 if (b43_status(dev) < B43_STAT_INITIALIZED)
4893 b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
4894 ieee80211_queue_work(dev->wl->hw, &dev->restart_work);
4899 static int b43_suspend(struct ssb_device *dev, pm_message_t state)
4901 struct b43_wldev *wldev = ssb_get_drvdata(dev);
4902 struct b43_wl *wl = wldev->wl;
4904 b43dbg(wl, "Suspending...\n");
4906 mutex_lock(&wl->mutex);
4907 wldev->suspend_in_progress = true;
4908 wldev->suspend_init_status = b43_status(wldev);
4909 if (wldev->suspend_init_status >= B43_STAT_STARTED)
4910 b43_wireless_core_stop(wldev);
4911 if (wldev->suspend_init_status >= B43_STAT_INITIALIZED)
4912 b43_wireless_core_exit(wldev);
4913 mutex_unlock(&wl->mutex);
4915 b43dbg(wl, "Device suspended.\n");
4920 static int b43_resume(struct ssb_device *dev)
4922 struct b43_wldev *wldev = ssb_get_drvdata(dev);
4923 struct b43_wl *wl = wldev->wl;
4926 b43dbg(wl, "Resuming...\n");
4928 mutex_lock(&wl->mutex);
4929 if (wldev->suspend_init_status >= B43_STAT_INITIALIZED) {
4930 err = b43_wireless_core_init(wldev);
4932 b43err(wl, "Resume failed at core init\n");
4936 if (wldev->suspend_init_status >= B43_STAT_STARTED) {
4937 err = b43_wireless_core_start(wldev);
4939 b43_leds_exit(wldev);
4940 b43_rng_exit(wldev->wl);
4941 b43_wireless_core_exit(wldev);
4942 b43err(wl, "Resume failed at core start\n");
4946 b43dbg(wl, "Device resumed.\n");
4948 wldev->suspend_in_progress = false;
4949 mutex_unlock(&wl->mutex);
4953 #else /* CONFIG_PM */
4954 # define b43_suspend NULL
4955 # define b43_resume NULL
4956 #endif /* CONFIG_PM */
4958 static struct ssb_driver b43_ssb_driver = {
4959 .name = KBUILD_MODNAME,
4960 .id_table = b43_ssb_tbl,
4962 .remove = b43_remove,
4963 .suspend = b43_suspend,
4964 .resume = b43_resume,
4967 static void b43_print_driverinfo(void)
4969 const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
4972 #ifdef CONFIG_B43_PCI_AUTOSELECT
4975 #ifdef CONFIG_B43_PCMCIA
4978 #ifdef CONFIG_B43_NPHY
4981 #ifdef CONFIG_B43_LEDS
4984 printk(KERN_INFO "Broadcom 43xx driver loaded "
4985 "[ Features: %s%s%s%s, Firmware-ID: "
4986 B43_SUPPORTED_FIRMWARE_ID " ]\n",
4987 feat_pci, feat_pcmcia, feat_nphy,
4991 static int __init b43_init(void)
4996 err = b43_pcmcia_init();
4999 err = ssb_driver_register(&b43_ssb_driver);
5001 goto err_pcmcia_exit;
5002 b43_print_driverinfo();
5013 static void __exit b43_exit(void)
5015 ssb_driver_unregister(&b43_ssb_driver);
5020 module_init(b43_init)
5021 module_exit(b43_exit)
git.openpandora.org / pandora-kernel.git / blob