drivers/net/wireless/b43/main.c

   1 /*
   2
   3   Broadcom B43 wireless driver
   4
   5   Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
   6   Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
   7   Copyright (c) 2005-2009 Michael Buesch <m@bues.ch>
   8   Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
   9   Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
  10   Copyright (c) 2010-2011 Rafał Miłecki <zajec5@gmail.com>
  11
  12   SDIO support
  13   Copyright (c) 2009 Albert Herranz <albert_herranz@yahoo.es>
  14
  15   Some parts of the code in this file are derived from the ipw2200
  16   driver  Copyright(c) 2003 - 2004 Intel Corporation.
  17
  18   This program is free software; you can redistribute it and/or modify
  19   it under the terms of the GNU General Public License as published by
  20   the Free Software Foundation; either version 2 of the License, or
  21   (at your option) any later version.
  22
  23   This program is distributed in the hope that it will be useful,
  24   but WITHOUT ANY WARRANTY; without even the implied warranty of
  25   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  26   GNU General Public License for more details.
  27
  28   You should have received a copy of the GNU General Public License
  29   along with this program; see the file COPYING.  If not, write to
  30   the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
  31   Boston, MA 02110-1301, USA.
  32
  33 */
  34
  35 #include <linux/delay.h>
  36 #include <linux/init.h>
  37 #include <linux/module.h>
  38 #include <linux/if_arp.h>
  39 #include <linux/etherdevice.h>
  40 #include <linux/firmware.h>
  41 #include <linux/workqueue.h>
  42 #include <linux/skbuff.h>
  43 #include <linux/io.h>
  44 #include <linux/dma-mapping.h>
  45 #include <linux/slab.h>
  46 #include <asm/unaligned.h>
  47
  48 #include "b43.h"
  49 #include "main.h"
  50 #include "debugfs.h"
  51 #include "phy_common.h"
  52 #include "phy_g.h"
  53 #include "phy_n.h"
  54 #include "dma.h"
  55 #include "pio.h"
  56 #include "sysfs.h"
  57 #include "xmit.h"
  58 #include "lo.h"
  59 #include "pcmcia.h"
  60 #include "sdio.h"
  61 #include <linux/mmc/sdio_func.h>
  62
  63 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
  64 MODULE_AUTHOR("Martin Langer");
  65 MODULE_AUTHOR("Stefano Brivio");
  66 MODULE_AUTHOR("Michael Buesch");
  67 MODULE_AUTHOR("Gábor Stefanik");
  68 MODULE_AUTHOR("Rafał Miłecki");
  69 MODULE_LICENSE("GPL");
  70
  71 MODULE_FIRMWARE("b43/ucode11.fw");
  72 MODULE_FIRMWARE("b43/ucode13.fw");
  73 MODULE_FIRMWARE("b43/ucode14.fw");
  74 MODULE_FIRMWARE("b43/ucode15.fw");
  75 MODULE_FIRMWARE("b43/ucode16_mimo.fw");
  76 MODULE_FIRMWARE("b43/ucode5.fw");
  77 MODULE_FIRMWARE("b43/ucode9.fw");
  78
  79 static int modparam_bad_frames_preempt;
  80 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
  81 MODULE_PARM_DESC(bad_frames_preempt,
  82                  "enable(1) / disable(0) Bad Frames Preemption");
  83
  84 static char modparam_fwpostfix[16];
  85 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
  86 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
  87
  88 static int modparam_hwpctl;
  89 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
  90 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
  91
  92 static int modparam_nohwcrypt;
  93 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
  94 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
  95
  96 static int modparam_hwtkip;
  97 module_param_named(hwtkip, modparam_hwtkip, int, 0444);
  98 MODULE_PARM_DESC(hwtkip, "Enable hardware tkip.");
  99
 100 static int modparam_qos = 1;
 101 module_param_named(qos, modparam_qos, int, 0444);
 102 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
 103
 104 static int modparam_btcoex = 1;
 105 module_param_named(btcoex, modparam_btcoex, int, 0444);
 106 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistence (default on)");
 107
 108 int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
 109 module_param_named(verbose, b43_modparam_verbose, int, 0644);
 110 MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
 111
 112 static int b43_modparam_pio = 0;
 113 module_param_named(pio, b43_modparam_pio, int, 0644);
 114 MODULE_PARM_DESC(pio, "Use PIO accesses by default: 0=DMA, 1=PIO");
 115
 116 #ifdef CONFIG_B43_BCMA
 117 static const struct bcma_device_id b43_bcma_tbl[] = {
 118         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x11, BCMA_ANY_CLASS),
 119 #ifdef CONFIG_B43_BCMA_EXTRA
 120         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x17, BCMA_ANY_CLASS),
 121         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x18, BCMA_ANY_CLASS),
 122 #endif
 123         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1D, BCMA_ANY_CLASS),
 124         BCMA_CORETABLE_END
 125 };
 126 MODULE_DEVICE_TABLE(bcma, b43_bcma_tbl);
 127 #endif
 128
 129 #ifdef CONFIG_B43_SSB
 130 static const struct ssb_device_id b43_ssb_tbl[] = {
 131         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
 132         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
 133         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
 134         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
 135         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
 136         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
 137         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 12),
 138         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
 139         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
 140         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
 141         SSB_DEVTABLE_END
 142 };
 143 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
 144 #endif
 145
 146 /* Channel and ratetables are shared for all devices.
 147  * They can't be const, because ieee80211 puts some precalculated
 148  * data in there. This data is the same for all devices, so we don't
 149  * get concurrency issues */
 150 #define RATETAB_ENT(_rateid, _flags) \
 151         {                                                               \
 152                 .bitrate        = B43_RATE_TO_BASE100KBPS(_rateid),     \
 153                 .hw_value       = (_rateid),                            \
 154                 .flags          = (_flags),                             \
 155         }
 156
 157 /*
 158  * NOTE: When changing this, sync with xmit.c's
 159  *       b43_plcp_get_bitrate_idx_* functions!
 160  */
 161 static struct ieee80211_rate __b43_ratetable[] = {
 162         RATETAB_ENT(B43_CCK_RATE_1MB, 0),
 163         RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
 164         RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
 165         RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
 166         RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
 167         RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
 168         RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
 169         RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
 170         RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
 171         RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
 172         RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
 173         RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
 174 };
 175
 176 #define b43_a_ratetable         (__b43_ratetable + 4)
 177 #define b43_a_ratetable_size    8
 178 #define b43_b_ratetable         (__b43_ratetable + 0)
 179 #define b43_b_ratetable_size    4
 180 #define b43_g_ratetable         (__b43_ratetable + 0)
 181 #define b43_g_ratetable_size    12
 182
 183 #define CHAN4G(_channel, _freq, _flags) {                       \
 184         .band                   = IEEE80211_BAND_2GHZ,          \
 185         .center_freq            = (_freq),                      \
 186         .hw_value               = (_channel),                   \
 187         .flags                  = (_flags),                     \
 188         .max_antenna_gain       = 0,                            \
 189         .max_power              = 30,                           \
 190 }
 191 static struct ieee80211_channel b43_2ghz_chantable[] = {
 192         CHAN4G(1, 2412, 0),
 193         CHAN4G(2, 2417, 0),
 194         CHAN4G(3, 2422, 0),
 195         CHAN4G(4, 2427, 0),
 196         CHAN4G(5, 2432, 0),
 197         CHAN4G(6, 2437, 0),
 198         CHAN4G(7, 2442, 0),
 199         CHAN4G(8, 2447, 0),
 200         CHAN4G(9, 2452, 0),
 201         CHAN4G(10, 2457, 0),
 202         CHAN4G(11, 2462, 0),
 203         CHAN4G(12, 2467, 0),
 204         CHAN4G(13, 2472, 0),
 205         CHAN4G(14, 2484, 0),
 206 };
 207 #undef CHAN4G
 208
 209 #define CHAN5G(_channel, _flags) {                              \
 210         .band                   = IEEE80211_BAND_5GHZ,          \
 211         .center_freq            = 5000 + (5 * (_channel)),      \
 212         .hw_value               = (_channel),                   \
 213         .flags                  = (_flags),                     \
 214         .max_antenna_gain       = 0,                            \
 215         .max_power              = 30,                           \
 216 }
 217 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
 218         CHAN5G(32, 0),          CHAN5G(34, 0),
 219         CHAN5G(36, 0),          CHAN5G(38, 0),
 220         CHAN5G(40, 0),          CHAN5G(42, 0),
 221         CHAN5G(44, 0),          CHAN5G(46, 0),
 222         CHAN5G(48, 0),          CHAN5G(50, 0),
 223         CHAN5G(52, 0),          CHAN5G(54, 0),
 224         CHAN5G(56, 0),          CHAN5G(58, 0),
 225         CHAN5G(60, 0),          CHAN5G(62, 0),
 226         CHAN5G(64, 0),          CHAN5G(66, 0),
 227         CHAN5G(68, 0),          CHAN5G(70, 0),
 228         CHAN5G(72, 0),          CHAN5G(74, 0),
 229         CHAN5G(76, 0),          CHAN5G(78, 0),
 230         CHAN5G(80, 0),          CHAN5G(82, 0),
 231         CHAN5G(84, 0),          CHAN5G(86, 0),
 232         CHAN5G(88, 0),          CHAN5G(90, 0),
 233         CHAN5G(92, 0),          CHAN5G(94, 0),
 234         CHAN5G(96, 0),          CHAN5G(98, 0),
 235         CHAN5G(100, 0),         CHAN5G(102, 0),
 236         CHAN5G(104, 0),         CHAN5G(106, 0),
 237         CHAN5G(108, 0),         CHAN5G(110, 0),
 238         CHAN5G(112, 0),         CHAN5G(114, 0),
 239         CHAN5G(116, 0),         CHAN5G(118, 0),
 240         CHAN5G(120, 0),         CHAN5G(122, 0),
 241         CHAN5G(124, 0),         CHAN5G(126, 0),
 242         CHAN5G(128, 0),         CHAN5G(130, 0),
 243         CHAN5G(132, 0),         CHAN5G(134, 0),
 244         CHAN5G(136, 0),         CHAN5G(138, 0),
 245         CHAN5G(140, 0),         CHAN5G(142, 0),
 246         CHAN5G(144, 0),         CHAN5G(145, 0),
 247         CHAN5G(146, 0),         CHAN5G(147, 0),
 248         CHAN5G(148, 0),         CHAN5G(149, 0),
 249         CHAN5G(150, 0),         CHAN5G(151, 0),
 250         CHAN5G(152, 0),         CHAN5G(153, 0),
 251         CHAN5G(154, 0),         CHAN5G(155, 0),
 252         CHAN5G(156, 0),         CHAN5G(157, 0),
 253         CHAN5G(158, 0),         CHAN5G(159, 0),
 254         CHAN5G(160, 0),         CHAN5G(161, 0),
 255         CHAN5G(162, 0),         CHAN5G(163, 0),
 256         CHAN5G(164, 0),         CHAN5G(165, 0),
 257         CHAN5G(166, 0),         CHAN5G(168, 0),
 258         CHAN5G(170, 0),         CHAN5G(172, 0),
 259         CHAN5G(174, 0),         CHAN5G(176, 0),
 260         CHAN5G(178, 0),         CHAN5G(180, 0),
 261         CHAN5G(182, 0),         CHAN5G(184, 0),
 262         CHAN5G(186, 0),         CHAN5G(188, 0),
 263         CHAN5G(190, 0),         CHAN5G(192, 0),
 264         CHAN5G(194, 0),         CHAN5G(196, 0),
 265         CHAN5G(198, 0),         CHAN5G(200, 0),
 266         CHAN5G(202, 0),         CHAN5G(204, 0),
 267         CHAN5G(206, 0),         CHAN5G(208, 0),
 268         CHAN5G(210, 0),         CHAN5G(212, 0),
 269         CHAN5G(214, 0),         CHAN5G(216, 0),
 270         CHAN5G(218, 0),         CHAN5G(220, 0),
 271         CHAN5G(222, 0),         CHAN5G(224, 0),
 272         CHAN5G(226, 0),         CHAN5G(228, 0),
 273 };
 274
 275 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
 276         CHAN5G(34, 0),          CHAN5G(36, 0),
 277         CHAN5G(38, 0),          CHAN5G(40, 0),
 278         CHAN5G(42, 0),          CHAN5G(44, 0),
 279         CHAN5G(46, 0),          CHAN5G(48, 0),
 280         CHAN5G(52, 0),          CHAN5G(56, 0),
 281         CHAN5G(60, 0),          CHAN5G(64, 0),
 282         CHAN5G(100, 0),         CHAN5G(104, 0),
 283         CHAN5G(108, 0),         CHAN5G(112, 0),
 284         CHAN5G(116, 0),         CHAN5G(120, 0),
 285         CHAN5G(124, 0),         CHAN5G(128, 0),
 286         CHAN5G(132, 0),         CHAN5G(136, 0),
 287         CHAN5G(140, 0),         CHAN5G(149, 0),
 288         CHAN5G(153, 0),         CHAN5G(157, 0),
 289         CHAN5G(161, 0),         CHAN5G(165, 0),
 290         CHAN5G(184, 0),         CHAN5G(188, 0),
 291         CHAN5G(192, 0),         CHAN5G(196, 0),
 292         CHAN5G(200, 0),         CHAN5G(204, 0),
 293         CHAN5G(208, 0),         CHAN5G(212, 0),
 294         CHAN5G(216, 0),
 295 };
 296 #undef CHAN5G
 297
 298 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
 299         .band           = IEEE80211_BAND_5GHZ,
 300         .channels       = b43_5ghz_nphy_chantable,
 301         .n_channels     = ARRAY_SIZE(b43_5ghz_nphy_chantable),
 302         .bitrates       = b43_a_ratetable,
 303         .n_bitrates     = b43_a_ratetable_size,
 304 };
 305
 306 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
 307         .band           = IEEE80211_BAND_5GHZ,
 308         .channels       = b43_5ghz_aphy_chantable,
 309         .n_channels     = ARRAY_SIZE(b43_5ghz_aphy_chantable),
 310         .bitrates       = b43_a_ratetable,
 311         .n_bitrates     = b43_a_ratetable_size,
 312 };
 313
 314 static struct ieee80211_supported_band b43_band_2GHz = {
 315         .band           = IEEE80211_BAND_2GHZ,
 316         .channels       = b43_2ghz_chantable,
 317         .n_channels     = ARRAY_SIZE(b43_2ghz_chantable),
 318         .bitrates       = b43_g_ratetable,
 319         .n_bitrates     = b43_g_ratetable_size,
 320 };
 321
 322 static void b43_wireless_core_exit(struct b43_wldev *dev);
 323 static int b43_wireless_core_init(struct b43_wldev *dev);
 324 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev);
 325 static int b43_wireless_core_start(struct b43_wldev *dev);
 326 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
 327                                     struct ieee80211_vif *vif,
 328                                     struct ieee80211_bss_conf *conf,
 329                                     u32 changed);
 330
 331 static int b43_ratelimit(struct b43_wl *wl)
 332 {
 333         if (!wl || !wl->current_dev)
 334                 return 1;
 335         if (b43_status(wl->current_dev) < B43_STAT_STARTED)
 336                 return 1;
 337         /* We are up and running.
 338          * Ratelimit the messages to avoid DoS over the net. */
 339         return net_ratelimit();
 340 }
 341
 342 void b43info(struct b43_wl *wl, const char *fmt, ...)
 343 {
 344         struct va_format vaf;
 345         va_list args;
 346
 347         if (b43_modparam_verbose < B43_VERBOSITY_INFO)
 348                 return;
 349         if (!b43_ratelimit(wl))
 350                 return;
 351
 352         va_start(args, fmt);
 353
 354         vaf.fmt = fmt;
 355         vaf.va = &args;
 356
 357         printk(KERN_INFO "b43-%s: %pV",
 358                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
 359
 360         va_end(args);
 361 }
 362
 363 void b43err(struct b43_wl *wl, const char *fmt, ...)
 364 {
 365         struct va_format vaf;
 366         va_list args;
 367
 368         if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
 369                 return;
 370         if (!b43_ratelimit(wl))
 371                 return;
 372
 373         va_start(args, fmt);
 374
 375         vaf.fmt = fmt;
 376         vaf.va = &args;
 377
 378         printk(KERN_ERR "b43-%s ERROR: %pV",
 379                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
 380
 381         va_end(args);
 382 }
 383
 384 void b43warn(struct b43_wl *wl, const char *fmt, ...)
 385 {
 386         struct va_format vaf;
 387         va_list args;
 388
 389         if (b43_modparam_verbose < B43_VERBOSITY_WARN)
 390                 return;
 391         if (!b43_ratelimit(wl))
 392                 return;
 393
 394         va_start(args, fmt);
 395
 396         vaf.fmt = fmt;
 397         vaf.va = &args;
 398
 399         printk(KERN_WARNING "b43-%s warning: %pV",
 400                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
 401
 402         va_end(args);
 403 }
 404
 405 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
 406 {
 407         struct va_format vaf;
 408         va_list args;
 409
 410         if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
 411                 return;
 412
 413         va_start(args, fmt);
 414
 415         vaf.fmt = fmt;
 416         vaf.va = &args;
 417
 418         printk(KERN_DEBUG "b43-%s debug: %pV",
 419                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
 420
 421         va_end(args);
 422 }
 423
 424 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
 425 {
 426         u32 macctl;
 427
 428         B43_WARN_ON(offset % 4 != 0);
 429
 430         macctl = b43_read32(dev, B43_MMIO_MACCTL);
 431         if (macctl & B43_MACCTL_BE)
 432                 val = swab32(val);
 433
 434         b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
 435         mmiowb();
 436         b43_write32(dev, B43_MMIO_RAM_DATA, val);
 437 }
 438
 439 static inline void b43_shm_control_word(struct b43_wldev *dev,
 440                                         u16 routing, u16 offset)
 441 {
 442         u32 control;
 443
 444         /* "offset" is the WORD offset. */
 445         control = routing;
 446         control <<= 16;
 447         control |= offset;
 448         b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
 449 }
 450
 451 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
 452 {
 453         u32 ret;
 454
 455         if (routing == B43_SHM_SHARED) {
 456                 B43_WARN_ON(offset & 0x0001);
 457                 if (offset & 0x0003) {
 458                         /* Unaligned access */
 459                         b43_shm_control_word(dev, routing, offset >> 2);
 460                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
 461                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
 462                         ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
 463
 464                         goto out;
 465                 }
 466                 offset >>= 2;
 467         }
 468         b43_shm_control_word(dev, routing, offset);
 469         ret = b43_read32(dev, B43_MMIO_SHM_DATA);
 470 out:
 471         return ret;
 472 }
 473
 474 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
 475 {
 476         u16 ret;
 477
 478         if (routing == B43_SHM_SHARED) {
 479                 B43_WARN_ON(offset & 0x0001);
 480                 if (offset & 0x0003) {
 481                         /* Unaligned access */
 482                         b43_shm_control_word(dev, routing, offset >> 2);
 483                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
 484
 485                         goto out;
 486                 }
 487                 offset >>= 2;
 488         }
 489         b43_shm_control_word(dev, routing, offset);
 490         ret = b43_read16(dev, B43_MMIO_SHM_DATA);
 491 out:
 492         return ret;
 493 }
 494
 495 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
 496 {
 497         if (routing == B43_SHM_SHARED) {
 498                 B43_WARN_ON(offset & 0x0001);
 499                 if (offset & 0x0003) {
 500                         /* Unaligned access */
 501                         b43_shm_control_word(dev, routing, offset >> 2);
 502                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
 503                                     value & 0xFFFF);
 504                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
 505                         b43_write16(dev, B43_MMIO_SHM_DATA,
 506                                     (value >> 16) & 0xFFFF);
 507                         return;
 508                 }
 509                 offset >>= 2;
 510         }
 511         b43_shm_control_word(dev, routing, offset);
 512         b43_write32(dev, B43_MMIO_SHM_DATA, value);
 513 }
 514
 515 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
 516 {
 517         if (routing == B43_SHM_SHARED) {
 518                 B43_WARN_ON(offset & 0x0001);
 519                 if (offset & 0x0003) {
 520                         /* Unaligned access */
 521                         b43_shm_control_word(dev, routing, offset >> 2);
 522                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
 523                         return;
 524                 }
 525                 offset >>= 2;
 526         }
 527         b43_shm_control_word(dev, routing, offset);
 528         b43_write16(dev, B43_MMIO_SHM_DATA, value);
 529 }
 530
 531 /* Read HostFlags */
 532 u64 b43_hf_read(struct b43_wldev *dev)
 533 {
 534         u64 ret;
 535
 536         ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3);
 537         ret <<= 16;
 538         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2);
 539         ret <<= 16;
 540         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1);
 541
 542         return ret;
 543 }
 544
 545 /* Write HostFlags */
 546 void b43_hf_write(struct b43_wldev *dev, u64 value)
 547 {
 548         u16 lo, mi, hi;
 549
 550         lo = (value & 0x00000000FFFFULL);
 551         mi = (value & 0x0000FFFF0000ULL) >> 16;
 552         hi = (value & 0xFFFF00000000ULL) >> 32;
 553         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1, lo);
 554         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2, mi);
 555         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3, hi);
 556 }
 557
 558 /* Read the firmware capabilities bitmask (Opensource firmware only) */
 559 static u16 b43_fwcapa_read(struct b43_wldev *dev)
 560 {
 561         B43_WARN_ON(!dev->fw.opensource);
 562         return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
 563 }
 564
 565 void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
 566 {
 567         u32 low, high;
 568
 569         B43_WARN_ON(dev->dev->core_rev < 3);
 570
 571         /* The hardware guarantees us an atomic read, if we
 572          * read the low register first. */
 573         low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
 574         high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
 575
 576         *tsf = high;
 577         *tsf <<= 32;
 578         *tsf |= low;
 579 }
 580
 581 static void b43_time_lock(struct b43_wldev *dev)
 582 {
 583         b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_TBTTHOLD);
 584         /* Commit the write */
 585         b43_read32(dev, B43_MMIO_MACCTL);
 586 }
 587
 588 static void b43_time_unlock(struct b43_wldev *dev)
 589 {
 590         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_TBTTHOLD, 0);
 591         /* Commit the write */
 592         b43_read32(dev, B43_MMIO_MACCTL);
 593 }
 594
 595 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
 596 {
 597         u32 low, high;
 598
 599         B43_WARN_ON(dev->dev->core_rev < 3);
 600
 601         low = tsf;
 602         high = (tsf >> 32);
 603         /* The hardware guarantees us an atomic write, if we
 604          * write the low register first. */
 605         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
 606         mmiowb();
 607         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
 608         mmiowb();
 609 }
 610
 611 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
 612 {
 613         b43_time_lock(dev);
 614         b43_tsf_write_locked(dev, tsf);
 615         b43_time_unlock(dev);
 616 }
 617
 618 static
 619 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
 620 {
 621         static const u8 zero_addr[ETH_ALEN] = { 0 };
 622         u16 data;
 623
 624         if (!mac)
 625                 mac = zero_addr;
 626
 627         offset |= 0x0020;
 628         b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
 629
 630         data = mac[0];
 631         data |= mac[1] << 8;
 632         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
 633         data = mac[2];
 634         data |= mac[3] << 8;
 635         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
 636         data = mac[4];
 637         data |= mac[5] << 8;
 638         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
 639 }
 640
 641 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
 642 {
 643         const u8 *mac;
 644         const u8 *bssid;
 645         u8 mac_bssid[ETH_ALEN * 2];
 646         int i;
 647         u32 tmp;
 648
 649         bssid = dev->wl->bssid;
 650         mac = dev->wl->mac_addr;
 651
 652         b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
 653
 654         memcpy(mac_bssid, mac, ETH_ALEN);
 655         memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
 656
 657         /* Write our MAC address and BSSID to template ram */
 658         for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
 659                 tmp = (u32) (mac_bssid[i + 0]);
 660                 tmp |= (u32) (mac_bssid[i + 1]) << 8;
 661                 tmp |= (u32) (mac_bssid[i + 2]) << 16;
 662                 tmp |= (u32) (mac_bssid[i + 3]) << 24;
 663                 b43_ram_write(dev, 0x20 + i, tmp);
 664         }
 665 }
 666
 667 static void b43_upload_card_macaddress(struct b43_wldev *dev)
 668 {
 669         b43_write_mac_bssid_templates(dev);
 670         b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
 671 }
 672
 673 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
 674 {
 675         /* slot_time is in usec. */
 676         /* This test used to exit for all but a G PHY. */
 677         if (b43_current_band(dev->wl) == IEEE80211_BAND_5GHZ)
 678                 return;
 679         b43_write16(dev, B43_MMIO_IFSSLOT, 510 + slot_time);
 680         /* Shared memory location 0x0010 is the slot time and should be
 681          * set to slot_time; however, this register is initially 0 and changing
 682          * the value adversely affects the transmit rate for BCM4311
 683          * devices. Until this behavior is unterstood, delete this step
 684          *
 685          * b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
 686          */
 687 }
 688
 689 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
 690 {
 691         b43_set_slot_time(dev, 9);
 692 }
 693
 694 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
 695 {
 696         b43_set_slot_time(dev, 20);
 697 }
 698
 699 /* DummyTransmission function, as documented on
 700  * http://bcm-v4.sipsolutions.net/802.11/DummyTransmission
 701  */
 702 void b43_dummy_transmission(struct b43_wldev *dev, bool ofdm, bool pa_on)
 703 {
 704         struct b43_phy *phy = &dev->phy;
 705         unsigned int i, max_loop;
 706         u16 value;
 707         u32 buffer[5] = {
 708                 0x00000000,
 709                 0x00D40000,
 710                 0x00000000,
 711                 0x01000000,
 712                 0x00000000,
 713         };
 714
 715         if (ofdm) {
 716                 max_loop = 0x1E;
 717                 buffer[0] = 0x000201CC;
 718         } else {
 719                 max_loop = 0xFA;
 720                 buffer[0] = 0x000B846E;
 721         }
 722
 723         for (i = 0; i < 5; i++)
 724                 b43_ram_write(dev, i * 4, buffer[i]);
 725
 726         b43_write16(dev, B43_MMIO_XMTSEL, 0x0000);
 727
 728         if (dev->dev->core_rev < 11)
 729                 b43_write16(dev, B43_MMIO_WEPCTL, 0x0000);
 730         else
 731                 b43_write16(dev, B43_MMIO_WEPCTL, 0x0100);
 732
 733         value = (ofdm ? 0x41 : 0x40);
 734         b43_write16(dev, B43_MMIO_TXE0_PHYCTL, value);
 735         if (phy->type == B43_PHYTYPE_N || phy->type == B43_PHYTYPE_LP ||
 736             phy->type == B43_PHYTYPE_LCN)
 737                 b43_write16(dev, B43_MMIO_TXE0_PHYCTL1, 0x1A02);
 738
 739         b43_write16(dev, B43_MMIO_TXE0_WM_0, 0x0000);
 740         b43_write16(dev, B43_MMIO_TXE0_WM_1, 0x0000);
 741
 742         b43_write16(dev, B43_MMIO_XMTTPLATETXPTR, 0x0000);
 743         b43_write16(dev, B43_MMIO_XMTTXCNT, 0x0014);
 744         b43_write16(dev, B43_MMIO_XMTSEL, 0x0826);
 745         b43_write16(dev, B43_MMIO_TXE0_CTL, 0x0000);
 746
 747         if (!pa_on && phy->type == B43_PHYTYPE_N)
 748                 ; /*b43_nphy_pa_override(dev, false) */
 749
 750         switch (phy->type) {
 751         case B43_PHYTYPE_N:
 752         case B43_PHYTYPE_LCN:
 753                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x00D0);
 754                 break;
 755         case B43_PHYTYPE_LP:
 756                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0050);
 757                 break;
 758         default:
 759                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0030);
 760         }
 761         b43_read16(dev, B43_MMIO_TXE0_AUX);
 762
 763         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
 764                 b43_radio_write16(dev, 0x0051, 0x0017);
 765         for (i = 0x00; i < max_loop; i++) {
 766                 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
 767                 if (value & 0x0080)
 768                         break;
 769                 udelay(10);
 770         }
 771         for (i = 0x00; i < 0x0A; i++) {
 772                 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
 773                 if (value & 0x0400)
 774                         break;
 775                 udelay(10);
 776         }
 777         for (i = 0x00; i < 0x19; i++) {
 778                 value = b43_read16(dev, B43_MMIO_IFSSTAT);
 779                 if (!(value & 0x0100))
 780                         break;
 781                 udelay(10);
 782         }
 783         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
 784                 b43_radio_write16(dev, 0x0051, 0x0037);
 785 }
 786
 787 static void key_write(struct b43_wldev *dev,
 788                       u8 index, u8 algorithm, const u8 *key)
 789 {
 790         unsigned int i;
 791         u32 offset;
 792         u16 value;
 793         u16 kidx;
 794
 795         /* Key index/algo block */
 796         kidx = b43_kidx_to_fw(dev, index);
 797         value = ((kidx << 4) | algorithm);
 798         b43_shm_write16(dev, B43_SHM_SHARED,
 799                         B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
 800
 801         /* Write the key to the Key Table Pointer offset */
 802         offset = dev->ktp + (index * B43_SEC_KEYSIZE);
 803         for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
 804                 value = key[i];
 805                 value |= (u16) (key[i + 1]) << 8;
 806                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
 807         }
 808 }
 809
 810 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
 811 {
 812         u32 addrtmp[2] = { 0, 0, };
 813         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
 814
 815         if (b43_new_kidx_api(dev))
 816                 pairwise_keys_start = B43_NR_GROUP_KEYS;
 817
 818         B43_WARN_ON(index < pairwise_keys_start);
 819         /* We have four default TX keys and possibly four default RX keys.
 820          * Physical mac 0 is mapped to physical key 4 or 8, depending
 821          * on the firmware version.
 822          * So we must adjust the index here.
 823          */
 824         index -= pairwise_keys_start;
 825         B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
 826
 827         if (addr) {
 828                 addrtmp[0] = addr[0];
 829                 addrtmp[0] |= ((u32) (addr[1]) << 8);
 830                 addrtmp[0] |= ((u32) (addr[2]) << 16);
 831                 addrtmp[0] |= ((u32) (addr[3]) << 24);
 832                 addrtmp[1] = addr[4];
 833                 addrtmp[1] |= ((u32) (addr[5]) << 8);
 834         }
 835
 836         /* Receive match transmitter address (RCMTA) mechanism */
 837         b43_shm_write32(dev, B43_SHM_RCMTA,
 838                         (index * 2) + 0, addrtmp[0]);
 839         b43_shm_write16(dev, B43_SHM_RCMTA,
 840                         (index * 2) + 1, addrtmp[1]);
 841 }
 842
 843 /* The ucode will use phase1 key with TEK key to decrypt rx packets.
 844  * When a packet is received, the iv32 is checked.
 845  * - if it doesn't the packet is returned without modification (and software
 846  *   decryption can be done). That's what happen when iv16 wrap.
 847  * - if it does, the rc4 key is computed, and decryption is tried.
 848  *   Either it will success and B43_RX_MAC_DEC is returned,
 849  *   either it fails and B43_RX_MAC_DEC|B43_RX_MAC_DECERR is returned
 850  *   and the packet is not usable (it got modified by the ucode).
 851  * So in order to never have B43_RX_MAC_DECERR, we should provide
 852  * a iv32 and phase1key that match. Because we drop packets in case of
 853  * B43_RX_MAC_DECERR, if we have a correct iv32 but a wrong phase1key, all
 854  * packets will be lost without higher layer knowing (ie no resync possible
 855  * until next wrap).
 856  *
 857  * NOTE : this should support 50 key like RCMTA because
 858  * (B43_SHM_SH_KEYIDXBLOCK - B43_SHM_SH_TKIPTSCTTAK)/14 = 50
 859  */
 860 static void rx_tkip_phase1_write(struct b43_wldev *dev, u8 index, u32 iv32,
 861                 u16 *phase1key)
 862 {
 863         unsigned int i;
 864         u32 offset;
 865         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
 866
 867         if (!modparam_hwtkip)
 868                 return;
 869
 870         if (b43_new_kidx_api(dev))
 871                 pairwise_keys_start = B43_NR_GROUP_KEYS;
 872
 873         B43_WARN_ON(index < pairwise_keys_start);
 874         /* We have four default TX keys and possibly four default RX keys.
 875          * Physical mac 0 is mapped to physical key 4 or 8, depending
 876          * on the firmware version.
 877          * So we must adjust the index here.
 878          */
 879         index -= pairwise_keys_start;
 880         B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
 881
 882         if (b43_debug(dev, B43_DBG_KEYS)) {
 883                 b43dbg(dev->wl, "rx_tkip_phase1_write : idx 0x%x, iv32 0x%x\n",
 884                                 index, iv32);
 885         }
 886         /* Write the key to the  RX tkip shared mem */
 887         offset = B43_SHM_SH_TKIPTSCTTAK + index * (10 + 4);
 888         for (i = 0; i < 10; i += 2) {
 889                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i,
 890                                 phase1key ? phase1key[i / 2] : 0);
 891         }
 892         b43_shm_write16(dev, B43_SHM_SHARED, offset + i, iv32);
 893         b43_shm_write16(dev, B43_SHM_SHARED, offset + i + 2, iv32 >> 16);
 894 }
 895
 896 static void b43_op_update_tkip_key(struct ieee80211_hw *hw,
 897                                    struct ieee80211_vif *vif,
 898                                    struct ieee80211_key_conf *keyconf,
 899                                    struct ieee80211_sta *sta,
 900                                    u32 iv32, u16 *phase1key)
 901 {
 902         struct b43_wl *wl = hw_to_b43_wl(hw);
 903         struct b43_wldev *dev;
 904         int index = keyconf->hw_key_idx;
 905
 906         if (B43_WARN_ON(!modparam_hwtkip))
 907                 return;
 908
 909         /* This is only called from the RX path through mac80211, where
 910          * our mutex is already locked. */
 911         B43_WARN_ON(!mutex_is_locked(&wl->mutex));
 912         dev = wl->current_dev;
 913         B43_WARN_ON(!dev || b43_status(dev) < B43_STAT_INITIALIZED);
 914
 915         keymac_write(dev, index, NULL); /* First zero out mac to avoid race */
 916
 917         rx_tkip_phase1_write(dev, index, iv32, phase1key);
 918         /* only pairwise TKIP keys are supported right now */
 919         if (WARN_ON(!sta))
 920                 return;
 921         keymac_write(dev, index, sta->addr);
 922 }
 923
 924 static void do_key_write(struct b43_wldev *dev,
 925                          u8 index, u8 algorithm,
 926                          const u8 *key, size_t key_len, const u8 *mac_addr)
 927 {
 928         u8 buf[B43_SEC_KEYSIZE] = { 0, };
 929         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
 930
 931         if (b43_new_kidx_api(dev))
 932                 pairwise_keys_start = B43_NR_GROUP_KEYS;
 933
 934         B43_WARN_ON(index >= ARRAY_SIZE(dev->key));
 935         B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
 936
 937         if (index >= pairwise_keys_start)
 938                 keymac_write(dev, index, NULL); /* First zero out mac. */
 939         if (algorithm == B43_SEC_ALGO_TKIP) {
 940                 /*
 941                  * We should provide an initial iv32, phase1key pair.
 942                  * We could start with iv32=0 and compute the corresponding
 943                  * phase1key, but this means calling ieee80211_get_tkip_key
 944                  * with a fake skb (or export other tkip function).
 945                  * Because we are lazy we hope iv32 won't start with
 946                  * 0xffffffff and let's b43_op_update_tkip_key provide a
 947                  * correct pair.
 948                  */
 949                 rx_tkip_phase1_write(dev, index, 0xffffffff, (u16*)buf);
 950         } else if (index >= pairwise_keys_start) /* clear it */
 951                 rx_tkip_phase1_write(dev, index, 0, NULL);
 952         if (key)
 953                 memcpy(buf, key, key_len);
 954         key_write(dev, index, algorithm, buf);
 955         if (index >= pairwise_keys_start)
 956                 keymac_write(dev, index, mac_addr);
 957
 958         dev->key[index].algorithm = algorithm;
 959 }
 960
 961 static int b43_key_write(struct b43_wldev *dev,
 962                          int index, u8 algorithm,
 963                          const u8 *key, size_t key_len,
 964                          const u8 *mac_addr,
 965                          struct ieee80211_key_conf *keyconf)
 966 {
 967         int i;
 968         int pairwise_keys_start;
 969
 970         /* For ALG_TKIP the key is encoded as a 256-bit (32 byte) data block:
 971          *      - Temporal Encryption Key (128 bits)
 972          *      - Temporal Authenticator Tx MIC Key (64 bits)
 973          *      - Temporal Authenticator Rx MIC Key (64 bits)
 974          *
 975          *      Hardware only store TEK
 976          */
 977         if (algorithm == B43_SEC_ALGO_TKIP && key_len == 32)
 978                 key_len = 16;
 979         if (key_len > B43_SEC_KEYSIZE)
 980                 return -EINVAL;
 981         for (i = 0; i < ARRAY_SIZE(dev->key); i++) {
 982                 /* Check that we don't already have this key. */
 983                 B43_WARN_ON(dev->key[i].keyconf == keyconf);
 984         }
 985         if (index < 0) {
 986                 /* Pairwise key. Get an empty slot for the key. */
 987                 if (b43_new_kidx_api(dev))
 988                         pairwise_keys_start = B43_NR_GROUP_KEYS;
 989                 else
 990                         pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
 991                 for (i = pairwise_keys_start;
 992                      i < pairwise_keys_start + B43_NR_PAIRWISE_KEYS;
 993                      i++) {
 994                         B43_WARN_ON(i >= ARRAY_SIZE(dev->key));
 995                         if (!dev->key[i].keyconf) {
 996                                 /* found empty */
 997                                 index = i;
 998                                 break;
 999                         }
1000                 }
1001                 if (index < 0) {
1002                         b43warn(dev->wl, "Out of hardware key memory\n");
1003                         return -ENOSPC;
1004                 }
1005         } else
1006                 B43_WARN_ON(index > 3);
1007
1008         do_key_write(dev, index, algorithm, key, key_len, mac_addr);
1009         if ((index <= 3) && !b43_new_kidx_api(dev)) {
1010                 /* Default RX key */
1011                 B43_WARN_ON(mac_addr);
1012                 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
1013         }
1014         keyconf->hw_key_idx = index;
1015         dev->key[index].keyconf = keyconf;
1016
1017         return 0;
1018 }
1019
1020 static int b43_key_clear(struct b43_wldev *dev, int index)
1021 {
1022         if (B43_WARN_ON((index < 0) || (index >= ARRAY_SIZE(dev->key))))
1023                 return -EINVAL;
1024         do_key_write(dev, index, B43_SEC_ALGO_NONE,
1025                      NULL, B43_SEC_KEYSIZE, NULL);
1026         if ((index <= 3) && !b43_new_kidx_api(dev)) {
1027                 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
1028                              NULL, B43_SEC_KEYSIZE, NULL);
1029         }
1030         dev->key[index].keyconf = NULL;
1031
1032         return 0;
1033 }
1034
1035 static void b43_clear_keys(struct b43_wldev *dev)
1036 {
1037         int i, count;
1038
1039         if (b43_new_kidx_api(dev))
1040                 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1041         else
1042                 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1043         for (i = 0; i < count; i++)
1044                 b43_key_clear(dev, i);
1045 }
1046
1047 static void b43_dump_keymemory(struct b43_wldev *dev)
1048 {
1049         unsigned int i, index, count, offset, pairwise_keys_start;
1050         u8 mac[ETH_ALEN];
1051         u16 algo;
1052         u32 rcmta0;
1053         u16 rcmta1;
1054         u64 hf;
1055         struct b43_key *key;
1056
1057         if (!b43_debug(dev, B43_DBG_KEYS))
1058                 return;
1059
1060         hf = b43_hf_read(dev);
1061         b43dbg(dev->wl, "Hardware key memory dump:  USEDEFKEYS=%u\n",
1062                !!(hf & B43_HF_USEDEFKEYS));
1063         if (b43_new_kidx_api(dev)) {
1064                 pairwise_keys_start = B43_NR_GROUP_KEYS;
1065                 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1066         } else {
1067                 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1068                 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1069         }
1070         for (index = 0; index < count; index++) {
1071                 key = &(dev->key[index]);
1072                 printk(KERN_DEBUG "Key slot %02u: %s",
1073                        index, (key->keyconf == NULL) ? " " : "*");
1074                 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
1075                 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
1076                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1077                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1078                 }
1079
1080                 algo = b43_shm_read16(dev, B43_SHM_SHARED,
1081                                       B43_SHM_SH_KEYIDXBLOCK + (index * 2));
1082                 printk("   Algo: %04X/%02X", algo, key->algorithm);
1083
1084                 if (index >= pairwise_keys_start) {
1085                         if (key->algorithm == B43_SEC_ALGO_TKIP) {
1086                                 printk("   TKIP: ");
1087                                 offset = B43_SHM_SH_TKIPTSCTTAK + (index - 4) * (10 + 4);
1088                                 for (i = 0; i < 14; i += 2) {
1089                                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1090                                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1091                                 }
1092                         }
1093                         rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
1094                                                 ((index - pairwise_keys_start) * 2) + 0);
1095                         rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
1096                                                 ((index - pairwise_keys_start) * 2) + 1);
1097                         *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
1098                         *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
1099                         printk("   MAC: %pM", mac);
1100                 } else
1101                         printk("   DEFAULT KEY");
1102                 printk("\n");
1103         }
1104 }
1105
1106 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1107 {
1108         u32 macctl;
1109         u16 ucstat;
1110         bool hwps;
1111         bool awake;
1112         int i;
1113
1114         B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1115                     (ps_flags & B43_PS_DISABLED));
1116         B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1117
1118         if (ps_flags & B43_PS_ENABLED) {
1119                 hwps = true;
1120         } else if (ps_flags & B43_PS_DISABLED) {
1121                 hwps = false;
1122         } else {
1123                 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1124                 //      and thus is not an AP and we are associated, set bit 25
1125         }
1126         if (ps_flags & B43_PS_AWAKE) {
1127                 awake = true;
1128         } else if (ps_flags & B43_PS_ASLEEP) {
1129                 awake = false;
1130         } else {
1131                 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1132                 //      or we are associated, or FIXME, or the latest PS-Poll packet sent was
1133                 //      successful, set bit26
1134         }
1135
1136 /* FIXME: For now we force awake-on and hwps-off */
1137         hwps = false;
1138         awake = true;
1139
1140         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1141         if (hwps)
1142                 macctl |= B43_MACCTL_HWPS;
1143         else
1144                 macctl &= ~B43_MACCTL_HWPS;
1145         if (awake)
1146                 macctl |= B43_MACCTL_AWAKE;
1147         else
1148                 macctl &= ~B43_MACCTL_AWAKE;
1149         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1150         /* Commit write */
1151         b43_read32(dev, B43_MMIO_MACCTL);
1152         if (awake && dev->dev->core_rev >= 5) {
1153                 /* Wait for the microcode to wake up. */
1154                 for (i = 0; i < 100; i++) {
1155                         ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1156                                                 B43_SHM_SH_UCODESTAT);
1157                         if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1158                                 break;
1159                         udelay(10);
1160                 }
1161         }
1162 }
1163
1164 #ifdef CONFIG_B43_BCMA
1165 static void b43_bcma_phy_reset(struct b43_wldev *dev)
1166 {
1167         u32 flags;
1168
1169         /* Put PHY into reset */
1170         flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1171         flags |= B43_BCMA_IOCTL_PHY_RESET;
1172         flags |= B43_BCMA_IOCTL_PHY_BW_20MHZ; /* Make 20 MHz def */
1173         bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1174         udelay(2);
1175
1176         /* Take PHY out of reset */
1177         flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1178         flags &= ~B43_BCMA_IOCTL_PHY_RESET;
1179         flags |= BCMA_IOCTL_FGC;
1180         bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1181         udelay(1);
1182
1183         /* Do not force clock anymore */
1184         flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1185         flags &= ~BCMA_IOCTL_FGC;
1186         bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1187         udelay(1);
1188 }
1189
1190 static void b43_bcma_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1191 {
1192         u32 req = B43_BCMA_CLKCTLST_80211_PLL_REQ |
1193                   B43_BCMA_CLKCTLST_PHY_PLL_REQ;
1194         u32 status = B43_BCMA_CLKCTLST_80211_PLL_ST |
1195                      B43_BCMA_CLKCTLST_PHY_PLL_ST;
1196
1197         b43_device_enable(dev, B43_BCMA_IOCTL_PHY_CLKEN);
1198         bcma_core_set_clockmode(dev->dev->bdev, BCMA_CLKMODE_FAST);
1199         b43_bcma_phy_reset(dev);
1200         bcma_core_pll_ctl(dev->dev->bdev, req, status, true);
1201 }
1202 #endif
1203
1204 static void b43_ssb_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1205 {
1206         struct ssb_device *sdev = dev->dev->sdev;
1207         u32 tmslow;
1208         u32 flags = 0;
1209
1210         if (gmode)
1211                 flags |= B43_TMSLOW_GMODE;
1212         flags |= B43_TMSLOW_PHYCLKEN;
1213         flags |= B43_TMSLOW_PHYRESET;
1214         if (dev->phy.type == B43_PHYTYPE_N)
1215                 flags |= B43_TMSLOW_PHY_BANDWIDTH_20MHZ; /* Make 20 MHz def */
1216         b43_device_enable(dev, flags);
1217         msleep(2);              /* Wait for the PLL to turn on. */
1218
1219         /* Now take the PHY out of Reset again */
1220         tmslow = ssb_read32(sdev, SSB_TMSLOW);
1221         tmslow |= SSB_TMSLOW_FGC;
1222         tmslow &= ~B43_TMSLOW_PHYRESET;
1223         ssb_write32(sdev, SSB_TMSLOW, tmslow);
1224         ssb_read32(sdev, SSB_TMSLOW);   /* flush */
1225         msleep(1);
1226         tmslow &= ~SSB_TMSLOW_FGC;
1227         ssb_write32(sdev, SSB_TMSLOW, tmslow);
1228         ssb_read32(sdev, SSB_TMSLOW);   /* flush */
1229         msleep(1);
1230 }
1231
1232 void b43_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1233 {
1234         u32 macctl;
1235
1236         switch (dev->dev->bus_type) {
1237 #ifdef CONFIG_B43_BCMA
1238         case B43_BUS_BCMA:
1239                 b43_bcma_wireless_core_reset(dev, gmode);
1240                 break;
1241 #endif
1242 #ifdef CONFIG_B43_SSB
1243         case B43_BUS_SSB:
1244                 b43_ssb_wireless_core_reset(dev, gmode);
1245                 break;
1246 #endif
1247         }
1248
1249         /* Turn Analog ON, but only if we already know the PHY-type.
1250          * This protects against very early setup where we don't know the
1251          * PHY-type, yet. wireless_core_reset will be called once again later,
1252          * when we know the PHY-type. */
1253         if (dev->phy.ops)
1254                 dev->phy.ops->switch_analog(dev, 1);
1255
1256         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1257         macctl &= ~B43_MACCTL_GMODE;
1258         if (gmode)
1259                 macctl |= B43_MACCTL_GMODE;
1260         macctl |= B43_MACCTL_IHR_ENABLED;
1261         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1262 }
1263
1264 static void handle_irq_transmit_status(struct b43_wldev *dev)
1265 {
1266         u32 v0, v1;
1267         u16 tmp;
1268         struct b43_txstatus stat;
1269
1270         while (1) {
1271                 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1272                 if (!(v0 & 0x00000001))
1273                         break;
1274                 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1275
1276                 stat.cookie = (v0 >> 16);
1277                 stat.seq = (v1 & 0x0000FFFF);
1278                 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1279                 tmp = (v0 & 0x0000FFFF);
1280                 stat.frame_count = ((tmp & 0xF000) >> 12);
1281                 stat.rts_count = ((tmp & 0x0F00) >> 8);
1282                 stat.supp_reason = ((tmp & 0x001C) >> 2);
1283                 stat.pm_indicated = !!(tmp & 0x0080);
1284                 stat.intermediate = !!(tmp & 0x0040);
1285                 stat.for_ampdu = !!(tmp & 0x0020);
1286                 stat.acked = !!(tmp & 0x0002);
1287
1288                 b43_handle_txstatus(dev, &stat);
1289         }
1290 }
1291
1292 static void drain_txstatus_queue(struct b43_wldev *dev)
1293 {
1294         u32 dummy;
1295
1296         if (dev->dev->core_rev < 5)
1297                 return;
1298         /* Read all entries from the microcode TXstatus FIFO
1299          * and throw them away.
1300          */
1301         while (1) {
1302                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1303                 if (!(dummy & 0x00000001))
1304                         break;
1305                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1306         }
1307 }
1308
1309 static u32 b43_jssi_read(struct b43_wldev *dev)
1310 {
1311         u32 val = 0;
1312
1313         val = b43_shm_read16(dev, B43_SHM_SHARED, 0x08A);
1314         val <<= 16;
1315         val |= b43_shm_read16(dev, B43_SHM_SHARED, 0x088);
1316
1317         return val;
1318 }
1319
1320 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1321 {
1322         b43_shm_write16(dev, B43_SHM_SHARED, 0x088, (jssi & 0x0000FFFF));
1323         b43_shm_write16(dev, B43_SHM_SHARED, 0x08A, (jssi & 0xFFFF0000) >> 16);
1324 }
1325
1326 static void b43_generate_noise_sample(struct b43_wldev *dev)
1327 {
1328         b43_jssi_write(dev, 0x7F7F7F7F);
1329         b43_write32(dev, B43_MMIO_MACCMD,
1330                     b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1331 }
1332
1333 static void b43_calculate_link_quality(struct b43_wldev *dev)
1334 {
1335         /* Top half of Link Quality calculation. */
1336
1337         if (dev->phy.type != B43_PHYTYPE_G)
1338                 return;
1339         if (dev->noisecalc.calculation_running)
1340                 return;
1341         dev->noisecalc.calculation_running = true;
1342         dev->noisecalc.nr_samples = 0;
1343
1344         b43_generate_noise_sample(dev);
1345 }
1346
1347 static void handle_irq_noise(struct b43_wldev *dev)
1348 {
1349         struct b43_phy_g *phy = dev->phy.g;
1350         u16 tmp;
1351         u8 noise[4];
1352         u8 i, j;
1353         s32 average;
1354
1355         /* Bottom half of Link Quality calculation. */
1356
1357         if (dev->phy.type != B43_PHYTYPE_G)
1358                 return;
1359
1360         /* Possible race condition: It might be possible that the user
1361          * changed to a different channel in the meantime since we
1362          * started the calculation. We ignore that fact, since it's
1363          * not really that much of a problem. The background noise is
1364          * an estimation only anyway. Slightly wrong results will get damped
1365          * by the averaging of the 8 sample rounds. Additionally the
1366          * value is shortlived. So it will be replaced by the next noise
1367          * calculation round soon. */
1368
1369         B43_WARN_ON(!dev->noisecalc.calculation_running);
1370         *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1371         if (noise[0] == 0x7F || noise[1] == 0x7F ||
1372             noise[2] == 0x7F || noise[3] == 0x7F)
1373                 goto generate_new;
1374
1375         /* Get the noise samples. */
1376         B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1377         i = dev->noisecalc.nr_samples;
1378         noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1379         noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1380         noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1381         noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1382         dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1383         dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1384         dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1385         dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1386         dev->noisecalc.nr_samples++;
1387         if (dev->noisecalc.nr_samples == 8) {
1388                 /* Calculate the Link Quality by the noise samples. */
1389                 average = 0;
1390                 for (i = 0; i < 8; i++) {
1391                         for (j = 0; j < 4; j++)
1392                                 average += dev->noisecalc.samples[i][j];
1393                 }
1394                 average /= (8 * 4);
1395                 average *= 125;
1396                 average += 64;
1397                 average /= 128;
1398                 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1399                 tmp = (tmp / 128) & 0x1F;
1400                 if (tmp >= 8)
1401                         average += 2;
1402                 else
1403                         average -= 25;
1404                 if (tmp == 8)
1405                         average -= 72;
1406                 else
1407                         average -= 48;
1408
1409                 dev->stats.link_noise = average;
1410                 dev->noisecalc.calculation_running = false;
1411                 return;
1412         }
1413 generate_new:
1414         b43_generate_noise_sample(dev);
1415 }
1416
1417 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1418 {
1419         if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1420                 ///TODO: PS TBTT
1421         } else {
1422                 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1423                         b43_power_saving_ctl_bits(dev, 0);
1424         }
1425         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1426                 dev->dfq_valid = true;
1427 }
1428
1429 static void handle_irq_atim_end(struct b43_wldev *dev)
1430 {
1431         if (dev->dfq_valid) {
1432                 b43_write32(dev, B43_MMIO_MACCMD,
1433                             b43_read32(dev, B43_MMIO_MACCMD)
1434                             | B43_MACCMD_DFQ_VALID);
1435                 dev->dfq_valid = false;
1436         }
1437 }
1438
1439 static void handle_irq_pmq(struct b43_wldev *dev)
1440 {
1441         u32 tmp;
1442
1443         //TODO: AP mode.
1444
1445         while (1) {
1446                 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1447                 if (!(tmp & 0x00000008))
1448                         break;
1449         }
1450         /* 16bit write is odd, but correct. */
1451         b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1452 }
1453
1454 static void b43_write_template_common(struct b43_wldev *dev,
1455                                       const u8 *data, u16 size,
1456                                       u16 ram_offset,
1457                                       u16 shm_size_offset, u8 rate)
1458 {
1459         u32 i, tmp;
1460         struct b43_plcp_hdr4 plcp;
1461
1462         plcp.data = 0;
1463         b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1464         b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1465         ram_offset += sizeof(u32);
1466         /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1467          * So leave the first two bytes of the next write blank.
1468          */
1469         tmp = (u32) (data[0]) << 16;
1470         tmp |= (u32) (data[1]) << 24;
1471         b43_ram_write(dev, ram_offset, tmp);
1472         ram_offset += sizeof(u32);
1473         for (i = 2; i < size; i += sizeof(u32)) {
1474                 tmp = (u32) (data[i + 0]);
1475                 if (i + 1 < size)
1476                         tmp |= (u32) (data[i + 1]) << 8;
1477                 if (i + 2 < size)
1478                         tmp |= (u32) (data[i + 2]) << 16;
1479                 if (i + 3 < size)
1480                         tmp |= (u32) (data[i + 3]) << 24;
1481                 b43_ram_write(dev, ram_offset + i - 2, tmp);
1482         }
1483         b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1484                         size + sizeof(struct b43_plcp_hdr6));
1485 }
1486
1487 /* Check if the use of the antenna that ieee80211 told us to
1488  * use is possible. This will fall back to DEFAULT.
1489  * "antenna_nr" is the antenna identifier we got from ieee80211. */
1490 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1491                                   u8 antenna_nr)
1492 {
1493         u8 antenna_mask;
1494
1495         if (antenna_nr == 0) {
1496                 /* Zero means "use default antenna". That's always OK. */
1497                 return 0;
1498         }
1499
1500         /* Get the mask of available antennas. */
1501         if (dev->phy.gmode)
1502                 antenna_mask = dev->dev->bus_sprom->ant_available_bg;
1503         else
1504                 antenna_mask = dev->dev->bus_sprom->ant_available_a;
1505
1506         if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1507                 /* This antenna is not available. Fall back to default. */
1508                 return 0;
1509         }
1510
1511         return antenna_nr;
1512 }
1513
1514 /* Convert a b43 antenna number value to the PHY TX control value. */
1515 static u16 b43_antenna_to_phyctl(int antenna)
1516 {
1517         switch (antenna) {
1518         case B43_ANTENNA0:
1519                 return B43_TXH_PHY_ANT0;
1520         case B43_ANTENNA1:
1521                 return B43_TXH_PHY_ANT1;
1522         case B43_ANTENNA2:
1523                 return B43_TXH_PHY_ANT2;
1524         case B43_ANTENNA3:
1525                 return B43_TXH_PHY_ANT3;
1526         case B43_ANTENNA_AUTO0:
1527         case B43_ANTENNA_AUTO1:
1528                 return B43_TXH_PHY_ANT01AUTO;
1529         }
1530         B43_WARN_ON(1);
1531         return 0;
1532 }
1533
1534 static void b43_write_beacon_template(struct b43_wldev *dev,
1535                                       u16 ram_offset,
1536                                       u16 shm_size_offset)
1537 {
1538         unsigned int i, len, variable_len;
1539         const struct ieee80211_mgmt *bcn;
1540         const u8 *ie;
1541         bool tim_found = false;
1542         unsigned int rate;
1543         u16 ctl;
1544         int antenna;
1545         struct ieee80211_tx_info *info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1546
1547         bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1548         len = min((size_t) dev->wl->current_beacon->len,
1549                   0x200 - sizeof(struct b43_plcp_hdr6));
1550         rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1551
1552         b43_write_template_common(dev, (const u8 *)bcn,
1553                                   len, ram_offset, shm_size_offset, rate);
1554
1555         /* Write the PHY TX control parameters. */
1556         antenna = B43_ANTENNA_DEFAULT;
1557         antenna = b43_antenna_to_phyctl(antenna);
1558         ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1559         /* We can't send beacons with short preamble. Would get PHY errors. */
1560         ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1561         ctl &= ~B43_TXH_PHY_ANT;
1562         ctl &= ~B43_TXH_PHY_ENC;
1563         ctl |= antenna;
1564         if (b43_is_cck_rate(rate))
1565                 ctl |= B43_TXH_PHY_ENC_CCK;
1566         else
1567                 ctl |= B43_TXH_PHY_ENC_OFDM;
1568         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1569
1570         /* Find the position of the TIM and the DTIM_period value
1571          * and write them to SHM. */
1572         ie = bcn->u.beacon.variable;
1573         variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1574         for (i = 0; i < variable_len - 2; ) {
1575                 uint8_t ie_id, ie_len;
1576
1577                 ie_id = ie[i];
1578                 ie_len = ie[i + 1];
1579                 if (ie_id == 5) {
1580                         u16 tim_position;
1581                         u16 dtim_period;
1582                         /* This is the TIM Information Element */
1583
1584                         /* Check whether the ie_len is in the beacon data range. */
1585                         if (variable_len < ie_len + 2 + i)
1586                                 break;
1587                         /* A valid TIM is at least 4 bytes long. */
1588                         if (ie_len < 4)
1589                                 break;
1590                         tim_found = true;
1591
1592                         tim_position = sizeof(struct b43_plcp_hdr6);
1593                         tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1594                         tim_position += i;
1595
1596                         dtim_period = ie[i + 3];
1597
1598                         b43_shm_write16(dev, B43_SHM_SHARED,
1599                                         B43_SHM_SH_TIMBPOS, tim_position);
1600                         b43_shm_write16(dev, B43_SHM_SHARED,
1601                                         B43_SHM_SH_DTIMPER, dtim_period);
1602                         break;
1603                 }
1604                 i += ie_len + 2;
1605         }
1606         if (!tim_found) {
1607                 /*
1608                  * If ucode wants to modify TIM do it behind the beacon, this
1609                  * will happen, for example, when doing mesh networking.
1610                  */
1611                 b43_shm_write16(dev, B43_SHM_SHARED,
1612                                 B43_SHM_SH_TIMBPOS,
1613                                 len + sizeof(struct b43_plcp_hdr6));
1614                 b43_shm_write16(dev, B43_SHM_SHARED,
1615                                 B43_SHM_SH_DTIMPER, 0);
1616         }
1617         b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1618 }
1619
1620 static void b43_upload_beacon0(struct b43_wldev *dev)
1621 {
1622         struct b43_wl *wl = dev->wl;
1623
1624         if (wl->beacon0_uploaded)
1625                 return;
1626         b43_write_beacon_template(dev, 0x68, 0x18);
1627         wl->beacon0_uploaded = true;
1628 }
1629
1630 static void b43_upload_beacon1(struct b43_wldev *dev)
1631 {
1632         struct b43_wl *wl = dev->wl;
1633
1634         if (wl->beacon1_uploaded)
1635                 return;
1636         b43_write_beacon_template(dev, 0x468, 0x1A);
1637         wl->beacon1_uploaded = true;
1638 }
1639
1640 static void handle_irq_beacon(struct b43_wldev *dev)
1641 {
1642         struct b43_wl *wl = dev->wl;
1643         u32 cmd, beacon0_valid, beacon1_valid;
1644
1645         if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1646             !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) &&
1647             !b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
1648                 return;
1649
1650         /* This is the bottom half of the asynchronous beacon update. */
1651
1652         /* Ignore interrupt in the future. */
1653         dev->irq_mask &= ~B43_IRQ_BEACON;
1654
1655         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1656         beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1657         beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1658
1659         /* Schedule interrupt manually, if busy. */
1660         if (beacon0_valid && beacon1_valid) {
1661                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1662                 dev->irq_mask |= B43_IRQ_BEACON;
1663                 return;
1664         }
1665
1666         if (unlikely(wl->beacon_templates_virgin)) {
1667                 /* We never uploaded a beacon before.
1668                  * Upload both templates now, but only mark one valid. */
1669                 wl->beacon_templates_virgin = false;
1670                 b43_upload_beacon0(dev);
1671                 b43_upload_beacon1(dev);
1672                 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1673                 cmd |= B43_MACCMD_BEACON0_VALID;
1674                 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1675         } else {
1676                 if (!beacon0_valid) {
1677                         b43_upload_beacon0(dev);
1678                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1679                         cmd |= B43_MACCMD_BEACON0_VALID;
1680                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1681                 } else if (!beacon1_valid) {
1682                         b43_upload_beacon1(dev);
1683                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1684                         cmd |= B43_MACCMD_BEACON1_VALID;
1685                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1686                 }
1687         }
1688 }
1689
1690 static void b43_do_beacon_update_trigger_work(struct b43_wldev *dev)
1691 {
1692         u32 old_irq_mask = dev->irq_mask;
1693
1694         /* update beacon right away or defer to irq */
1695         handle_irq_beacon(dev);
1696         if (old_irq_mask != dev->irq_mask) {
1697                 /* The handler updated the IRQ mask. */
1698                 B43_WARN_ON(!dev->irq_mask);
1699                 if (b43_read32(dev, B43_MMIO_GEN_IRQ_MASK)) {
1700                         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1701                 } else {
1702                         /* Device interrupts are currently disabled. That means
1703                          * we just ran the hardirq handler and scheduled the
1704                          * IRQ thread. The thread will write the IRQ mask when
1705                          * it finished, so there's nothing to do here. Writing
1706                          * the mask _here_ would incorrectly re-enable IRQs. */
1707                 }
1708         }
1709 }
1710
1711 static void b43_beacon_update_trigger_work(struct work_struct *work)
1712 {
1713         struct b43_wl *wl = container_of(work, struct b43_wl,
1714                                          beacon_update_trigger);
1715         struct b43_wldev *dev;
1716
1717         mutex_lock(&wl->mutex);
1718         dev = wl->current_dev;
1719         if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1720                 if (b43_bus_host_is_sdio(dev->dev)) {
1721                         /* wl->mutex is enough. */
1722                         b43_do_beacon_update_trigger_work(dev);
1723                         mmiowb();
1724                 } else {
1725                         spin_lock_irq(&wl->hardirq_lock);
1726                         b43_do_beacon_update_trigger_work(dev);
1727                         mmiowb();
1728                         spin_unlock_irq(&wl->hardirq_lock);
1729                 }
1730         }
1731         mutex_unlock(&wl->mutex);
1732 }
1733
1734 /* Asynchronously update the packet templates in template RAM.
1735  * Locking: Requires wl->mutex to be locked. */
1736 static void b43_update_templates(struct b43_wl *wl)
1737 {
1738         struct sk_buff *beacon;
1739
1740         /* This is the top half of the ansynchronous beacon update.
1741          * The bottom half is the beacon IRQ.
1742          * Beacon update must be asynchronous to avoid sending an
1743          * invalid beacon. This can happen for example, if the firmware
1744          * transmits a beacon while we are updating it. */
1745
1746         /* We could modify the existing beacon and set the aid bit in
1747          * the TIM field, but that would probably require resizing and
1748          * moving of data within the beacon template.
1749          * Simply request a new beacon and let mac80211 do the hard work. */
1750         beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1751         if (unlikely(!beacon))
1752                 return;
1753
1754         if (wl->current_beacon)
1755                 dev_kfree_skb_any(wl->current_beacon);
1756         wl->current_beacon = beacon;
1757         wl->beacon0_uploaded = false;
1758         wl->beacon1_uploaded = false;
1759         ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1760 }
1761
1762 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1763 {
1764         b43_time_lock(dev);
1765         if (dev->dev->core_rev >= 3) {
1766                 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1767                 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1768         } else {
1769                 b43_write16(dev, 0x606, (beacon_int >> 6));
1770                 b43_write16(dev, 0x610, beacon_int);
1771         }
1772         b43_time_unlock(dev);
1773         b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1774 }
1775
1776 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1777 {
1778         u16 reason;
1779
1780         /* Read the register that contains the reason code for the panic. */
1781         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1782         b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1783
1784         switch (reason) {
1785         default:
1786                 b43dbg(dev->wl, "The panic reason is unknown.\n");
1787                 /* fallthrough */
1788         case B43_FWPANIC_DIE:
1789                 /* Do not restart the controller or firmware.
1790                  * The device is nonfunctional from now on.
1791                  * Restarting would result in this panic to trigger again,
1792                  * so we avoid that recursion. */
1793                 break;
1794         case B43_FWPANIC_RESTART:
1795                 b43_controller_restart(dev, "Microcode panic");
1796                 break;
1797         }
1798 }
1799
1800 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1801 {
1802         unsigned int i, cnt;
1803         u16 reason, marker_id, marker_line;
1804         __le16 *buf;
1805
1806         /* The proprietary firmware doesn't have this IRQ. */
1807         if (!dev->fw.opensource)
1808                 return;
1809
1810         /* Read the register that contains the reason code for this IRQ. */
1811         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1812
1813         switch (reason) {
1814         case B43_DEBUGIRQ_PANIC:
1815                 b43_handle_firmware_panic(dev);
1816                 break;
1817         case B43_DEBUGIRQ_DUMP_SHM:
1818                 if (!B43_DEBUG)
1819                         break; /* Only with driver debugging enabled. */
1820                 buf = kmalloc(4096, GFP_ATOMIC);
1821                 if (!buf) {
1822                         b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1823                         goto out;
1824                 }
1825                 for (i = 0; i < 4096; i += 2) {
1826                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1827                         buf[i / 2] = cpu_to_le16(tmp);
1828                 }
1829                 b43info(dev->wl, "Shared memory dump:\n");
1830                 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1831                                16, 2, buf, 4096, 1);
1832                 kfree(buf);
1833                 break;
1834         case B43_DEBUGIRQ_DUMP_REGS:
1835                 if (!B43_DEBUG)
1836                         break; /* Only with driver debugging enabled. */
1837                 b43info(dev->wl, "Microcode register dump:\n");
1838                 for (i = 0, cnt = 0; i < 64; i++) {
1839                         u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1840                         if (cnt == 0)
1841                                 printk(KERN_INFO);
1842                         printk("r%02u: 0x%04X  ", i, tmp);
1843                         cnt++;
1844                         if (cnt == 6) {
1845                                 printk("\n");
1846                                 cnt = 0;
1847                         }
1848                 }
1849                 printk("\n");
1850                 break;
1851         case B43_DEBUGIRQ_MARKER:
1852                 if (!B43_DEBUG)
1853                         break; /* Only with driver debugging enabled. */
1854                 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1855                                            B43_MARKER_ID_REG);
1856                 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1857                                              B43_MARKER_LINE_REG);
1858                 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1859                         "at line number %u\n",
1860                         marker_id, marker_line);
1861                 break;
1862         default:
1863                 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1864                        reason);
1865         }
1866 out:
1867         /* Acknowledge the debug-IRQ, so the firmware can continue. */
1868         b43_shm_write16(dev, B43_SHM_SCRATCH,
1869                         B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1870 }
1871
1872 static void b43_do_interrupt_thread(struct b43_wldev *dev)
1873 {
1874         u32 reason;
1875         u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1876         u32 merged_dma_reason = 0;
1877         int i;
1878
1879         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
1880                 return;
1881
1882         reason = dev->irq_reason;
1883         for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1884                 dma_reason[i] = dev->dma_reason[i];
1885                 merged_dma_reason |= dma_reason[i];
1886         }
1887
1888         if (unlikely(reason & B43_IRQ_MAC_TXERR))
1889                 b43err(dev->wl, "MAC transmission error\n");
1890
1891         if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1892                 b43err(dev->wl, "PHY transmission error\n");
1893                 rmb();
1894                 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1895                         atomic_set(&dev->phy.txerr_cnt,
1896                                    B43_PHY_TX_BADNESS_LIMIT);
1897                         b43err(dev->wl, "Too many PHY TX errors, "
1898                                         "restarting the controller\n");
1899                         b43_controller_restart(dev, "PHY TX errors");
1900                 }
1901         }
1902
1903         if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK |
1904                                           B43_DMAIRQ_NONFATALMASK))) {
1905                 if (merged_dma_reason & B43_DMAIRQ_FATALMASK) {
1906                         b43err(dev->wl, "Fatal DMA error: "
1907                                "0x%08X, 0x%08X, 0x%08X, "
1908                                "0x%08X, 0x%08X, 0x%08X\n",
1909                                dma_reason[0], dma_reason[1],
1910                                dma_reason[2], dma_reason[3],
1911                                dma_reason[4], dma_reason[5]);
1912                         b43err(dev->wl, "This device does not support DMA "
1913                                "on your system. It will now be switched to PIO.\n");
1914                         /* Fall back to PIO transfers if we get fatal DMA errors! */
1915                         dev->use_pio = true;
1916                         b43_controller_restart(dev, "DMA error");
1917                         return;
1918                 }
1919                 if (merged_dma_reason & B43_DMAIRQ_NONFATALMASK) {
1920                         b43err(dev->wl, "DMA error: "
1921                                "0x%08X, 0x%08X, 0x%08X, "
1922                                "0x%08X, 0x%08X, 0x%08X\n",
1923                                dma_reason[0], dma_reason[1],
1924                                dma_reason[2], dma_reason[3],
1925                                dma_reason[4], dma_reason[5]);
1926                 }
1927         }
1928
1929         if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1930                 handle_irq_ucode_debug(dev);
1931         if (reason & B43_IRQ_TBTT_INDI)
1932                 handle_irq_tbtt_indication(dev);
1933         if (reason & B43_IRQ_ATIM_END)
1934                 handle_irq_atim_end(dev);
1935         if (reason & B43_IRQ_BEACON)
1936                 handle_irq_beacon(dev);
1937         if (reason & B43_IRQ_PMQ)
1938                 handle_irq_pmq(dev);
1939         if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1940                 ;/* TODO */
1941         if (reason & B43_IRQ_NOISESAMPLE_OK)
1942                 handle_irq_noise(dev);
1943
1944         /* Check the DMA reason registers for received data. */
1945         if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
1946                 if (b43_using_pio_transfers(dev))
1947                         b43_pio_rx(dev->pio.rx_queue);
1948                 else
1949                         b43_dma_rx(dev->dma.rx_ring);
1950         }
1951         B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1952         B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
1953         B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
1954         B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1955         B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1956
1957         if (reason & B43_IRQ_TX_OK)
1958                 handle_irq_transmit_status(dev);
1959
1960         /* Re-enable interrupts on the device by restoring the current interrupt mask. */
1961         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1962
1963 #if B43_DEBUG
1964         if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
1965                 dev->irq_count++;
1966                 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
1967                         if (reason & (1 << i))
1968                                 dev->irq_bit_count[i]++;
1969                 }
1970         }
1971 #endif
1972 }
1973
1974 /* Interrupt thread handler. Handles device interrupts in thread context. */
1975 static irqreturn_t b43_interrupt_thread_handler(int irq, void *dev_id)
1976 {
1977         struct b43_wldev *dev = dev_id;
1978
1979         mutex_lock(&dev->wl->mutex);
1980         b43_do_interrupt_thread(dev);
1981         mmiowb();
1982         mutex_unlock(&dev->wl->mutex);
1983
1984         return IRQ_HANDLED;
1985 }
1986
1987 static irqreturn_t b43_do_interrupt(struct b43_wldev *dev)
1988 {
1989         u32 reason;
1990
1991         /* This code runs under wl->hardirq_lock, but _only_ on non-SDIO busses.
1992          * On SDIO, this runs under wl->mutex. */
1993
1994         reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1995         if (reason == 0xffffffff)       /* shared IRQ */
1996                 return IRQ_NONE;
1997         reason &= dev->irq_mask;
1998         if (!reason)
1999                 return IRQ_NONE;
2000
2001         dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
2002             & 0x0001DC00;
2003         dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
2004             & 0x0000DC00;
2005         dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
2006             & 0x0000DC00;
2007         dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
2008             & 0x0001DC00;
2009         dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
2010             & 0x0000DC00;
2011 /* Unused ring
2012         dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
2013             & 0x0000DC00;
2014 */
2015
2016         /* ACK the interrupt. */
2017         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
2018         b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
2019         b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
2020         b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
2021         b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
2022         b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
2023 /* Unused ring
2024         b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
2025 */
2026
2027         /* Disable IRQs on the device. The IRQ thread handler will re-enable them. */
2028         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
2029         /* Save the reason bitmasks for the IRQ thread handler. */
2030         dev->irq_reason = reason;
2031
2032         return IRQ_WAKE_THREAD;
2033 }
2034
2035 /* Interrupt handler top-half. This runs with interrupts disabled. */
2036 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
2037 {
2038         struct b43_wldev *dev = dev_id;
2039         irqreturn_t ret;
2040
2041         if (unlikely(b43_status(dev) < B43_STAT_STARTED))
2042                 return IRQ_NONE;
2043
2044         spin_lock(&dev->wl->hardirq_lock);
2045         ret = b43_do_interrupt(dev);
2046         mmiowb();
2047         spin_unlock(&dev->wl->hardirq_lock);
2048
2049         return ret;
2050 }
2051
2052 /* SDIO interrupt handler. This runs in process context. */
2053 static void b43_sdio_interrupt_handler(struct b43_wldev *dev)
2054 {
2055         struct b43_wl *wl = dev->wl;
2056         irqreturn_t ret;
2057
2058         mutex_lock(&wl->mutex);
2059
2060         ret = b43_do_interrupt(dev);
2061         if (ret == IRQ_WAKE_THREAD)
2062                 b43_do_interrupt_thread(dev);
2063
2064         mutex_unlock(&wl->mutex);
2065 }
2066
2067 void b43_do_release_fw(struct b43_firmware_file *fw)
2068 {
2069         release_firmware(fw->data);
2070         fw->data = NULL;
2071         fw->filename = NULL;
2072 }
2073
2074 static void b43_release_firmware(struct b43_wldev *dev)
2075 {
2076         b43_do_release_fw(&dev->fw.ucode);
2077         b43_do_release_fw(&dev->fw.pcm);
2078         b43_do_release_fw(&dev->fw.initvals);
2079         b43_do_release_fw(&dev->fw.initvals_band);
2080 }
2081
2082 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
2083 {
2084         const char text[] =
2085                 "You must go to " \
2086                 "http://wireless.kernel.org/en/users/Drivers/b43#devicefirmware " \
2087                 "and download the correct firmware for this driver version. " \
2088                 "Please carefully read all instructions on this website.\n";
2089
2090         if (error)
2091                 b43err(wl, text);
2092         else
2093                 b43warn(wl, text);
2094 }
2095
2096 static void b43_fw_cb(const struct firmware *firmware, void *context)
2097 {
2098         struct b43_request_fw_context *ctx = context;
2099
2100         ctx->blob = firmware;
2101         complete(&ctx->fw_load_complete);
2102 }
2103
2104 int b43_do_request_fw(struct b43_request_fw_context *ctx,
2105                       const char *name,
2106                       struct b43_firmware_file *fw, bool async)
2107 {
2108         struct b43_fw_header *hdr;
2109         u32 size;
2110         int err;
2111
2112         if (!name) {
2113                 /* Don't fetch anything. Free possibly cached firmware. */
2114                 /* FIXME: We should probably keep it anyway, to save some headache
2115                  * on suspend/resume with multiband devices. */
2116                 b43_do_release_fw(fw);
2117                 return 0;
2118         }
2119         if (fw->filename) {
2120                 if ((fw->type == ctx->req_type) &&
2121                     (strcmp(fw->filename, name) == 0))
2122                         return 0; /* Already have this fw. */
2123                 /* Free the cached firmware first. */
2124                 /* FIXME: We should probably do this later after we successfully
2125                  * got the new fw. This could reduce headache with multiband devices.
2126                  * We could also redesign this to cache the firmware for all possible
2127                  * bands all the time. */
2128                 b43_do_release_fw(fw);
2129         }
2130
2131         switch (ctx->req_type) {
2132         case B43_FWTYPE_PROPRIETARY:
2133                 snprintf(ctx->fwname, sizeof(ctx->fwname),
2134                          "b43%s/%s.fw",
2135                          modparam_fwpostfix, name);
2136                 break;
2137         case B43_FWTYPE_OPENSOURCE:
2138                 snprintf(ctx->fwname, sizeof(ctx->fwname),
2139                          "b43-open%s/%s.fw",
2140                          modparam_fwpostfix, name);
2141                 break;
2142         default:
2143                 B43_WARN_ON(1);
2144                 return -ENOSYS;
2145         }
2146         if (async) {
2147                 /* do this part asynchronously */
2148                 init_completion(&ctx->fw_load_complete);
2149                 err = request_firmware_nowait(THIS_MODULE, 1, ctx->fwname,
2150                                               ctx->dev->dev->dev, GFP_KERNEL,
2151                                               ctx, b43_fw_cb);
2152                 if (err < 0) {
2153                         pr_err("Unable to load firmware\n");
2154                         return err;
2155                 }
2156                 /* stall here until fw ready */
2157                 wait_for_completion(&ctx->fw_load_complete);
2158                 if (ctx->blob)
2159                         goto fw_ready;
2160         /* On some ARM systems, the async request will fail, but the next sync
2161          * request works. For this reason, we dall through here
2162          */
2163         }
2164         err = request_firmware(&ctx->blob, ctx->fwname,
2165                                ctx->dev->dev->dev);
2166         if (err == -ENOENT) {
2167                 snprintf(ctx->errors[ctx->req_type],
2168                          sizeof(ctx->errors[ctx->req_type]),
2169                          "Firmware file \"%s\" not found\n",
2170                          ctx->fwname);
2171                 return err;
2172         } else if (err) {
2173                 snprintf(ctx->errors[ctx->req_type],
2174                          sizeof(ctx->errors[ctx->req_type]),
2175                          "Firmware file \"%s\" request failed (err=%d)\n",
2176                          ctx->fwname, err);
2177                 return err;
2178         }
2179 fw_ready:
2180         if (ctx->blob->size < sizeof(struct b43_fw_header))
2181                 goto err_format;
2182         hdr = (struct b43_fw_header *)(ctx->blob->data);
2183         switch (hdr->type) {
2184         case B43_FW_TYPE_UCODE:
2185         case B43_FW_TYPE_PCM:
2186                 size = be32_to_cpu(hdr->size);
2187                 if (size != ctx->blob->size - sizeof(struct b43_fw_header))
2188                         goto err_format;
2189                 /* fallthrough */
2190         case B43_FW_TYPE_IV:
2191                 if (hdr->ver != 1)
2192                         goto err_format;
2193                 break;
2194         default:
2195                 goto err_format;
2196         }
2197
2198         fw->data = ctx->blob;
2199         fw->filename = name;
2200         fw->type = ctx->req_type;
2201
2202         return 0;
2203
2204 err_format:
2205         snprintf(ctx->errors[ctx->req_type],
2206                  sizeof(ctx->errors[ctx->req_type]),
2207                  "Firmware file \"%s\" format error.\n", ctx->fwname);
2208         release_firmware(ctx->blob);
2209
2210         return -EPROTO;
2211 }
2212
2213 static int b43_try_request_fw(struct b43_request_fw_context *ctx)
2214 {
2215         struct b43_wldev *dev = ctx->dev;
2216         struct b43_firmware *fw = &ctx->dev->fw;
2217         const u8 rev = ctx->dev->dev->core_rev;
2218         const char *filename;
2219         u32 tmshigh;
2220         int err;
2221
2222         /* Files for HT and LCN were found by trying one by one */
2223
2224         /* Get microcode */
2225         if ((rev >= 5) && (rev <= 10)) {
2226                 filename = "ucode5";
2227         } else if ((rev >= 11) && (rev <= 12)) {
2228                 filename = "ucode11";
2229         } else if (rev == 13) {
2230                 filename = "ucode13";
2231         } else if (rev == 14) {
2232                 filename = "ucode14";
2233         } else if (rev == 15) {
2234                 filename = "ucode15";
2235         } else {
2236                 switch (dev->phy.type) {
2237                 case B43_PHYTYPE_N:
2238                         if (rev >= 16)
2239                                 filename = "ucode16_mimo";
2240                         else
2241                                 goto err_no_ucode;
2242                         break;
2243                 case B43_PHYTYPE_HT:
2244                         if (rev == 29)
2245                                 filename = "ucode29_mimo";
2246                         else
2247                                 goto err_no_ucode;
2248                         break;
2249                 case B43_PHYTYPE_LCN:
2250                         if (rev == 24)
2251                                 filename = "ucode24_mimo";
2252                         else
2253                                 goto err_no_ucode;
2254                         break;
2255                 default:
2256                         goto err_no_ucode;
2257                 }
2258         }
2259         err = b43_do_request_fw(ctx, filename, &fw->ucode, true);
2260         if (err)
2261                 goto err_load;
2262
2263         /* Get PCM code */
2264         if ((rev >= 5) && (rev <= 10))
2265                 filename = "pcm5";
2266         else if (rev >= 11)
2267                 filename = NULL;
2268         else
2269                 goto err_no_pcm;
2270         fw->pcm_request_failed = false;
2271         err = b43_do_request_fw(ctx, filename, &fw->pcm, false);
2272         if (err == -ENOENT) {
2273                 /* We did not find a PCM file? Not fatal, but
2274                  * core rev <= 10 must do without hwcrypto then. */
2275                 fw->pcm_request_failed = true;
2276         } else if (err)
2277                 goto err_load;
2278
2279         /* Get initvals */
2280         switch (dev->phy.type) {
2281         case B43_PHYTYPE_A:
2282                 if ((rev >= 5) && (rev <= 10)) {
2283                         tmshigh = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
2284                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2285                                 filename = "a0g1initvals5";
2286                         else
2287                                 filename = "a0g0initvals5";
2288                 } else
2289                         goto err_no_initvals;
2290                 break;
2291         case B43_PHYTYPE_G:
2292                 if ((rev >= 5) && (rev <= 10))
2293                         filename = "b0g0initvals5";
2294                 else if (rev >= 13)
2295                         filename = "b0g0initvals13";
2296                 else
2297                         goto err_no_initvals;
2298                 break;
2299         case B43_PHYTYPE_N:
2300                 if (rev >= 16)
2301                         filename = "n0initvals16";
2302                 else if ((rev >= 11) && (rev <= 12))
2303                         filename = "n0initvals11";
2304                 else
2305                         goto err_no_initvals;
2306                 break;
2307         case B43_PHYTYPE_LP:
2308                 if (rev == 13)
2309                         filename = "lp0initvals13";
2310                 else if (rev == 14)
2311                         filename = "lp0initvals14";
2312                 else if (rev >= 15)
2313                         filename = "lp0initvals15";
2314                 else
2315                         goto err_no_initvals;
2316                 break;
2317         case B43_PHYTYPE_HT:
2318                 if (rev == 29)
2319                         filename = "ht0initvals29";
2320                 else
2321                         goto err_no_initvals;
2322                 break;
2323         case B43_PHYTYPE_LCN:
2324                 if (rev == 24)
2325                         filename = "lcn0initvals24";
2326                 else
2327                         goto err_no_initvals;
2328                 break;
2329         default:
2330                 goto err_no_initvals;
2331         }
2332         err = b43_do_request_fw(ctx, filename, &fw->initvals, false);
2333         if (err)
2334                 goto err_load;
2335
2336         /* Get bandswitch initvals */
2337         switch (dev->phy.type) {
2338         case B43_PHYTYPE_A:
2339                 if ((rev >= 5) && (rev <= 10)) {
2340                         tmshigh = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
2341                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2342                                 filename = "a0g1bsinitvals5";
2343                         else
2344                                 filename = "a0g0bsinitvals5";
2345                 } else if (rev >= 11)
2346                         filename = NULL;
2347                 else
2348                         goto err_no_initvals;
2349                 break;
2350         case B43_PHYTYPE_G:
2351                 if ((rev >= 5) && (rev <= 10))
2352                         filename = "b0g0bsinitvals5";
2353                 else if (rev >= 11)
2354                         filename = NULL;
2355                 else
2356                         goto err_no_initvals;
2357                 break;
2358         case B43_PHYTYPE_N:
2359                 if (rev >= 16)
2360                         filename = "n0bsinitvals16";
2361                 else if ((rev >= 11) && (rev <= 12))
2362                         filename = "n0bsinitvals11";
2363                 else
2364                         goto err_no_initvals;
2365                 break;
2366         case B43_PHYTYPE_LP:
2367                 if (rev == 13)
2368                         filename = "lp0bsinitvals13";
2369                 else if (rev == 14)
2370                         filename = "lp0bsinitvals14";
2371                 else if (rev >= 15)
2372                         filename = "lp0bsinitvals15";
2373                 else
2374                         goto err_no_initvals;
2375                 break;
2376         case B43_PHYTYPE_HT:
2377                 if (rev == 29)
2378                         filename = "ht0bsinitvals29";
2379                 else
2380                         goto err_no_initvals;
2381                 break;
2382         case B43_PHYTYPE_LCN:
2383                 if (rev == 24)
2384                         filename = "lcn0bsinitvals24";
2385                 else
2386                         goto err_no_initvals;
2387                 break;
2388         default:
2389                 goto err_no_initvals;
2390         }
2391         err = b43_do_request_fw(ctx, filename, &fw->initvals_band, false);
2392         if (err)
2393                 goto err_load;
2394
2395         fw->opensource = (ctx->req_type == B43_FWTYPE_OPENSOURCE);
2396
2397         return 0;
2398
2399 err_no_ucode:
2400         err = ctx->fatal_failure = -EOPNOTSUPP;
2401         b43err(dev->wl, "The driver does not know which firmware (ucode) "
2402                "is required for your device (wl-core rev %u)\n", rev);
2403         goto error;
2404
2405 err_no_pcm:
2406         err = ctx->fatal_failure = -EOPNOTSUPP;
2407         b43err(dev->wl, "The driver does not know which firmware (PCM) "
2408                "is required for your device (wl-core rev %u)\n", rev);
2409         goto error;
2410
2411 err_no_initvals:
2412         err = ctx->fatal_failure = -EOPNOTSUPP;
2413         b43err(dev->wl, "The driver does not know which firmware (initvals) "
2414                "is required for your device (wl-core rev %u)\n", rev);
2415         goto error;
2416
2417 err_load:
2418         /* We failed to load this firmware image. The error message
2419          * already is in ctx->errors. Return and let our caller decide
2420          * what to do. */
2421         goto error;
2422
2423 error:
2424         b43_release_firmware(dev);
2425         return err;
2426 }
2427
2428 static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl);
2429 static void b43_one_core_detach(struct b43_bus_dev *dev);
2430
2431 static void b43_request_firmware(struct work_struct *work)
2432 {
2433         struct b43_wl *wl = container_of(work,
2434                             struct b43_wl, firmware_load);
2435         struct b43_wldev *dev = wl->current_dev;
2436         struct b43_request_fw_context *ctx;
2437         unsigned int i;
2438         int err;
2439         const char *errmsg;
2440
2441         ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2442         if (!ctx)
2443                 return;
2444         ctx->dev = dev;
2445
2446         ctx->req_type = B43_FWTYPE_PROPRIETARY;
2447         err = b43_try_request_fw(ctx);
2448         if (!err)
2449                 goto start_ieee80211; /* Successfully loaded it. */
2450         /* Was fw version known? */
2451         if (ctx->fatal_failure)
2452                 goto out;
2453
2454         /* proprietary fw not found, try open source */
2455         ctx->req_type = B43_FWTYPE_OPENSOURCE;
2456         err = b43_try_request_fw(ctx);
2457         if (!err)
2458                 goto start_ieee80211; /* Successfully loaded it. */
2459         if(ctx->fatal_failure)
2460                 goto out;
2461
2462         /* Could not find a usable firmware. Print the errors. */
2463         for (i = 0; i < B43_NR_FWTYPES; i++) {
2464                 errmsg = ctx->errors[i];
2465                 if (strlen(errmsg))
2466                         b43err(dev->wl, errmsg);
2467         }
2468         b43_print_fw_helptext(dev->wl, 1);
2469         goto out;
2470
2471 start_ieee80211:
2472         wl->hw->queues = B43_QOS_QUEUE_NUM;
2473         if (!modparam_qos || dev->fw.opensource)
2474                 wl->hw->queues = 1;
2475
2476         err = ieee80211_register_hw(wl->hw);
2477         if (err)
2478                 goto err_one_core_detach;
2479         wl->hw_registred = true;
2480         b43_leds_register(wl->current_dev);
2481         goto out;
2482
2483 err_one_core_detach:
2484         b43_one_core_detach(dev->dev);
2485
2486 out:
2487         kfree(ctx);
2488 }
2489
2490 static int b43_upload_microcode(struct b43_wldev *dev)
2491 {
2492         struct wiphy *wiphy = dev->wl->hw->wiphy;
2493         const size_t hdr_len = sizeof(struct b43_fw_header);
2494         const __be32 *data;
2495         unsigned int i, len;
2496         u16 fwrev, fwpatch, fwdate, fwtime;
2497         u32 tmp, macctl;
2498         int err = 0;
2499
2500         /* Jump the microcode PSM to offset 0 */
2501         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2502         B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2503         macctl |= B43_MACCTL_PSM_JMP0;
2504         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2505         /* Zero out all microcode PSM registers and shared memory. */
2506         for (i = 0; i < 64; i++)
2507                 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2508         for (i = 0; i < 4096; i += 2)
2509                 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2510
2511         /* Upload Microcode. */
2512         data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2513         len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2514         b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2515         for (i = 0; i < len; i++) {
2516                 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2517                 udelay(10);
2518         }
2519
2520         if (dev->fw.pcm.data) {
2521                 /* Upload PCM data. */
2522                 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2523                 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2524                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2525                 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2526                 /* No need for autoinc bit in SHM_HW */
2527                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2528                 for (i = 0; i < len; i++) {
2529                         b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2530                         udelay(10);
2531                 }
2532         }
2533
2534         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2535
2536         /* Start the microcode PSM */
2537         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_JMP0,
2538                       B43_MACCTL_PSM_RUN);
2539
2540         /* Wait for the microcode to load and respond */
2541         i = 0;
2542         while (1) {
2543                 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2544                 if (tmp == B43_IRQ_MAC_SUSPENDED)
2545                         break;
2546                 i++;
2547                 if (i >= 20) {
2548                         b43err(dev->wl, "Microcode not responding\n");
2549                         b43_print_fw_helptext(dev->wl, 1);
2550                         err = -ENODEV;
2551                         goto error;
2552                 }
2553                 msleep(50);
2554         }
2555         b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);       /* dummy read */
2556
2557         /* Get and check the revisions. */
2558         fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2559         fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2560         fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2561         fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2562
2563         if (fwrev <= 0x128) {
2564                 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2565                        "binary drivers older than version 4.x is unsupported. "
2566                        "You must upgrade your firmware files.\n");
2567                 b43_print_fw_helptext(dev->wl, 1);
2568                 err = -EOPNOTSUPP;
2569                 goto error;
2570         }
2571         dev->fw.rev = fwrev;
2572         dev->fw.patch = fwpatch;
2573         if (dev->fw.rev >= 598)
2574                 dev->fw.hdr_format = B43_FW_HDR_598;
2575         else if (dev->fw.rev >= 410)
2576                 dev->fw.hdr_format = B43_FW_HDR_410;
2577         else
2578                 dev->fw.hdr_format = B43_FW_HDR_351;
2579         WARN_ON(dev->fw.opensource != (fwdate == 0xFFFF));
2580
2581         dev->qos_enabled = dev->wl->hw->queues > 1;
2582         /* Default to firmware/hardware crypto acceleration. */
2583         dev->hwcrypto_enabled = true;
2584
2585         if (dev->fw.opensource) {
2586                 u16 fwcapa;
2587
2588                 /* Patchlevel info is encoded in the "time" field. */
2589                 dev->fw.patch = fwtime;
2590                 b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2591                         dev->fw.rev, dev->fw.patch);
2592
2593                 fwcapa = b43_fwcapa_read(dev);
2594                 if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2595                         b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2596                         /* Disable hardware crypto and fall back to software crypto. */
2597                         dev->hwcrypto_enabled = false;
2598                 }
2599                 /* adding QoS support should use an offline discovery mechanism */
2600                 WARN(fwcapa & B43_FWCAPA_QOS, "QoS in OpenFW not supported\n");
2601         } else {
2602                 b43info(dev->wl, "Loading firmware version %u.%u "
2603                         "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2604                         fwrev, fwpatch,
2605                         (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2606                         (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2607                 if (dev->fw.pcm_request_failed) {
2608                         b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2609                                 "Hardware accelerated cryptography is disabled.\n");
2610                         b43_print_fw_helptext(dev->wl, 0);
2611                 }
2612         }
2613
2614         snprintf(wiphy->fw_version, sizeof(wiphy->fw_version), "%u.%u",
2615                         dev->fw.rev, dev->fw.patch);
2616         wiphy->hw_version = dev->dev->core_id;
2617
2618         if (dev->fw.hdr_format == B43_FW_HDR_351) {
2619                 /* We're over the deadline, but we keep support for old fw
2620                  * until it turns out to be in major conflict with something new. */
2621                 b43warn(dev->wl, "You are using an old firmware image. "
2622                         "Support for old firmware will be removed soon "
2623                         "(official deadline was July 2008).\n");
2624                 b43_print_fw_helptext(dev->wl, 0);
2625         }
2626
2627         return 0;
2628
2629 error:
2630         /* Stop the microcode PSM. */
2631         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
2632                       B43_MACCTL_PSM_JMP0);
2633
2634         return err;
2635 }
2636
2637 static int b43_write_initvals(struct b43_wldev *dev,
2638                               const struct b43_iv *ivals,
2639                               size_t count,
2640                               size_t array_size)
2641 {
2642         const struct b43_iv *iv;
2643         u16 offset;
2644         size_t i;
2645         bool bit32;
2646
2647         BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2648         iv = ivals;
2649         for (i = 0; i < count; i++) {
2650                 if (array_size < sizeof(iv->offset_size))
2651                         goto err_format;
2652                 array_size -= sizeof(iv->offset_size);
2653                 offset = be16_to_cpu(iv->offset_size);
2654                 bit32 = !!(offset & B43_IV_32BIT);
2655                 offset &= B43_IV_OFFSET_MASK;
2656                 if (offset >= 0x1000)
2657                         goto err_format;
2658                 if (bit32) {
2659                         u32 value;
2660
2661                         if (array_size < sizeof(iv->data.d32))
2662                                 goto err_format;
2663                         array_size -= sizeof(iv->data.d32);
2664
2665                         value = get_unaligned_be32(&iv->data.d32);
2666                         b43_write32(dev, offset, value);
2667
2668                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2669                                                         sizeof(__be16) +
2670                                                         sizeof(__be32));
2671                 } else {
2672                         u16 value;
2673
2674                         if (array_size < sizeof(iv->data.d16))
2675                                 goto err_format;
2676                         array_size -= sizeof(iv->data.d16);
2677
2678                         value = be16_to_cpu(iv->data.d16);
2679                         b43_write16(dev, offset, value);
2680
2681                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2682                                                         sizeof(__be16) +
2683                                                         sizeof(__be16));
2684                 }
2685         }
2686         if (array_size)
2687                 goto err_format;
2688
2689         return 0;
2690
2691 err_format:
2692         b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2693         b43_print_fw_helptext(dev->wl, 1);
2694
2695         return -EPROTO;
2696 }
2697
2698 static int b43_upload_initvals(struct b43_wldev *dev)
2699 {
2700         const size_t hdr_len = sizeof(struct b43_fw_header);
2701         const struct b43_fw_header *hdr;
2702         struct b43_firmware *fw = &dev->fw;
2703         const struct b43_iv *ivals;
2704         size_t count;
2705         int err;
2706
2707         hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2708         ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2709         count = be32_to_cpu(hdr->size);
2710         err = b43_write_initvals(dev, ivals, count,
2711                                  fw->initvals.data->size - hdr_len);
2712         if (err)
2713                 goto out;
2714         if (fw->initvals_band.data) {
2715                 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2716                 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2717                 count = be32_to_cpu(hdr->size);
2718                 err = b43_write_initvals(dev, ivals, count,
2719                                          fw->initvals_band.data->size - hdr_len);
2720                 if (err)
2721                         goto out;
2722         }
2723 out:
2724
2725         return err;
2726 }
2727
2728 /* Initialize the GPIOs
2729  * http://bcm-specs.sipsolutions.net/GPIO
2730  */
2731 static struct ssb_device *b43_ssb_gpio_dev(struct b43_wldev *dev)
2732 {
2733         struct ssb_bus *bus = dev->dev->sdev->bus;
2734
2735 #ifdef CONFIG_SSB_DRIVER_PCICORE
2736         return (bus->chipco.dev ? bus->chipco.dev : bus->pcicore.dev);
2737 #else
2738         return bus->chipco.dev;
2739 #endif
2740 }
2741
2742 static int b43_gpio_init(struct b43_wldev *dev)
2743 {
2744         struct ssb_device *gpiodev;
2745         u32 mask, set;
2746
2747         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_GPOUTSMSK, 0);
2748         b43_maskset16(dev, B43_MMIO_GPIO_MASK, ~0, 0xF);
2749
2750         mask = 0x0000001F;
2751         set = 0x0000000F;
2752         if (dev->dev->chip_id == 0x4301) {
2753                 mask |= 0x0060;
2754                 set |= 0x0060;
2755         } else if (dev->dev->chip_id == 0x5354) {
2756                 /* Don't allow overtaking buttons GPIOs */
2757                 set &= 0x2; /* 0x2 is LED GPIO on BCM5354 */
2758         }
2759
2760         if (0 /* FIXME: conditional unknown */ ) {
2761                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2762                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2763                             | 0x0100);
2764                 /* BT Coexistance Input */
2765                 mask |= 0x0080;
2766                 set |= 0x0080;
2767                 /* BT Coexistance Out */
2768                 mask |= 0x0100;
2769                 set |= 0x0100;
2770         }
2771         if (dev->dev->bus_sprom->boardflags_lo & B43_BFL_PACTRL) {
2772                 /* PA is controlled by gpio 9, let ucode handle it */
2773                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2774                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2775                             | 0x0200);
2776                 mask |= 0x0200;
2777                 set |= 0x0200;
2778         }
2779
2780         switch (dev->dev->bus_type) {
2781 #ifdef CONFIG_B43_BCMA
2782         case B43_BUS_BCMA:
2783                 bcma_cc_write32(&dev->dev->bdev->bus->drv_cc, BCMA_CC_GPIOCTL,
2784                                 (bcma_cc_read32(&dev->dev->bdev->bus->drv_cc,
2785                                         BCMA_CC_GPIOCTL) & ~mask) | set);
2786                 break;
2787 #endif
2788 #ifdef CONFIG_B43_SSB
2789         case B43_BUS_SSB:
2790                 gpiodev = b43_ssb_gpio_dev(dev);
2791                 if (gpiodev)
2792                         ssb_write32(gpiodev, B43_GPIO_CONTROL,
2793                                     (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2794                                     & ~mask) | set);
2795                 break;
2796 #endif
2797         }
2798
2799         return 0;
2800 }
2801
2802 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2803 static void b43_gpio_cleanup(struct b43_wldev *dev)
2804 {
2805         struct ssb_device *gpiodev;
2806
2807         switch (dev->dev->bus_type) {
2808 #ifdef CONFIG_B43_BCMA
2809         case B43_BUS_BCMA:
2810                 bcma_cc_write32(&dev->dev->bdev->bus->drv_cc, BCMA_CC_GPIOCTL,
2811                                 0);
2812                 break;
2813 #endif
2814 #ifdef CONFIG_B43_SSB
2815         case B43_BUS_SSB:
2816                 gpiodev = b43_ssb_gpio_dev(dev);
2817                 if (gpiodev)
2818                         ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2819                 break;
2820 #endif
2821         }
2822 }
2823
2824 /* http://bcm-specs.sipsolutions.net/EnableMac */
2825 void b43_mac_enable(struct b43_wldev *dev)
2826 {
2827         if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2828                 u16 fwstate;
2829
2830                 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2831                                          B43_SHM_SH_UCODESTAT);
2832                 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2833                     (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2834                         b43err(dev->wl, "b43_mac_enable(): The firmware "
2835                                "should be suspended, but current state is %u\n",
2836                                fwstate);
2837                 }
2838         }
2839
2840         dev->mac_suspended--;
2841         B43_WARN_ON(dev->mac_suspended < 0);
2842         if (dev->mac_suspended == 0) {
2843                 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_ENABLED);
2844                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2845                             B43_IRQ_MAC_SUSPENDED);
2846                 /* Commit writes */
2847                 b43_read32(dev, B43_MMIO_MACCTL);
2848                 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2849                 b43_power_saving_ctl_bits(dev, 0);
2850         }
2851 }
2852
2853 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2854 void b43_mac_suspend(struct b43_wldev *dev)
2855 {
2856         int i;
2857         u32 tmp;
2858
2859         might_sleep();
2860         B43_WARN_ON(dev->mac_suspended < 0);
2861
2862         if (dev->mac_suspended == 0) {
2863                 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2864                 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_ENABLED, 0);
2865                 /* force pci to flush the write */
2866                 b43_read32(dev, B43_MMIO_MACCTL);
2867                 for (i = 35; i; i--) {
2868                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2869                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2870                                 goto out;
2871                         udelay(10);
2872                 }
2873                 /* Hm, it seems this will take some time. Use msleep(). */
2874                 for (i = 40; i; i--) {
2875                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2876                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2877                                 goto out;
2878                         msleep(1);
2879                 }
2880                 b43err(dev->wl, "MAC suspend failed\n");
2881         }
2882 out:
2883         dev->mac_suspended++;
2884 }
2885
2886 /* http://bcm-v4.sipsolutions.net/802.11/PHY/N/MacPhyClkSet */
2887 void b43_mac_phy_clock_set(struct b43_wldev *dev, bool on)
2888 {
2889         u32 tmp;
2890
2891         switch (dev->dev->bus_type) {
2892 #ifdef CONFIG_B43_BCMA
2893         case B43_BUS_BCMA:
2894                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
2895                 if (on)
2896                         tmp |= B43_BCMA_IOCTL_MACPHYCLKEN;
2897                 else
2898                         tmp &= ~B43_BCMA_IOCTL_MACPHYCLKEN;
2899                 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
2900                 break;
2901 #endif
2902 #ifdef CONFIG_B43_SSB
2903         case B43_BUS_SSB:
2904                 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
2905                 if (on)
2906                         tmp |= B43_TMSLOW_MACPHYCLKEN;
2907                 else
2908                         tmp &= ~B43_TMSLOW_MACPHYCLKEN;
2909                 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
2910                 break;
2911 #endif
2912         }
2913 }
2914
2915 static void b43_adjust_opmode(struct b43_wldev *dev)
2916 {
2917         struct b43_wl *wl = dev->wl;
2918         u32 ctl;
2919         u16 cfp_pretbtt;
2920
2921         ctl = b43_read32(dev, B43_MMIO_MACCTL);
2922         /* Reset status to STA infrastructure mode. */
2923         ctl &= ~B43_MACCTL_AP;
2924         ctl &= ~B43_MACCTL_KEEP_CTL;
2925         ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2926         ctl &= ~B43_MACCTL_KEEP_BAD;
2927         ctl &= ~B43_MACCTL_PROMISC;
2928         ctl &= ~B43_MACCTL_BEACPROMISC;
2929         ctl |= B43_MACCTL_INFRA;
2930
2931         if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
2932             b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
2933                 ctl |= B43_MACCTL_AP;
2934         else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
2935                 ctl &= ~B43_MACCTL_INFRA;
2936
2937         if (wl->filter_flags & FIF_CONTROL)
2938                 ctl |= B43_MACCTL_KEEP_CTL;
2939         if (wl->filter_flags & FIF_FCSFAIL)
2940                 ctl |= B43_MACCTL_KEEP_BAD;
2941         if (wl->filter_flags & FIF_PLCPFAIL)
2942                 ctl |= B43_MACCTL_KEEP_BADPLCP;
2943         if (wl->filter_flags & FIF_PROMISC_IN_BSS)
2944                 ctl |= B43_MACCTL_PROMISC;
2945         if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2946                 ctl |= B43_MACCTL_BEACPROMISC;
2947
2948         /* Workaround: On old hardware the HW-MAC-address-filter
2949          * doesn't work properly, so always run promisc in filter
2950          * it in software. */
2951         if (dev->dev->core_rev <= 4)
2952                 ctl |= B43_MACCTL_PROMISC;
2953
2954         b43_write32(dev, B43_MMIO_MACCTL, ctl);
2955
2956         cfp_pretbtt = 2;
2957         if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2958                 if (dev->dev->chip_id == 0x4306 &&
2959                     dev->dev->chip_rev == 3)
2960                         cfp_pretbtt = 100;
2961                 else
2962                         cfp_pretbtt = 50;
2963         }
2964         b43_write16(dev, 0x612, cfp_pretbtt);
2965
2966         /* FIXME: We don't currently implement the PMQ mechanism,
2967          *        so always disable it. If we want to implement PMQ,
2968          *        we need to enable it here (clear DISCPMQ) in AP mode.
2969          */
2970         if (0  /* ctl & B43_MACCTL_AP */)
2971                 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_DISCPMQ, 0);
2972         else
2973                 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_DISCPMQ);
2974 }
2975
2976 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
2977 {
2978         u16 offset;
2979
2980         if (is_ofdm) {
2981                 offset = 0x480;
2982                 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
2983         } else {
2984                 offset = 0x4C0;
2985                 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
2986         }
2987         b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
2988                         b43_shm_read16(dev, B43_SHM_SHARED, offset));
2989 }
2990
2991 static void b43_rate_memory_init(struct b43_wldev *dev)
2992 {
2993         switch (dev->phy.type) {
2994         case B43_PHYTYPE_A:
2995         case B43_PHYTYPE_G:
2996         case B43_PHYTYPE_N:
2997         case B43_PHYTYPE_LP:
2998         case B43_PHYTYPE_HT:
2999         case B43_PHYTYPE_LCN:
3000                 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
3001                 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
3002                 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
3003                 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
3004                 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
3005                 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
3006                 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
3007                 if (dev->phy.type == B43_PHYTYPE_A)
3008                         break;
3009                 /* fallthrough */
3010         case B43_PHYTYPE_B:
3011                 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
3012                 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
3013                 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
3014                 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
3015                 break;
3016         default:
3017                 B43_WARN_ON(1);
3018         }
3019 }
3020
3021 /* Set the default values for the PHY TX Control Words. */
3022 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
3023 {
3024         u16 ctl = 0;
3025
3026         ctl |= B43_TXH_PHY_ENC_CCK;
3027         ctl |= B43_TXH_PHY_ANT01AUTO;
3028         ctl |= B43_TXH_PHY_TXPWR;
3029
3030         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
3031         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
3032         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
3033 }
3034
3035 /* Set the TX-Antenna for management frames sent by firmware. */
3036 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
3037 {
3038         u16 ant;
3039         u16 tmp;
3040
3041         ant = b43_antenna_to_phyctl(antenna);
3042
3043         /* For ACK/CTS */
3044         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
3045         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3046         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
3047         /* For Probe Resposes */
3048         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
3049         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3050         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
3051 }
3052
3053 /* This is the opposite of b43_chip_init() */
3054 static void b43_chip_exit(struct b43_wldev *dev)
3055 {
3056         b43_phy_exit(dev);
3057         b43_gpio_cleanup(dev);
3058         /* firmware is released later */
3059 }
3060
3061 /* Initialize the chip
3062  * http://bcm-specs.sipsolutions.net/ChipInit
3063  */
3064 static int b43_chip_init(struct b43_wldev *dev)
3065 {
3066         struct b43_phy *phy = &dev->phy;
3067         int err;
3068         u32 macctl;
3069         u16 value16;
3070
3071         /* Initialize the MAC control */
3072         macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
3073         if (dev->phy.gmode)
3074                 macctl |= B43_MACCTL_GMODE;
3075         macctl |= B43_MACCTL_INFRA;
3076         b43_write32(dev, B43_MMIO_MACCTL, macctl);
3077
3078         err = b43_upload_microcode(dev);
3079         if (err)
3080                 goto out;       /* firmware is released later */
3081
3082         err = b43_gpio_init(dev);
3083         if (err)
3084                 goto out;       /* firmware is released later */
3085
3086         err = b43_upload_initvals(dev);
3087         if (err)
3088                 goto err_gpio_clean;
3089
3090         /* Turn the Analog on and initialize the PHY. */
3091         phy->ops->switch_analog(dev, 1);
3092         err = b43_phy_init(dev);
3093         if (err)
3094                 goto err_gpio_clean;
3095
3096         /* Disable Interference Mitigation. */
3097         if (phy->ops->interf_mitigation)
3098                 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
3099
3100         /* Select the antennae */
3101         if (phy->ops->set_rx_antenna)
3102                 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
3103         b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
3104
3105         if (phy->type == B43_PHYTYPE_B) {
3106                 value16 = b43_read16(dev, 0x005E);
3107                 value16 |= 0x0004;
3108                 b43_write16(dev, 0x005E, value16);
3109         }
3110         b43_write32(dev, 0x0100, 0x01000000);
3111         if (dev->dev->core_rev < 5)
3112                 b43_write32(dev, 0x010C, 0x01000000);
3113
3114         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_INFRA, 0);
3115         b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_INFRA);
3116
3117         /* Probe Response Timeout value */
3118         /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
3119         b43_shm_write16(dev, B43_SHM_SHARED, 0x0074, 0x0000);
3120
3121         /* Initially set the wireless operation mode. */
3122         b43_adjust_opmode(dev);
3123
3124         if (dev->dev->core_rev < 3) {
3125                 b43_write16(dev, 0x060E, 0x0000);
3126                 b43_write16(dev, 0x0610, 0x8000);
3127                 b43_write16(dev, 0x0604, 0x0000);
3128                 b43_write16(dev, 0x0606, 0x0200);
3129         } else {
3130                 b43_write32(dev, 0x0188, 0x80000000);
3131                 b43_write32(dev, 0x018C, 0x02000000);
3132         }
3133         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
3134         b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001DC00);
3135         b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
3136         b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
3137         b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
3138         b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
3139         b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
3140
3141         b43_mac_phy_clock_set(dev, true);
3142
3143         switch (dev->dev->bus_type) {
3144 #ifdef CONFIG_B43_BCMA
3145         case B43_BUS_BCMA:
3146                 /* FIXME: 0xE74 is quite common, but should be read from CC */
3147                 b43_write16(dev, B43_MMIO_POWERUP_DELAY, 0xE74);
3148                 break;
3149 #endif
3150 #ifdef CONFIG_B43_SSB
3151         case B43_BUS_SSB:
3152                 b43_write16(dev, B43_MMIO_POWERUP_DELAY,
3153                             dev->dev->sdev->bus->chipco.fast_pwrup_delay);
3154                 break;
3155 #endif
3156         }
3157
3158         err = 0;
3159         b43dbg(dev->wl, "Chip initialized\n");
3160 out:
3161         return err;
3162
3163 err_gpio_clean:
3164         b43_gpio_cleanup(dev);
3165         return err;
3166 }
3167
3168 static void b43_periodic_every60sec(struct b43_wldev *dev)
3169 {
3170         const struct b43_phy_operations *ops = dev->phy.ops;
3171
3172         if (ops->pwork_60sec)
3173                 ops->pwork_60sec(dev);
3174
3175         /* Force check the TX power emission now. */
3176         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
3177 }
3178
3179 static void b43_periodic_every30sec(struct b43_wldev *dev)
3180 {
3181         /* Update device statistics. */
3182         b43_calculate_link_quality(dev);
3183 }
3184
3185 static void b43_periodic_every15sec(struct b43_wldev *dev)
3186 {
3187         struct b43_phy *phy = &dev->phy;
3188         u16 wdr;
3189
3190         if (dev->fw.opensource) {
3191                 /* Check if the firmware is still alive.
3192                  * It will reset the watchdog counter to 0 in its idle loop. */
3193                 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
3194                 if (unlikely(wdr)) {
3195                         b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
3196                         b43_controller_restart(dev, "Firmware watchdog");
3197                         return;
3198                 } else {
3199                         b43_shm_write16(dev, B43_SHM_SCRATCH,
3200                                         B43_WATCHDOG_REG, 1);
3201                 }
3202         }
3203
3204         if (phy->ops->pwork_15sec)
3205                 phy->ops->pwork_15sec(dev);
3206
3207         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3208         wmb();
3209
3210 #if B43_DEBUG
3211         if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
3212                 unsigned int i;
3213
3214                 b43dbg(dev->wl, "Stats: %7u IRQs/sec, %7u TX/sec, %7u RX/sec\n",
3215                        dev->irq_count / 15,
3216                        dev->tx_count / 15,
3217                        dev->rx_count / 15);
3218                 dev->irq_count = 0;
3219                 dev->tx_count = 0;
3220                 dev->rx_count = 0;
3221                 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
3222                         if (dev->irq_bit_count[i]) {
3223                                 b43dbg(dev->wl, "Stats: %7u IRQ-%02u/sec (0x%08X)\n",
3224                                        dev->irq_bit_count[i] / 15, i, (1 << i));
3225                                 dev->irq_bit_count[i] = 0;
3226                         }
3227                 }
3228         }
3229 #endif
3230 }
3231
3232 static void do_periodic_work(struct b43_wldev *dev)
3233 {
3234         unsigned int state;
3235
3236         state = dev->periodic_state;
3237         if (state % 4 == 0)
3238                 b43_periodic_every60sec(dev);
3239         if (state % 2 == 0)
3240                 b43_periodic_every30sec(dev);
3241         b43_periodic_every15sec(dev);
3242 }
3243
3244 /* Periodic work locking policy:
3245  *      The whole periodic work handler is protected by
3246  *      wl->mutex. If another lock is needed somewhere in the
3247  *      pwork callchain, it's acquired in-place, where it's needed.
3248  */
3249 static void b43_periodic_work_handler(struct work_struct *work)
3250 {
3251         struct b43_wldev *dev = container_of(work, struct b43_wldev,
3252                                              periodic_work.work);
3253         struct b43_wl *wl = dev->wl;
3254         unsigned long delay;
3255
3256         mutex_lock(&wl->mutex);
3257
3258         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
3259                 goto out;
3260         if (b43_debug(dev, B43_DBG_PWORK_STOP))
3261                 goto out_requeue;
3262
3263         do_periodic_work(dev);
3264
3265         dev->periodic_state++;
3266 out_requeue:
3267         if (b43_debug(dev, B43_DBG_PWORK_FAST))
3268                 delay = msecs_to_jiffies(50);
3269         else
3270                 delay = round_jiffies_relative(HZ * 15);
3271         ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
3272 out:
3273         mutex_unlock(&wl->mutex);
3274 }
3275
3276 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
3277 {
3278         struct delayed_work *work = &dev->periodic_work;
3279
3280         dev->periodic_state = 0;
3281         INIT_DELAYED_WORK(work, b43_periodic_work_handler);
3282         ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
3283 }
3284
3285 /* Check if communication with the device works correctly. */
3286 static int b43_validate_chipaccess(struct b43_wldev *dev)
3287 {
3288         u32 v, backup0, backup4;
3289
3290         backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
3291         backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
3292
3293         /* Check for read/write and endianness problems. */
3294         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
3295         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
3296                 goto error;
3297         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
3298         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
3299                 goto error;
3300
3301         /* Check if unaligned 32bit SHM_SHARED access works properly.
3302          * However, don't bail out on failure, because it's noncritical. */
3303         b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
3304         b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
3305         b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
3306         b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
3307         if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
3308                 b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
3309         b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
3310         if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
3311             b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
3312             b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
3313             b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
3314                 b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
3315
3316         b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
3317         b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
3318
3319         if ((dev->dev->core_rev >= 3) && (dev->dev->core_rev <= 10)) {
3320                 /* The 32bit register shadows the two 16bit registers
3321                  * with update sideeffects. Validate this. */
3322                 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
3323                 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
3324                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
3325                         goto error;
3326                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
3327                         goto error;
3328         }
3329         b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
3330
3331         v = b43_read32(dev, B43_MMIO_MACCTL);
3332         v |= B43_MACCTL_GMODE;
3333         if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
3334                 goto error;
3335
3336         return 0;
3337 error:
3338         b43err(dev->wl, "Failed to validate the chipaccess\n");
3339         return -ENODEV;
3340 }
3341
3342 static void b43_security_init(struct b43_wldev *dev)
3343 {
3344         dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
3345         /* KTP is a word address, but we address SHM bytewise.
3346          * So multiply by two.
3347          */
3348         dev->ktp *= 2;
3349         /* Number of RCMTA address slots */
3350         b43_write16(dev, B43_MMIO_RCMTA_COUNT, B43_NR_PAIRWISE_KEYS);
3351         /* Clear the key memory. */
3352         b43_clear_keys(dev);
3353 }
3354
3355 #ifdef CONFIG_B43_HWRNG
3356 static int b43_rng_read(struct hwrng *rng, u32 *data)
3357 {
3358         struct b43_wl *wl = (struct b43_wl *)rng->priv;
3359         struct b43_wldev *dev;
3360         int count = -ENODEV;
3361
3362         mutex_lock(&wl->mutex);
3363         dev = wl->current_dev;
3364         if (likely(dev && b43_status(dev) >= B43_STAT_INITIALIZED)) {
3365                 *data = b43_read16(dev, B43_MMIO_RNG);
3366                 count = sizeof(u16);
3367         }
3368         mutex_unlock(&wl->mutex);
3369
3370         return count;
3371 }
3372 #endif /* CONFIG_B43_HWRNG */
3373
3374 static void b43_rng_exit(struct b43_wl *wl)
3375 {
3376 #ifdef CONFIG_B43_HWRNG
3377         if (wl->rng_initialized)
3378                 hwrng_unregister(&wl->rng);
3379 #endif /* CONFIG_B43_HWRNG */
3380 }
3381
3382 static int b43_rng_init(struct b43_wl *wl)
3383 {
3384         int err = 0;
3385
3386 #ifdef CONFIG_B43_HWRNG
3387         snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3388                  "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3389         wl->rng.name = wl->rng_name;
3390         wl->rng.data_read = b43_rng_read;
3391         wl->rng.priv = (unsigned long)wl;
3392         wl->rng_initialized = true;
3393         err = hwrng_register(&wl->rng);
3394         if (err) {
3395                 wl->rng_initialized = false;
3396                 b43err(wl, "Failed to register the random "
3397                        "number generator (%d)\n", err);
3398         }
3399 #endif /* CONFIG_B43_HWRNG */
3400
3401         return err;
3402 }
3403
3404 static void b43_tx_work(struct work_struct *work)
3405 {
3406         struct b43_wl *wl = container_of(work, struct b43_wl, tx_work);
3407         struct b43_wldev *dev;
3408         struct sk_buff *skb;
3409         int queue_num;
3410         int err = 0;
3411
3412         mutex_lock(&wl->mutex);
3413         dev = wl->current_dev;
3414         if (unlikely(!dev || b43_status(dev) < B43_STAT_STARTED)) {
3415                 mutex_unlock(&wl->mutex);
3416                 return;
3417         }
3418
3419         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
3420                 while (skb_queue_len(&wl->tx_queue[queue_num])) {
3421                         skb = skb_dequeue(&wl->tx_queue[queue_num]);
3422                         if (b43_using_pio_transfers(dev))
3423                                 err = b43_pio_tx(dev, skb);
3424                         else
3425                                 err = b43_dma_tx(dev, skb);
3426                         if (err == -ENOSPC) {
3427                                 wl->tx_queue_stopped[queue_num] = 1;
3428                                 ieee80211_stop_queue(wl->hw, queue_num);
3429                                 skb_queue_head(&wl->tx_queue[queue_num], skb);
3430                                 break;
3431                         }
3432                         if (unlikely(err))
3433                                 ieee80211_free_txskb(wl->hw, skb);
3434                         err = 0;
3435                 }
3436
3437                 if (!err)
3438                         wl->tx_queue_stopped[queue_num] = 0;
3439         }
3440
3441 #if B43_DEBUG
3442         dev->tx_count++;
3443 #endif
3444         mutex_unlock(&wl->mutex);
3445 }
3446
3447 static void b43_op_tx(struct ieee80211_hw *hw,
3448                       struct ieee80211_tx_control *control,
3449                       struct sk_buff *skb)
3450 {
3451         struct b43_wl *wl = hw_to_b43_wl(hw);
3452
3453         if (unlikely(skb->len < 2 + 2 + 6)) {
3454                 /* Too short, this can't be a valid frame. */
3455                 ieee80211_free_txskb(hw, skb);
3456                 return;
3457         }
3458         B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3459
3460         skb_queue_tail(&wl->tx_queue[skb->queue_mapping], skb);
3461         if (!wl->tx_queue_stopped[skb->queue_mapping]) {
3462                 ieee80211_queue_work(wl->hw, &wl->tx_work);
3463         } else {
3464                 ieee80211_stop_queue(wl->hw, skb->queue_mapping);
3465         }
3466 }
3467
3468 static void b43_qos_params_upload(struct b43_wldev *dev,
3469                                   const struct ieee80211_tx_queue_params *p,
3470                                   u16 shm_offset)
3471 {
3472         u16 params[B43_NR_QOSPARAMS];
3473         int bslots, tmp;
3474         unsigned int i;
3475
3476         if (!dev->qos_enabled)
3477                 return;
3478
3479         bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3480
3481         memset(&params, 0, sizeof(params));
3482
3483         params[B43_QOSPARAM_TXOP] = p->txop * 32;
3484         params[B43_QOSPARAM_CWMIN] = p->cw_min;
3485         params[B43_QOSPARAM_CWMAX] = p->cw_max;
3486         params[B43_QOSPARAM_CWCUR] = p->cw_min;
3487         params[B43_QOSPARAM_AIFS] = p->aifs;
3488         params[B43_QOSPARAM_BSLOTS] = bslots;
3489         params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3490
3491         for (i = 0; i < ARRAY_SIZE(params); i++) {
3492                 if (i == B43_QOSPARAM_STATUS) {
3493                         tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3494                                              shm_offset + (i * 2));
3495                         /* Mark the parameters as updated. */
3496                         tmp |= 0x100;
3497                         b43_shm_write16(dev, B43_SHM_SHARED,
3498                                         shm_offset + (i * 2),
3499                                         tmp);
3500                 } else {
3501                         b43_shm_write16(dev, B43_SHM_SHARED,
3502                                         shm_offset + (i * 2),
3503                                         params[i]);
3504                 }
3505         }
3506 }
3507
3508 /* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3509 static const u16 b43_qos_shm_offsets[] = {
3510         /* [mac80211-queue-nr] = SHM_OFFSET, */
3511         [0] = B43_QOS_VOICE,
3512         [1] = B43_QOS_VIDEO,
3513         [2] = B43_QOS_BESTEFFORT,
3514         [3] = B43_QOS_BACKGROUND,
3515 };
3516
3517 /* Update all QOS parameters in hardware. */
3518 static void b43_qos_upload_all(struct b43_wldev *dev)
3519 {
3520         struct b43_wl *wl = dev->wl;
3521         struct b43_qos_params *params;
3522         unsigned int i;
3523
3524         if (!dev->qos_enabled)
3525                 return;
3526
3527         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3528                      ARRAY_SIZE(wl->qos_params));
3529
3530         b43_mac_suspend(dev);
3531         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3532                 params = &(wl->qos_params[i]);
3533                 b43_qos_params_upload(dev, &(params->p),
3534                                       b43_qos_shm_offsets[i]);
3535         }
3536         b43_mac_enable(dev);
3537 }
3538
3539 static void b43_qos_clear(struct b43_wl *wl)
3540 {
3541         struct b43_qos_params *params;
3542         unsigned int i;
3543
3544         /* Initialize QoS parameters to sane defaults. */
3545
3546         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3547                      ARRAY_SIZE(wl->qos_params));
3548
3549         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3550                 params = &(wl->qos_params[i]);
3551
3552                 switch (b43_qos_shm_offsets[i]) {
3553                 case B43_QOS_VOICE:
3554                         params->p.txop = 0;
3555                         params->p.aifs = 2;
3556                         params->p.cw_min = 0x0001;
3557                         params->p.cw_max = 0x0001;
3558                         break;
3559                 case B43_QOS_VIDEO:
3560                         params->p.txop = 0;
3561                         params->p.aifs = 2;
3562                         params->p.cw_min = 0x0001;
3563                         params->p.cw_max = 0x0001;
3564                         break;
3565                 case B43_QOS_BESTEFFORT:
3566                         params->p.txop = 0;
3567                         params->p.aifs = 3;
3568                         params->p.cw_min = 0x0001;
3569                         params->p.cw_max = 0x03FF;
3570                         break;
3571                 case B43_QOS_BACKGROUND:
3572                         params->p.txop = 0;
3573                         params->p.aifs = 7;
3574                         params->p.cw_min = 0x0001;
3575                         params->p.cw_max = 0x03FF;
3576                         break;
3577                 default:
3578                         B43_WARN_ON(1);
3579                 }
3580         }
3581 }
3582
3583 /* Initialize the core's QOS capabilities */
3584 static void b43_qos_init(struct b43_wldev *dev)
3585 {
3586         if (!dev->qos_enabled) {
3587                 /* Disable QOS support. */
3588                 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_EDCF);
3589                 b43_write16(dev, B43_MMIO_IFSCTL,
3590                             b43_read16(dev, B43_MMIO_IFSCTL)
3591                             & ~B43_MMIO_IFSCTL_USE_EDCF);
3592                 b43dbg(dev->wl, "QoS disabled\n");
3593                 return;
3594         }
3595
3596         /* Upload the current QOS parameters. */
3597         b43_qos_upload_all(dev);
3598
3599         /* Enable QOS support. */
3600         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3601         b43_write16(dev, B43_MMIO_IFSCTL,
3602                     b43_read16(dev, B43_MMIO_IFSCTL)
3603                     | B43_MMIO_IFSCTL_USE_EDCF);
3604         b43dbg(dev->wl, "QoS enabled\n");
3605 }
3606
3607 static int b43_op_conf_tx(struct ieee80211_hw *hw,
3608                           struct ieee80211_vif *vif, u16 _queue,
3609                           const struct ieee80211_tx_queue_params *params)
3610 {
3611         struct b43_wl *wl = hw_to_b43_wl(hw);
3612         struct b43_wldev *dev;
3613         unsigned int queue = (unsigned int)_queue;
3614         int err = -ENODEV;
3615
3616         if (queue >= ARRAY_SIZE(wl->qos_params)) {
3617                 /* Queue not available or don't support setting
3618                  * params on this queue. Return success to not
3619                  * confuse mac80211. */
3620                 return 0;
3621         }
3622         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3623                      ARRAY_SIZE(wl->qos_params));
3624
3625         mutex_lock(&wl->mutex);
3626         dev = wl->current_dev;
3627         if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3628                 goto out_unlock;
3629
3630         memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3631         b43_mac_suspend(dev);
3632         b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3633                               b43_qos_shm_offsets[queue]);
3634         b43_mac_enable(dev);
3635         err = 0;
3636
3637 out_unlock:
3638         mutex_unlock(&wl->mutex);
3639
3640         return err;
3641 }
3642
3643 static int b43_op_get_stats(struct ieee80211_hw *hw,
3644                             struct ieee80211_low_level_stats *stats)
3645 {
3646         struct b43_wl *wl = hw_to_b43_wl(hw);
3647
3648         mutex_lock(&wl->mutex);
3649         memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3650         mutex_unlock(&wl->mutex);
3651
3652         return 0;
3653 }
3654
3655 static u64 b43_op_get_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
3656 {
3657         struct b43_wl *wl = hw_to_b43_wl(hw);
3658         struct b43_wldev *dev;
3659         u64 tsf;
3660
3661         mutex_lock(&wl->mutex);
3662         dev = wl->current_dev;
3663
3664         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3665                 b43_tsf_read(dev, &tsf);
3666         else
3667                 tsf = 0;
3668
3669         mutex_unlock(&wl->mutex);
3670
3671         return tsf;
3672 }
3673
3674 static void b43_op_set_tsf(struct ieee80211_hw *hw,
3675                            struct ieee80211_vif *vif, u64 tsf)
3676 {
3677         struct b43_wl *wl = hw_to_b43_wl(hw);
3678         struct b43_wldev *dev;
3679
3680         mutex_lock(&wl->mutex);
3681         dev = wl->current_dev;
3682
3683         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3684                 b43_tsf_write(dev, tsf);
3685
3686         mutex_unlock(&wl->mutex);
3687 }
3688
3689 static void b43_put_phy_into_reset(struct b43_wldev *dev)
3690 {
3691         u32 tmp;
3692
3693         switch (dev->dev->bus_type) {
3694 #ifdef CONFIG_B43_BCMA
3695         case B43_BUS_BCMA:
3696                 b43err(dev->wl,
3697                        "Putting PHY into reset not supported on BCMA\n");
3698                 break;
3699 #endif
3700 #ifdef CONFIG_B43_SSB
3701         case B43_BUS_SSB:
3702                 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3703                 tmp &= ~B43_TMSLOW_GMODE;
3704                 tmp |= B43_TMSLOW_PHYRESET;
3705                 tmp |= SSB_TMSLOW_FGC;
3706                 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3707                 msleep(1);
3708
3709                 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3710                 tmp &= ~SSB_TMSLOW_FGC;
3711                 tmp |= B43_TMSLOW_PHYRESET;
3712                 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3713                 msleep(1);
3714
3715                 break;
3716 #endif
3717         }
3718 }
3719
3720 static const char *band_to_string(enum ieee80211_band band)
3721 {
3722         switch (band) {
3723         case IEEE80211_BAND_5GHZ:
3724                 return "5";
3725         case IEEE80211_BAND_2GHZ:
3726                 return "2.4";
3727         default:
3728                 break;
3729         }
3730         B43_WARN_ON(1);
3731         return "";
3732 }
3733
3734 /* Expects wl->mutex locked */
3735 static int b43_switch_band(struct b43_wl *wl, struct ieee80211_channel *chan)
3736 {
3737         struct b43_wldev *up_dev = NULL;
3738         struct b43_wldev *down_dev;
3739         struct b43_wldev *d;
3740         int err;
3741         bool uninitialized_var(gmode);
3742         int prev_status;
3743
3744         /* Find a device and PHY which supports the band. */
3745         list_for_each_entry(d, &wl->devlist, list) {
3746                 switch (chan->band) {
3747                 case IEEE80211_BAND_5GHZ:
3748                         if (d->phy.supports_5ghz) {
3749                                 up_dev = d;
3750                                 gmode = false;
3751                         }
3752                         break;
3753                 case IEEE80211_BAND_2GHZ:
3754                         if (d->phy.supports_2ghz) {
3755                                 up_dev = d;
3756                                 gmode = true;
3757                         }
3758                         break;
3759                 default:
3760                         B43_WARN_ON(1);
3761                         return -EINVAL;
3762                 }
3763                 if (up_dev)
3764                         break;
3765         }
3766         if (!up_dev) {
3767                 b43err(wl, "Could not find a device for %s-GHz band operation\n",
3768                        band_to_string(chan->band));
3769                 return -ENODEV;
3770         }
3771         if ((up_dev == wl->current_dev) &&
3772             (!!wl->current_dev->phy.gmode == !!gmode)) {
3773                 /* This device is already running. */
3774                 return 0;
3775         }
3776         b43dbg(wl, "Switching to %s-GHz band\n",
3777                band_to_string(chan->band));
3778         down_dev = wl->current_dev;
3779
3780         prev_status = b43_status(down_dev);
3781         /* Shutdown the currently running core. */
3782         if (prev_status >= B43_STAT_STARTED)
3783                 down_dev = b43_wireless_core_stop(down_dev);
3784         if (prev_status >= B43_STAT_INITIALIZED)
3785                 b43_wireless_core_exit(down_dev);
3786
3787         if (down_dev != up_dev) {
3788                 /* We switch to a different core, so we put PHY into
3789                  * RESET on the old core. */
3790                 b43_put_phy_into_reset(down_dev);
3791         }
3792
3793         /* Now start the new core. */
3794         up_dev->phy.gmode = gmode;
3795         if (prev_status >= B43_STAT_INITIALIZED) {
3796                 err = b43_wireless_core_init(up_dev);
3797                 if (err) {
3798                         b43err(wl, "Fatal: Could not initialize device for "
3799                                "selected %s-GHz band\n",
3800                                band_to_string(chan->band));
3801                         goto init_failure;
3802                 }
3803         }
3804         if (prev_status >= B43_STAT_STARTED) {
3805                 err = b43_wireless_core_start(up_dev);
3806                 if (err) {
3807                         b43err(wl, "Fatal: Could not start device for "
3808                                "selected %s-GHz band\n",
3809                                band_to_string(chan->band));
3810                         b43_wireless_core_exit(up_dev);
3811                         goto init_failure;
3812                 }
3813         }
3814         B43_WARN_ON(b43_status(up_dev) != prev_status);
3815
3816         wl->current_dev = up_dev;
3817
3818         return 0;
3819 init_failure:
3820         /* Whoops, failed to init the new core. No core is operating now. */
3821         wl->current_dev = NULL;
3822         return err;
3823 }
3824
3825 /* Write the short and long frame retry limit values. */
3826 static void b43_set_retry_limits(struct b43_wldev *dev,
3827                                  unsigned int short_retry,
3828                                  unsigned int long_retry)
3829 {
3830         /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3831          * the chip-internal counter. */
3832         short_retry = min(short_retry, (unsigned int)0xF);
3833         long_retry = min(long_retry, (unsigned int)0xF);
3834
3835         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3836                         short_retry);
3837         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3838                         long_retry);
3839 }
3840
3841 static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3842 {
3843         struct b43_wl *wl = hw_to_b43_wl(hw);
3844         struct b43_wldev *dev;
3845         struct b43_phy *phy;
3846         struct ieee80211_conf *conf = &hw->conf;
3847         int antenna;
3848         int err = 0;
3849         bool reload_bss = false;
3850
3851         mutex_lock(&wl->mutex);
3852
3853         dev = wl->current_dev;
3854
3855         /* Switch the band (if necessary). This might change the active core. */
3856         err = b43_switch_band(wl, conf->channel);
3857         if (err)
3858                 goto out_unlock_mutex;
3859
3860         /* Need to reload all settings if the core changed */
3861         if (dev != wl->current_dev) {
3862                 dev = wl->current_dev;
3863                 changed = ~0;
3864                 reload_bss = true;
3865         }
3866
3867         phy = &dev->phy;
3868
3869         if (conf_is_ht(conf))
3870                 phy->is_40mhz =
3871                         (conf_is_ht40_minus(conf) || conf_is_ht40_plus(conf));
3872         else
3873                 phy->is_40mhz = false;
3874
3875         b43_mac_suspend(dev);
3876
3877         if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
3878                 b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
3879                                           conf->long_frame_max_tx_count);
3880         changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
3881         if (!changed)
3882                 goto out_mac_enable;
3883
3884         /* Switch to the requested channel.
3885          * The firmware takes care of races with the TX handler. */
3886         if (conf->channel->hw_value != phy->channel)
3887                 b43_switch_channel(dev, conf->channel->hw_value);
3888
3889         dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_MONITOR);
3890
3891         /* Adjust the desired TX power level. */
3892         if (conf->power_level != 0) {
3893                 if (conf->power_level != phy->desired_txpower) {
3894                         phy->desired_txpower = conf->power_level;
3895                         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
3896                                                    B43_TXPWR_IGNORE_TSSI);
3897                 }
3898         }
3899
3900         /* Antennas for RX and management frame TX. */
3901         antenna = B43_ANTENNA_DEFAULT;
3902         b43_mgmtframe_txantenna(dev, antenna);
3903         antenna = B43_ANTENNA_DEFAULT;
3904         if (phy->ops->set_rx_antenna)
3905                 phy->ops->set_rx_antenna(dev, antenna);
3906
3907         if (wl->radio_enabled != phy->radio_on) {
3908                 if (wl->radio_enabled) {
3909                         b43_software_rfkill(dev, false);
3910                         b43info(dev->wl, "Radio turned on by software\n");
3911                         if (!dev->radio_hw_enable) {
3912                                 b43info(dev->wl, "The hardware RF-kill button "
3913                                         "still turns the radio physically off. "
3914                                         "Press the button to turn it on.\n");
3915                         }
3916                 } else {
3917                         b43_software_rfkill(dev, true);
3918                         b43info(dev->wl, "Radio turned off by software\n");
3919                 }
3920         }
3921
3922 out_mac_enable:
3923         b43_mac_enable(dev);
3924 out_unlock_mutex:
3925         mutex_unlock(&wl->mutex);
3926
3927         if (wl->vif && reload_bss)
3928                 b43_op_bss_info_changed(hw, wl->vif, &wl->vif->bss_conf, ~0);
3929
3930         return err;
3931 }
3932
3933 static void b43_update_basic_rates(struct b43_wldev *dev, u32 brates)
3934 {
3935         struct ieee80211_supported_band *sband =
3936                 dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
3937         struct ieee80211_rate *rate;
3938         int i;
3939         u16 basic, direct, offset, basic_offset, rateptr;
3940
3941         for (i = 0; i < sband->n_bitrates; i++) {
3942                 rate = &sband->bitrates[i];
3943
3944                 if (b43_is_cck_rate(rate->hw_value)) {
3945                         direct = B43_SHM_SH_CCKDIRECT;
3946                         basic = B43_SHM_SH_CCKBASIC;
3947                         offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3948                         offset &= 0xF;
3949                 } else {
3950                         direct = B43_SHM_SH_OFDMDIRECT;
3951                         basic = B43_SHM_SH_OFDMBASIC;
3952                         offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3953                         offset &= 0xF;
3954                 }
3955
3956                 rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
3957
3958                 if (b43_is_cck_rate(rate->hw_value)) {
3959                         basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
3960                         basic_offset &= 0xF;
3961                 } else {
3962                         basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
3963                         basic_offset &= 0xF;
3964                 }
3965
3966                 /*
3967                  * Get the pointer that we need to point to
3968                  * from the direct map
3969                  */
3970                 rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
3971                                          direct + 2 * basic_offset);
3972                 /* and write it to the basic map */
3973                 b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
3974                                 rateptr);
3975         }
3976 }
3977
3978 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
3979                                     struct ieee80211_vif *vif,
3980                                     struct ieee80211_bss_conf *conf,
3981                                     u32 changed)
3982 {
3983         struct b43_wl *wl = hw_to_b43_wl(hw);
3984         struct b43_wldev *dev;
3985
3986         mutex_lock(&wl->mutex);
3987
3988         dev = wl->current_dev;
3989         if (!dev || b43_status(dev) < B43_STAT_STARTED)
3990                 goto out_unlock_mutex;
3991
3992         B43_WARN_ON(wl->vif != vif);
3993
3994         if (changed & BSS_CHANGED_BSSID) {
3995                 if (conf->bssid)
3996                         memcpy(wl->bssid, conf->bssid, ETH_ALEN);
3997                 else
3998                         memset(wl->bssid, 0, ETH_ALEN);
3999         }
4000
4001         if (b43_status(dev) >= B43_STAT_INITIALIZED) {
4002                 if (changed & BSS_CHANGED_BEACON &&
4003                     (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
4004                      b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
4005                      b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
4006                         b43_update_templates(wl);
4007
4008                 if (changed & BSS_CHANGED_BSSID)
4009                         b43_write_mac_bssid_templates(dev);
4010         }
4011
4012         b43_mac_suspend(dev);
4013
4014         /* Update templates for AP/mesh mode. */
4015         if (changed & BSS_CHANGED_BEACON_INT &&
4016             (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
4017              b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
4018              b43_is_mode(wl, NL80211_IFTYPE_ADHOC)) &&
4019             conf->beacon_int)
4020                 b43_set_beacon_int(dev, conf->beacon_int);
4021
4022         if (changed & BSS_CHANGED_BASIC_RATES)
4023                 b43_update_basic_rates(dev, conf->basic_rates);
4024
4025         if (changed & BSS_CHANGED_ERP_SLOT) {
4026                 if (conf->use_short_slot)
4027                         b43_short_slot_timing_enable(dev);
4028                 else
4029                         b43_short_slot_timing_disable(dev);
4030         }
4031
4032         b43_mac_enable(dev);
4033 out_unlock_mutex:
4034         mutex_unlock(&wl->mutex);
4035 }
4036
4037 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
4038                           struct ieee80211_vif *vif, struct ieee80211_sta *sta,
4039                           struct ieee80211_key_conf *key)
4040 {
4041         struct b43_wl *wl = hw_to_b43_wl(hw);
4042         struct b43_wldev *dev;
4043         u8 algorithm;
4044         u8 index;
4045         int err;
4046         static const u8 bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
4047
4048         if (modparam_nohwcrypt)
4049                 return -ENOSPC; /* User disabled HW-crypto */
4050
4051         if ((vif->type == NL80211_IFTYPE_ADHOC ||
4052              vif->type == NL80211_IFTYPE_MESH_POINT) &&
4053             (key->cipher == WLAN_CIPHER_SUITE_TKIP ||
4054              key->cipher == WLAN_CIPHER_SUITE_CCMP) &&
4055             !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
4056                 /*
4057                  * For now, disable hw crypto for the RSN IBSS group keys. This
4058                  * could be optimized in the future, but until that gets
4059                  * implemented, use of software crypto for group addressed
4060                  * frames is a acceptable to allow RSN IBSS to be used.
4061                  */
4062                 return -EOPNOTSUPP;
4063         }
4064
4065         mutex_lock(&wl->mutex);
4066
4067         dev = wl->current_dev;
4068         err = -ENODEV;
4069         if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
4070                 goto out_unlock;
4071
4072         if (dev->fw.pcm_request_failed || !dev->hwcrypto_enabled) {
4073                 /* We don't have firmware for the crypto engine.
4074                  * Must use software-crypto. */
4075                 err = -EOPNOTSUPP;
4076                 goto out_unlock;
4077         }
4078
4079         err = -EINVAL;
4080         switch (key->cipher) {
4081         case WLAN_CIPHER_SUITE_WEP40:
4082                 algorithm = B43_SEC_ALGO_WEP40;
4083                 break;
4084         case WLAN_CIPHER_SUITE_WEP104:
4085                 algorithm = B43_SEC_ALGO_WEP104;
4086                 break;
4087         case WLAN_CIPHER_SUITE_TKIP:
4088                 algorithm = B43_SEC_ALGO_TKIP;
4089                 break;
4090         case WLAN_CIPHER_SUITE_CCMP:
4091                 algorithm = B43_SEC_ALGO_AES;
4092                 break;
4093         default:
4094                 B43_WARN_ON(1);
4095                 goto out_unlock;
4096         }
4097         index = (u8) (key->keyidx);
4098         if (index > 3)
4099                 goto out_unlock;
4100
4101         switch (cmd) {
4102         case SET_KEY:
4103                 if (algorithm == B43_SEC_ALGO_TKIP &&
4104                     (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE) ||
4105                     !modparam_hwtkip)) {
4106                         /* We support only pairwise key */
4107                         err = -EOPNOTSUPP;
4108                         goto out_unlock;
4109                 }
4110
4111                 if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
4112                         if (WARN_ON(!sta)) {
4113                                 err = -EOPNOTSUPP;
4114                                 goto out_unlock;
4115                         }
4116                         /* Pairwise key with an assigned MAC address. */
4117                         err = b43_key_write(dev, -1, algorithm,
4118                                             key->key, key->keylen,
4119                                             sta->addr, key);
4120                 } else {
4121                         /* Group key */
4122                         err = b43_key_write(dev, index, algorithm,
4123                                             key->key, key->keylen, NULL, key);
4124                 }
4125                 if (err)
4126                         goto out_unlock;
4127
4128                 if (algorithm == B43_SEC_ALGO_WEP40 ||
4129                     algorithm == B43_SEC_ALGO_WEP104) {
4130                         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
4131                 } else {
4132                         b43_hf_write(dev,
4133                                      b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
4134                 }
4135                 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
4136                 if (algorithm == B43_SEC_ALGO_TKIP)
4137                         key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
4138                 break;
4139         case DISABLE_KEY: {
4140                 err = b43_key_clear(dev, key->hw_key_idx);
4141                 if (err)
4142                         goto out_unlock;
4143                 break;
4144         }
4145         default:
4146                 B43_WARN_ON(1);
4147         }
4148
4149 out_unlock:
4150         if (!err) {
4151                 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
4152                        "mac: %pM\n",
4153                        cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
4154                        sta ? sta->addr : bcast_addr);
4155                 b43_dump_keymemory(dev);
4156         }
4157         mutex_unlock(&wl->mutex);
4158
4159         return err;
4160 }
4161
4162 static void b43_op_configure_filter(struct ieee80211_hw *hw,
4163                                     unsigned int changed, unsigned int *fflags,
4164                                     u64 multicast)
4165 {
4166         struct b43_wl *wl = hw_to_b43_wl(hw);
4167         struct b43_wldev *dev;
4168
4169         mutex_lock(&wl->mutex);
4170         dev = wl->current_dev;
4171         if (!dev) {
4172                 *fflags = 0;
4173                 goto out_unlock;
4174         }
4175
4176         *fflags &= FIF_PROMISC_IN_BSS |
4177                   FIF_ALLMULTI |
4178                   FIF_FCSFAIL |
4179                   FIF_PLCPFAIL |
4180                   FIF_CONTROL |
4181                   FIF_OTHER_BSS |
4182                   FIF_BCN_PRBRESP_PROMISC;
4183
4184         changed &= FIF_PROMISC_IN_BSS |
4185                    FIF_ALLMULTI |
4186                    FIF_FCSFAIL |
4187                    FIF_PLCPFAIL |
4188                    FIF_CONTROL |
4189                    FIF_OTHER_BSS |
4190                    FIF_BCN_PRBRESP_PROMISC;
4191
4192         wl->filter_flags = *fflags;
4193
4194         if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
4195                 b43_adjust_opmode(dev);
4196
4197 out_unlock:
4198         mutex_unlock(&wl->mutex);
4199 }
4200
4201 /* Locking: wl->mutex
4202  * Returns the current dev. This might be different from the passed in dev,
4203  * because the core might be gone away while we unlocked the mutex. */
4204 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev)
4205 {
4206         struct b43_wl *wl;
4207         struct b43_wldev *orig_dev;
4208         u32 mask;
4209         int queue_num;
4210
4211         if (!dev)
4212                 return NULL;
4213         wl = dev->wl;
4214 redo:
4215         if (!dev || b43_status(dev) < B43_STAT_STARTED)
4216                 return dev;
4217
4218         /* Cancel work. Unlock to avoid deadlocks. */
4219         mutex_unlock(&wl->mutex);
4220         cancel_delayed_work_sync(&dev->periodic_work);
4221         cancel_work_sync(&wl->tx_work);
4222         mutex_lock(&wl->mutex);
4223         dev = wl->current_dev;
4224         if (!dev || b43_status(dev) < B43_STAT_STARTED) {
4225                 /* Whoops, aliens ate up the device while we were unlocked. */
4226                 return dev;
4227         }
4228
4229         /* Disable interrupts on the device. */
4230         b43_set_status(dev, B43_STAT_INITIALIZED);
4231         if (b43_bus_host_is_sdio(dev->dev)) {
4232                 /* wl->mutex is locked. That is enough. */
4233                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4234                 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4235         } else {
4236                 spin_lock_irq(&wl->hardirq_lock);
4237                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4238                 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4239                 spin_unlock_irq(&wl->hardirq_lock);
4240         }
4241         /* Synchronize and free the interrupt handlers. Unlock to avoid deadlocks. */
4242         orig_dev = dev;
4243         mutex_unlock(&wl->mutex);
4244         if (b43_bus_host_is_sdio(dev->dev)) {
4245                 b43_sdio_free_irq(dev);
4246         } else {
4247                 synchronize_irq(dev->dev->irq);
4248                 free_irq(dev->dev->irq, dev);
4249         }
4250         mutex_lock(&wl->mutex);
4251         dev = wl->current_dev;
4252         if (!dev)
4253                 return dev;
4254         if (dev != orig_dev) {
4255                 if (b43_status(dev) >= B43_STAT_STARTED)
4256                         goto redo;
4257                 return dev;
4258         }
4259         mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
4260         B43_WARN_ON(mask != 0xFFFFFFFF && mask);
4261
4262         /* Drain all TX queues. */
4263         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
4264                 while (skb_queue_len(&wl->tx_queue[queue_num])) {
4265                         struct sk_buff *skb;
4266
4267                         skb = skb_dequeue(&wl->tx_queue[queue_num]);
4268                         ieee80211_free_txskb(wl->hw, skb);
4269                 }
4270         }
4271
4272         b43_mac_suspend(dev);
4273         b43_leds_exit(dev);
4274         b43dbg(wl, "Wireless interface stopped\n");
4275
4276         return dev;
4277 }
4278
4279 /* Locking: wl->mutex */
4280 static int b43_wireless_core_start(struct b43_wldev *dev)
4281 {
4282         int err;
4283
4284         B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
4285
4286         drain_txstatus_queue(dev);
4287         if (b43_bus_host_is_sdio(dev->dev)) {
4288                 err = b43_sdio_request_irq(dev, b43_sdio_interrupt_handler);
4289                 if (err) {
4290                         b43err(dev->wl, "Cannot request SDIO IRQ\n");
4291                         goto out;
4292                 }
4293         } else {
4294                 err = request_threaded_irq(dev->dev->irq, b43_interrupt_handler,
4295                                            b43_interrupt_thread_handler,
4296                                            IRQF_SHARED, KBUILD_MODNAME, dev);
4297                 if (err) {
4298                         b43err(dev->wl, "Cannot request IRQ-%d\n",
4299                                dev->dev->irq);
4300                         goto out;
4301                 }
4302         }
4303
4304         /* We are ready to run. */
4305         ieee80211_wake_queues(dev->wl->hw);
4306         b43_set_status(dev, B43_STAT_STARTED);
4307
4308         /* Start data flow (TX/RX). */
4309         b43_mac_enable(dev);
4310         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
4311
4312         /* Start maintenance work */
4313         b43_periodic_tasks_setup(dev);
4314
4315         b43_leds_init(dev);
4316
4317         b43dbg(dev->wl, "Wireless interface started\n");
4318 out:
4319         return err;
4320 }
4321
4322 static char *b43_phy_name(struct b43_wldev *dev, u8 phy_type)
4323 {
4324         switch (phy_type) {
4325         case B43_PHYTYPE_A:
4326                 return "A";
4327         case B43_PHYTYPE_B:
4328                 return "B";
4329         case B43_PHYTYPE_G:
4330                 return "G";
4331         case B43_PHYTYPE_N:
4332                 return "N";
4333         case B43_PHYTYPE_LP:
4334                 return "LP";
4335         case B43_PHYTYPE_SSLPN:
4336                 return "SSLPN";
4337         case B43_PHYTYPE_HT:
4338                 return "HT";
4339         case B43_PHYTYPE_LCN:
4340                 return "LCN";
4341         case B43_PHYTYPE_LCNXN:
4342                 return "LCNXN";
4343         case B43_PHYTYPE_LCN40:
4344                 return "LCN40";
4345         case B43_PHYTYPE_AC:
4346                 return "AC";
4347         }
4348         return "UNKNOWN";
4349 }
4350
4351 /* Get PHY and RADIO versioning numbers */
4352 static int b43_phy_versioning(struct b43_wldev *dev)
4353 {
4354         struct b43_phy *phy = &dev->phy;
4355         u32 tmp;
4356         u8 analog_type;
4357         u8 phy_type;
4358         u8 phy_rev;
4359         u16 radio_manuf;
4360         u16 radio_ver;
4361         u16 radio_rev;
4362         int unsupported = 0;
4363
4364         /* Get PHY versioning */
4365         tmp = b43_read16(dev, B43_MMIO_PHY_VER);
4366         analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
4367         phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
4368         phy_rev = (tmp & B43_PHYVER_VERSION);
4369         switch (phy_type) {
4370         case B43_PHYTYPE_A:
4371                 if (phy_rev >= 4)
4372                         unsupported = 1;
4373                 break;
4374         case B43_PHYTYPE_B:
4375                 if (phy_rev != 2 && phy_rev != 4 && phy_rev != 6
4376                     && phy_rev != 7)
4377                         unsupported = 1;
4378                 break;
4379         case B43_PHYTYPE_G:
4380                 if (phy_rev > 9)
4381                         unsupported = 1;
4382                 break;
4383 #ifdef CONFIG_B43_PHY_N
4384         case B43_PHYTYPE_N:
4385                 if (phy_rev > 9)
4386                         unsupported = 1;
4387                 break;
4388 #endif
4389 #ifdef CONFIG_B43_PHY_LP
4390         case B43_PHYTYPE_LP:
4391                 if (phy_rev > 2)
4392                         unsupported = 1;
4393                 break;
4394 #endif
4395 #ifdef CONFIG_B43_PHY_HT
4396         case B43_PHYTYPE_HT:
4397                 if (phy_rev > 1)
4398                         unsupported = 1;
4399                 break;
4400 #endif
4401 #ifdef CONFIG_B43_PHY_LCN
4402         case B43_PHYTYPE_LCN:
4403                 if (phy_rev > 1)
4404                         unsupported = 1;
4405                 break;
4406 #endif
4407         default:
4408                 unsupported = 1;
4409         }
4410         if (unsupported) {
4411                 b43err(dev->wl, "FOUND UNSUPPORTED PHY (Analog %u, Type %d (%s), Revision %u)\n",
4412                        analog_type, phy_type, b43_phy_name(dev, phy_type),
4413                        phy_rev);
4414                 return -EOPNOTSUPP;
4415         }
4416         b43info(dev->wl, "Found PHY: Analog %u, Type %d (%s), Revision %u\n",
4417                 analog_type, phy_type, b43_phy_name(dev, phy_type), phy_rev);
4418
4419         /* Get RADIO versioning */
4420         if (dev->dev->core_rev >= 24) {
4421                 u16 radio24[3];
4422
4423                 for (tmp = 0; tmp < 3; tmp++) {
4424                         b43_write16(dev, B43_MMIO_RADIO24_CONTROL, tmp);
4425                         radio24[tmp] = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4426                 }
4427
4428                 /* Broadcom uses "id" for our "ver" and has separated "ver" */
4429                 /* radio_ver = (radio24[0] & 0xF0) >> 4; */
4430
4431                 radio_manuf = 0x17F;
4432                 radio_ver = (radio24[2] << 8) | radio24[1];
4433                 radio_rev = (radio24[0] & 0xF);
4434         } else {
4435                 if (dev->dev->chip_id == 0x4317) {
4436                         if (dev->dev->chip_rev == 0)
4437                                 tmp = 0x3205017F;
4438                         else if (dev->dev->chip_rev == 1)
4439                                 tmp = 0x4205017F;
4440                         else
4441                                 tmp = 0x5205017F;
4442                 } else {
4443                         b43_write16(dev, B43_MMIO_RADIO_CONTROL,
4444                                     B43_RADIOCTL_ID);
4445                         tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
4446                         b43_write16(dev, B43_MMIO_RADIO_CONTROL,
4447                                     B43_RADIOCTL_ID);
4448                         tmp |= (u32)b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH)
4449                                 << 16;
4450                 }
4451                 radio_manuf = (tmp & 0x00000FFF);
4452                 radio_ver = (tmp & 0x0FFFF000) >> 12;
4453                 radio_rev = (tmp & 0xF0000000) >> 28;
4454         }
4455
4456         if (radio_manuf != 0x17F /* Broadcom */)
4457                 unsupported = 1;
4458         switch (phy_type) {
4459         case B43_PHYTYPE_A:
4460                 if (radio_ver != 0x2060)
4461                         unsupported = 1;
4462                 if (radio_rev != 1)
4463                         unsupported = 1;
4464                 if (radio_manuf != 0x17F)
4465                         unsupported = 1;
4466                 break;
4467         case B43_PHYTYPE_B:
4468                 if ((radio_ver & 0xFFF0) != 0x2050)
4469                         unsupported = 1;
4470                 break;
4471         case B43_PHYTYPE_G:
4472                 if (radio_ver != 0x2050)
4473                         unsupported = 1;
4474                 break;
4475         case B43_PHYTYPE_N:
4476                 if (radio_ver != 0x2055 && radio_ver != 0x2056)
4477                         unsupported = 1;
4478                 break;
4479         case B43_PHYTYPE_LP:
4480                 if (radio_ver != 0x2062 && radio_ver != 0x2063)
4481                         unsupported = 1;
4482                 break;
4483         case B43_PHYTYPE_HT:
4484                 if (radio_ver != 0x2059)
4485                         unsupported = 1;
4486                 break;
4487         case B43_PHYTYPE_LCN:
4488                 if (radio_ver != 0x2064)
4489                         unsupported = 1;
4490                 break;
4491         default:
4492                 B43_WARN_ON(1);
4493         }
4494         if (unsupported) {
4495                 b43err(dev->wl, "FOUND UNSUPPORTED RADIO "
4496                        "(Manuf 0x%X, Version 0x%X, Revision %u)\n",
4497                        radio_manuf, radio_ver, radio_rev);
4498                 return -EOPNOTSUPP;
4499         }
4500         b43dbg(dev->wl, "Found Radio: Manuf 0x%X, Version 0x%X, Revision %u\n",
4501                radio_manuf, radio_ver, radio_rev);
4502
4503         phy->radio_manuf = radio_manuf;
4504         phy->radio_ver = radio_ver;
4505         phy->radio_rev = radio_rev;
4506
4507         phy->analog = analog_type;
4508         phy->type = phy_type;
4509         phy->rev = phy_rev;
4510
4511         return 0;
4512 }
4513
4514 static void setup_struct_phy_for_init(struct b43_wldev *dev,
4515                                       struct b43_phy *phy)
4516 {
4517         phy->hardware_power_control = !!modparam_hwpctl;
4518         phy->next_txpwr_check_time = jiffies;
4519         /* PHY TX errors counter. */
4520         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
4521
4522 #if B43_DEBUG
4523         phy->phy_locked = false;
4524         phy->radio_locked = false;
4525 #endif
4526 }
4527
4528 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
4529 {
4530         dev->dfq_valid = false;
4531
4532         /* Assume the radio is enabled. If it's not enabled, the state will
4533          * immediately get fixed on the first periodic work run. */
4534         dev->radio_hw_enable = true;
4535
4536         /* Stats */
4537         memset(&dev->stats, 0, sizeof(dev->stats));
4538
4539         setup_struct_phy_for_init(dev, &dev->phy);
4540
4541         /* IRQ related flags */
4542         dev->irq_reason = 0;
4543         memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
4544         dev->irq_mask = B43_IRQ_MASKTEMPLATE;
4545         if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
4546                 dev->irq_mask &= ~B43_IRQ_PHY_TXERR;
4547
4548         dev->mac_suspended = 1;
4549
4550         /* Noise calculation context */
4551         memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
4552 }
4553
4554 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
4555 {
4556         struct ssb_sprom *sprom = dev->dev->bus_sprom;
4557         u64 hf;
4558
4559         if (!modparam_btcoex)
4560                 return;
4561         if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
4562                 return;
4563         if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
4564                 return;
4565
4566         hf = b43_hf_read(dev);
4567         if (sprom->boardflags_lo & B43_BFL_BTCMOD)
4568                 hf |= B43_HF_BTCOEXALT;
4569         else
4570                 hf |= B43_HF_BTCOEX;
4571         b43_hf_write(dev, hf);
4572 }
4573
4574 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
4575 {
4576         if (!modparam_btcoex)
4577                 return;
4578         //TODO
4579 }
4580
4581 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
4582 {
4583         struct ssb_bus *bus;
4584         u32 tmp;
4585
4586         if (dev->dev->bus_type != B43_BUS_SSB)
4587                 return;
4588
4589         bus = dev->dev->sdev->bus;
4590
4591         if ((bus->chip_id == 0x4311 && bus->chip_rev == 2) ||
4592             (bus->chip_id == 0x4312)) {
4593                 tmp = ssb_read32(dev->dev->sdev, SSB_IMCFGLO);
4594                 tmp &= ~SSB_IMCFGLO_REQTO;
4595                 tmp &= ~SSB_IMCFGLO_SERTO;
4596                 tmp |= 0x3;
4597                 ssb_write32(dev->dev->sdev, SSB_IMCFGLO, tmp);
4598                 ssb_commit_settings(bus);
4599         }
4600 }
4601
4602 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
4603 {
4604         u16 pu_delay;
4605
4606         /* The time value is in microseconds. */
4607         if (dev->phy.type == B43_PHYTYPE_A)
4608                 pu_delay = 3700;
4609         else
4610                 pu_delay = 1050;
4611         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
4612                 pu_delay = 500;
4613         if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
4614                 pu_delay = max(pu_delay, (u16)2400);
4615
4616         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
4617 }
4618
4619 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
4620 static void b43_set_pretbtt(struct b43_wldev *dev)
4621 {
4622         u16 pretbtt;
4623
4624         /* The time value is in microseconds. */
4625         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC)) {
4626                 pretbtt = 2;
4627         } else {
4628                 if (dev->phy.type == B43_PHYTYPE_A)
4629                         pretbtt = 120;
4630                 else
4631                         pretbtt = 250;
4632         }
4633         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
4634         b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
4635 }
4636
4637 /* Shutdown a wireless core */
4638 /* Locking: wl->mutex */
4639 static void b43_wireless_core_exit(struct b43_wldev *dev)
4640 {
4641         B43_WARN_ON(dev && b43_status(dev) > B43_STAT_INITIALIZED);
4642         if (!dev || b43_status(dev) != B43_STAT_INITIALIZED)
4643                 return;
4644
4645         /* Unregister HW RNG driver */
4646         b43_rng_exit(dev->wl);
4647
4648         b43_set_status(dev, B43_STAT_UNINIT);
4649
4650         /* Stop the microcode PSM. */
4651         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
4652                       B43_MACCTL_PSM_JMP0);
4653
4654         b43_dma_free(dev);
4655         b43_pio_free(dev);
4656         b43_chip_exit(dev);
4657         dev->phy.ops->switch_analog(dev, 0);
4658         if (dev->wl->current_beacon) {
4659                 dev_kfree_skb_any(dev->wl->current_beacon);
4660                 dev->wl->current_beacon = NULL;
4661         }
4662
4663         b43_device_disable(dev, 0);
4664         b43_bus_may_powerdown(dev);
4665 }
4666
4667 /* Initialize a wireless core */
4668 static int b43_wireless_core_init(struct b43_wldev *dev)
4669 {
4670         struct ssb_sprom *sprom = dev->dev->bus_sprom;
4671         struct b43_phy *phy = &dev->phy;
4672         int err;
4673         u64 hf;
4674
4675         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4676
4677         err = b43_bus_powerup(dev, 0);
4678         if (err)
4679                 goto out;
4680         if (!b43_device_is_enabled(dev))
4681                 b43_wireless_core_reset(dev, phy->gmode);
4682
4683         /* Reset all data structures. */
4684         setup_struct_wldev_for_init(dev);
4685         phy->ops->prepare_structs(dev);
4686
4687         /* Enable IRQ routing to this device. */
4688         switch (dev->dev->bus_type) {
4689 #ifdef CONFIG_B43_BCMA
4690         case B43_BUS_BCMA:
4691                 bcma_core_pci_irq_ctl(&dev->dev->bdev->bus->drv_pci[0],
4692                                       dev->dev->bdev, true);
4693                 break;
4694 #endif
4695 #ifdef CONFIG_B43_SSB
4696         case B43_BUS_SSB:
4697                 ssb_pcicore_dev_irqvecs_enable(&dev->dev->sdev->bus->pcicore,
4698                                                dev->dev->sdev);
4699                 break;
4700 #endif
4701         }
4702
4703         b43_imcfglo_timeouts_workaround(dev);
4704         b43_bluetooth_coext_disable(dev);
4705         if (phy->ops->prepare_hardware) {
4706                 err = phy->ops->prepare_hardware(dev);
4707                 if (err)
4708                         goto err_busdown;
4709         }
4710         err = b43_chip_init(dev);
4711         if (err)
4712                 goto err_busdown;
4713         b43_shm_write16(dev, B43_SHM_SHARED,
4714                         B43_SHM_SH_WLCOREREV, dev->dev->core_rev);
4715         hf = b43_hf_read(dev);
4716         if (phy->type == B43_PHYTYPE_G) {
4717                 hf |= B43_HF_SYMW;
4718                 if (phy->rev == 1)
4719                         hf |= B43_HF_GDCW;
4720                 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4721                         hf |= B43_HF_OFDMPABOOST;
4722         }
4723         if (phy->radio_ver == 0x2050) {
4724                 if (phy->radio_rev == 6)
4725                         hf |= B43_HF_4318TSSI;
4726                 if (phy->radio_rev < 6)
4727                         hf |= B43_HF_VCORECALC;
4728         }
4729         if (sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW)
4730                 hf |= B43_HF_DSCRQ; /* Disable slowclock requests from ucode. */
4731 #ifdef CONFIG_SSB_DRIVER_PCICORE
4732         if (dev->dev->bus_type == B43_BUS_SSB &&
4733             dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI &&
4734             dev->dev->sdev->bus->pcicore.dev->id.revision <= 10)
4735                 hf |= B43_HF_PCISCW; /* PCI slow clock workaround. */
4736 #endif
4737         hf &= ~B43_HF_SKCFPUP;
4738         b43_hf_write(dev, hf);
4739
4740         b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4741                              B43_DEFAULT_LONG_RETRY_LIMIT);
4742         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4743         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4744
4745         /* Disable sending probe responses from firmware.
4746          * Setting the MaxTime to one usec will always trigger
4747          * a timeout, so we never send any probe resp.
4748          * A timeout of zero is infinite. */
4749         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4750
4751         b43_rate_memory_init(dev);
4752         b43_set_phytxctl_defaults(dev);
4753
4754         /* Minimum Contention Window */
4755         if (phy->type == B43_PHYTYPE_B)
4756                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4757         else
4758                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4759         /* Maximum Contention Window */
4760         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4761
4762         if (b43_bus_host_is_pcmcia(dev->dev) ||
4763             b43_bus_host_is_sdio(dev->dev)) {
4764                 dev->__using_pio_transfers = true;
4765                 err = b43_pio_init(dev);
4766         } else if (dev->use_pio) {
4767                 b43warn(dev->wl, "Forced PIO by use_pio module parameter. "
4768                         "This should not be needed and will result in lower "
4769                         "performance.\n");
4770                 dev->__using_pio_transfers = true;
4771                 err = b43_pio_init(dev);
4772         } else {
4773                 dev->__using_pio_transfers = false;
4774                 err = b43_dma_init(dev);
4775         }
4776         if (err)
4777                 goto err_chip_exit;
4778         b43_qos_init(dev);
4779         b43_set_synth_pu_delay(dev, 1);
4780         b43_bluetooth_coext_enable(dev);
4781
4782         b43_bus_powerup(dev, !(sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW));
4783         b43_upload_card_macaddress(dev);
4784         b43_security_init(dev);
4785
4786         ieee80211_wake_queues(dev->wl->hw);
4787
4788         b43_set_status(dev, B43_STAT_INITIALIZED);
4789
4790         /* Register HW RNG driver */
4791         b43_rng_init(dev->wl);
4792
4793 out:
4794         return err;
4795
4796 err_chip_exit:
4797         b43_chip_exit(dev);
4798 err_busdown:
4799         b43_bus_may_powerdown(dev);
4800         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4801         return err;
4802 }
4803
4804 static int b43_op_add_interface(struct ieee80211_hw *hw,
4805                                 struct ieee80211_vif *vif)
4806 {
4807         struct b43_wl *wl = hw_to_b43_wl(hw);
4808         struct b43_wldev *dev;
4809         int err = -EOPNOTSUPP;
4810
4811         /* TODO: allow WDS/AP devices to coexist */
4812
4813         if (vif->type != NL80211_IFTYPE_AP &&
4814             vif->type != NL80211_IFTYPE_MESH_POINT &&
4815             vif->type != NL80211_IFTYPE_STATION &&
4816             vif->type != NL80211_IFTYPE_WDS &&
4817             vif->type != NL80211_IFTYPE_ADHOC)
4818                 return -EOPNOTSUPP;
4819
4820         mutex_lock(&wl->mutex);
4821         if (wl->operating)
4822                 goto out_mutex_unlock;
4823
4824         b43dbg(wl, "Adding Interface type %d\n", vif->type);
4825
4826         dev = wl->current_dev;
4827         wl->operating = true;
4828         wl->vif = vif;
4829         wl->if_type = vif->type;
4830         memcpy(wl->mac_addr, vif->addr, ETH_ALEN);
4831
4832         b43_adjust_opmode(dev);
4833         b43_set_pretbtt(dev);
4834         b43_set_synth_pu_delay(dev, 0);
4835         b43_upload_card_macaddress(dev);
4836
4837         err = 0;
4838  out_mutex_unlock:
4839         mutex_unlock(&wl->mutex);
4840
4841         if (err == 0)
4842                 b43_op_bss_info_changed(hw, vif, &vif->bss_conf, ~0);
4843
4844         return err;
4845 }
4846
4847 static void b43_op_remove_interface(struct ieee80211_hw *hw,
4848                                     struct ieee80211_vif *vif)
4849 {
4850         struct b43_wl *wl = hw_to_b43_wl(hw);
4851         struct b43_wldev *dev = wl->current_dev;
4852
4853         b43dbg(wl, "Removing Interface type %d\n", vif->type);
4854
4855         mutex_lock(&wl->mutex);
4856
4857         B43_WARN_ON(!wl->operating);
4858         B43_WARN_ON(wl->vif != vif);
4859         wl->vif = NULL;
4860
4861         wl->operating = false;
4862
4863         b43_adjust_opmode(dev);
4864         memset(wl->mac_addr, 0, ETH_ALEN);
4865         b43_upload_card_macaddress(dev);
4866
4867         mutex_unlock(&wl->mutex);
4868 }
4869
4870 static int b43_op_start(struct ieee80211_hw *hw)
4871 {
4872         struct b43_wl *wl = hw_to_b43_wl(hw);
4873         struct b43_wldev *dev = wl->current_dev;
4874         int did_init = 0;
4875         int err = 0;
4876
4877         /* Kill all old instance specific information to make sure
4878          * the card won't use it in the short timeframe between start
4879          * and mac80211 reconfiguring it. */
4880         memset(wl->bssid, 0, ETH_ALEN);
4881         memset(wl->mac_addr, 0, ETH_ALEN);
4882         wl->filter_flags = 0;
4883         wl->radiotap_enabled = false;
4884         b43_qos_clear(wl);
4885         wl->beacon0_uploaded = false;
4886         wl->beacon1_uploaded = false;
4887         wl->beacon_templates_virgin = true;
4888         wl->radio_enabled = true;
4889
4890         mutex_lock(&wl->mutex);
4891
4892         if (b43_status(dev) < B43_STAT_INITIALIZED) {
4893                 err = b43_wireless_core_init(dev);
4894                 if (err)
4895                         goto out_mutex_unlock;
4896                 did_init = 1;
4897         }
4898
4899         if (b43_status(dev) < B43_STAT_STARTED) {
4900                 err = b43_wireless_core_start(dev);
4901                 if (err) {
4902                         if (did_init)
4903                                 b43_wireless_core_exit(dev);
4904                         goto out_mutex_unlock;
4905                 }
4906         }
4907
4908         /* XXX: only do if device doesn't support rfkill irq */
4909         wiphy_rfkill_start_polling(hw->wiphy);
4910
4911  out_mutex_unlock:
4912         mutex_unlock(&wl->mutex);
4913
4914         /*
4915          * Configuration may have been overwritten during initialization.
4916          * Reload the configuration, but only if initialization was
4917          * successful. Reloading the configuration after a failed init
4918          * may hang the system.
4919          */
4920         if (!err)
4921                 b43_op_config(hw, ~0);
4922
4923         return err;
4924 }
4925
4926 static void b43_op_stop(struct ieee80211_hw *hw)
4927 {
4928         struct b43_wl *wl = hw_to_b43_wl(hw);
4929         struct b43_wldev *dev = wl->current_dev;
4930
4931         cancel_work_sync(&(wl->beacon_update_trigger));
4932
4933         if (!dev)
4934                 goto out;
4935
4936         mutex_lock(&wl->mutex);
4937         if (b43_status(dev) >= B43_STAT_STARTED) {
4938                 dev = b43_wireless_core_stop(dev);
4939                 if (!dev)
4940                         goto out_unlock;
4941         }
4942         b43_wireless_core_exit(dev);
4943         wl->radio_enabled = false;
4944
4945 out_unlock:
4946         mutex_unlock(&wl->mutex);
4947 out:
4948         cancel_work_sync(&(wl->txpower_adjust_work));
4949 }
4950
4951 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
4952                                  struct ieee80211_sta *sta, bool set)
4953 {
4954         struct b43_wl *wl = hw_to_b43_wl(hw);
4955
4956         /* FIXME: add locking */
4957         b43_update_templates(wl);
4958
4959         return 0;
4960 }
4961
4962 static void b43_op_sta_notify(struct ieee80211_hw *hw,
4963                               struct ieee80211_vif *vif,
4964                               enum sta_notify_cmd notify_cmd,
4965                               struct ieee80211_sta *sta)
4966 {
4967         struct b43_wl *wl = hw_to_b43_wl(hw);
4968
4969         B43_WARN_ON(!vif || wl->vif != vif);
4970 }
4971
4972 static void b43_op_sw_scan_start_notifier(struct ieee80211_hw *hw)
4973 {
4974         struct b43_wl *wl = hw_to_b43_wl(hw);
4975         struct b43_wldev *dev;
4976
4977         mutex_lock(&wl->mutex);
4978         dev = wl->current_dev;
4979         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4980                 /* Disable CFP update during scan on other channels. */
4981                 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_SKCFPUP);
4982         }
4983         mutex_unlock(&wl->mutex);
4984 }
4985
4986 static void b43_op_sw_scan_complete_notifier(struct ieee80211_hw *hw)
4987 {
4988         struct b43_wl *wl = hw_to_b43_wl(hw);
4989         struct b43_wldev *dev;
4990
4991         mutex_lock(&wl->mutex);
4992         dev = wl->current_dev;
4993         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
4994                 /* Re-enable CFP update. */
4995                 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_SKCFPUP);
4996         }
4997         mutex_unlock(&wl->mutex);
4998 }
4999
5000 static int b43_op_get_survey(struct ieee80211_hw *hw, int idx,
5001                              struct survey_info *survey)
5002 {
5003         struct b43_wl *wl = hw_to_b43_wl(hw);
5004         struct b43_wldev *dev = wl->current_dev;
5005         struct ieee80211_conf *conf = &hw->conf;
5006
5007         if (idx != 0)
5008                 return -ENOENT;
5009
5010         survey->channel = conf->channel;
5011         survey->filled = SURVEY_INFO_NOISE_DBM;
5012         survey->noise = dev->stats.link_noise;
5013
5014         return 0;
5015 }
5016
5017 static const struct ieee80211_ops b43_hw_ops = {
5018         .tx                     = b43_op_tx,
5019         .conf_tx                = b43_op_conf_tx,
5020         .add_interface          = b43_op_add_interface,
5021         .remove_interface       = b43_op_remove_interface,
5022         .config                 = b43_op_config,
5023         .bss_info_changed       = b43_op_bss_info_changed,
5024         .configure_filter       = b43_op_configure_filter,
5025         .set_key                = b43_op_set_key,
5026         .update_tkip_key        = b43_op_update_tkip_key,
5027         .get_stats              = b43_op_get_stats,
5028         .get_tsf                = b43_op_get_tsf,
5029         .set_tsf                = b43_op_set_tsf,
5030         .start                  = b43_op_start,
5031         .stop                   = b43_op_stop,
5032         .set_tim                = b43_op_beacon_set_tim,
5033         .sta_notify             = b43_op_sta_notify,
5034         .sw_scan_start          = b43_op_sw_scan_start_notifier,
5035         .sw_scan_complete       = b43_op_sw_scan_complete_notifier,
5036         .get_survey             = b43_op_get_survey,
5037         .rfkill_poll            = b43_rfkill_poll,
5038 };
5039
5040 /* Hard-reset the chip. Do not call this directly.
5041  * Use b43_controller_restart()
5042  */
5043 static void b43_chip_reset(struct work_struct *work)
5044 {
5045         struct b43_wldev *dev =
5046             container_of(work, struct b43_wldev, restart_work);
5047         struct b43_wl *wl = dev->wl;
5048         int err = 0;
5049         int prev_status;
5050
5051         mutex_lock(&wl->mutex);
5052
5053         prev_status = b43_status(dev);
5054         /* Bring the device down... */
5055         if (prev_status >= B43_STAT_STARTED) {
5056                 dev = b43_wireless_core_stop(dev);
5057                 if (!dev) {
5058                         err = -ENODEV;
5059                         goto out;
5060                 }
5061         }
5062         if (prev_status >= B43_STAT_INITIALIZED)
5063                 b43_wireless_core_exit(dev);
5064
5065         /* ...and up again. */
5066         if (prev_status >= B43_STAT_INITIALIZED) {
5067                 err = b43_wireless_core_init(dev);
5068                 if (err)
5069                         goto out;
5070         }
5071         if (prev_status >= B43_STAT_STARTED) {
5072                 err = b43_wireless_core_start(dev);
5073                 if (err) {
5074                         b43_wireless_core_exit(dev);
5075                         goto out;
5076                 }
5077         }
5078 out:
5079         if (err)
5080                 wl->current_dev = NULL; /* Failed to init the dev. */
5081         mutex_unlock(&wl->mutex);
5082
5083         if (err) {
5084                 b43err(wl, "Controller restart FAILED\n");
5085                 return;
5086         }
5087
5088         /* reload configuration */
5089         b43_op_config(wl->hw, ~0);
5090         if (wl->vif)
5091                 b43_op_bss_info_changed(wl->hw, wl->vif, &wl->vif->bss_conf, ~0);
5092
5093         b43info(wl, "Controller restarted\n");
5094 }
5095
5096 static int b43_setup_bands(struct b43_wldev *dev,
5097                            bool have_2ghz_phy, bool have_5ghz_phy)
5098 {
5099         struct ieee80211_hw *hw = dev->wl->hw;
5100
5101         if (have_2ghz_phy)
5102                 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &b43_band_2GHz;
5103         if (dev->phy.type == B43_PHYTYPE_N) {
5104                 if (have_5ghz_phy)
5105                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_nphy;
5106         } else {
5107                 if (have_5ghz_phy)
5108                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
5109         }
5110
5111         dev->phy.supports_2ghz = have_2ghz_phy;
5112         dev->phy.supports_5ghz = have_5ghz_phy;
5113
5114         return 0;
5115 }
5116
5117 static void b43_wireless_core_detach(struct b43_wldev *dev)
5118 {
5119         /* We release firmware that late to not be required to re-request
5120          * is all the time when we reinit the core. */
5121         b43_release_firmware(dev);
5122         b43_phy_free(dev);
5123 }
5124
5125 static int b43_wireless_core_attach(struct b43_wldev *dev)
5126 {
5127         struct b43_wl *wl = dev->wl;
5128         struct pci_dev *pdev = NULL;
5129         int err;
5130         u32 tmp;
5131         bool have_2ghz_phy = false, have_5ghz_phy = false;
5132
5133         /* Do NOT do any device initialization here.
5134          * Do it in wireless_core_init() instead.
5135          * This function is for gathering basic information about the HW, only.
5136          * Also some structs may be set up here. But most likely you want to have
5137          * that in core_init(), too.
5138          */
5139
5140 #ifdef CONFIG_B43_SSB
5141         if (dev->dev->bus_type == B43_BUS_SSB &&
5142             dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI)
5143                 pdev = dev->dev->sdev->bus->host_pci;
5144 #endif
5145
5146         err = b43_bus_powerup(dev, 0);
5147         if (err) {
5148                 b43err(wl, "Bus powerup failed\n");
5149                 goto out;
5150         }
5151
5152         /* Get the PHY type. */
5153         switch (dev->dev->bus_type) {
5154 #ifdef CONFIG_B43_BCMA
5155         case B43_BUS_BCMA:
5156                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOST);
5157                 have_2ghz_phy = !!(tmp & B43_BCMA_IOST_2G_PHY);
5158                 have_5ghz_phy = !!(tmp & B43_BCMA_IOST_5G_PHY);
5159                 break;
5160 #endif
5161 #ifdef CONFIG_B43_SSB
5162         case B43_BUS_SSB:
5163                 if (dev->dev->core_rev >= 5) {
5164                         tmp = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
5165                         have_2ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_2GHZ_PHY);
5166                         have_5ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_5GHZ_PHY);
5167                 } else
5168                         B43_WARN_ON(1);
5169                 break;
5170 #endif
5171         }
5172
5173         dev->phy.gmode = have_2ghz_phy;
5174         dev->phy.radio_on = true;
5175         b43_wireless_core_reset(dev, dev->phy.gmode);
5176
5177         err = b43_phy_versioning(dev);
5178         if (err)
5179                 goto err_powerdown;
5180         /* Check if this device supports multiband. */
5181         if (!pdev ||
5182             (pdev->device != 0x4312 &&
5183              pdev->device != 0x4319 && pdev->device != 0x4324)) {
5184                 /* No multiband support. */
5185                 have_2ghz_phy = false;
5186                 have_5ghz_phy = false;
5187                 switch (dev->phy.type) {
5188                 case B43_PHYTYPE_A:
5189                         have_5ghz_phy = true;
5190                         break;
5191                 case B43_PHYTYPE_LP: //FIXME not always!
5192 #if 0 //FIXME enabling 5GHz causes a NULL pointer dereference
5193                         have_5ghz_phy = 1;
5194 #endif
5195                 case B43_PHYTYPE_G:
5196                 case B43_PHYTYPE_N:
5197                 case B43_PHYTYPE_HT:
5198                 case B43_PHYTYPE_LCN:
5199                         have_2ghz_phy = true;
5200                         break;
5201                 default:
5202                         B43_WARN_ON(1);
5203                 }
5204         }
5205         if (dev->phy.type == B43_PHYTYPE_A) {
5206                 /* FIXME */
5207                 b43err(wl, "IEEE 802.11a devices are unsupported\n");
5208                 err = -EOPNOTSUPP;
5209                 goto err_powerdown;
5210         }
5211         if (1 /* disable A-PHY */) {
5212                 /* FIXME: For now we disable the A-PHY on multi-PHY devices. */
5213                 if (dev->phy.type != B43_PHYTYPE_N &&
5214                     dev->phy.type != B43_PHYTYPE_LP) {
5215                         have_2ghz_phy = true;
5216                         have_5ghz_phy = false;
5217                 }
5218         }
5219
5220         err = b43_phy_allocate(dev);
5221         if (err)
5222                 goto err_powerdown;
5223
5224         dev->phy.gmode = have_2ghz_phy;
5225         b43_wireless_core_reset(dev, dev->phy.gmode);
5226
5227         err = b43_validate_chipaccess(dev);
5228         if (err)
5229                 goto err_phy_free;
5230         err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
5231         if (err)
5232                 goto err_phy_free;
5233
5234         /* Now set some default "current_dev" */
5235         if (!wl->current_dev)
5236                 wl->current_dev = dev;
5237         INIT_WORK(&dev->restart_work, b43_chip_reset);
5238
5239         dev->phy.ops->switch_analog(dev, 0);
5240         b43_device_disable(dev, 0);
5241         b43_bus_may_powerdown(dev);
5242
5243 out:
5244         return err;
5245
5246 err_phy_free:
5247         b43_phy_free(dev);
5248 err_powerdown:
5249         b43_bus_may_powerdown(dev);
5250         return err;
5251 }
5252
5253 static void b43_one_core_detach(struct b43_bus_dev *dev)
5254 {
5255         struct b43_wldev *wldev;
5256         struct b43_wl *wl;
5257
5258         /* Do not cancel ieee80211-workqueue based work here.
5259          * See comment in b43_remove(). */
5260
5261         wldev = b43_bus_get_wldev(dev);
5262         wl = wldev->wl;
5263         b43_debugfs_remove_device(wldev);
5264         b43_wireless_core_detach(wldev);
5265         list_del(&wldev->list);
5266         wl->nr_devs--;
5267         b43_bus_set_wldev(dev, NULL);
5268         kfree(wldev);
5269 }
5270
5271 static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl)
5272 {
5273         struct b43_wldev *wldev;
5274         int err = -ENOMEM;
5275
5276         wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
5277         if (!wldev)
5278                 goto out;
5279
5280         wldev->use_pio = b43_modparam_pio;
5281         wldev->dev = dev;
5282         wldev->wl = wl;
5283         b43_set_status(wldev, B43_STAT_UNINIT);
5284         wldev->bad_frames_preempt = modparam_bad_frames_preempt;
5285         INIT_LIST_HEAD(&wldev->list);
5286
5287         err = b43_wireless_core_attach(wldev);
5288         if (err)
5289                 goto err_kfree_wldev;
5290
5291         list_add(&wldev->list, &wl->devlist);
5292         wl->nr_devs++;
5293         b43_bus_set_wldev(dev, wldev);
5294         b43_debugfs_add_device(wldev);
5295
5296       out:
5297         return err;
5298
5299       err_kfree_wldev:
5300         kfree(wldev);
5301         return err;
5302 }
5303
5304 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice)         ( \
5305         (pdev->vendor == PCI_VENDOR_ID_##_vendor) &&                    \
5306         (pdev->device == _device) &&                                    \
5307         (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) &&       \
5308         (pdev->subsystem_device == _subdevice)                          )
5309
5310 static void b43_sprom_fixup(struct ssb_bus *bus)
5311 {
5312         struct pci_dev *pdev;
5313
5314         /* boardflags workarounds */
5315         if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
5316             bus->chip_id == 0x4301 && bus->sprom.board_rev == 0x74)
5317                 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
5318         if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
5319             bus->boardinfo.type == 0x4E && bus->sprom.board_rev > 0x40)
5320                 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
5321         if (bus->bustype == SSB_BUSTYPE_PCI) {
5322                 pdev = bus->host_pci;
5323                 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
5324                     IS_PDEV(pdev, BROADCOM, 0x4320,    DELL, 0x0003) ||
5325                     IS_PDEV(pdev, BROADCOM, 0x4320,      HP, 0x12f8) ||
5326                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
5327                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
5328                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
5329                     IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
5330                         bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
5331         }
5332 }
5333
5334 static void b43_wireless_exit(struct b43_bus_dev *dev, struct b43_wl *wl)
5335 {
5336         struct ieee80211_hw *hw = wl->hw;
5337
5338         ssb_set_devtypedata(dev->sdev, NULL);
5339         ieee80211_free_hw(hw);
5340 }
5341
5342 static struct b43_wl *b43_wireless_init(struct b43_bus_dev *dev)
5343 {
5344         struct ssb_sprom *sprom = dev->bus_sprom;
5345         struct ieee80211_hw *hw;
5346         struct b43_wl *wl;
5347         char chip_name[6];
5348         int queue_num;
5349
5350         hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
5351         if (!hw) {
5352                 b43err(NULL, "Could not allocate ieee80211 device\n");
5353                 return ERR_PTR(-ENOMEM);
5354         }
5355         wl = hw_to_b43_wl(hw);
5356
5357         /* fill hw info */
5358         hw->flags = IEEE80211_HW_RX_INCLUDES_FCS |
5359                     IEEE80211_HW_SIGNAL_DBM;
5360
5361         hw->wiphy->interface_modes =
5362                 BIT(NL80211_IFTYPE_AP) |
5363                 BIT(NL80211_IFTYPE_MESH_POINT) |
5364                 BIT(NL80211_IFTYPE_STATION) |
5365                 BIT(NL80211_IFTYPE_WDS) |
5366                 BIT(NL80211_IFTYPE_ADHOC);
5367
5368         hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
5369
5370         wl->hw_registred = false;
5371         hw->max_rates = 2;
5372         SET_IEEE80211_DEV(hw, dev->dev);
5373         if (is_valid_ether_addr(sprom->et1mac))
5374                 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
5375         else
5376                 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
5377
5378         /* Initialize struct b43_wl */
5379         wl->hw = hw;
5380         mutex_init(&wl->mutex);
5381         spin_lock_init(&wl->hardirq_lock);
5382         INIT_LIST_HEAD(&wl->devlist);
5383         INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
5384         INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
5385         INIT_WORK(&wl->tx_work, b43_tx_work);
5386
5387         /* Initialize queues and flags. */
5388         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
5389                 skb_queue_head_init(&wl->tx_queue[queue_num]);
5390                 wl->tx_queue_stopped[queue_num] = 0;
5391         }
5392
5393         snprintf(chip_name, ARRAY_SIZE(chip_name),
5394                  (dev->chip_id > 0x9999) ? "%d" : "%04X", dev->chip_id);
5395         b43info(wl, "Broadcom %s WLAN found (core revision %u)\n", chip_name,
5396                 dev->core_rev);
5397         return wl;
5398 }
5399
5400 #ifdef CONFIG_B43_BCMA
5401 static int b43_bcma_probe(struct bcma_device *core)
5402 {
5403         struct b43_bus_dev *dev;
5404         struct b43_wl *wl;
5405         int err;
5406
5407         dev = b43_bus_dev_bcma_init(core);
5408         if (!dev)
5409                 return -ENODEV;
5410
5411         wl = b43_wireless_init(dev);
5412         if (IS_ERR(wl)) {
5413                 err = PTR_ERR(wl);
5414                 goto bcma_out;
5415         }
5416
5417         err = b43_one_core_attach(dev, wl);
5418         if (err)
5419                 goto bcma_err_wireless_exit;
5420
5421         /* setup and start work to load firmware */
5422         INIT_WORK(&wl->firmware_load, b43_request_firmware);
5423         schedule_work(&wl->firmware_load);
5424
5425 bcma_out:
5426         return err;
5427
5428 bcma_err_wireless_exit:
5429         ieee80211_free_hw(wl->hw);
5430         return err;
5431 }
5432
5433 static void b43_bcma_remove(struct bcma_device *core)
5434 {
5435         struct b43_wldev *wldev = bcma_get_drvdata(core);
5436         struct b43_wl *wl = wldev->wl;
5437
5438         /* We must cancel any work here before unregistering from ieee80211,
5439          * as the ieee80211 unreg will destroy the workqueue. */
5440         cancel_work_sync(&wldev->restart_work);
5441         cancel_work_sync(&wl->firmware_load);
5442
5443         B43_WARN_ON(!wl);
5444         if (!wldev->fw.ucode.data)
5445                 return;                 /* NULL if firmware never loaded */
5446         if (wl->current_dev == wldev && wl->hw_registred) {
5447                 b43_leds_stop(wldev);
5448                 ieee80211_unregister_hw(wl->hw);
5449         }
5450
5451         b43_one_core_detach(wldev->dev);
5452
5453         b43_leds_unregister(wl);
5454
5455         ieee80211_free_hw(wl->hw);
5456 }
5457
5458 static struct bcma_driver b43_bcma_driver = {
5459         .name           = KBUILD_MODNAME,
5460         .id_table       = b43_bcma_tbl,
5461         .probe          = b43_bcma_probe,
5462         .remove         = b43_bcma_remove,
5463 };
5464 #endif
5465
5466 #ifdef CONFIG_B43_SSB
5467 static
5468 int b43_ssb_probe(struct ssb_device *sdev, const struct ssb_device_id *id)
5469 {
5470         struct b43_bus_dev *dev;
5471         struct b43_wl *wl;
5472         int err;
5473         int first = 0;
5474
5475         dev = b43_bus_dev_ssb_init(sdev);
5476         if (!dev)
5477                 return -ENOMEM;
5478
5479         wl = ssb_get_devtypedata(sdev);
5480         if (!wl) {
5481                 /* Probing the first core. Must setup common struct b43_wl */
5482                 first = 1;
5483                 b43_sprom_fixup(sdev->bus);
5484                 wl = b43_wireless_init(dev);
5485                 if (IS_ERR(wl)) {
5486                         err = PTR_ERR(wl);
5487                         goto out;
5488                 }
5489                 ssb_set_devtypedata(sdev, wl);
5490                 B43_WARN_ON(ssb_get_devtypedata(sdev) != wl);
5491         }
5492         err = b43_one_core_attach(dev, wl);
5493         if (err)
5494                 goto err_wireless_exit;
5495
5496         /* setup and start work to load firmware */
5497         INIT_WORK(&wl->firmware_load, b43_request_firmware);
5498         schedule_work(&wl->firmware_load);
5499
5500       out:
5501         return err;
5502
5503       err_wireless_exit:
5504         if (first)
5505                 b43_wireless_exit(dev, wl);
5506         return err;
5507 }
5508
5509 static void b43_ssb_remove(struct ssb_device *sdev)
5510 {
5511         struct b43_wl *wl = ssb_get_devtypedata(sdev);
5512         struct b43_wldev *wldev = ssb_get_drvdata(sdev);
5513         struct b43_bus_dev *dev = wldev->dev;
5514
5515         /* We must cancel any work here before unregistering from ieee80211,
5516          * as the ieee80211 unreg will destroy the workqueue. */
5517         cancel_work_sync(&wldev->restart_work);
5518         cancel_work_sync(&wl->firmware_load);
5519
5520         B43_WARN_ON(!wl);
5521         if (!wldev->fw.ucode.data)
5522                 return;                 /* NULL if firmware never loaded */
5523         if (wl->current_dev == wldev && wl->hw_registred) {
5524                 b43_leds_stop(wldev);
5525                 ieee80211_unregister_hw(wl->hw);
5526         }
5527
5528         b43_one_core_detach(dev);
5529
5530         if (list_empty(&wl->devlist)) {
5531                 b43_leds_unregister(wl);
5532                 /* Last core on the chip unregistered.
5533                  * We can destroy common struct b43_wl.
5534                  */
5535                 b43_wireless_exit(dev, wl);
5536         }
5537 }
5538
5539 static struct ssb_driver b43_ssb_driver = {
5540         .name           = KBUILD_MODNAME,
5541         .id_table       = b43_ssb_tbl,
5542         .probe          = b43_ssb_probe,
5543         .remove         = b43_ssb_remove,
5544 };
5545 #endif /* CONFIG_B43_SSB */
5546
5547 /* Perform a hardware reset. This can be called from any context. */
5548 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
5549 {
5550         /* Must avoid requeueing, if we are in shutdown. */
5551         if (b43_status(dev) < B43_STAT_INITIALIZED)
5552                 return;
5553         b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
5554         ieee80211_queue_work(dev->wl->hw, &dev->restart_work);
5555 }
5556
5557 static void b43_print_driverinfo(void)
5558 {
5559         const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
5560                    *feat_leds = "", *feat_sdio = "";
5561
5562 #ifdef CONFIG_B43_PCI_AUTOSELECT
5563         feat_pci = "P";
5564 #endif
5565 #ifdef CONFIG_B43_PCMCIA
5566         feat_pcmcia = "M";
5567 #endif
5568 #ifdef CONFIG_B43_PHY_N
5569         feat_nphy = "N";
5570 #endif
5571 #ifdef CONFIG_B43_LEDS
5572         feat_leds = "L";
5573 #endif
5574 #ifdef CONFIG_B43_SDIO
5575         feat_sdio = "S";
5576 #endif
5577         printk(KERN_INFO "Broadcom 43xx driver loaded "
5578                "[ Features: %s%s%s%s%s ]\n",
5579                feat_pci, feat_pcmcia, feat_nphy,
5580                feat_leds, feat_sdio);
5581 }
5582
5583 static int __init b43_init(void)
5584 {
5585         int err;
5586
5587         b43_debugfs_init();
5588         err = b43_pcmcia_init();
5589         if (err)
5590                 goto err_dfs_exit;
5591         err = b43_sdio_init();
5592         if (err)
5593                 goto err_pcmcia_exit;
5594 #ifdef CONFIG_B43_BCMA
5595         err = bcma_driver_register(&b43_bcma_driver);
5596         if (err)
5597                 goto err_sdio_exit;
5598 #endif
5599 #ifdef CONFIG_B43_SSB
5600         err = ssb_driver_register(&b43_ssb_driver);
5601         if (err)
5602                 goto err_bcma_driver_exit;
5603 #endif
5604         b43_print_driverinfo();
5605
5606         return err;
5607
5608 #ifdef CONFIG_B43_SSB
5609 err_bcma_driver_exit:
5610 #endif
5611 #ifdef CONFIG_B43_BCMA
5612         bcma_driver_unregister(&b43_bcma_driver);
5613 err_sdio_exit:
5614 #endif
5615         b43_sdio_exit();
5616 err_pcmcia_exit:
5617         b43_pcmcia_exit();
5618 err_dfs_exit:
5619         b43_debugfs_exit();
5620         return err;
5621 }
5622
5623 static void __exit b43_exit(void)
5624 {
5625 #ifdef CONFIG_B43_SSB
5626         ssb_driver_unregister(&b43_ssb_driver);
5627 #endif
5628 #ifdef CONFIG_B43_BCMA
5629         bcma_driver_unregister(&b43_bcma_driver);
5630 #endif
5631         b43_sdio_exit();
5632         b43_pcmcia_exit();
5633         b43_debugfs_exit();
5634 }
5635
5636 module_init(b43_init)
5637 module_exit(b43_exit)