git.samba.org / sfrench / cifs-2.6.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge tag 'dm-4.0-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device...
[sfrench/cifs-2.6.git] / drivers / net / wireless / b43 / main.c
1 /*
2
3   Broadcom B43 wireless driver
4
5   Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6   Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7   Copyright (c) 2005-2009 Michael Buesch <m@bues.ch>
8   Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9   Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
10   Copyright (c) 2010-2011 Rafał Miłecki <zajec5@gmail.com>
11
12   SDIO support
13   Copyright (c) 2009 Albert Herranz <albert_herranz@yahoo.es>
14
15   Some parts of the code in this file are derived from the ipw2200
16   driver  Copyright(c) 2003 - 2004 Intel Corporation.
17
18   This program is free software; you can redistribute it and/or modify
19   it under the terms of the GNU General Public License as published by
20   the Free Software Foundation; either version 2 of the License, or
21   (at your option) any later version.
22
23   This program is distributed in the hope that it will be useful,
24   but WITHOUT ANY WARRANTY; without even the implied warranty of
25   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
26   GNU General Public License for more details.
27
28   You should have received a copy of the GNU General Public License
29   along with this program; see the file COPYING.  If not, write to
30   the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
31   Boston, MA 02110-1301, USA.
32
33 */
34
35 #include <linux/delay.h>
36 #include <linux/init.h>
37 #include <linux/module.h>
38 #include <linux/if_arp.h>
39 #include <linux/etherdevice.h>
40 #include <linux/firmware.h>
41 #include <linux/workqueue.h>
42 #include <linux/skbuff.h>
43 #include <linux/io.h>
44 #include <linux/dma-mapping.h>
45 #include <linux/slab.h>
46 #include <asm/unaligned.h>
47
48 #include "b43.h"
49 #include "main.h"
50 #include "debugfs.h"
51 #include "phy_common.h"
52 #include "phy_g.h"
53 #include "phy_n.h"
54 #include "dma.h"
55 #include "pio.h"
56 #include "sysfs.h"
57 #include "xmit.h"
58 #include "lo.h"
59 #include "pcmcia.h"
60 #include "sdio.h"
61 #include <linux/mmc/sdio_func.h>
62
63 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
64 MODULE_AUTHOR("Martin Langer");
65 MODULE_AUTHOR("Stefano Brivio");
66 MODULE_AUTHOR("Michael Buesch");
67 MODULE_AUTHOR("Gábor Stefanik");
68 MODULE_AUTHOR("Rafał Miłecki");
69 MODULE_LICENSE("GPL");
70
71 MODULE_FIRMWARE("b43/ucode11.fw");
72 MODULE_FIRMWARE("b43/ucode13.fw");
73 MODULE_FIRMWARE("b43/ucode14.fw");
74 MODULE_FIRMWARE("b43/ucode15.fw");
75 MODULE_FIRMWARE("b43/ucode16_mimo.fw");
76 MODULE_FIRMWARE("b43/ucode5.fw");
77 MODULE_FIRMWARE("b43/ucode9.fw");
78
79 static int modparam_bad_frames_preempt;
80 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
81 MODULE_PARM_DESC(bad_frames_preempt,
82                  "enable(1) / disable(0) Bad Frames Preemption");
83
84 static char modparam_fwpostfix[16];
85 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
86 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
87
88 static int modparam_hwpctl;
89 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
90 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
91
92 static int modparam_nohwcrypt;
93 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
94 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
95
96 static int modparam_hwtkip;
97 module_param_named(hwtkip, modparam_hwtkip, int, 0444);
98 MODULE_PARM_DESC(hwtkip, "Enable hardware tkip.");
99
100 static int modparam_qos = 1;
101 module_param_named(qos, modparam_qos, int, 0444);
102 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
103
104 static int modparam_btcoex = 1;
105 module_param_named(btcoex, modparam_btcoex, int, 0444);
106 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistence (default on)");
107
108 int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
109 module_param_named(verbose, b43_modparam_verbose, int, 0644);
110 MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
111
112 static int b43_modparam_pio = 0;
113 module_param_named(pio, b43_modparam_pio, int, 0644);
114 MODULE_PARM_DESC(pio, "Use PIO accesses by default: 0=DMA, 1=PIO");
115
116 static int modparam_allhwsupport = !IS_ENABLED(CONFIG_BRCMSMAC);
117 module_param_named(allhwsupport, modparam_allhwsupport, int, 0444);
118 MODULE_PARM_DESC(allhwsupport, "Enable support for all hardware (even it if overlaps with the brcmsmac driver)");
119
120 #ifdef CONFIG_B43_BCMA
121 static const struct bcma_device_id b43_bcma_tbl[] = {
122         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x11, BCMA_ANY_CLASS),
123         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x17, BCMA_ANY_CLASS),
124         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x18, BCMA_ANY_CLASS),
125         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1C, BCMA_ANY_CLASS),
126         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1D, BCMA_ANY_CLASS),
127         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1E, BCMA_ANY_CLASS),
128         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x28, BCMA_ANY_CLASS),
129         BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x2A, BCMA_ANY_CLASS),
130         {},
131 };
132 MODULE_DEVICE_TABLE(bcma, b43_bcma_tbl);
133 #endif
134
135 #ifdef CONFIG_B43_SSB
136 static const struct ssb_device_id b43_ssb_tbl[] = {
137         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
138         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
139         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
140         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
141         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
142         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
143         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 12),
144         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
145         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
146         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
147         {},
148 };
149 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
150 #endif
151
152 /* Channel and ratetables are shared for all devices.
153  * They can't be const, because ieee80211 puts some precalculated
154  * data in there. This data is the same for all devices, so we don't
155  * get concurrency issues */
156 #define RATETAB_ENT(_rateid, _flags) \
157         {                                                               \
158                 .bitrate        = B43_RATE_TO_BASE100KBPS(_rateid),     \
159                 .hw_value       = (_rateid),                            \
160                 .flags          = (_flags),                             \
161         }
162
163 /*
164  * NOTE: When changing this, sync with xmit.c's
165  *       b43_plcp_get_bitrate_idx_* functions!
166  */
167 static struct ieee80211_rate __b43_ratetable[] = {
168         RATETAB_ENT(B43_CCK_RATE_1MB, 0),
169         RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
170         RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
171         RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
172         RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
173         RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
174         RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
175         RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
176         RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
177         RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
178         RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
179         RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
180 };
181
182 #define b43_a_ratetable         (__b43_ratetable + 4)
183 #define b43_a_ratetable_size    8
184 #define b43_b_ratetable         (__b43_ratetable + 0)
185 #define b43_b_ratetable_size    4
186 #define b43_g_ratetable         (__b43_ratetable + 0)
187 #define b43_g_ratetable_size    12
188
189 #define CHAN2G(_channel, _freq, _flags) {                       \
190         .band                   = IEEE80211_BAND_2GHZ,          \
191         .center_freq            = (_freq),                      \
192         .hw_value               = (_channel),                   \
193         .flags                  = (_flags),                     \
194         .max_antenna_gain       = 0,                            \
195         .max_power              = 30,                           \
196 }
197 static struct ieee80211_channel b43_2ghz_chantable[] = {
198         CHAN2G(1, 2412, 0),
199         CHAN2G(2, 2417, 0),
200         CHAN2G(3, 2422, 0),
201         CHAN2G(4, 2427, 0),
202         CHAN2G(5, 2432, 0),
203         CHAN2G(6, 2437, 0),
204         CHAN2G(7, 2442, 0),
205         CHAN2G(8, 2447, 0),
206         CHAN2G(9, 2452, 0),
207         CHAN2G(10, 2457, 0),
208         CHAN2G(11, 2462, 0),
209         CHAN2G(12, 2467, 0),
210         CHAN2G(13, 2472, 0),
211         CHAN2G(14, 2484, 0),
212 };
213
214 /* No support for the last 3 channels (12, 13, 14) */
215 #define b43_2ghz_chantable_limited_size         11
216 #undef CHAN2G
217
218 #define CHAN4G(_channel, _flags) {                              \
219         .band                   = IEEE80211_BAND_5GHZ,          \
220         .center_freq            = 4000 + (5 * (_channel)),      \
221         .hw_value               = (_channel),                   \
222         .flags                  = (_flags),                     \
223         .max_antenna_gain       = 0,                            \
224         .max_power              = 30,                           \
225 }
226 #define CHAN5G(_channel, _flags) {                              \
227         .band                   = IEEE80211_BAND_5GHZ,          \
228         .center_freq            = 5000 + (5 * (_channel)),      \
229         .hw_value               = (_channel),                   \
230         .flags                  = (_flags),                     \
231         .max_antenna_gain       = 0,                            \
232         .max_power              = 30,                           \
233 }
234 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
235         CHAN4G(184, 0),         CHAN4G(186, 0),
236         CHAN4G(188, 0),         CHAN4G(190, 0),
237         CHAN4G(192, 0),         CHAN4G(194, 0),
238         CHAN4G(196, 0),         CHAN4G(198, 0),
239         CHAN4G(200, 0),         CHAN4G(202, 0),
240         CHAN4G(204, 0),         CHAN4G(206, 0),
241         CHAN4G(208, 0),         CHAN4G(210, 0),
242         CHAN4G(212, 0),         CHAN4G(214, 0),
243         CHAN4G(216, 0),         CHAN4G(218, 0),
244         CHAN4G(220, 0),         CHAN4G(222, 0),
245         CHAN4G(224, 0),         CHAN4G(226, 0),
246         CHAN4G(228, 0),
247         CHAN5G(32, 0),          CHAN5G(34, 0),
248         CHAN5G(36, 0),          CHAN5G(38, 0),
249         CHAN5G(40, 0),          CHAN5G(42, 0),
250         CHAN5G(44, 0),          CHAN5G(46, 0),
251         CHAN5G(48, 0),          CHAN5G(50, 0),
252         CHAN5G(52, 0),          CHAN5G(54, 0),
253         CHAN5G(56, 0),          CHAN5G(58, 0),
254         CHAN5G(60, 0),          CHAN5G(62, 0),
255         CHAN5G(64, 0),          CHAN5G(66, 0),
256         CHAN5G(68, 0),          CHAN5G(70, 0),
257         CHAN5G(72, 0),          CHAN5G(74, 0),
258         CHAN5G(76, 0),          CHAN5G(78, 0),
259         CHAN5G(80, 0),          CHAN5G(82, 0),
260         CHAN5G(84, 0),          CHAN5G(86, 0),
261         CHAN5G(88, 0),          CHAN5G(90, 0),
262         CHAN5G(92, 0),          CHAN5G(94, 0),
263         CHAN5G(96, 0),          CHAN5G(98, 0),
264         CHAN5G(100, 0),         CHAN5G(102, 0),
265         CHAN5G(104, 0),         CHAN5G(106, 0),
266         CHAN5G(108, 0),         CHAN5G(110, 0),
267         CHAN5G(112, 0),         CHAN5G(114, 0),
268         CHAN5G(116, 0),         CHAN5G(118, 0),
269         CHAN5G(120, 0),         CHAN5G(122, 0),
270         CHAN5G(124, 0),         CHAN5G(126, 0),
271         CHAN5G(128, 0),         CHAN5G(130, 0),
272         CHAN5G(132, 0),         CHAN5G(134, 0),
273         CHAN5G(136, 0),         CHAN5G(138, 0),
274         CHAN5G(140, 0),         CHAN5G(142, 0),
275         CHAN5G(144, 0),         CHAN5G(145, 0),
276         CHAN5G(146, 0),         CHAN5G(147, 0),
277         CHAN5G(148, 0),         CHAN5G(149, 0),
278         CHAN5G(150, 0),         CHAN5G(151, 0),
279         CHAN5G(152, 0),         CHAN5G(153, 0),
280         CHAN5G(154, 0),         CHAN5G(155, 0),
281         CHAN5G(156, 0),         CHAN5G(157, 0),
282         CHAN5G(158, 0),         CHAN5G(159, 0),
283         CHAN5G(160, 0),         CHAN5G(161, 0),
284         CHAN5G(162, 0),         CHAN5G(163, 0),
285         CHAN5G(164, 0),         CHAN5G(165, 0),
286         CHAN5G(166, 0),         CHAN5G(168, 0),
287         CHAN5G(170, 0),         CHAN5G(172, 0),
288         CHAN5G(174, 0),         CHAN5G(176, 0),
289         CHAN5G(178, 0),         CHAN5G(180, 0),
290         CHAN5G(182, 0),
291 };
292
293 static struct ieee80211_channel b43_5ghz_nphy_chantable_limited[] = {
294         CHAN5G(36, 0),          CHAN5G(40, 0),
295         CHAN5G(44, 0),          CHAN5G(48, 0),
296         CHAN5G(149, 0),         CHAN5G(153, 0),
297         CHAN5G(157, 0),         CHAN5G(161, 0),
298         CHAN5G(165, 0),
299 };
300
301 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
302         CHAN5G(34, 0),          CHAN5G(36, 0),
303         CHAN5G(38, 0),          CHAN5G(40, 0),
304         CHAN5G(42, 0),          CHAN5G(44, 0),
305         CHAN5G(46, 0),          CHAN5G(48, 0),
306         CHAN5G(52, 0),          CHAN5G(56, 0),
307         CHAN5G(60, 0),          CHAN5G(64, 0),
308         CHAN5G(100, 0),         CHAN5G(104, 0),
309         CHAN5G(108, 0),         CHAN5G(112, 0),
310         CHAN5G(116, 0),         CHAN5G(120, 0),
311         CHAN5G(124, 0),         CHAN5G(128, 0),
312         CHAN5G(132, 0),         CHAN5G(136, 0),
313         CHAN5G(140, 0),         CHAN5G(149, 0),
314         CHAN5G(153, 0),         CHAN5G(157, 0),
315         CHAN5G(161, 0),         CHAN5G(165, 0),
316         CHAN5G(184, 0),         CHAN5G(188, 0),
317         CHAN5G(192, 0),         CHAN5G(196, 0),
318         CHAN5G(200, 0),         CHAN5G(204, 0),
319         CHAN5G(208, 0),         CHAN5G(212, 0),
320         CHAN5G(216, 0),
321 };
322 #undef CHAN4G
323 #undef CHAN5G
324
325 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
326         .band           = IEEE80211_BAND_5GHZ,
327         .channels       = b43_5ghz_nphy_chantable,
328         .n_channels     = ARRAY_SIZE(b43_5ghz_nphy_chantable),
329         .bitrates       = b43_a_ratetable,
330         .n_bitrates     = b43_a_ratetable_size,
331 };
332
333 static struct ieee80211_supported_band b43_band_5GHz_nphy_limited = {
334         .band           = IEEE80211_BAND_5GHZ,
335         .channels       = b43_5ghz_nphy_chantable_limited,
336         .n_channels     = ARRAY_SIZE(b43_5ghz_nphy_chantable_limited),
337         .bitrates       = b43_a_ratetable,
338         .n_bitrates     = b43_a_ratetable_size,
339 };
340
341 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
342         .band           = IEEE80211_BAND_5GHZ,
343         .channels       = b43_5ghz_aphy_chantable,
344         .n_channels     = ARRAY_SIZE(b43_5ghz_aphy_chantable),
345         .bitrates       = b43_a_ratetable,
346         .n_bitrates     = b43_a_ratetable_size,
347 };
348
349 static struct ieee80211_supported_band b43_band_2GHz = {
350         .band           = IEEE80211_BAND_2GHZ,
351         .channels       = b43_2ghz_chantable,
352         .n_channels     = ARRAY_SIZE(b43_2ghz_chantable),
353         .bitrates       = b43_g_ratetable,
354         .n_bitrates     = b43_g_ratetable_size,
355 };
356
357 static struct ieee80211_supported_band b43_band_2ghz_limited = {
358         .band           = IEEE80211_BAND_2GHZ,
359         .channels       = b43_2ghz_chantable,
360         .n_channels     = b43_2ghz_chantable_limited_size,
361         .bitrates       = b43_g_ratetable,
362         .n_bitrates     = b43_g_ratetable_size,
363 };
364
365 static void b43_wireless_core_exit(struct b43_wldev *dev);
366 static int b43_wireless_core_init(struct b43_wldev *dev);
367 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev);
368 static int b43_wireless_core_start(struct b43_wldev *dev);
369 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
370                                     struct ieee80211_vif *vif,
371                                     struct ieee80211_bss_conf *conf,
372                                     u32 changed);
373
374 static int b43_ratelimit(struct b43_wl *wl)
375 {
376         if (!wl || !wl->current_dev)
377                 return 1;
378         if (b43_status(wl->current_dev) < B43_STAT_STARTED)
379                 return 1;
380         /* We are up and running.
381          * Ratelimit the messages to avoid DoS over the net. */
382         return net_ratelimit();
383 }
384
385 void b43info(struct b43_wl *wl, const char *fmt, ...)
386 {
387         struct va_format vaf;
388         va_list args;
389
390         if (b43_modparam_verbose < B43_VERBOSITY_INFO)
391                 return;
392         if (!b43_ratelimit(wl))
393                 return;
394
395         va_start(args, fmt);
396
397         vaf.fmt = fmt;
398         vaf.va = &args;
399
400         printk(KERN_INFO "b43-%s: %pV",
401                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
402
403         va_end(args);
404 }
405
406 void b43err(struct b43_wl *wl, const char *fmt, ...)
407 {
408         struct va_format vaf;
409         va_list args;
410
411         if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
412                 return;
413         if (!b43_ratelimit(wl))
414                 return;
415
416         va_start(args, fmt);
417
418         vaf.fmt = fmt;
419         vaf.va = &args;
420
421         printk(KERN_ERR "b43-%s ERROR: %pV",
422                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
423
424         va_end(args);
425 }
426
427 void b43warn(struct b43_wl *wl, const char *fmt, ...)
428 {
429         struct va_format vaf;
430         va_list args;
431
432         if (b43_modparam_verbose < B43_VERBOSITY_WARN)
433                 return;
434         if (!b43_ratelimit(wl))
435                 return;
436
437         va_start(args, fmt);
438
439         vaf.fmt = fmt;
440         vaf.va = &args;
441
442         printk(KERN_WARNING "b43-%s warning: %pV",
443                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
444
445         va_end(args);
446 }
447
448 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
449 {
450         struct va_format vaf;
451         va_list args;
452
453         if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
454                 return;
455
456         va_start(args, fmt);
457
458         vaf.fmt = fmt;
459         vaf.va = &args;
460
461         printk(KERN_DEBUG "b43-%s debug: %pV",
462                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
463
464         va_end(args);
465 }
466
467 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
468 {
469         u32 macctl;
470
471         B43_WARN_ON(offset % 4 != 0);
472
473         macctl = b43_read32(dev, B43_MMIO_MACCTL);
474         if (macctl & B43_MACCTL_BE)
475                 val = swab32(val);
476
477         b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
478         mmiowb();
479         b43_write32(dev, B43_MMIO_RAM_DATA, val);
480 }
481
482 static inline void b43_shm_control_word(struct b43_wldev *dev,
483                                         u16 routing, u16 offset)
484 {
485         u32 control;
486
487         /* "offset" is the WORD offset. */
488         control = routing;
489         control <<= 16;
490         control |= offset;
491         b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
492 }
493
494 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
495 {
496         u32 ret;
497
498         if (routing == B43_SHM_SHARED) {
499                 B43_WARN_ON(offset & 0x0001);
500                 if (offset & 0x0003) {
501                         /* Unaligned access */
502                         b43_shm_control_word(dev, routing, offset >> 2);
503                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
504                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
505                         ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
506
507                         goto out;
508                 }
509                 offset >>= 2;
510         }
511         b43_shm_control_word(dev, routing, offset);
512         ret = b43_read32(dev, B43_MMIO_SHM_DATA);
513 out:
514         return ret;
515 }
516
517 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
518 {
519         u16 ret;
520
521         if (routing == B43_SHM_SHARED) {
522                 B43_WARN_ON(offset & 0x0001);
523                 if (offset & 0x0003) {
524                         /* Unaligned access */
525                         b43_shm_control_word(dev, routing, offset >> 2);
526                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
527
528                         goto out;
529                 }
530                 offset >>= 2;
531         }
532         b43_shm_control_word(dev, routing, offset);
533         ret = b43_read16(dev, B43_MMIO_SHM_DATA);
534 out:
535         return ret;
536 }
537
538 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
539 {
540         if (routing == B43_SHM_SHARED) {
541                 B43_WARN_ON(offset & 0x0001);
542                 if (offset & 0x0003) {
543                         /* Unaligned access */
544                         b43_shm_control_word(dev, routing, offset >> 2);
545                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
546                                     value & 0xFFFF);
547                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
548                         b43_write16(dev, B43_MMIO_SHM_DATA,
549                                     (value >> 16) & 0xFFFF);
550                         return;
551                 }
552                 offset >>= 2;
553         }
554         b43_shm_control_word(dev, routing, offset);
555         b43_write32(dev, B43_MMIO_SHM_DATA, value);
556 }
557
558 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
559 {
560         if (routing == B43_SHM_SHARED) {
561                 B43_WARN_ON(offset & 0x0001);
562                 if (offset & 0x0003) {
563                         /* Unaligned access */
564                         b43_shm_control_word(dev, routing, offset >> 2);
565                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
566                         return;
567                 }
568                 offset >>= 2;
569         }
570         b43_shm_control_word(dev, routing, offset);
571         b43_write16(dev, B43_MMIO_SHM_DATA, value);
572 }
573
574 /* Read HostFlags */
575 u64 b43_hf_read(struct b43_wldev *dev)
576 {
577         u64 ret;
578
579         ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3);
580         ret <<= 16;
581         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2);
582         ret <<= 16;
583         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1);
584
585         return ret;
586 }
587
588 /* Write HostFlags */
589 void b43_hf_write(struct b43_wldev *dev, u64 value)
590 {
591         u16 lo, mi, hi;
592
593         lo = (value & 0x00000000FFFFULL);
594         mi = (value & 0x0000FFFF0000ULL) >> 16;
595         hi = (value & 0xFFFF00000000ULL) >> 32;
596         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1, lo);
597         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2, mi);
598         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3, hi);
599 }
600
601 /* Read the firmware capabilities bitmask (Opensource firmware only) */
602 static u16 b43_fwcapa_read(struct b43_wldev *dev)
603 {
604         B43_WARN_ON(!dev->fw.opensource);
605         return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
606 }
607
608 void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
609 {
610         u32 low, high;
611
612         B43_WARN_ON(dev->dev->core_rev < 3);
613
614         /* The hardware guarantees us an atomic read, if we
615          * read the low register first. */
616         low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
617         high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
618
619         *tsf = high;
620         *tsf <<= 32;
621         *tsf |= low;
622 }
623
624 static void b43_time_lock(struct b43_wldev *dev)
625 {
626         b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_TBTTHOLD);
627         /* Commit the write */
628         b43_read32(dev, B43_MMIO_MACCTL);
629 }
630
631 static void b43_time_unlock(struct b43_wldev *dev)
632 {
633         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_TBTTHOLD, 0);
634         /* Commit the write */
635         b43_read32(dev, B43_MMIO_MACCTL);
636 }
637
638 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
639 {
640         u32 low, high;
641
642         B43_WARN_ON(dev->dev->core_rev < 3);
643
644         low = tsf;
645         high = (tsf >> 32);
646         /* The hardware guarantees us an atomic write, if we
647          * write the low register first. */
648         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
649         mmiowb();
650         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
651         mmiowb();
652 }
653
654 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
655 {
656         b43_time_lock(dev);
657         b43_tsf_write_locked(dev, tsf);
658         b43_time_unlock(dev);
659 }
660
661 static
662 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
663 {
664         static const u8 zero_addr[ETH_ALEN] = { 0 };
665         u16 data;
666
667         if (!mac)
668                 mac = zero_addr;
669
670         offset |= 0x0020;
671         b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
672
673         data = mac[0];
674         data |= mac[1] << 8;
675         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
676         data = mac[2];
677         data |= mac[3] << 8;
678         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
679         data = mac[4];
680         data |= mac[5] << 8;
681         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
682 }
683
684 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
685 {
686         const u8 *mac;
687         const u8 *bssid;
688         u8 mac_bssid[ETH_ALEN * 2];
689         int i;
690         u32 tmp;
691
692         bssid = dev->wl->bssid;
693         mac = dev->wl->mac_addr;
694
695         b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
696
697         memcpy(mac_bssid, mac, ETH_ALEN);
698         memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
699
700         /* Write our MAC address and BSSID to template ram */
701         for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
702                 tmp = (u32) (mac_bssid[i + 0]);
703                 tmp |= (u32) (mac_bssid[i + 1]) << 8;
704                 tmp |= (u32) (mac_bssid[i + 2]) << 16;
705                 tmp |= (u32) (mac_bssid[i + 3]) << 24;
706                 b43_ram_write(dev, 0x20 + i, tmp);
707         }
708 }
709
710 static void b43_upload_card_macaddress(struct b43_wldev *dev)
711 {
712         b43_write_mac_bssid_templates(dev);
713         b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
714 }
715
716 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
717 {
718         /* slot_time is in usec. */
719         /* This test used to exit for all but a G PHY. */
720         if (b43_current_band(dev->wl) == IEEE80211_BAND_5GHZ)
721                 return;
722         b43_write16(dev, B43_MMIO_IFSSLOT, 510 + slot_time);
723         /* Shared memory location 0x0010 is the slot time and should be
724          * set to slot_time; however, this register is initially 0 and changing
725          * the value adversely affects the transmit rate for BCM4311
726          * devices. Until this behavior is unterstood, delete this step
727          *
728          * b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
729          */
730 }
731
732 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
733 {
734         b43_set_slot_time(dev, 9);
735 }
736
737 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
738 {
739         b43_set_slot_time(dev, 20);
740 }
741
742 /* DummyTransmission function, as documented on
743  * http://bcm-v4.sipsolutions.net/802.11/DummyTransmission
744  */
745 void b43_dummy_transmission(struct b43_wldev *dev, bool ofdm, bool pa_on)
746 {
747         struct b43_phy *phy = &dev->phy;
748         unsigned int i, max_loop;
749         u16 value;
750         u32 buffer[5] = {
751                 0x00000000,
752                 0x00D40000,
753                 0x00000000,
754                 0x01000000,
755                 0x00000000,
756         };
757
758         if (ofdm) {
759                 max_loop = 0x1E;
760                 buffer[0] = 0x000201CC;
761         } else {
762                 max_loop = 0xFA;
763                 buffer[0] = 0x000B846E;
764         }
765
766         for (i = 0; i < 5; i++)
767                 b43_ram_write(dev, i * 4, buffer[i]);
768
769         b43_write16(dev, B43_MMIO_XMTSEL, 0x0000);
770
771         if (dev->dev->core_rev < 11)
772                 b43_write16(dev, B43_MMIO_WEPCTL, 0x0000);
773         else
774                 b43_write16(dev, B43_MMIO_WEPCTL, 0x0100);
775
776         value = (ofdm ? 0x41 : 0x40);
777         b43_write16(dev, B43_MMIO_TXE0_PHYCTL, value);
778         if (phy->type == B43_PHYTYPE_N || phy->type == B43_PHYTYPE_LP ||
779             phy->type == B43_PHYTYPE_LCN)
780                 b43_write16(dev, B43_MMIO_TXE0_PHYCTL1, 0x1A02);
781
782         b43_write16(dev, B43_MMIO_TXE0_WM_0, 0x0000);
783         b43_write16(dev, B43_MMIO_TXE0_WM_1, 0x0000);
784
785         b43_write16(dev, B43_MMIO_XMTTPLATETXPTR, 0x0000);
786         b43_write16(dev, B43_MMIO_XMTTXCNT, 0x0014);
787         b43_write16(dev, B43_MMIO_XMTSEL, 0x0826);
788         b43_write16(dev, B43_MMIO_TXE0_CTL, 0x0000);
789
790         if (!pa_on && phy->type == B43_PHYTYPE_N)
791                 ; /*b43_nphy_pa_override(dev, false) */
792
793         switch (phy->type) {
794         case B43_PHYTYPE_N:
795         case B43_PHYTYPE_LCN:
796                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x00D0);
797                 break;
798         case B43_PHYTYPE_LP:
799                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0050);
800                 break;
801         default:
802                 b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0030);
803         }
804         b43_read16(dev, B43_MMIO_TXE0_AUX);
805
806         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
807                 b43_radio_write16(dev, 0x0051, 0x0017);
808         for (i = 0x00; i < max_loop; i++) {
809                 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
810                 if (value & 0x0080)
811                         break;
812                 udelay(10);
813         }
814         for (i = 0x00; i < 0x0A; i++) {
815                 value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
816                 if (value & 0x0400)
817                         break;
818                 udelay(10);
819         }
820         for (i = 0x00; i < 0x19; i++) {
821                 value = b43_read16(dev, B43_MMIO_IFSSTAT);
822                 if (!(value & 0x0100))
823                         break;
824                 udelay(10);
825         }
826         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
827                 b43_radio_write16(dev, 0x0051, 0x0037);
828 }
829
830 static void key_write(struct b43_wldev *dev,
831                       u8 index, u8 algorithm, const u8 *key)
832 {
833         unsigned int i;
834         u32 offset;
835         u16 value;
836         u16 kidx;
837
838         /* Key index/algo block */
839         kidx = b43_kidx_to_fw(dev, index);
840         value = ((kidx << 4) | algorithm);
841         b43_shm_write16(dev, B43_SHM_SHARED,
842                         B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
843
844         /* Write the key to the Key Table Pointer offset */
845         offset = dev->ktp + (index * B43_SEC_KEYSIZE);
846         for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
847                 value = key[i];
848                 value |= (u16) (key[i + 1]) << 8;
849                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
850         }
851 }
852
853 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
854 {
855         u32 addrtmp[2] = { 0, 0, };
856         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
857
858         if (b43_new_kidx_api(dev))
859                 pairwise_keys_start = B43_NR_GROUP_KEYS;
860
861         B43_WARN_ON(index < pairwise_keys_start);
862         /* We have four default TX keys and possibly four default RX keys.
863          * Physical mac 0 is mapped to physical key 4 or 8, depending
864          * on the firmware version.
865          * So we must adjust the index here.
866          */
867         index -= pairwise_keys_start;
868         B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
869
870         if (addr) {
871                 addrtmp[0] = addr[0];
872                 addrtmp[0] |= ((u32) (addr[1]) << 8);
873                 addrtmp[0] |= ((u32) (addr[2]) << 16);
874                 addrtmp[0] |= ((u32) (addr[3]) << 24);
875                 addrtmp[1] = addr[4];
876                 addrtmp[1] |= ((u32) (addr[5]) << 8);
877         }
878
879         /* Receive match transmitter address (RCMTA) mechanism */
880         b43_shm_write32(dev, B43_SHM_RCMTA,
881                         (index * 2) + 0, addrtmp[0]);
882         b43_shm_write16(dev, B43_SHM_RCMTA,
883                         (index * 2) + 1, addrtmp[1]);
884 }
885
886 /* The ucode will use phase1 key with TEK key to decrypt rx packets.
887  * When a packet is received, the iv32 is checked.
888  * - if it doesn't the packet is returned without modification (and software
889  *   decryption can be done). That's what happen when iv16 wrap.
890  * - if it does, the rc4 key is computed, and decryption is tried.
891  *   Either it will success and B43_RX_MAC_DEC is returned,
892  *   either it fails and B43_RX_MAC_DEC|B43_RX_MAC_DECERR is returned
893  *   and the packet is not usable (it got modified by the ucode).
894  * So in order to never have B43_RX_MAC_DECERR, we should provide
895  * a iv32 and phase1key that match. Because we drop packets in case of
896  * B43_RX_MAC_DECERR, if we have a correct iv32 but a wrong phase1key, all
897  * packets will be lost without higher layer knowing (ie no resync possible
898  * until next wrap).
899  *
900  * NOTE : this should support 50 key like RCMTA because
901  * (B43_SHM_SH_KEYIDXBLOCK - B43_SHM_SH_TKIPTSCTTAK)/14 = 50
902  */
903 static void rx_tkip_phase1_write(struct b43_wldev *dev, u8 index, u32 iv32,
904                 u16 *phase1key)
905 {
906         unsigned int i;
907         u32 offset;
908         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
909
910         if (!modparam_hwtkip)
911                 return;
912
913         if (b43_new_kidx_api(dev))
914                 pairwise_keys_start = B43_NR_GROUP_KEYS;
915
916         B43_WARN_ON(index < pairwise_keys_start);
917         /* We have four default TX keys and possibly four default RX keys.
918          * Physical mac 0 is mapped to physical key 4 or 8, depending
919          * on the firmware version.
920          * So we must adjust the index here.
921          */
922         index -= pairwise_keys_start;
923         B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
924
925         if (b43_debug(dev, B43_DBG_KEYS)) {
926                 b43dbg(dev->wl, "rx_tkip_phase1_write : idx 0x%x, iv32 0x%x\n",
927                                 index, iv32);
928         }
929         /* Write the key to the  RX tkip shared mem */
930         offset = B43_SHM_SH_TKIPTSCTTAK + index * (10 + 4);
931         for (i = 0; i < 10; i += 2) {
932                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i,
933                                 phase1key ? phase1key[i / 2] : 0);
934         }
935         b43_shm_write16(dev, B43_SHM_SHARED, offset + i, iv32);
936         b43_shm_write16(dev, B43_SHM_SHARED, offset + i + 2, iv32 >> 16);
937 }
938
939 static void b43_op_update_tkip_key(struct ieee80211_hw *hw,
940                                    struct ieee80211_vif *vif,
941                                    struct ieee80211_key_conf *keyconf,
942                                    struct ieee80211_sta *sta,
943                                    u32 iv32, u16 *phase1key)
944 {
945         struct b43_wl *wl = hw_to_b43_wl(hw);
946         struct b43_wldev *dev;
947         int index = keyconf->hw_key_idx;
948
949         if (B43_WARN_ON(!modparam_hwtkip))
950                 return;
951
952         /* This is only called from the RX path through mac80211, where
953          * our mutex is already locked. */
954         B43_WARN_ON(!mutex_is_locked(&wl->mutex));
955         dev = wl->current_dev;
956         B43_WARN_ON(!dev || b43_status(dev) < B43_STAT_INITIALIZED);
957
958         keymac_write(dev, index, NULL); /* First zero out mac to avoid race */
959
960         rx_tkip_phase1_write(dev, index, iv32, phase1key);
961         /* only pairwise TKIP keys are supported right now */
962         if (WARN_ON(!sta))
963                 return;
964         keymac_write(dev, index, sta->addr);
965 }
966
967 static void do_key_write(struct b43_wldev *dev,
968                          u8 index, u8 algorithm,
969                          const u8 *key, size_t key_len, const u8 *mac_addr)
970 {
971         u8 buf[B43_SEC_KEYSIZE] = { 0, };
972         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
973
974         if (b43_new_kidx_api(dev))
975                 pairwise_keys_start = B43_NR_GROUP_KEYS;
976
977         B43_WARN_ON(index >= ARRAY_SIZE(dev->key));
978         B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
979
980         if (index >= pairwise_keys_start)
981                 keymac_write(dev, index, NULL); /* First zero out mac. */
982         if (algorithm == B43_SEC_ALGO_TKIP) {
983                 /*
984                  * We should provide an initial iv32, phase1key pair.
985                  * We could start with iv32=0 and compute the corresponding
986                  * phase1key, but this means calling ieee80211_get_tkip_key
987                  * with a fake skb (or export other tkip function).
988                  * Because we are lazy we hope iv32 won't start with
989                  * 0xffffffff and let's b43_op_update_tkip_key provide a
990                  * correct pair.
991                  */
992                 rx_tkip_phase1_write(dev, index, 0xffffffff, (u16*)buf);
993         } else if (index >= pairwise_keys_start) /* clear it */
994                 rx_tkip_phase1_write(dev, index, 0, NULL);
995         if (key)
996                 memcpy(buf, key, key_len);
997         key_write(dev, index, algorithm, buf);
998         if (index >= pairwise_keys_start)
999                 keymac_write(dev, index, mac_addr);
1000
1001         dev->key[index].algorithm = algorithm;
1002 }
1003
1004 static int b43_key_write(struct b43_wldev *dev,
1005                          int index, u8 algorithm,
1006                          const u8 *key, size_t key_len,
1007                          const u8 *mac_addr,
1008                          struct ieee80211_key_conf *keyconf)
1009 {
1010         int i;
1011         int pairwise_keys_start;
1012
1013         /* For ALG_TKIP the key is encoded as a 256-bit (32 byte) data block:
1014          *      - Temporal Encryption Key (128 bits)
1015          *      - Temporal Authenticator Tx MIC Key (64 bits)
1016          *      - Temporal Authenticator Rx MIC Key (64 bits)
1017          *
1018          *      Hardware only store TEK
1019          */
1020         if (algorithm == B43_SEC_ALGO_TKIP && key_len == 32)
1021                 key_len = 16;
1022         if (key_len > B43_SEC_KEYSIZE)
1023                 return -EINVAL;
1024         for (i = 0; i < ARRAY_SIZE(dev->key); i++) {
1025                 /* Check that we don't already have this key. */
1026                 B43_WARN_ON(dev->key[i].keyconf == keyconf);
1027         }
1028         if (index < 0) {
1029                 /* Pairwise key. Get an empty slot for the key. */
1030                 if (b43_new_kidx_api(dev))
1031                         pairwise_keys_start = B43_NR_GROUP_KEYS;
1032                 else
1033                         pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1034                 for (i = pairwise_keys_start;
1035                      i < pairwise_keys_start + B43_NR_PAIRWISE_KEYS;
1036                      i++) {
1037                         B43_WARN_ON(i >= ARRAY_SIZE(dev->key));
1038                         if (!dev->key[i].keyconf) {
1039                                 /* found empty */
1040                                 index = i;
1041                                 break;
1042                         }
1043                 }
1044                 if (index < 0) {
1045                         b43warn(dev->wl, "Out of hardware key memory\n");
1046                         return -ENOSPC;
1047                 }
1048         } else
1049                 B43_WARN_ON(index > 3);
1050
1051         do_key_write(dev, index, algorithm, key, key_len, mac_addr);
1052         if ((index <= 3) && !b43_new_kidx_api(dev)) {
1053                 /* Default RX key */
1054                 B43_WARN_ON(mac_addr);
1055                 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
1056         }
1057         keyconf->hw_key_idx = index;
1058         dev->key[index].keyconf = keyconf;
1059
1060         return 0;
1061 }
1062
1063 static int b43_key_clear(struct b43_wldev *dev, int index)
1064 {
1065         if (B43_WARN_ON((index < 0) || (index >= ARRAY_SIZE(dev->key))))
1066                 return -EINVAL;
1067         do_key_write(dev, index, B43_SEC_ALGO_NONE,
1068                      NULL, B43_SEC_KEYSIZE, NULL);
1069         if ((index <= 3) && !b43_new_kidx_api(dev)) {
1070                 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
1071                              NULL, B43_SEC_KEYSIZE, NULL);
1072         }
1073         dev->key[index].keyconf = NULL;
1074
1075         return 0;
1076 }
1077
1078 static void b43_clear_keys(struct b43_wldev *dev)
1079 {
1080         int i, count;
1081
1082         if (b43_new_kidx_api(dev))
1083                 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1084         else
1085                 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1086         for (i = 0; i < count; i++)
1087                 b43_key_clear(dev, i);
1088 }
1089
1090 static void b43_dump_keymemory(struct b43_wldev *dev)
1091 {
1092         unsigned int i, index, count, offset, pairwise_keys_start;
1093         u8 mac[ETH_ALEN];
1094         u16 algo;
1095         u32 rcmta0;
1096         u16 rcmta1;
1097         u64 hf;
1098         struct b43_key *key;
1099
1100         if (!b43_debug(dev, B43_DBG_KEYS))
1101                 return;
1102
1103         hf = b43_hf_read(dev);
1104         b43dbg(dev->wl, "Hardware key memory dump:  USEDEFKEYS=%u\n",
1105                !!(hf & B43_HF_USEDEFKEYS));
1106         if (b43_new_kidx_api(dev)) {
1107                 pairwise_keys_start = B43_NR_GROUP_KEYS;
1108                 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1109         } else {
1110                 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1111                 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1112         }
1113         for (index = 0; index < count; index++) {
1114                 key = &(dev->key[index]);
1115                 printk(KERN_DEBUG "Key slot %02u: %s",
1116                        index, (key->keyconf == NULL) ? " " : "*");
1117                 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
1118                 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
1119                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1120                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1121                 }
1122
1123                 algo = b43_shm_read16(dev, B43_SHM_SHARED,
1124                                       B43_SHM_SH_KEYIDXBLOCK + (index * 2));
1125                 printk("   Algo: %04X/%02X", algo, key->algorithm);
1126
1127                 if (index >= pairwise_keys_start) {
1128                         if (key->algorithm == B43_SEC_ALGO_TKIP) {
1129                                 printk("   TKIP: ");
1130                                 offset = B43_SHM_SH_TKIPTSCTTAK + (index - 4) * (10 + 4);
1131                                 for (i = 0; i < 14; i += 2) {
1132                                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1133                                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1134                                 }
1135                         }
1136                         rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
1137                                                 ((index - pairwise_keys_start) * 2) + 0);
1138                         rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
1139                                                 ((index - pairwise_keys_start) * 2) + 1);
1140                         *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
1141                         *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
1142                         printk("   MAC: %pM", mac);
1143                 } else
1144                         printk("   DEFAULT KEY");
1145                 printk("\n");
1146         }
1147 }
1148
1149 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1150 {
1151         u32 macctl;
1152         u16 ucstat;
1153         bool hwps;
1154         bool awake;
1155         int i;
1156
1157         B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1158                     (ps_flags & B43_PS_DISABLED));
1159         B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1160
1161         if (ps_flags & B43_PS_ENABLED) {
1162                 hwps = true;
1163         } else if (ps_flags & B43_PS_DISABLED) {
1164                 hwps = false;
1165         } else {
1166                 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1167                 //      and thus is not an AP and we are associated, set bit 25
1168         }
1169         if (ps_flags & B43_PS_AWAKE) {
1170                 awake = true;
1171         } else if (ps_flags & B43_PS_ASLEEP) {
1172                 awake = false;
1173         } else {
1174                 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1175                 //      or we are associated, or FIXME, or the latest PS-Poll packet sent was
1176                 //      successful, set bit26
1177         }
1178
1179 /* FIXME: For now we force awake-on and hwps-off */
1180         hwps = false;
1181         awake = true;
1182
1183         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1184         if (hwps)
1185                 macctl |= B43_MACCTL_HWPS;
1186         else
1187                 macctl &= ~B43_MACCTL_HWPS;
1188         if (awake)
1189                 macctl |= B43_MACCTL_AWAKE;
1190         else
1191                 macctl &= ~B43_MACCTL_AWAKE;
1192         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1193         /* Commit write */
1194         b43_read32(dev, B43_MMIO_MACCTL);
1195         if (awake && dev->dev->core_rev >= 5) {
1196                 /* Wait for the microcode to wake up. */
1197                 for (i = 0; i < 100; i++) {
1198                         ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1199                                                 B43_SHM_SH_UCODESTAT);
1200                         if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1201                                 break;
1202                         udelay(10);
1203                 }
1204         }
1205 }
1206
1207 /* http://bcm-v4.sipsolutions.net/802.11/PHY/BmacCorePllReset */
1208 void b43_wireless_core_phy_pll_reset(struct b43_wldev *dev)
1209 {
1210         struct bcma_drv_cc *bcma_cc __maybe_unused;
1211         struct ssb_chipcommon *ssb_cc __maybe_unused;
1212
1213         switch (dev->dev->bus_type) {
1214 #ifdef CONFIG_B43_BCMA
1215         case B43_BUS_BCMA:
1216                 bcma_cc = &dev->dev->bdev->bus->drv_cc;
1217
1218                 bcma_cc_write32(bcma_cc, BCMA_CC_CHIPCTL_ADDR, 0);
1219                 bcma_cc_mask32(bcma_cc, BCMA_CC_CHIPCTL_DATA, ~0x4);
1220                 bcma_cc_set32(bcma_cc, BCMA_CC_CHIPCTL_DATA, 0x4);
1221                 bcma_cc_mask32(bcma_cc, BCMA_CC_CHIPCTL_DATA, ~0x4);
1222                 break;
1223 #endif
1224 #ifdef CONFIG_B43_SSB
1225         case B43_BUS_SSB:
1226                 ssb_cc = &dev->dev->sdev->bus->chipco;
1227
1228                 chipco_write32(ssb_cc, SSB_CHIPCO_CHIPCTL_ADDR, 0);
1229                 chipco_mask32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, ~0x4);
1230                 chipco_set32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, 0x4);
1231                 chipco_mask32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, ~0x4);
1232                 break;
1233 #endif
1234         }
1235 }
1236
1237 #ifdef CONFIG_B43_BCMA
1238 static void b43_bcma_phy_reset(struct b43_wldev *dev)
1239 {
1240         u32 flags;
1241
1242         /* Put PHY into reset */
1243         flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1244         flags |= B43_BCMA_IOCTL_PHY_RESET;
1245         flags |= B43_BCMA_IOCTL_PHY_BW_20MHZ; /* Make 20 MHz def */
1246         bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1247         udelay(2);
1248
1249         b43_phy_take_out_of_reset(dev);
1250 }
1251
1252 static void b43_bcma_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1253 {
1254         u32 req = B43_BCMA_CLKCTLST_80211_PLL_REQ |
1255                   B43_BCMA_CLKCTLST_PHY_PLL_REQ;
1256         u32 status = B43_BCMA_CLKCTLST_80211_PLL_ST |
1257                      B43_BCMA_CLKCTLST_PHY_PLL_ST;
1258         u32 flags;
1259
1260         flags = B43_BCMA_IOCTL_PHY_CLKEN;
1261         if (gmode)
1262                 flags |= B43_BCMA_IOCTL_GMODE;
1263         b43_device_enable(dev, flags);
1264
1265         if (dev->phy.type == B43_PHYTYPE_AC) {
1266                 u16 tmp;
1267
1268                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1269                 tmp &= ~B43_BCMA_IOCTL_DAC;
1270                 tmp |= 0x100;
1271                 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1272
1273                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1274                 tmp &= ~B43_BCMA_IOCTL_PHY_CLKEN;
1275                 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1276
1277                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1278                 tmp |= B43_BCMA_IOCTL_PHY_CLKEN;
1279                 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1280         }
1281
1282         bcma_core_set_clockmode(dev->dev->bdev, BCMA_CLKMODE_FAST);
1283         b43_bcma_phy_reset(dev);
1284         bcma_core_pll_ctl(dev->dev->bdev, req, status, true);
1285 }
1286 #endif
1287
1288 #ifdef CONFIG_B43_SSB
1289 static void b43_ssb_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1290 {
1291         u32 flags = 0;
1292
1293         if (gmode)
1294                 flags |= B43_TMSLOW_GMODE;
1295         flags |= B43_TMSLOW_PHYCLKEN;
1296         flags |= B43_TMSLOW_PHYRESET;
1297         if (dev->phy.type == B43_PHYTYPE_N)
1298                 flags |= B43_TMSLOW_PHY_BANDWIDTH_20MHZ; /* Make 20 MHz def */
1299         b43_device_enable(dev, flags);
1300         msleep(2);              /* Wait for the PLL to turn on. */
1301
1302         b43_phy_take_out_of_reset(dev);
1303 }
1304 #endif
1305
1306 void b43_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1307 {
1308         u32 macctl;
1309
1310         switch (dev->dev->bus_type) {
1311 #ifdef CONFIG_B43_BCMA
1312         case B43_BUS_BCMA:
1313                 b43_bcma_wireless_core_reset(dev, gmode);
1314                 break;
1315 #endif
1316 #ifdef CONFIG_B43_SSB
1317         case B43_BUS_SSB:
1318                 b43_ssb_wireless_core_reset(dev, gmode);
1319                 break;
1320 #endif
1321         }
1322
1323         /* Turn Analog ON, but only if we already know the PHY-type.
1324          * This protects against very early setup where we don't know the
1325          * PHY-type, yet. wireless_core_reset will be called once again later,
1326          * when we know the PHY-type. */
1327         if (dev->phy.ops)
1328                 dev->phy.ops->switch_analog(dev, 1);
1329
1330         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1331         macctl &= ~B43_MACCTL_GMODE;
1332         if (gmode)
1333                 macctl |= B43_MACCTL_GMODE;
1334         macctl |= B43_MACCTL_IHR_ENABLED;
1335         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1336 }
1337
1338 static void handle_irq_transmit_status(struct b43_wldev *dev)
1339 {
1340         u32 v0, v1;
1341         u16 tmp;
1342         struct b43_txstatus stat;
1343
1344         while (1) {
1345                 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1346                 if (!(v0 & 0x00000001))
1347                         break;
1348                 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1349
1350                 stat.cookie = (v0 >> 16);
1351                 stat.seq = (v1 & 0x0000FFFF);
1352                 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1353                 tmp = (v0 & 0x0000FFFF);
1354                 stat.frame_count = ((tmp & 0xF000) >> 12);
1355                 stat.rts_count = ((tmp & 0x0F00) >> 8);
1356                 stat.supp_reason = ((tmp & 0x001C) >> 2);
1357                 stat.pm_indicated = !!(tmp & 0x0080);
1358                 stat.intermediate = !!(tmp & 0x0040);
1359                 stat.for_ampdu = !!(tmp & 0x0020);
1360                 stat.acked = !!(tmp & 0x0002);
1361
1362                 b43_handle_txstatus(dev, &stat);
1363         }
1364 }
1365
1366 static void drain_txstatus_queue(struct b43_wldev *dev)
1367 {
1368         u32 dummy;
1369
1370         if (dev->dev->core_rev < 5)
1371                 return;
1372         /* Read all entries from the microcode TXstatus FIFO
1373          * and throw them away.
1374          */
1375         while (1) {
1376                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1377                 if (!(dummy & 0x00000001))
1378                         break;
1379                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1380         }
1381 }
1382
1383 static u32 b43_jssi_read(struct b43_wldev *dev)
1384 {
1385         u32 val = 0;
1386
1387         val = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1);
1388         val <<= 16;
1389         val |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0);
1390
1391         return val;
1392 }
1393
1394 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1395 {
1396         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0,
1397                         (jssi & 0x0000FFFF));
1398         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1,
1399                         (jssi & 0xFFFF0000) >> 16);
1400 }
1401
1402 static void b43_generate_noise_sample(struct b43_wldev *dev)
1403 {
1404         b43_jssi_write(dev, 0x7F7F7F7F);
1405         b43_write32(dev, B43_MMIO_MACCMD,
1406                     b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1407 }
1408
1409 static void b43_calculate_link_quality(struct b43_wldev *dev)
1410 {
1411         /* Top half of Link Quality calculation. */
1412
1413         if (dev->phy.type != B43_PHYTYPE_G)
1414                 return;
1415         if (dev->noisecalc.calculation_running)
1416                 return;
1417         dev->noisecalc.calculation_running = true;
1418         dev->noisecalc.nr_samples = 0;
1419
1420         b43_generate_noise_sample(dev);
1421 }
1422
1423 static void handle_irq_noise(struct b43_wldev *dev)
1424 {
1425         struct b43_phy_g *phy = dev->phy.g;
1426         u16 tmp;
1427         u8 noise[4];
1428         u8 i, j;
1429         s32 average;
1430
1431         /* Bottom half of Link Quality calculation. */
1432
1433         if (dev->phy.type != B43_PHYTYPE_G)
1434                 return;
1435
1436         /* Possible race condition: It might be possible that the user
1437          * changed to a different channel in the meantime since we
1438          * started the calculation. We ignore that fact, since it's
1439          * not really that much of a problem. The background noise is
1440          * an estimation only anyway. Slightly wrong results will get damped
1441          * by the averaging of the 8 sample rounds. Additionally the
1442          * value is shortlived. So it will be replaced by the next noise
1443          * calculation round soon. */
1444
1445         B43_WARN_ON(!dev->noisecalc.calculation_running);
1446         *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1447         if (noise[0] == 0x7F || noise[1] == 0x7F ||
1448             noise[2] == 0x7F || noise[3] == 0x7F)
1449                 goto generate_new;
1450
1451         /* Get the noise samples. */
1452         B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1453         i = dev->noisecalc.nr_samples;
1454         noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1455         noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1456         noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1457         noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1458         dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1459         dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1460         dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1461         dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1462         dev->noisecalc.nr_samples++;
1463         if (dev->noisecalc.nr_samples == 8) {
1464                 /* Calculate the Link Quality by the noise samples. */
1465                 average = 0;
1466                 for (i = 0; i < 8; i++) {
1467                         for (j = 0; j < 4; j++)
1468                                 average += dev->noisecalc.samples[i][j];
1469                 }
1470                 average /= (8 * 4);
1471                 average *= 125;
1472                 average += 64;
1473                 average /= 128;
1474                 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1475                 tmp = (tmp / 128) & 0x1F;
1476                 if (tmp >= 8)
1477                         average += 2;
1478                 else
1479                         average -= 25;
1480                 if (tmp == 8)
1481                         average -= 72;
1482                 else
1483                         average -= 48;
1484
1485                 dev->stats.link_noise = average;
1486                 dev->noisecalc.calculation_running = false;
1487                 return;
1488         }
1489 generate_new:
1490         b43_generate_noise_sample(dev);
1491 }
1492
1493 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1494 {
1495         if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1496                 ///TODO: PS TBTT
1497         } else {
1498                 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1499                         b43_power_saving_ctl_bits(dev, 0);
1500         }
1501         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1502                 dev->dfq_valid = true;
1503 }
1504
1505 static void handle_irq_atim_end(struct b43_wldev *dev)
1506 {
1507         if (dev->dfq_valid) {
1508                 b43_write32(dev, B43_MMIO_MACCMD,
1509                             b43_read32(dev, B43_MMIO_MACCMD)
1510                             | B43_MACCMD_DFQ_VALID);
1511                 dev->dfq_valid = false;
1512         }
1513 }
1514
1515 static void handle_irq_pmq(struct b43_wldev *dev)
1516 {
1517         u32 tmp;
1518
1519         //TODO: AP mode.
1520
1521         while (1) {
1522                 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1523                 if (!(tmp & 0x00000008))
1524                         break;
1525         }
1526         /* 16bit write is odd, but correct. */
1527         b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1528 }
1529
1530 static void b43_write_template_common(struct b43_wldev *dev,
1531                                       const u8 *data, u16 size,
1532                                       u16 ram_offset,
1533                                       u16 shm_size_offset, u8 rate)
1534 {
1535         u32 i, tmp;
1536         struct b43_plcp_hdr4 plcp;
1537
1538         plcp.data = 0;
1539         b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1540         b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1541         ram_offset += sizeof(u32);
1542         /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1543          * So leave the first two bytes of the next write blank.
1544          */
1545         tmp = (u32) (data[0]) << 16;
1546         tmp |= (u32) (data[1]) << 24;
1547         b43_ram_write(dev, ram_offset, tmp);
1548         ram_offset += sizeof(u32);
1549         for (i = 2; i < size; i += sizeof(u32)) {
1550                 tmp = (u32) (data[i + 0]);
1551                 if (i + 1 < size)
1552                         tmp |= (u32) (data[i + 1]) << 8;
1553                 if (i + 2 < size)
1554                         tmp |= (u32) (data[i + 2]) << 16;
1555                 if (i + 3 < size)
1556                         tmp |= (u32) (data[i + 3]) << 24;
1557                 b43_ram_write(dev, ram_offset + i - 2, tmp);
1558         }
1559         b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1560                         size + sizeof(struct b43_plcp_hdr6));
1561 }
1562
1563 /* Check if the use of the antenna that ieee80211 told us to
1564  * use is possible. This will fall back to DEFAULT.
1565  * "antenna_nr" is the antenna identifier we got from ieee80211. */
1566 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1567                                   u8 antenna_nr)
1568 {
1569         u8 antenna_mask;
1570
1571         if (antenna_nr == 0) {
1572                 /* Zero means "use default antenna". That's always OK. */
1573                 return 0;
1574         }
1575
1576         /* Get the mask of available antennas. */
1577         if (dev->phy.gmode)
1578                 antenna_mask = dev->dev->bus_sprom->ant_available_bg;
1579         else
1580                 antenna_mask = dev->dev->bus_sprom->ant_available_a;
1581
1582         if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1583                 /* This antenna is not available. Fall back to default. */
1584                 return 0;
1585         }
1586
1587         return antenna_nr;
1588 }
1589
1590 /* Convert a b43 antenna number value to the PHY TX control value. */
1591 static u16 b43_antenna_to_phyctl(int antenna)
1592 {
1593         switch (antenna) {
1594         case B43_ANTENNA0:
1595                 return B43_TXH_PHY_ANT0;
1596         case B43_ANTENNA1:
1597                 return B43_TXH_PHY_ANT1;
1598         case B43_ANTENNA2:
1599                 return B43_TXH_PHY_ANT2;
1600         case B43_ANTENNA3:
1601                 return B43_TXH_PHY_ANT3;
1602         case B43_ANTENNA_AUTO0:
1603         case B43_ANTENNA_AUTO1:
1604                 return B43_TXH_PHY_ANT01AUTO;
1605         }
1606         B43_WARN_ON(1);
1607         return 0;
1608 }
1609
1610 static void b43_write_beacon_template(struct b43_wldev *dev,
1611                                       u16 ram_offset,
1612                                       u16 shm_size_offset)
1613 {
1614         unsigned int i, len, variable_len;
1615         const struct ieee80211_mgmt *bcn;
1616         const u8 *ie;
1617         bool tim_found = false;
1618         unsigned int rate;
1619         u16 ctl;
1620         int antenna;
1621         struct ieee80211_tx_info *info;
1622         unsigned long flags;
1623         struct sk_buff *beacon_skb;
1624
1625         spin_lock_irqsave(&dev->wl->beacon_lock, flags);
1626         info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1627         rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1628         /* Clone the beacon, so it cannot go away, while we write it to hw. */
1629         beacon_skb = skb_clone(dev->wl->current_beacon, GFP_ATOMIC);
1630         spin_unlock_irqrestore(&dev->wl->beacon_lock, flags);
1631
1632         if (!beacon_skb) {
1633                 b43dbg(dev->wl, "Could not upload beacon. "
1634                        "Failed to clone beacon skb.");
1635                 return;
1636         }
1637
1638         bcn = (const struct ieee80211_mgmt *)(beacon_skb->data);
1639         len = min_t(size_t, beacon_skb->len,
1640                     0x200 - sizeof(struct b43_plcp_hdr6));
1641
1642         b43_write_template_common(dev, (const u8 *)bcn,
1643                                   len, ram_offset, shm_size_offset, rate);
1644
1645         /* Write the PHY TX control parameters. */
1646         antenna = B43_ANTENNA_DEFAULT;
1647         antenna = b43_antenna_to_phyctl(antenna);
1648         ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1649         /* We can't send beacons with short preamble. Would get PHY errors. */
1650         ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1651         ctl &= ~B43_TXH_PHY_ANT;
1652         ctl &= ~B43_TXH_PHY_ENC;
1653         ctl |= antenna;
1654         if (b43_is_cck_rate(rate))
1655                 ctl |= B43_TXH_PHY_ENC_CCK;
1656         else
1657                 ctl |= B43_TXH_PHY_ENC_OFDM;
1658         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1659
1660         /* Find the position of the TIM and the DTIM_period value
1661          * and write them to SHM. */
1662         ie = bcn->u.beacon.variable;
1663         variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1664         for (i = 0; i < variable_len - 2; ) {
1665                 uint8_t ie_id, ie_len;
1666
1667                 ie_id = ie[i];
1668                 ie_len = ie[i + 1];
1669                 if (ie_id == 5) {
1670                         u16 tim_position;
1671                         u16 dtim_period;
1672                         /* This is the TIM Information Element */
1673
1674                         /* Check whether the ie_len is in the beacon data range. */
1675                         if (variable_len < ie_len + 2 + i)
1676                                 break;
1677                         /* A valid TIM is at least 4 bytes long. */
1678                         if (ie_len < 4)
1679                                 break;
1680                         tim_found = true;
1681
1682                         tim_position = sizeof(struct b43_plcp_hdr6);
1683                         tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1684                         tim_position += i;
1685
1686                         dtim_period = ie[i + 3];
1687
1688                         b43_shm_write16(dev, B43_SHM_SHARED,
1689                                         B43_SHM_SH_TIMBPOS, tim_position);
1690                         b43_shm_write16(dev, B43_SHM_SHARED,
1691                                         B43_SHM_SH_DTIMPER, dtim_period);
1692                         break;
1693                 }
1694                 i += ie_len + 2;
1695         }
1696         if (!tim_found) {
1697                 /*
1698                  * If ucode wants to modify TIM do it behind the beacon, this
1699                  * will happen, for example, when doing mesh networking.
1700                  */
1701                 b43_shm_write16(dev, B43_SHM_SHARED,
1702                                 B43_SHM_SH_TIMBPOS,
1703                                 len + sizeof(struct b43_plcp_hdr6));
1704                 b43_shm_write16(dev, B43_SHM_SHARED,
1705                                 B43_SHM_SH_DTIMPER, 0);
1706         }
1707         b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1708
1709         dev_kfree_skb_any(beacon_skb);
1710 }
1711
1712 static void b43_upload_beacon0(struct b43_wldev *dev)
1713 {
1714         struct b43_wl *wl = dev->wl;
1715
1716         if (wl->beacon0_uploaded)
1717                 return;
1718         b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE0, B43_SHM_SH_BTL0);
1719         wl->beacon0_uploaded = true;
1720 }
1721
1722 static void b43_upload_beacon1(struct b43_wldev *dev)
1723 {
1724         struct b43_wl *wl = dev->wl;
1725
1726         if (wl->beacon1_uploaded)
1727                 return;
1728         b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE1, B43_SHM_SH_BTL1);
1729         wl->beacon1_uploaded = true;
1730 }
1731
1732 static void handle_irq_beacon(struct b43_wldev *dev)
1733 {
1734         struct b43_wl *wl = dev->wl;
1735         u32 cmd, beacon0_valid, beacon1_valid;
1736
1737         if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1738             !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) &&
1739             !b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
1740                 return;
1741
1742         /* This is the bottom half of the asynchronous beacon update. */
1743
1744         /* Ignore interrupt in the future. */
1745         dev->irq_mask &= ~B43_IRQ_BEACON;
1746
1747         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1748         beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1749         beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1750
1751         /* Schedule interrupt manually, if busy. */
1752         if (beacon0_valid && beacon1_valid) {
1753                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1754                 dev->irq_mask |= B43_IRQ_BEACON;
1755                 return;
1756         }
1757
1758         if (unlikely(wl->beacon_templates_virgin)) {
1759                 /* We never uploaded a beacon before.
1760                  * Upload both templates now, but only mark one valid. */
1761                 wl->beacon_templates_virgin = false;
1762                 b43_upload_beacon0(dev);
1763                 b43_upload_beacon1(dev);
1764                 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1765                 cmd |= B43_MACCMD_BEACON0_VALID;
1766                 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1767         } else {
1768                 if (!beacon0_valid) {
1769                         b43_upload_beacon0(dev);
1770                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1771                         cmd |= B43_MACCMD_BEACON0_VALID;
1772                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1773                 } else if (!beacon1_valid) {
1774                         b43_upload_beacon1(dev);
1775                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1776                         cmd |= B43_MACCMD_BEACON1_VALID;
1777                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1778                 }
1779         }
1780 }
1781
1782 static void b43_do_beacon_update_trigger_work(struct b43_wldev *dev)
1783 {
1784         u32 old_irq_mask = dev->irq_mask;
1785
1786         /* update beacon right away or defer to irq */
1787         handle_irq_beacon(dev);
1788         if (old_irq_mask != dev->irq_mask) {
1789                 /* The handler updated the IRQ mask. */
1790                 B43_WARN_ON(!dev->irq_mask);
1791                 if (b43_read32(dev, B43_MMIO_GEN_IRQ_MASK)) {
1792                         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1793                 } else {
1794                         /* Device interrupts are currently disabled. That means
1795                          * we just ran the hardirq handler and scheduled the
1796                          * IRQ thread. The thread will write the IRQ mask when
1797                          * it finished, so there's nothing to do here. Writing
1798                          * the mask _here_ would incorrectly re-enable IRQs. */
1799                 }
1800         }
1801 }
1802
1803 static void b43_beacon_update_trigger_work(struct work_struct *work)
1804 {
1805         struct b43_wl *wl = container_of(work, struct b43_wl,
1806                                          beacon_update_trigger);
1807         struct b43_wldev *dev;
1808
1809         mutex_lock(&wl->mutex);
1810         dev = wl->current_dev;
1811         if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1812                 if (b43_bus_host_is_sdio(dev->dev)) {
1813                         /* wl->mutex is enough. */
1814                         b43_do_beacon_update_trigger_work(dev);
1815                         mmiowb();
1816                 } else {
1817                         spin_lock_irq(&wl->hardirq_lock);
1818                         b43_do_beacon_update_trigger_work(dev);
1819                         mmiowb();
1820                         spin_unlock_irq(&wl->hardirq_lock);
1821                 }
1822         }
1823         mutex_unlock(&wl->mutex);
1824 }
1825
1826 /* Asynchronously update the packet templates in template RAM. */
1827 static void b43_update_templates(struct b43_wl *wl)
1828 {
1829         struct sk_buff *beacon, *old_beacon;
1830         unsigned long flags;
1831
1832         /* This is the top half of the asynchronous beacon update.
1833          * The bottom half is the beacon IRQ.
1834          * Beacon update must be asynchronous to avoid sending an
1835          * invalid beacon. This can happen for example, if the firmware
1836          * transmits a beacon while we are updating it. */
1837
1838         /* We could modify the existing beacon and set the aid bit in
1839          * the TIM field, but that would probably require resizing and
1840          * moving of data within the beacon template.
1841          * Simply request a new beacon and let mac80211 do the hard work. */
1842         beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1843         if (unlikely(!beacon))
1844                 return;
1845
1846         spin_lock_irqsave(&wl->beacon_lock, flags);
1847         old_beacon = wl->current_beacon;
1848         wl->current_beacon = beacon;
1849         wl->beacon0_uploaded = false;
1850         wl->beacon1_uploaded = false;
1851         spin_unlock_irqrestore(&wl->beacon_lock, flags);
1852
1853         ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1854
1855         if (old_beacon)
1856                 dev_kfree_skb_any(old_beacon);
1857 }
1858
1859 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1860 {
1861         b43_time_lock(dev);
1862         if (dev->dev->core_rev >= 3) {
1863                 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1864                 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1865         } else {
1866                 b43_write16(dev, 0x606, (beacon_int >> 6));
1867                 b43_write16(dev, 0x610, beacon_int);
1868         }
1869         b43_time_unlock(dev);
1870         b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1871 }
1872
1873 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1874 {
1875         u16 reason;
1876
1877         /* Read the register that contains the reason code for the panic. */
1878         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1879         b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1880
1881         switch (reason) {
1882         default:
1883                 b43dbg(dev->wl, "The panic reason is unknown.\n");
1884                 /* fallthrough */
1885         case B43_FWPANIC_DIE:
1886                 /* Do not restart the controller or firmware.
1887                  * The device is nonfunctional from now on.
1888                  * Restarting would result in this panic to trigger again,
1889                  * so we avoid that recursion. */
1890                 break;
1891         case B43_FWPANIC_RESTART:
1892                 b43_controller_restart(dev, "Microcode panic");
1893                 break;
1894         }
1895 }
1896
1897 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1898 {
1899         unsigned int i, cnt;
1900         u16 reason, marker_id, marker_line;
1901         __le16 *buf;
1902
1903         /* The proprietary firmware doesn't have this IRQ. */
1904         if (!dev->fw.opensource)
1905                 return;
1906
1907         /* Read the register that contains the reason code for this IRQ. */
1908         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1909
1910         switch (reason) {
1911         case B43_DEBUGIRQ_PANIC:
1912                 b43_handle_firmware_panic(dev);
1913                 break;
1914         case B43_DEBUGIRQ_DUMP_SHM:
1915                 if (!B43_DEBUG)
1916                         break; /* Only with driver debugging enabled. */
1917                 buf = kmalloc(4096, GFP_ATOMIC);
1918                 if (!buf) {
1919                         b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1920                         goto out;
1921                 }
1922                 for (i = 0; i < 4096; i += 2) {
1923                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1924                         buf[i / 2] = cpu_to_le16(tmp);
1925                 }
1926                 b43info(dev->wl, "Shared memory dump:\n");
1927                 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1928                                16, 2, buf, 4096, 1);
1929                 kfree(buf);
1930                 break;
1931         case B43_DEBUGIRQ_DUMP_REGS:
1932                 if (!B43_DEBUG)
1933                         break; /* Only with driver debugging enabled. */
1934                 b43info(dev->wl, "Microcode register dump:\n");
1935                 for (i = 0, cnt = 0; i < 64; i++) {
1936                         u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1937                         if (cnt == 0)
1938                                 printk(KERN_INFO);
1939                         printk("r%02u: 0x%04X  ", i, tmp);
1940                         cnt++;
1941                         if (cnt == 6) {
1942                                 printk("\n");
1943                                 cnt = 0;
1944                         }
1945                 }
1946                 printk("\n");
1947                 break;
1948         case B43_DEBUGIRQ_MARKER:
1949                 if (!B43_DEBUG)
1950                         break; /* Only with driver debugging enabled. */
1951                 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1952                                            B43_MARKER_ID_REG);
1953                 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1954                                              B43_MARKER_LINE_REG);
1955                 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1956                         "at line number %u\n",
1957                         marker_id, marker_line);
1958                 break;
1959         default:
1960                 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1961                        reason);
1962         }
1963 out:
1964         /* Acknowledge the debug-IRQ, so the firmware can continue. */
1965         b43_shm_write16(dev, B43_SHM_SCRATCH,
1966                         B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1967 }
1968
1969 static void b43_do_interrupt_thread(struct b43_wldev *dev)
1970 {
1971         u32 reason;
1972         u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1973         u32 merged_dma_reason = 0;
1974         int i;
1975
1976         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
1977                 return;
1978
1979         reason = dev->irq_reason;
1980         for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1981                 dma_reason[i] = dev->dma_reason[i];
1982                 merged_dma_reason |= dma_reason[i];
1983         }
1984
1985         if (unlikely(reason & B43_IRQ_MAC_TXERR))
1986                 b43err(dev->wl, "MAC transmission error\n");
1987
1988         if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1989                 b43err(dev->wl, "PHY transmission error\n");
1990                 rmb();
1991                 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1992                         atomic_set(&dev->phy.txerr_cnt,
1993                                    B43_PHY_TX_BADNESS_LIMIT);
1994                         b43err(dev->wl, "Too many PHY TX errors, "
1995                                         "restarting the controller\n");
1996                         b43_controller_restart(dev, "PHY TX errors");
1997                 }
1998         }
1999
2000         if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK))) {
2001                 b43err(dev->wl,
2002                         "Fatal DMA error: 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X\n",
2003                         dma_reason[0], dma_reason[1],
2004                         dma_reason[2], dma_reason[3],
2005                         dma_reason[4], dma_reason[5]);
2006                 b43err(dev->wl, "This device does not support DMA "
2007                                "on your system. It will now be switched to PIO.\n");
2008                 /* Fall back to PIO transfers if we get fatal DMA errors! */
2009                 dev->use_pio = true;
2010                 b43_controller_restart(dev, "DMA error");
2011                 return;
2012         }
2013
2014         if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
2015                 handle_irq_ucode_debug(dev);
2016         if (reason & B43_IRQ_TBTT_INDI)
2017                 handle_irq_tbtt_indication(dev);
2018         if (reason & B43_IRQ_ATIM_END)
2019                 handle_irq_atim_end(dev);
2020         if (reason & B43_IRQ_BEACON)
2021                 handle_irq_beacon(dev);
2022         if (reason & B43_IRQ_PMQ)
2023                 handle_irq_pmq(dev);
2024         if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
2025                 ;/* TODO */
2026         if (reason & B43_IRQ_NOISESAMPLE_OK)
2027                 handle_irq_noise(dev);
2028
2029         /* Check the DMA reason registers for received data. */
2030         if (dma_reason[0] & B43_DMAIRQ_RDESC_UFLOW) {
2031                 if (B43_DEBUG)
2032                         b43warn(dev->wl, "RX descriptor underrun\n");
2033                 b43_dma_handle_rx_overflow(dev->dma.rx_ring);
2034         }
2035         if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
2036                 if (b43_using_pio_transfers(dev))
2037                         b43_pio_rx(dev->pio.rx_queue);
2038                 else
2039                         b43_dma_rx(dev->dma.rx_ring);
2040         }
2041         B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
2042         B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
2043         B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
2044         B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
2045         B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
2046
2047         if (reason & B43_IRQ_TX_OK)
2048                 handle_irq_transmit_status(dev);
2049
2050         /* Re-enable interrupts on the device by restoring the current interrupt mask. */
2051         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
2052
2053 #if B43_DEBUG
2054         if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
2055                 dev->irq_count++;
2056                 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
2057                         if (reason & (1 << i))
2058                                 dev->irq_bit_count[i]++;
2059                 }
2060         }
2061 #endif
2062 }
2063
2064 /* Interrupt thread handler. Handles device interrupts in thread context. */
2065 static irqreturn_t b43_interrupt_thread_handler(int irq, void *dev_id)
2066 {
2067         struct b43_wldev *dev = dev_id;
2068
2069         mutex_lock(&dev->wl->mutex);
2070         b43_do_interrupt_thread(dev);
2071         mmiowb();
2072         mutex_unlock(&dev->wl->mutex);
2073
2074         return IRQ_HANDLED;
2075 }
2076
2077 static irqreturn_t b43_do_interrupt(struct b43_wldev *dev)
2078 {
2079         u32 reason;
2080
2081         /* This code runs under wl->hardirq_lock, but _only_ on non-SDIO busses.
2082          * On SDIO, this runs under wl->mutex. */
2083
2084         reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2085         if (reason == 0xffffffff)       /* shared IRQ */
2086                 return IRQ_NONE;
2087         reason &= dev->irq_mask;
2088         if (!reason)
2089                 return IRQ_NONE;
2090
2091         dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
2092             & 0x0001FC00;
2093         dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
2094             & 0x0000DC00;
2095         dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
2096             & 0x0000DC00;
2097         dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
2098             & 0x0001DC00;
2099         dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
2100             & 0x0000DC00;
2101 /* Unused ring
2102         dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
2103             & 0x0000DC00;
2104 */
2105
2106         /* ACK the interrupt. */
2107         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
2108         b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
2109         b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
2110         b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
2111         b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
2112         b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
2113 /* Unused ring
2114         b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
2115 */
2116
2117         /* Disable IRQs on the device. The IRQ thread handler will re-enable them. */
2118         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
2119         /* Save the reason bitmasks for the IRQ thread handler. */
2120         dev->irq_reason = reason;
2121
2122         return IRQ_WAKE_THREAD;
2123 }
2124
2125 /* Interrupt handler top-half. This runs with interrupts disabled. */
2126 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
2127 {
2128         struct b43_wldev *dev = dev_id;
2129         irqreturn_t ret;
2130
2131         if (unlikely(b43_status(dev) < B43_STAT_STARTED))
2132                 return IRQ_NONE;
2133
2134         spin_lock(&dev->wl->hardirq_lock);
2135         ret = b43_do_interrupt(dev);
2136         mmiowb();
2137         spin_unlock(&dev->wl->hardirq_lock);
2138
2139         return ret;
2140 }
2141
2142 /* SDIO interrupt handler. This runs in process context. */
2143 static void b43_sdio_interrupt_handler(struct b43_wldev *dev)
2144 {
2145         struct b43_wl *wl = dev->wl;
2146         irqreturn_t ret;
2147
2148         mutex_lock(&wl->mutex);
2149
2150         ret = b43_do_interrupt(dev);
2151         if (ret == IRQ_WAKE_THREAD)
2152                 b43_do_interrupt_thread(dev);
2153
2154         mutex_unlock(&wl->mutex);
2155 }
2156
2157 void b43_do_release_fw(struct b43_firmware_file *fw)
2158 {
2159         release_firmware(fw->data);
2160         fw->data = NULL;
2161         fw->filename = NULL;
2162 }
2163
2164 static void b43_release_firmware(struct b43_wldev *dev)
2165 {
2166         complete(&dev->fw_load_complete);
2167         b43_do_release_fw(&dev->fw.ucode);
2168         b43_do_release_fw(&dev->fw.pcm);
2169         b43_do_release_fw(&dev->fw.initvals);
2170         b43_do_release_fw(&dev->fw.initvals_band);
2171 }
2172
2173 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
2174 {
2175         const char text[] =
2176                 "You must go to " \
2177                 "http://wireless.kernel.org/en/users/Drivers/b43#devicefirmware " \
2178                 "and download the correct firmware for this driver version. " \
2179                 "Please carefully read all instructions on this website.\n";
2180
2181         if (error)
2182                 b43err(wl, text);
2183         else
2184                 b43warn(wl, text);
2185 }
2186
2187 static void b43_fw_cb(const struct firmware *firmware, void *context)
2188 {
2189         struct b43_request_fw_context *ctx = context;
2190
2191         ctx->blob = firmware;
2192         complete(&ctx->dev->fw_load_complete);
2193 }
2194
2195 int b43_do_request_fw(struct b43_request_fw_context *ctx,
2196                       const char *name,
2197                       struct b43_firmware_file *fw, bool async)
2198 {
2199         struct b43_fw_header *hdr;
2200         u32 size;
2201         int err;
2202
2203         if (!name) {
2204                 /* Don't fetch anything. Free possibly cached firmware. */
2205                 /* FIXME: We should probably keep it anyway, to save some headache
2206                  * on suspend/resume with multiband devices. */
2207                 b43_do_release_fw(fw);
2208                 return 0;
2209         }
2210         if (fw->filename) {
2211                 if ((fw->type == ctx->req_type) &&
2212                     (strcmp(fw->filename, name) == 0))
2213                         return 0; /* Already have this fw. */
2214                 /* Free the cached firmware first. */
2215                 /* FIXME: We should probably do this later after we successfully
2216                  * got the new fw. This could reduce headache with multiband devices.
2217                  * We could also redesign this to cache the firmware for all possible
2218                  * bands all the time. */
2219                 b43_do_release_fw(fw);
2220         }
2221
2222         switch (ctx->req_type) {
2223         case B43_FWTYPE_PROPRIETARY:
2224                 snprintf(ctx->fwname, sizeof(ctx->fwname),
2225                          "b43%s/%s.fw",
2226                          modparam_fwpostfix, name);
2227                 break;
2228         case B43_FWTYPE_OPENSOURCE:
2229                 snprintf(ctx->fwname, sizeof(ctx->fwname),
2230                          "b43-open%s/%s.fw",
2231                          modparam_fwpostfix, name);
2232                 break;
2233         default:
2234                 B43_WARN_ON(1);
2235                 return -ENOSYS;
2236         }
2237         if (async) {
2238                 /* do this part asynchronously */
2239                 init_completion(&ctx->dev->fw_load_complete);
2240                 err = request_firmware_nowait(THIS_MODULE, 1, ctx->fwname,
2241                                               ctx->dev->dev->dev, GFP_KERNEL,
2242                                               ctx, b43_fw_cb);
2243                 if (err < 0) {
2244                         pr_err("Unable to load firmware\n");
2245                         return err;
2246                 }
2247                 wait_for_completion(&ctx->dev->fw_load_complete);
2248                 if (ctx->blob)
2249                         goto fw_ready;
2250         /* On some ARM systems, the async request will fail, but the next sync
2251          * request works. For this reason, we fall through here
2252          */
2253         }
2254         err = request_firmware(&ctx->blob, ctx->fwname,
2255                                ctx->dev->dev->dev);
2256         if (err == -ENOENT) {
2257                 snprintf(ctx->errors[ctx->req_type],
2258                          sizeof(ctx->errors[ctx->req_type]),
2259                          "Firmware file \"%s\" not found\n",
2260                          ctx->fwname);
2261                 return err;
2262         } else if (err) {
2263                 snprintf(ctx->errors[ctx->req_type],
2264                          sizeof(ctx->errors[ctx->req_type]),
2265                          "Firmware file \"%s\" request failed (err=%d)\n",
2266                          ctx->fwname, err);
2267                 return err;
2268         }
2269 fw_ready:
2270         if (ctx->blob->size < sizeof(struct b43_fw_header))
2271                 goto err_format;
2272         hdr = (struct b43_fw_header *)(ctx->blob->data);
2273         switch (hdr->type) {
2274         case B43_FW_TYPE_UCODE:
2275         case B43_FW_TYPE_PCM:
2276                 size = be32_to_cpu(hdr->size);
2277                 if (size != ctx->blob->size - sizeof(struct b43_fw_header))
2278                         goto err_format;
2279                 /* fallthrough */
2280         case B43_FW_TYPE_IV:
2281                 if (hdr->ver != 1)
2282                         goto err_format;
2283                 break;
2284         default:
2285                 goto err_format;
2286         }
2287
2288         fw->data = ctx->blob;
2289         fw->filename = name;
2290         fw->type = ctx->req_type;
2291
2292         return 0;
2293
2294 err_format:
2295         snprintf(ctx->errors[ctx->req_type],
2296                  sizeof(ctx->errors[ctx->req_type]),
2297                  "Firmware file \"%s\" format error.\n", ctx->fwname);
2298         release_firmware(ctx->blob);
2299
2300         return -EPROTO;
2301 }
2302
2303 /* http://bcm-v4.sipsolutions.net/802.11/Init/Firmware */
2304 static int b43_try_request_fw(struct b43_request_fw_context *ctx)
2305 {
2306         struct b43_wldev *dev = ctx->dev;
2307         struct b43_firmware *fw = &ctx->dev->fw;
2308         struct b43_phy *phy = &dev->phy;
2309         const u8 rev = ctx->dev->dev->core_rev;
2310         const char *filename;
2311         int err;
2312
2313         /* Get microcode */
2314         filename = NULL;
2315         switch (rev) {
2316         case 42:
2317                 if (phy->type == B43_PHYTYPE_AC)
2318                         filename = "ucode42";
2319                 break;
2320         case 40:
2321                 if (phy->type == B43_PHYTYPE_AC)
2322                         filename = "ucode40";
2323                 break;
2324         case 33:
2325                 if (phy->type == B43_PHYTYPE_LCN40)
2326                         filename = "ucode33_lcn40";
2327                 break;
2328         case 30:
2329                 if (phy->type == B43_PHYTYPE_N)
2330                         filename = "ucode30_mimo";
2331                 break;
2332         case 29:
2333                 if (phy->type == B43_PHYTYPE_HT)
2334                         filename = "ucode29_mimo";
2335                 break;
2336         case 26:
2337                 if (phy->type == B43_PHYTYPE_HT)
2338                         filename = "ucode26_mimo";
2339                 break;
2340         case 28:
2341         case 25:
2342                 if (phy->type == B43_PHYTYPE_N)
2343                         filename = "ucode25_mimo";
2344                 else if (phy->type == B43_PHYTYPE_LCN)
2345                         filename = "ucode25_lcn";
2346                 break;
2347         case 24:
2348                 if (phy->type == B43_PHYTYPE_LCN)
2349                         filename = "ucode24_lcn";
2350                 break;
2351         case 23:
2352                 if (phy->type == B43_PHYTYPE_N)
2353                         filename = "ucode16_mimo";
2354                 break;
2355         case 16 ... 19:
2356                 if (phy->type == B43_PHYTYPE_N)
2357                         filename = "ucode16_mimo";
2358                 else if (phy->type == B43_PHYTYPE_LP)
2359                         filename = "ucode16_lp";
2360                 break;
2361         case 15:
2362                 filename = "ucode15";
2363                 break;
2364         case 14:
2365                 filename = "ucode14";
2366                 break;
2367         case 13:
2368                 filename = "ucode13";
2369                 break;
2370         case 11 ... 12:
2371                 filename = "ucode11";
2372                 break;
2373         case 5 ... 10:
2374                 filename = "ucode5";
2375                 break;
2376         }
2377         if (!filename)
2378                 goto err_no_ucode;
2379         err = b43_do_request_fw(ctx, filename, &fw->ucode, true);
2380         if (err)
2381                 goto err_load;
2382
2383         /* Get PCM code */
2384         if ((rev >= 5) && (rev <= 10))
2385                 filename = "pcm5";
2386         else if (rev >= 11)
2387                 filename = NULL;
2388         else
2389                 goto err_no_pcm;
2390         fw->pcm_request_failed = false;
2391         err = b43_do_request_fw(ctx, filename, &fw->pcm, false);
2392         if (err == -ENOENT) {
2393                 /* We did not find a PCM file? Not fatal, but
2394                  * core rev <= 10 must do without hwcrypto then. */
2395                 fw->pcm_request_failed = true;
2396         } else if (err)
2397                 goto err_load;
2398
2399         /* Get initvals */
2400         filename = NULL;
2401         switch (dev->phy.type) {
2402         case B43_PHYTYPE_G:
2403                 if (rev == 13)
2404                         filename = "b0g0initvals13";
2405                 else if (rev >= 5 && rev <= 10)
2406                         filename = "b0g0initvals5";
2407                 break;
2408         case B43_PHYTYPE_N:
2409                 if (rev == 30)
2410                         filename = "n16initvals30";
2411                 else if (rev == 28 || rev == 25)
2412                         filename = "n0initvals25";
2413                 else if (rev == 24)
2414                         filename = "n0initvals24";
2415                 else if (rev == 23)
2416                         filename = "n0initvals16"; /* What about n0initvals22? */
2417                 else if (rev >= 16 && rev <= 18)
2418                         filename = "n0initvals16";
2419                 else if (rev >= 11 && rev <= 12)
2420                         filename = "n0initvals11";
2421                 break;
2422         case B43_PHYTYPE_LP:
2423                 if (rev >= 16 && rev <= 18)
2424                         filename = "lp0initvals16";
2425                 else if (rev == 15)
2426                         filename = "lp0initvals15";
2427                 else if (rev == 14)
2428                         filename = "lp0initvals14";
2429                 else if (rev == 13)
2430                         filename = "lp0initvals13";
2431                 break;
2432         case B43_PHYTYPE_HT:
2433                 if (rev == 29)
2434                         filename = "ht0initvals29";
2435                 else if (rev == 26)
2436                         filename = "ht0initvals26";
2437                 break;
2438         case B43_PHYTYPE_LCN:
2439                 if (rev == 24)
2440                         filename = "lcn0initvals24";
2441                 break;
2442         case B43_PHYTYPE_LCN40:
2443                 if (rev == 33)
2444                         filename = "lcn400initvals33";
2445                 break;
2446         case B43_PHYTYPE_AC:
2447                 if (rev == 42)
2448                         filename = "ac1initvals42";
2449                 else if (rev == 40)
2450                         filename = "ac0initvals40";
2451                 break;
2452         }
2453         if (!filename)
2454                 goto err_no_initvals;
2455         err = b43_do_request_fw(ctx, filename, &fw->initvals, false);
2456         if (err)
2457                 goto err_load;
2458
2459         /* Get bandswitch initvals */
2460         filename = NULL;
2461         switch (dev->phy.type) {
2462         case B43_PHYTYPE_G:
2463                 if (rev == 13)
2464                         filename = "b0g0bsinitvals13";
2465                 else if (rev >= 5 && rev <= 10)
2466                         filename = "b0g0bsinitvals5";
2467                 break;
2468         case B43_PHYTYPE_N:
2469                 if (rev == 30)
2470                         filename = "n16bsinitvals30";
2471                 else if (rev == 28 || rev == 25)
2472                         filename = "n0bsinitvals25";
2473                 else if (rev == 24)
2474                         filename = "n0bsinitvals24";
2475                 else if (rev == 23)
2476                         filename = "n0bsinitvals16"; /* What about n0bsinitvals22? */
2477                 else if (rev >= 16 && rev <= 18)
2478                         filename = "n0bsinitvals16";
2479                 else if (rev >= 11 && rev <= 12)
2480                         filename = "n0bsinitvals11";
2481                 break;
2482         case B43_PHYTYPE_LP:
2483                 if (rev >= 16 && rev <= 18)
2484                         filename = "lp0bsinitvals16";
2485                 else if (rev == 15)
2486                         filename = "lp0bsinitvals15";
2487                 else if (rev == 14)
2488                         filename = "lp0bsinitvals14";
2489                 else if (rev == 13)
2490                         filename = "lp0bsinitvals13";
2491                 break;
2492         case B43_PHYTYPE_HT:
2493                 if (rev == 29)
2494                         filename = "ht0bsinitvals29";
2495                 else if (rev == 26)
2496                         filename = "ht0bsinitvals26";
2497                 break;
2498         case B43_PHYTYPE_LCN:
2499                 if (rev == 24)
2500                         filename = "lcn0bsinitvals24";
2501                 break;
2502         case B43_PHYTYPE_LCN40:
2503                 if (rev == 33)
2504                         filename = "lcn400bsinitvals33";
2505                 break;
2506         case B43_PHYTYPE_AC:
2507                 if (rev == 42)
2508                         filename = "ac1bsinitvals42";
2509                 else if (rev == 40)
2510                         filename = "ac0bsinitvals40";
2511                 break;
2512         }
2513         if (!filename)
2514                 goto err_no_initvals;
2515         err = b43_do_request_fw(ctx, filename, &fw->initvals_band, false);
2516         if (err)
2517                 goto err_load;
2518
2519         fw->opensource = (ctx->req_type == B43_FWTYPE_OPENSOURCE);
2520
2521         return 0;
2522
2523 err_no_ucode:
2524         err = ctx->fatal_failure = -EOPNOTSUPP;
2525         b43err(dev->wl, "The driver does not know which firmware (ucode) "
2526                "is required for your device (wl-core rev %u)\n", rev);
2527         goto error;
2528
2529 err_no_pcm:
2530         err = ctx->fatal_failure = -EOPNOTSUPP;
2531         b43err(dev->wl, "The driver does not know which firmware (PCM) "
2532                "is required for your device (wl-core rev %u)\n", rev);
2533         goto error;
2534
2535 err_no_initvals:
2536         err = ctx->fatal_failure = -EOPNOTSUPP;
2537         b43err(dev->wl, "The driver does not know which firmware (initvals) "
2538                "is required for your device (wl-core rev %u)\n", rev);
2539         goto error;
2540
2541 err_load:
2542         /* We failed to load this firmware image. The error message
2543          * already is in ctx->errors. Return and let our caller decide
2544          * what to do. */
2545         goto error;
2546
2547 error:
2548         b43_release_firmware(dev);
2549         return err;
2550 }
2551
2552 static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl);
2553 static void b43_one_core_detach(struct b43_bus_dev *dev);
2554 static int b43_rng_init(struct b43_wl *wl);
2555
2556 static void b43_request_firmware(struct work_struct *work)
2557 {
2558         struct b43_wl *wl = container_of(work,
2559                             struct b43_wl, firmware_load);
2560         struct b43_wldev *dev = wl->current_dev;
2561         struct b43_request_fw_context *ctx;
2562         unsigned int i;
2563         int err;
2564         const char *errmsg;
2565
2566         ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2567         if (!ctx)
2568                 return;
2569         ctx->dev = dev;
2570
2571         ctx->req_type = B43_FWTYPE_PROPRIETARY;
2572         err = b43_try_request_fw(ctx);
2573         if (!err)
2574                 goto start_ieee80211; /* Successfully loaded it. */
2575         /* Was fw version known? */
2576         if (ctx->fatal_failure)
2577                 goto out;
2578
2579         /* proprietary fw not found, try open source */
2580         ctx->req_type = B43_FWTYPE_OPENSOURCE;
2581         err = b43_try_request_fw(ctx);
2582         if (!err)
2583                 goto start_ieee80211; /* Successfully loaded it. */
2584         if(ctx->fatal_failure)
2585                 goto out;
2586
2587         /* Could not find a usable firmware. Print the errors. */
2588         for (i = 0; i < B43_NR_FWTYPES; i++) {
2589                 errmsg = ctx->errors[i];
2590                 if (strlen(errmsg))
2591                         b43err(dev->wl, "%s", errmsg);
2592         }
2593         b43_print_fw_helptext(dev->wl, 1);
2594         goto out;
2595
2596 start_ieee80211:
2597         wl->hw->queues = B43_QOS_QUEUE_NUM;
2598         if (!modparam_qos || dev->fw.opensource)
2599                 wl->hw->queues = 1;
2600
2601         err = ieee80211_register_hw(wl->hw);
2602         if (err)
2603                 goto err_one_core_detach;
2604         wl->hw_registred = true;
2605         b43_leds_register(wl->current_dev);
2606
2607         /* Register HW RNG driver */
2608         b43_rng_init(wl);
2609
2610         goto out;
2611
2612 err_one_core_detach:
2613         b43_one_core_detach(dev->dev);
2614
2615 out:
2616         kfree(ctx);
2617 }
2618
2619 static int b43_upload_microcode(struct b43_wldev *dev)
2620 {
2621         struct wiphy *wiphy = dev->wl->hw->wiphy;
2622         const size_t hdr_len = sizeof(struct b43_fw_header);
2623         const __be32 *data;
2624         unsigned int i, len;
2625         u16 fwrev, fwpatch, fwdate, fwtime;
2626         u32 tmp, macctl;
2627         int err = 0;
2628
2629         /* Jump the microcode PSM to offset 0 */
2630         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2631         B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2632         macctl |= B43_MACCTL_PSM_JMP0;
2633         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2634         /* Zero out all microcode PSM registers and shared memory. */
2635         for (i = 0; i < 64; i++)
2636                 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2637         for (i = 0; i < 4096; i += 2)
2638                 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2639
2640         /* Upload Microcode. */
2641         data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2642         len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2643         b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2644         for (i = 0; i < len; i++) {
2645                 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2646                 udelay(10);
2647         }
2648
2649         if (dev->fw.pcm.data) {
2650                 /* Upload PCM data. */
2651                 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2652                 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2653                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2654                 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2655                 /* No need for autoinc bit in SHM_HW */
2656                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2657                 for (i = 0; i < len; i++) {
2658                         b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2659                         udelay(10);
2660                 }
2661         }
2662
2663         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2664
2665         /* Start the microcode PSM */
2666         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_JMP0,
2667                       B43_MACCTL_PSM_RUN);
2668
2669         /* Wait for the microcode to load and respond */
2670         i = 0;
2671         while (1) {
2672                 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2673                 if (tmp == B43_IRQ_MAC_SUSPENDED)
2674                         break;
2675                 i++;
2676                 if (i >= 20) {
2677                         b43err(dev->wl, "Microcode not responding\n");
2678                         b43_print_fw_helptext(dev->wl, 1);
2679                         err = -ENODEV;
2680                         goto error;
2681                 }
2682                 msleep(50);
2683         }
2684         b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);       /* dummy read */
2685
2686         /* Get and check the revisions. */
2687         fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2688         fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2689         fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2690         fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2691
2692         if (fwrev <= 0x128) {
2693                 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2694                        "binary drivers older than version 4.x is unsupported. "
2695                        "You must upgrade your firmware files.\n");
2696                 b43_print_fw_helptext(dev->wl, 1);
2697                 err = -EOPNOTSUPP;
2698                 goto error;
2699         }
2700         dev->fw.rev = fwrev;
2701         dev->fw.patch = fwpatch;
2702         if (dev->fw.rev >= 598)
2703                 dev->fw.hdr_format = B43_FW_HDR_598;
2704         else if (dev->fw.rev >= 410)
2705                 dev->fw.hdr_format = B43_FW_HDR_410;
2706         else
2707                 dev->fw.hdr_format = B43_FW_HDR_351;
2708         WARN_ON(dev->fw.opensource != (fwdate == 0xFFFF));
2709
2710         dev->qos_enabled = dev->wl->hw->queues > 1;
2711         /* Default to firmware/hardware crypto acceleration. */
2712         dev->hwcrypto_enabled = true;
2713
2714         if (dev->fw.opensource) {
2715                 u16 fwcapa;
2716
2717                 /* Patchlevel info is encoded in the "time" field. */
2718                 dev->fw.patch = fwtime;
2719                 b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2720                         dev->fw.rev, dev->fw.patch);
2721
2722                 fwcapa = b43_fwcapa_read(dev);
2723                 if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2724                         b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2725                         /* Disable hardware crypto and fall back to software crypto. */
2726                         dev->hwcrypto_enabled = false;
2727                 }
2728                 /* adding QoS support should use an offline discovery mechanism */
2729                 WARN(fwcapa & B43_FWCAPA_QOS, "QoS in OpenFW not supported\n");
2730         } else {
2731                 b43info(dev->wl, "Loading firmware version %u.%u "
2732                         "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2733                         fwrev, fwpatch,
2734                         (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2735                         (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2736                 if (dev->fw.pcm_request_failed) {
2737                         b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2738                                 "Hardware accelerated cryptography is disabled.\n");
2739                         b43_print_fw_helptext(dev->wl, 0);
2740                 }
2741         }
2742
2743         snprintf(wiphy->fw_version, sizeof(wiphy->fw_version), "%u.%u",
2744                         dev->fw.rev, dev->fw.patch);
2745         wiphy->hw_version = dev->dev->core_id;
2746
2747         if (dev->fw.hdr_format == B43_FW_HDR_351) {
2748                 /* We're over the deadline, but we keep support for old fw
2749                  * until it turns out to be in major conflict with something new. */
2750                 b43warn(dev->wl, "You are using an old firmware image. "
2751                         "Support for old firmware will be removed soon "
2752                         "(official deadline was July 2008).\n");
2753                 b43_print_fw_helptext(dev->wl, 0);
2754         }
2755
2756         return 0;
2757
2758 error:
2759         /* Stop the microcode PSM. */
2760         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
2761                       B43_MACCTL_PSM_JMP0);
2762
2763         return err;
2764 }
2765
2766 static int b43_write_initvals(struct b43_wldev *dev,
2767                               const struct b43_iv *ivals,
2768                               size_t count,
2769                               size_t array_size)
2770 {
2771         const struct b43_iv *iv;
2772         u16 offset;
2773         size_t i;
2774         bool bit32;
2775
2776         BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2777         iv = ivals;
2778         for (i = 0; i < count; i++) {
2779                 if (array_size < sizeof(iv->offset_size))
2780                         goto err_format;
2781                 array_size -= sizeof(iv->offset_size);
2782                 offset = be16_to_cpu(iv->offset_size);
2783                 bit32 = !!(offset & B43_IV_32BIT);
2784                 offset &= B43_IV_OFFSET_MASK;
2785                 if (offset >= 0x1000)
2786                         goto err_format;
2787                 if (bit32) {
2788                         u32 value;
2789
2790                         if (array_size < sizeof(iv->data.d32))
2791                                 goto err_format;
2792                         array_size -= sizeof(iv->data.d32);
2793
2794                         value = get_unaligned_be32(&iv->data.d32);
2795                         b43_write32(dev, offset, value);
2796
2797                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2798                                                         sizeof(__be16) +
2799                                                         sizeof(__be32));
2800                 } else {
2801                         u16 value;
2802
2803                         if (array_size < sizeof(iv->data.d16))
2804                                 goto err_format;
2805                         array_size -= sizeof(iv->data.d16);
2806
2807                         value = be16_to_cpu(iv->data.d16);
2808                         b43_write16(dev, offset, value);
2809
2810                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2811                                                         sizeof(__be16) +
2812                                                         sizeof(__be16));
2813                 }
2814         }
2815         if (array_size)
2816                 goto err_format;
2817
2818         return 0;
2819
2820 err_format:
2821         b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2822         b43_print_fw_helptext(dev->wl, 1);
2823
2824         return -EPROTO;
2825 }
2826
2827 static int b43_upload_initvals(struct b43_wldev *dev)
2828 {
2829         const size_t hdr_len = sizeof(struct b43_fw_header);
2830         const struct b43_fw_header *hdr;
2831         struct b43_firmware *fw = &dev->fw;
2832         const struct b43_iv *ivals;
2833         size_t count;
2834
2835         hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2836         ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2837         count = be32_to_cpu(hdr->size);
2838         return b43_write_initvals(dev, ivals, count,
2839                                  fw->initvals.data->size - hdr_len);
2840 }
2841
2842 static int b43_upload_initvals_band(struct b43_wldev *dev)
2843 {
2844         const size_t hdr_len = sizeof(struct b43_fw_header);
2845         const struct b43_fw_header *hdr;
2846         struct b43_firmware *fw = &dev->fw;
2847         const struct b43_iv *ivals;
2848         size_t count;
2849
2850         if (!fw->initvals_band.data)
2851                 return 0;
2852
2853         hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2854         ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2855         count = be32_to_cpu(hdr->size);
2856         return b43_write_initvals(dev, ivals, count,
2857                                   fw->initvals_band.data->size - hdr_len);
2858 }
2859
2860 /* Initialize the GPIOs
2861  * http://bcm-specs.sipsolutions.net/GPIO
2862  */
2863
2864 #ifdef CONFIG_B43_SSB
2865 static struct ssb_device *b43_ssb_gpio_dev(struct b43_wldev *dev)
2866 {
2867         struct ssb_bus *bus = dev->dev->sdev->bus;
2868
2869 #ifdef CONFIG_SSB_DRIVER_PCICORE
2870         return (bus->chipco.dev ? bus->chipco.dev : bus->pcicore.dev);
2871 #else
2872         return bus->chipco.dev;
2873 #endif
2874 }
2875 #endif
2876
2877 static int b43_gpio_init(struct b43_wldev *dev)
2878 {
2879 #ifdef CONFIG_B43_SSB
2880         struct ssb_device *gpiodev;
2881 #endif
2882         u32 mask, set;
2883
2884         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_GPOUTSMSK, 0);
2885         b43_maskset16(dev, B43_MMIO_GPIO_MASK, ~0, 0xF);
2886
2887         mask = 0x0000001F;
2888         set = 0x0000000F;
2889         if (dev->dev->chip_id == 0x4301) {
2890                 mask |= 0x0060;
2891                 set |= 0x0060;
2892         } else if (dev->dev->chip_id == 0x5354) {
2893                 /* Don't allow overtaking buttons GPIOs */
2894                 set &= 0x2; /* 0x2 is LED GPIO on BCM5354 */
2895         }
2896
2897         if (0 /* FIXME: conditional unknown */ ) {
2898                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2899                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2900                             | 0x0100);
2901                 /* BT Coexistance Input */
2902                 mask |= 0x0080;
2903                 set |= 0x0080;
2904                 /* BT Coexistance Out */
2905                 mask |= 0x0100;
2906                 set |= 0x0100;
2907         }
2908         if (dev->dev->bus_sprom->boardflags_lo & B43_BFL_PACTRL) {
2909                 /* PA is controlled by gpio 9, let ucode handle it */
2910                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2911                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2912                             | 0x0200);
2913                 mask |= 0x0200;
2914                 set |= 0x0200;
2915         }
2916
2917         switch (dev->dev->bus_type) {
2918 #ifdef CONFIG_B43_BCMA
2919         case B43_BUS_BCMA:
2920                 bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, mask, set);
2921                 break;
2922 #endif
2923 #ifdef CONFIG_B43_SSB
2924         case B43_BUS_SSB:
2925                 gpiodev = b43_ssb_gpio_dev(dev);
2926                 if (gpiodev)
2927                         ssb_write32(gpiodev, B43_GPIO_CONTROL,
2928                                     (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2929                                     & ~mask) | set);
2930                 break;
2931 #endif
2932         }
2933
2934         return 0;
2935 }
2936
2937 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2938 static void b43_gpio_cleanup(struct b43_wldev *dev)
2939 {
2940 #ifdef CONFIG_B43_SSB
2941         struct ssb_device *gpiodev;
2942 #endif
2943
2944         switch (dev->dev->bus_type) {
2945 #ifdef CONFIG_B43_BCMA
2946         case B43_BUS_BCMA:
2947                 bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, ~0, 0);
2948                 break;
2949 #endif
2950 #ifdef CONFIG_B43_SSB
2951         case B43_BUS_SSB:
2952                 gpiodev = b43_ssb_gpio_dev(dev);
2953                 if (gpiodev)
2954                         ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2955                 break;
2956 #endif
2957         }
2958 }
2959
2960 /* http://bcm-specs.sipsolutions.net/EnableMac */
2961 void b43_mac_enable(struct b43_wldev *dev)
2962 {
2963         if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2964                 u16 fwstate;
2965
2966                 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2967                                          B43_SHM_SH_UCODESTAT);
2968                 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2969                     (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2970                         b43err(dev->wl, "b43_mac_enable(): The firmware "
2971                                "should be suspended, but current state is %u\n",
2972                                fwstate);
2973                 }
2974         }
2975
2976         dev->mac_suspended--;
2977         B43_WARN_ON(dev->mac_suspended < 0);
2978         if (dev->mac_suspended == 0) {
2979                 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_ENABLED);
2980                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2981                             B43_IRQ_MAC_SUSPENDED);
2982                 /* Commit writes */
2983                 b43_read32(dev, B43_MMIO_MACCTL);
2984                 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2985                 b43_power_saving_ctl_bits(dev, 0);
2986         }
2987 }
2988
2989 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2990 void b43_mac_suspend(struct b43_wldev *dev)
2991 {
2992         int i;
2993         u32 tmp;
2994
2995         might_sleep();
2996         B43_WARN_ON(dev->mac_suspended < 0);
2997
2998         if (dev->mac_suspended == 0) {
2999                 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
3000                 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_ENABLED, 0);
3001                 /* force pci to flush the write */
3002                 b43_read32(dev, B43_MMIO_MACCTL);
3003                 for (i = 35; i; i--) {
3004                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
3005                         if (tmp & B43_IRQ_MAC_SUSPENDED)
3006                                 goto out;
3007                         udelay(10);
3008                 }
3009                 /* Hm, it seems this will take some time. Use msleep(). */
3010                 for (i = 40; i; i--) {
3011                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
3012                         if (tmp & B43_IRQ_MAC_SUSPENDED)
3013                                 goto out;
3014                         msleep(1);
3015                 }
3016                 b43err(dev->wl, "MAC suspend failed\n");
3017         }
3018 out:
3019         dev->mac_suspended++;
3020 }
3021
3022 /* http://bcm-v4.sipsolutions.net/802.11/PHY/N/MacPhyClkSet */
3023 void b43_mac_phy_clock_set(struct b43_wldev *dev, bool on)
3024 {
3025         u32 tmp;
3026
3027         switch (dev->dev->bus_type) {
3028 #ifdef CONFIG_B43_BCMA
3029         case B43_BUS_BCMA:
3030                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
3031                 if (on)
3032                         tmp |= B43_BCMA_IOCTL_MACPHYCLKEN;
3033                 else
3034                         tmp &= ~B43_BCMA_IOCTL_MACPHYCLKEN;
3035                 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
3036                 break;
3037 #endif
3038 #ifdef CONFIG_B43_SSB
3039         case B43_BUS_SSB:
3040                 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3041                 if (on)
3042                         tmp |= B43_TMSLOW_MACPHYCLKEN;
3043                 else
3044                         tmp &= ~B43_TMSLOW_MACPHYCLKEN;
3045                 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3046                 break;
3047 #endif
3048         }
3049 }
3050
3051 /* brcms_b_switch_macfreq */
3052 void b43_mac_switch_freq(struct b43_wldev *dev, u8 spurmode)
3053 {
3054         u16 chip_id = dev->dev->chip_id;
3055
3056         if (chip_id == BCMA_CHIP_ID_BCM4331) {
3057                 switch (spurmode) {
3058                 case 2: /* 168 Mhz: 2^26/168 = 0x61862 */
3059                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x1862);
3060                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3061                         break;
3062                 case 1: /* 164 Mhz: 2^26/164 = 0x63e70 */
3063                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x3e70);
3064                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3065                         break;
3066                 default: /* 160 Mhz: 2^26/160 = 0x66666 */
3067                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x6666);
3068                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3069                         break;
3070                 }
3071         } else if (chip_id == BCMA_CHIP_ID_BCM43131 ||
3072             chip_id == BCMA_CHIP_ID_BCM43217 ||
3073             chip_id == BCMA_CHIP_ID_BCM43222 ||
3074             chip_id == BCMA_CHIP_ID_BCM43224 ||
3075             chip_id == BCMA_CHIP_ID_BCM43225 ||
3076             chip_id == BCMA_CHIP_ID_BCM43227 ||
3077             chip_id == BCMA_CHIP_ID_BCM43228) {
3078                 switch (spurmode) {
3079                 case 2: /* 126 Mhz */
3080                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x2082);
3081                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3082                         break;
3083                 case 1: /* 123 Mhz */
3084                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x5341);
3085                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3086                         break;
3087                 default: /* 120 Mhz */
3088                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x8889);
3089                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3090                         break;
3091                 }
3092         } else if (dev->phy.type == B43_PHYTYPE_LCN) {
3093                 switch (spurmode) {
3094                 case 1: /* 82 Mhz */
3095                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x7CE0);
3096                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0xC);
3097                         break;
3098                 default: /* 80 Mhz */
3099                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0xCCCD);
3100                         b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0xC);
3101                         break;
3102                 }
3103         }
3104 }
3105
3106 static void b43_adjust_opmode(struct b43_wldev *dev)
3107 {
3108         struct b43_wl *wl = dev->wl;
3109         u32 ctl;
3110         u16 cfp_pretbtt;
3111
3112         ctl = b43_read32(dev, B43_MMIO_MACCTL);
3113         /* Reset status to STA infrastructure mode. */
3114         ctl &= ~B43_MACCTL_AP;
3115         ctl &= ~B43_MACCTL_KEEP_CTL;
3116         ctl &= ~B43_MACCTL_KEEP_BADPLCP;
3117         ctl &= ~B43_MACCTL_KEEP_BAD;
3118         ctl &= ~B43_MACCTL_PROMISC;
3119         ctl &= ~B43_MACCTL_BEACPROMISC;
3120         ctl |= B43_MACCTL_INFRA;
3121
3122         if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3123             b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
3124                 ctl |= B43_MACCTL_AP;
3125         else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
3126                 ctl &= ~B43_MACCTL_INFRA;
3127
3128         if (wl->filter_flags & FIF_CONTROL)
3129                 ctl |= B43_MACCTL_KEEP_CTL;
3130         if (wl->filter_flags & FIF_FCSFAIL)
3131                 ctl |= B43_MACCTL_KEEP_BAD;
3132         if (wl->filter_flags & FIF_PLCPFAIL)
3133                 ctl |= B43_MACCTL_KEEP_BADPLCP;
3134         if (wl->filter_flags & FIF_PROMISC_IN_BSS)
3135                 ctl |= B43_MACCTL_PROMISC;
3136         if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
3137                 ctl |= B43_MACCTL_BEACPROMISC;
3138
3139         /* Workaround: On old hardware the HW-MAC-address-filter
3140          * doesn't work properly, so always run promisc in filter
3141          * it in software. */
3142         if (dev->dev->core_rev <= 4)
3143                 ctl |= B43_MACCTL_PROMISC;
3144
3145         b43_write32(dev, B43_MMIO_MACCTL, ctl);
3146
3147         cfp_pretbtt = 2;
3148         if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
3149                 if (dev->dev->chip_id == 0x4306 &&
3150                     dev->dev->chip_rev == 3)
3151                         cfp_pretbtt = 100;
3152                 else
3153                         cfp_pretbtt = 50;
3154         }
3155         b43_write16(dev, 0x612, cfp_pretbtt);
3156
3157         /* FIXME: We don't currently implement the PMQ mechanism,
3158          *        so always disable it. If we want to implement PMQ,
3159          *        we need to enable it here (clear DISCPMQ) in AP mode.
3160          */
3161         if (0  /* ctl & B43_MACCTL_AP */)
3162                 b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_DISCPMQ, 0);
3163         else
3164                 b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_DISCPMQ);
3165 }
3166
3167 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
3168 {
3169         u16 offset;
3170
3171         if (is_ofdm) {
3172                 offset = 0x480;
3173                 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
3174         } else {
3175                 offset = 0x4C0;
3176                 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
3177         }
3178         b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
3179                         b43_shm_read16(dev, B43_SHM_SHARED, offset));
3180 }
3181
3182 static void b43_rate_memory_init(struct b43_wldev *dev)
3183 {
3184         switch (dev->phy.type) {
3185         case B43_PHYTYPE_A:
3186         case B43_PHYTYPE_G:
3187         case B43_PHYTYPE_N:
3188         case B43_PHYTYPE_LP:
3189         case B43_PHYTYPE_HT:
3190         case B43_PHYTYPE_LCN:
3191                 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
3192                 b43_rate_memory_write(dev, B43_OFDM_RATE_9MB, 1);
3193                 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
3194                 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
3195                 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
3196                 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
3197                 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
3198                 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
3199                 if (dev->phy.type == B43_PHYTYPE_A)
3200                         break;
3201                 /* fallthrough */
3202         case B43_PHYTYPE_B:
3203                 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
3204                 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
3205                 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
3206                 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
3207                 break;
3208         default:
3209                 B43_WARN_ON(1);
3210         }
3211 }
3212
3213 /* Set the default values for the PHY TX Control Words. */
3214 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
3215 {
3216         u16 ctl = 0;
3217
3218         ctl |= B43_TXH_PHY_ENC_CCK;
3219         ctl |= B43_TXH_PHY_ANT01AUTO;
3220         ctl |= B43_TXH_PHY_TXPWR;
3221
3222         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
3223         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
3224         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
3225 }
3226
3227 /* Set the TX-Antenna for management frames sent by firmware. */
3228 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
3229 {
3230         u16 ant;
3231         u16 tmp;
3232
3233         ant = b43_antenna_to_phyctl(antenna);
3234
3235         /* For ACK/CTS */
3236         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
3237         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3238         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
3239         /* For Probe Resposes */
3240         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
3241         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3242         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
3243 }
3244
3245 /* This is the opposite of b43_chip_init() */
3246 static void b43_chip_exit(struct b43_wldev *dev)
3247 {
3248         b43_phy_exit(dev);
3249         b43_gpio_cleanup(dev);
3250         /* firmware is released later */
3251 }
3252
3253 /* Initialize the chip
3254  * http://bcm-specs.sipsolutions.net/ChipInit
3255  */
3256 static int b43_chip_init(struct b43_wldev *dev)
3257 {
3258         struct b43_phy *phy = &dev->phy;
3259         int err;
3260         u32 macctl;
3261         u16 value16;
3262
3263         /* Initialize the MAC control */
3264         macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
3265         if (dev->phy.gmode)
3266                 macctl |= B43_MACCTL_GMODE;
3267         macctl |= B43_MACCTL_INFRA;
3268         b43_write32(dev, B43_MMIO_MACCTL, macctl);
3269
3270         err = b43_upload_microcode(dev);
3271         if (err)
3272                 goto out;       /* firmware is released later */
3273
3274         err = b43_gpio_init(dev);
3275         if (err)
3276                 goto out;       /* firmware is released later */
3277
3278         err = b43_upload_initvals(dev);
3279         if (err)
3280                 goto err_gpio_clean;
3281
3282         err = b43_upload_initvals_band(dev);
3283         if (err)
3284                 goto err_gpio_clean;
3285
3286         /* Turn the Analog on and initialize the PHY. */
3287         phy->ops->switch_analog(dev, 1);
3288         err = b43_phy_init(dev);
3289         if (err)
3290                 goto err_gpio_clean;
3291
3292         /* Disable Interference Mitigation. */
3293         if (phy->ops->interf_mitigation)
3294                 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
3295
3296         /* Select the antennae */
3297         if (phy->ops->set_rx_antenna)
3298                 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
3299         b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
3300
3301         if (phy->type == B43_PHYTYPE_B) {
3302                 value16 = b43_read16(dev, 0x005E);
3303                 value16 |= 0x0004;
3304                 b43_write16(dev, 0x005E, value16);
3305         }
3306         b43_write32(dev, 0x0100, 0x01000000);
3307         if (dev->dev->core_rev < 5)
3308                 b43_write32(dev, 0x010C, 0x01000000);
3309
3310         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_INFRA, 0);
3311         b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_INFRA);
3312
3313         /* Probe Response Timeout value */
3314         /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
3315         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 0);
3316
3317         /* Initially set the wireless operation mode. */
3318         b43_adjust_opmode(dev);
3319
3320         if (dev->dev->core_rev < 3) {
3321                 b43_write16(dev, 0x060E, 0x0000);
3322                 b43_write16(dev, 0x0610, 0x8000);
3323                 b43_write16(dev, 0x0604, 0x0000);
3324                 b43_write16(dev, 0x0606, 0x0200);
3325         } else {
3326                 b43_write32(dev, 0x0188, 0x80000000);
3327                 b43_write32(dev, 0x018C, 0x02000000);
3328         }
3329         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
3330         b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001FC00);
3331         b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
3332         b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
3333         b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
3334         b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
3335         b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
3336
3337         b43_mac_phy_clock_set(dev, true);
3338
3339         switch (dev->dev->bus_type) {
3340 #ifdef CONFIG_B43_BCMA
3341         case B43_BUS_BCMA:
3342                 /* FIXME: 0xE74 is quite common, but should be read from CC */
3343                 b43_write16(dev, B43_MMIO_POWERUP_DELAY, 0xE74);
3344                 break;
3345 #endif
3346 #ifdef CONFIG_B43_SSB
3347         case B43_BUS_SSB:
3348                 b43_write16(dev, B43_MMIO_POWERUP_DELAY,
3349                             dev->dev->sdev->bus->chipco.fast_pwrup_delay);
3350                 break;
3351 #endif
3352         }
3353
3354         err = 0;
3355         b43dbg(dev->wl, "Chip initialized\n");
3356 out:
3357         return err;
3358
3359 err_gpio_clean:
3360         b43_gpio_cleanup(dev);
3361         return err;
3362 }
3363
3364 static void b43_periodic_every60sec(struct b43_wldev *dev)
3365 {
3366         const struct b43_phy_operations *ops = dev->phy.ops;
3367
3368         if (ops->pwork_60sec)
3369                 ops->pwork_60sec(dev);
3370
3371         /* Force check the TX power emission now. */
3372         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
3373 }
3374
3375 static void b43_periodic_every30sec(struct b43_wldev *dev)
3376 {
3377         /* Update device statistics. */
3378         b43_calculate_link_quality(dev);
3379 }
3380
3381 static void b43_periodic_every15sec(struct b43_wldev *dev)
3382 {
3383         struct b43_phy *phy = &dev->phy;
3384         u16 wdr;
3385
3386         if (dev->fw.opensource) {
3387                 /* Check if the firmware is still alive.
3388                  * It will reset the watchdog counter to 0 in its idle loop. */
3389                 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
3390                 if (unlikely(wdr)) {
3391                         b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
3392                         b43_controller_restart(dev, "Firmware watchdog");
3393                         return;
3394                 } else {
3395                         b43_shm_write16(dev, B43_SHM_SCRATCH,
3396                                         B43_WATCHDOG_REG, 1);
3397                 }
3398         }
3399
3400         if (phy->ops->pwork_15sec)
3401                 phy->ops->pwork_15sec(dev);
3402
3403         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3404         wmb();
3405
3406 #if B43_DEBUG
3407         if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
3408                 unsigned int i;
3409
3410                 b43dbg(dev->wl, "Stats: %7u IRQs/sec, %7u TX/sec, %7u RX/sec\n",
3411                        dev->irq_count / 15,
3412                        dev->tx_count / 15,
3413                        dev->rx_count / 15);
3414                 dev->irq_count = 0;
3415                 dev->tx_count = 0;
3416                 dev->rx_count = 0;
3417                 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
3418                         if (dev->irq_bit_count[i]) {
3419                                 b43dbg(dev->wl, "Stats: %7u IRQ-%02u/sec (0x%08X)\n",
3420                                        dev->irq_bit_count[i] / 15, i, (1 << i));
3421                                 dev->irq_bit_count[i] = 0;
3422                         }
3423                 }
3424         }
3425 #endif
3426 }
3427
3428 static void do_periodic_work(struct b43_wldev *dev)
3429 {
3430         unsigned int state;
3431
3432         state = dev->periodic_state;
3433         if (state % 4 == 0)
3434                 b43_periodic_every60sec(dev);
3435         if (state % 2 == 0)
3436                 b43_periodic_every30sec(dev);
3437         b43_periodic_every15sec(dev);
3438 }
3439
3440 /* Periodic work locking policy:
3441  *      The whole periodic work handler is protected by
3442  *      wl->mutex. If another lock is needed somewhere in the
3443  *      pwork callchain, it's acquired in-place, where it's needed.
3444  */
3445 static void b43_periodic_work_handler(struct work_struct *work)
3446 {
3447         struct b43_wldev *dev = container_of(work, struct b43_wldev,
3448                                              periodic_work.work);
3449         struct b43_wl *wl = dev->wl;
3450         unsigned long delay;
3451
3452         mutex_lock(&wl->mutex);
3453
3454         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
3455                 goto out;
3456         if (b43_debug(dev, B43_DBG_PWORK_STOP))
3457                 goto out_requeue;
3458
3459         do_periodic_work(dev);
3460
3461         dev->periodic_state++;
3462 out_requeue:
3463         if (b43_debug(dev, B43_DBG_PWORK_FAST))
3464                 delay = msecs_to_jiffies(50);
3465         else
3466                 delay = round_jiffies_relative(HZ * 15);
3467         ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
3468 out:
3469         mutex_unlock(&wl->mutex);
3470 }
3471
3472 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
3473 {
3474         struct delayed_work *work = &dev->periodic_work;
3475
3476         dev->periodic_state = 0;
3477         INIT_DELAYED_WORK(work, b43_periodic_work_handler);
3478         ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
3479 }
3480
3481 /* Check if communication with the device works correctly. */
3482 static int b43_validate_chipaccess(struct b43_wldev *dev)
3483 {
3484         u32 v, backup0, backup4;
3485
3486         backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
3487         backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
3488
3489         /* Check for read/write and endianness problems. */
3490         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
3491         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
3492                 goto error;
3493         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
3494         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
3495                 goto error;
3496
3497         /* Check if unaligned 32bit SHM_SHARED access works properly.
3498          * However, don't bail out on failure, because it's noncritical. */
3499         b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
3500         b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
3501         b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
3502         b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
3503         if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
3504                 b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
3505         b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
3506         if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
3507             b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
3508             b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
3509             b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
3510                 b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
3511
3512         b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
3513         b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
3514
3515         if ((dev->dev->core_rev >= 3) && (dev->dev->core_rev <= 10)) {
3516                 /* The 32bit register shadows the two 16bit registers
3517                  * with update sideeffects. Validate this. */
3518                 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
3519                 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
3520                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
3521                         goto error;
3522                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
3523                         goto error;
3524         }
3525         b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
3526
3527         v = b43_read32(dev, B43_MMIO_MACCTL);
3528         v |= B43_MACCTL_GMODE;
3529         if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
3530                 goto error;
3531
3532         return 0;
3533 error:
3534         b43err(dev->wl, "Failed to validate the chipaccess\n");
3535         return -ENODEV;
3536 }
3537
3538 static void b43_security_init(struct b43_wldev *dev)
3539 {
3540         dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
3541         /* KTP is a word address, but we address SHM bytewise.
3542          * So multiply by two.
3543          */
3544         dev->ktp *= 2;
3545         /* Number of RCMTA address slots */
3546         b43_write16(dev, B43_MMIO_RCMTA_COUNT, B43_NR_PAIRWISE_KEYS);
3547         /* Clear the key memory. */
3548         b43_clear_keys(dev);
3549 }
3550
3551 #ifdef CONFIG_B43_HWRNG
3552 static int b43_rng_read(struct hwrng *rng, u32 *data)
3553 {
3554         struct b43_wl *wl = (struct b43_wl *)rng->priv;
3555         struct b43_wldev *dev;
3556         int count = -ENODEV;
3557
3558         mutex_lock(&wl->mutex);
3559         dev = wl->current_dev;
3560         if (likely(dev && b43_status(dev) >= B43_STAT_INITIALIZED)) {
3561                 *data = b43_read16(dev, B43_MMIO_RNG);
3562                 count = sizeof(u16);
3563         }
3564         mutex_unlock(&wl->mutex);
3565
3566         return count;
3567 }
3568 #endif /* CONFIG_B43_HWRNG */
3569
3570 static void b43_rng_exit(struct b43_wl *wl)
3571 {
3572 #ifdef CONFIG_B43_HWRNG
3573         if (wl->rng_initialized)
3574                 hwrng_unregister(&wl->rng);
3575 #endif /* CONFIG_B43_HWRNG */
3576 }
3577
3578 static int b43_rng_init(struct b43_wl *wl)
3579 {
3580         int err = 0;
3581
3582 #ifdef CONFIG_B43_HWRNG
3583         snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3584                  "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3585         wl->rng.name = wl->rng_name;
3586         wl->rng.data_read = b43_rng_read;
3587         wl->rng.priv = (unsigned long)wl;
3588         wl->rng_initialized = true;
3589         err = hwrng_register(&wl->rng);
3590         if (err) {
3591                 wl->rng_initialized = false;
3592                 b43err(wl, "Failed to register the random "
3593                        "number generator (%d)\n", err);
3594         }
3595 #endif /* CONFIG_B43_HWRNG */
3596
3597         return err;
3598 }
3599
3600 static void b43_tx_work(struct work_struct *work)
3601 {
3602         struct b43_wl *wl = container_of(work, struct b43_wl, tx_work);
3603         struct b43_wldev *dev;
3604         struct sk_buff *skb;
3605         int queue_num;
3606         int err = 0;
3607
3608         mutex_lock(&wl->mutex);
3609         dev = wl->current_dev;
3610         if (unlikely(!dev || b43_status(dev) < B43_STAT_STARTED)) {
3611                 mutex_unlock(&wl->mutex);
3612                 return;
3613         }
3614
3615         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
3616                 while (skb_queue_len(&wl->tx_queue[queue_num])) {
3617                         skb = skb_dequeue(&wl->tx_queue[queue_num]);
3618                         if (b43_using_pio_transfers(dev))
3619                                 err = b43_pio_tx(dev, skb);
3620                         else
3621                                 err = b43_dma_tx(dev, skb);
3622                         if (err == -ENOSPC) {
3623                                 wl->tx_queue_stopped[queue_num] = 1;
3624                                 ieee80211_stop_queue(wl->hw, queue_num);
3625                                 skb_queue_head(&wl->tx_queue[queue_num], skb);
3626                                 break;
3627                         }
3628                         if (unlikely(err))
3629                                 ieee80211_free_txskb(wl->hw, skb);
3630                         err = 0;
3631                 }
3632
3633                 if (!err)
3634                         wl->tx_queue_stopped[queue_num] = 0;
3635         }
3636
3637 #if B43_DEBUG
3638         dev->tx_count++;
3639 #endif
3640         mutex_unlock(&wl->mutex);
3641 }
3642
3643 static void b43_op_tx(struct ieee80211_hw *hw,
3644                       struct ieee80211_tx_control *control,
3645                       struct sk_buff *skb)
3646 {
3647         struct b43_wl *wl = hw_to_b43_wl(hw);
3648
3649         if (unlikely(skb->len < 2 + 2 + 6)) {
3650                 /* Too short, this can't be a valid frame. */
3651                 ieee80211_free_txskb(hw, skb);
3652                 return;
3653         }
3654         B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3655
3656         skb_queue_tail(&wl->tx_queue[skb->queue_mapping], skb);
3657         if (!wl->tx_queue_stopped[skb->queue_mapping]) {
3658                 ieee80211_queue_work(wl->hw, &wl->tx_work);
3659         } else {
3660                 ieee80211_stop_queue(wl->hw, skb->queue_mapping);
3661         }
3662 }
3663
3664 static void b43_qos_params_upload(struct b43_wldev *dev,
3665                                   const struct ieee80211_tx_queue_params *p,
3666                                   u16 shm_offset)
3667 {
3668         u16 params[B43_NR_QOSPARAMS];
3669         int bslots, tmp;
3670         unsigned int i;
3671
3672         if (!dev->qos_enabled)
3673                 return;
3674
3675         bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3676
3677         memset(&params, 0, sizeof(params));
3678
3679         params[B43_QOSPARAM_TXOP] = p->txop * 32;
3680         params[B43_QOSPARAM_CWMIN] = p->cw_min;
3681         params[B43_QOSPARAM_CWMAX] = p->cw_max;
3682         params[B43_QOSPARAM_CWCUR] = p->cw_min;
3683         params[B43_QOSPARAM_AIFS] = p->aifs;
3684         params[B43_QOSPARAM_BSLOTS] = bslots;
3685         params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3686
3687         for (i = 0; i < ARRAY_SIZE(params); i++) {
3688                 if (i == B43_QOSPARAM_STATUS) {
3689                         tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3690                                              shm_offset + (i * 2));
3691                         /* Mark the parameters as updated. */
3692                         tmp |= 0x100;
3693                         b43_shm_write16(dev, B43_SHM_SHARED,
3694                                         shm_offset + (i * 2),
3695                                         tmp);
3696                 } else {
3697                         b43_shm_write16(dev, B43_SHM_SHARED,
3698                                         shm_offset + (i * 2),
3699                                         params[i]);
3700                 }
3701         }
3702 }
3703
3704 /* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3705 static const u16 b43_qos_shm_offsets[] = {
3706         /* [mac80211-queue-nr] = SHM_OFFSET, */
3707         [0] = B43_QOS_VOICE,
3708         [1] = B43_QOS_VIDEO,
3709         [2] = B43_QOS_BESTEFFORT,
3710         [3] = B43_QOS_BACKGROUND,
3711 };
3712
3713 /* Update all QOS parameters in hardware. */
3714 static void b43_qos_upload_all(struct b43_wldev *dev)
3715 {
3716         struct b43_wl *wl = dev->wl;
3717         struct b43_qos_params *params;
3718         unsigned int i;
3719
3720         if (!dev->qos_enabled)
3721                 return;
3722
3723         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3724                      ARRAY_SIZE(wl->qos_params));
3725
3726         b43_mac_suspend(dev);
3727         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3728                 params = &(wl->qos_params[i]);
3729                 b43_qos_params_upload(dev, &(params->p),
3730                                       b43_qos_shm_offsets[i]);
3731         }
3732         b43_mac_enable(dev);
3733 }
3734
3735 static void b43_qos_clear(struct b43_wl *wl)
3736 {
3737         struct b43_qos_params *params;
3738         unsigned int i;
3739
3740         /* Initialize QoS parameters to sane defaults. */
3741
3742         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3743                      ARRAY_SIZE(wl->qos_params));
3744
3745         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3746                 params = &(wl->qos_params[i]);
3747
3748                 switch (b43_qos_shm_offsets[i]) {
3749                 case B43_QOS_VOICE:
3750                         params->p.txop = 0;
3751                         params->p.aifs = 2;
3752                         params->p.cw_min = 0x0001;
3753                         params->p.cw_max = 0x0001;
3754                         break;
3755                 case B43_QOS_VIDEO:
3756                         params->p.txop = 0;
3757                         params->p.aifs = 2;
3758                         params->p.cw_min = 0x0001;
3759                         params->p.cw_max = 0x0001;
3760                         break;
3761                 case B43_QOS_BESTEFFORT:
3762                         params->p.txop = 0;
3763                         params->p.aifs = 3;
3764                         params->p.cw_min = 0x0001;
3765                         params->p.cw_max = 0x03FF;
3766                         break;
3767                 case B43_QOS_BACKGROUND:
3768                         params->p.txop = 0;
3769                         params->p.aifs = 7;
3770                         params->p.cw_min = 0x0001;
3771                         params->p.cw_max = 0x03FF;
3772                         break;
3773                 default:
3774                         B43_WARN_ON(1);
3775                 }
3776         }
3777 }
3778
3779 /* Initialize the core's QOS capabilities */
3780 static void b43_qos_init(struct b43_wldev *dev)
3781 {
3782         if (!dev->qos_enabled) {
3783                 /* Disable QOS support. */
3784                 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_EDCF);
3785                 b43_write16(dev, B43_MMIO_IFSCTL,
3786                             b43_read16(dev, B43_MMIO_IFSCTL)
3787                             & ~B43_MMIO_IFSCTL_USE_EDCF);
3788                 b43dbg(dev->wl, "QoS disabled\n");
3789                 return;
3790         }
3791
3792         /* Upload the current QOS parameters. */
3793         b43_qos_upload_all(dev);
3794
3795         /* Enable QOS support. */
3796         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3797         b43_write16(dev, B43_MMIO_IFSCTL,
3798                     b43_read16(dev, B43_MMIO_IFSCTL)
3799                     | B43_MMIO_IFSCTL_USE_EDCF);
3800         b43dbg(dev->wl, "QoS enabled\n");
3801 }
3802
3803 static int b43_op_conf_tx(struct ieee80211_hw *hw,
3804                           struct ieee80211_vif *vif, u16 _queue,
3805                           const struct ieee80211_tx_queue_params *params)
3806 {
3807         struct b43_wl *wl = hw_to_b43_wl(hw);
3808         struct b43_wldev *dev;
3809         unsigned int queue = (unsigned int)_queue;
3810         int err = -ENODEV;
3811
3812         if (queue >= ARRAY_SIZE(wl->qos_params)) {
3813                 /* Queue not available or don't support setting
3814                  * params on this queue. Return success to not
3815                  * confuse mac80211. */
3816                 return 0;
3817         }
3818         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3819                      ARRAY_SIZE(wl->qos_params));
3820
3821         mutex_lock(&wl->mutex);
3822         dev = wl->current_dev;
3823         if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3824                 goto out_unlock;
3825
3826         memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3827         b43_mac_suspend(dev);
3828         b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3829                               b43_qos_shm_offsets[queue]);
3830         b43_mac_enable(dev);
3831         err = 0;
3832
3833 out_unlock:
3834         mutex_unlock(&wl->mutex);
3835
3836         return err;
3837 }
3838
3839 static int b43_op_get_stats(struct ieee80211_hw *hw,
3840                             struct ieee80211_low_level_stats *stats)
3841 {
3842         struct b43_wl *wl = hw_to_b43_wl(hw);
3843
3844         mutex_lock(&wl->mutex);
3845         memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3846         mutex_unlock(&wl->mutex);
3847
3848         return 0;
3849 }
3850
3851 static u64 b43_op_get_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
3852 {
3853         struct b43_wl *wl = hw_to_b43_wl(hw);
3854         struct b43_wldev *dev;
3855         u64 tsf;
3856
3857         mutex_lock(&wl->mutex);
3858         dev = wl->current_dev;
3859
3860         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3861                 b43_tsf_read(dev, &tsf);
3862         else
3863                 tsf = 0;
3864
3865         mutex_unlock(&wl->mutex);
3866
3867         return tsf;
3868 }
3869
3870 static void b43_op_set_tsf(struct ieee80211_hw *hw,
3871                            struct ieee80211_vif *vif, u64 tsf)
3872 {
3873         struct b43_wl *wl = hw_to_b43_wl(hw);
3874         struct b43_wldev *dev;
3875
3876         mutex_lock(&wl->mutex);
3877         dev = wl->current_dev;
3878
3879         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3880                 b43_tsf_write(dev, tsf);
3881
3882         mutex_unlock(&wl->mutex);
3883 }
3884
3885 static const char *band_to_string(enum ieee80211_band band)
3886 {
3887         switch (band) {
3888         case IEEE80211_BAND_5GHZ:
3889                 return "5";
3890         case IEEE80211_BAND_2GHZ:
3891                 return "2.4";
3892         default:
3893                 break;
3894         }
3895         B43_WARN_ON(1);
3896         return "";
3897 }
3898
3899 /* Expects wl->mutex locked */
3900 static int b43_switch_band(struct b43_wldev *dev,
3901                            struct ieee80211_channel *chan)
3902 {
3903         struct b43_phy *phy = &dev->phy;
3904         bool gmode;
3905         u32 tmp;
3906
3907         switch (chan->band) {
3908         case IEEE80211_BAND_5GHZ:
3909                 gmode = false;
3910                 break;
3911         case IEEE80211_BAND_2GHZ:
3912                 gmode = true;
3913                 break;
3914         default:
3915                 B43_WARN_ON(1);
3916                 return -EINVAL;
3917         }
3918
3919         if (!((gmode && phy->supports_2ghz) ||
3920               (!gmode && phy->supports_5ghz))) {
3921                 b43err(dev->wl, "This device doesn't support %s-GHz band\n",
3922                        band_to_string(chan->band));
3923                 return -ENODEV;
3924         }
3925
3926         if (!!phy->gmode == !!gmode) {
3927                 /* This device is already running. */
3928                 return 0;
3929         }
3930
3931         b43dbg(dev->wl, "Switching to %s GHz band\n",
3932                band_to_string(chan->band));
3933
3934         /* Some new devices don't need disabling radio for band switching */
3935         if (!(phy->type == B43_PHYTYPE_N && phy->rev >= 3))
3936                 b43_software_rfkill(dev, true);
3937
3938         phy->gmode = gmode;
3939         b43_phy_put_into_reset(dev);
3940         switch (dev->dev->bus_type) {
3941 #ifdef CONFIG_B43_BCMA
3942         case B43_BUS_BCMA:
3943                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
3944                 if (gmode)
3945                         tmp |= B43_BCMA_IOCTL_GMODE;
3946                 else
3947                         tmp &= ~B43_BCMA_IOCTL_GMODE;
3948                 bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
3949                 break;
3950 #endif
3951 #ifdef CONFIG_B43_SSB
3952         case B43_BUS_SSB:
3953                 tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3954                 if (gmode)
3955                         tmp |= B43_TMSLOW_GMODE;
3956                 else
3957                         tmp &= ~B43_TMSLOW_GMODE;
3958                 ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3959                 break;
3960 #endif
3961         }
3962         b43_phy_take_out_of_reset(dev);
3963
3964         b43_upload_initvals_band(dev);
3965
3966         b43_phy_init(dev);
3967
3968         return 0;
3969 }
3970
3971 static void b43_set_beacon_listen_interval(struct b43_wldev *dev, u16 interval)
3972 {
3973         interval = min_t(u16, interval, (u16)0xFF);
3974         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BCN_LI, interval);
3975 }
3976
3977 /* Write the short and long frame retry limit values. */
3978 static void b43_set_retry_limits(struct b43_wldev *dev,
3979                                  unsigned int short_retry,
3980                                  unsigned int long_retry)
3981 {
3982         /* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3983          * the chip-internal counter. */
3984         short_retry = min(short_retry, (unsigned int)0xF);
3985         long_retry = min(long_retry, (unsigned int)0xF);
3986
3987         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3988                         short_retry);
3989         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3990                         long_retry);
3991 }
3992
3993 static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3994 {
3995         struct b43_wl *wl = hw_to_b43_wl(hw);
3996         struct b43_wldev *dev = wl->current_dev;
3997         struct b43_phy *phy = &dev->phy;
3998         struct ieee80211_conf *conf = &hw->conf;
3999         int antenna;
4000         int err = 0;
4001
4002         mutex_lock(&wl->mutex);
4003         b43_mac_suspend(dev);
4004
4005         if (changed & IEEE80211_CONF_CHANGE_LISTEN_INTERVAL)
4006                 b43_set_beacon_listen_interval(dev, conf->listen_interval);
4007
4008         if (changed & IEEE80211_CONF_CHANGE_CHANNEL) {
4009                 phy->chandef = &conf->chandef;
4010                 phy->channel = conf->chandef.chan->hw_value;
4011
4012                 /* Switch the band (if necessary). */
4013                 err = b43_switch_band(dev, conf->chandef.chan);
4014                 if (err)
4015                         goto out_mac_enable;
4016
4017                 /* Switch to the requested channel.
4018                  * The firmware takes care of races with the TX handler.
4019                  */
4020                 b43_switch_channel(dev, phy->channel);
4021         }
4022
4023         if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
4024                 b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
4025                                           conf->long_frame_max_tx_count);
4026         changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
4027         if (!changed)
4028                 goto out_mac_enable;
4029
4030         dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_MONITOR);
4031
4032         /* Adjust the desired TX power level. */
4033         if (conf->power_level != 0) {
4034                 if (conf->power_level != phy->desired_txpower) {
4035                         phy->desired_txpower = conf->power_level;
4036                         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
4037                                                    B43_TXPWR_IGNORE_TSSI);
4038                 }
4039         }
4040
4041         /* Antennas for RX and management frame TX. */
4042         antenna = B43_ANTENNA_DEFAULT;
4043         b43_mgmtframe_txantenna(dev, antenna);
4044         antenna = B43_ANTENNA_DEFAULT;
4045         if (phy->ops->set_rx_antenna)
4046                 phy->ops->set_rx_antenna(dev, antenna);
4047
4048         if (wl->radio_enabled != phy->radio_on) {
4049                 if (wl->radio_enabled) {
4050                         b43_software_rfkill(dev, false);
4051                         b43info(dev->wl, "Radio turned on by software\n");
4052                         if (!dev->radio_hw_enable) {
4053                                 b43info(dev->wl, "The hardware RF-kill button "
4054                                         "still turns the radio physically off. "
4055                                         "Press the button to turn it on.\n");
4056                         }
4057                 } else {
4058                         b43_software_rfkill(dev, true);
4059                         b43info(dev->wl, "Radio turned off by software\n");
4060                 }
4061         }
4062
4063 out_mac_enable:
4064         b43_mac_enable(dev);
4065         mutex_unlock(&wl->mutex);
4066
4067         return err;
4068 }
4069
4070 static void b43_update_basic_rates(struct b43_wldev *dev, u32 brates)
4071 {
4072         struct ieee80211_supported_band *sband =
4073                 dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
4074         struct ieee80211_rate *rate;
4075         int i;
4076         u16 basic, direct, offset, basic_offset, rateptr;
4077
4078         for (i = 0; i < sband->n_bitrates; i++) {
4079                 rate = &sband->bitrates[i];
4080
4081                 if (b43_is_cck_rate(rate->hw_value)) {
4082                         direct = B43_SHM_SH_CCKDIRECT;
4083                         basic = B43_SHM_SH_CCKBASIC;
4084                         offset = b43_plcp_get_ratecode_cck(rate->hw_value);
4085                         offset &= 0xF;
4086                 } else {
4087                         direct = B43_SHM_SH_OFDMDIRECT;
4088                         basic = B43_SHM_SH_OFDMBASIC;
4089                         offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
4090                         offset &= 0xF;
4091                 }
4092
4093                 rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
4094
4095                 if (b43_is_cck_rate(rate->hw_value)) {
4096                         basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
4097                         basic_offset &= 0xF;
4098                 } else {
4099                         basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
4100                         basic_offset &= 0xF;
4101                 }
4102
4103                 /*
4104                  * Get the pointer that we need to point to
4105                  * from the direct map
4106                  */
4107                 rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
4108                                          direct + 2 * basic_offset);
4109                 /* and write it to the basic map */
4110                 b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
4111                                 rateptr);
4112         }
4113 }
4114
4115 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
4116                                     struct ieee80211_vif *vif,
4117                                     struct ieee80211_bss_conf *conf,
4118                                     u32 changed)
4119 {
4120         struct b43_wl *wl = hw_to_b43_wl(hw);
4121         struct b43_wldev *dev;
4122
4123         mutex_lock(&wl->mutex);
4124
4125         dev = wl->current_dev;
4126         if (!dev || b43_status(dev) < B43_STAT_STARTED)
4127                 goto out_unlock_mutex;
4128
4129         B43_WARN_ON(wl->vif != vif);
4130
4131         if (changed & BSS_CHANGED_BSSID) {
4132                 if (conf->bssid)
4133                         memcpy(wl->bssid, conf->bssid, ETH_ALEN);
4134                 else
4135                         memset(wl->bssid, 0, ETH_ALEN);
4136         }
4137
4138         if (b43_status(dev) >= B43_STAT_INITIALIZED) {
4139                 if (changed & BSS_CHANGED_BEACON &&
4140                     (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
4141                      b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
4142                      b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
4143                         b43_update_templates(wl);
4144
4145                 if (changed & BSS_CHANGED_BSSID)
4146                         b43_write_mac_bssid_templates(dev);
4147         }
4148
4149         b43_mac_suspend(dev);
4150
4151         /* Update templates for AP/mesh mode. */
4152         if (changed & BSS_CHANGED_BEACON_INT &&
4153             (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
4154              b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
4155              b43_is_mode(wl, NL80211_IFTYPE_ADHOC)) &&
4156             conf->beacon_int)
4157                 b43_set_beacon_int(dev, conf->beacon_int);
4158
4159         if (changed & BSS_CHANGED_BASIC_RATES)
4160                 b43_update_basic_rates(dev, conf->basic_rates);
4161
4162         if (changed & BSS_CHANGED_ERP_SLOT) {
4163                 if (conf->use_short_slot)
4164                         b43_short_slot_timing_enable(dev);
4165                 else
4166                         b43_short_slot_timing_disable(dev);
4167         }
4168
4169         b43_mac_enable(dev);
4170 out_unlock_mutex:
4171         mutex_unlock(&wl->mutex);
4172 }
4173
4174 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
4175                           struct ieee80211_vif *vif, struct ieee80211_sta *sta,
4176                           struct ieee80211_key_conf *key)
4177 {
4178         struct b43_wl *wl = hw_to_b43_wl(hw);
4179         struct b43_wldev *dev;
4180         u8 algorithm;
4181         u8 index;
4182         int err;
4183         static const u8 bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
4184
4185         if (modparam_nohwcrypt)
4186                 return -ENOSPC; /* User disabled HW-crypto */
4187
4188         if ((vif->type == NL80211_IFTYPE_ADHOC ||
4189              vif->type == NL80211_IFTYPE_MESH_POINT) &&
4190             (key->cipher == WLAN_CIPHER_SUITE_TKIP ||
4191              key->cipher == WLAN_CIPHER_SUITE_CCMP) &&
4192             !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
4193                 /*
4194                  * For now, disable hw crypto for the RSN IBSS group keys. This
4195                  * could be optimized in the future, but until that gets
4196                  * implemented, use of software crypto for group addressed
4197                  * frames is a acceptable to allow RSN IBSS to be used.
4198                  */
4199                 return -EOPNOTSUPP;
4200         }
4201
4202         mutex_lock(&wl->mutex);
4203
4204         dev = wl->current_dev;
4205         err = -ENODEV;
4206         if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
4207                 goto out_unlock;
4208
4209         if (dev->fw.pcm_request_failed || !dev->hwcrypto_enabled) {
4210                 /* We don't have firmware for the crypto engine.
4211                  * Must use software-crypto. */
4212                 err = -EOPNOTSUPP;
4213                 goto out_unlock;
4214         }
4215
4216         err = -EINVAL;
4217         switch (key->cipher) {
4218         case WLAN_CIPHER_SUITE_WEP40:
4219                 algorithm = B43_SEC_ALGO_WEP40;
4220                 break;
4221         case WLAN_CIPHER_SUITE_WEP104:
4222                 algorithm = B43_SEC_ALGO_WEP104;
4223                 break;
4224         case WLAN_CIPHER_SUITE_TKIP:
4225                 algorithm = B43_SEC_ALGO_TKIP;
4226                 break;
4227         case WLAN_CIPHER_SUITE_CCMP:
4228                 algorithm = B43_SEC_ALGO_AES;
4229                 break;
4230         default:
4231                 B43_WARN_ON(1);
4232                 goto out_unlock;
4233         }
4234         index = (u8) (key->keyidx);
4235         if (index > 3)
4236                 goto out_unlock;
4237
4238         switch (cmd) {
4239         case SET_KEY:
4240                 if (algorithm == B43_SEC_ALGO_TKIP &&
4241                     (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE) ||
4242                     !modparam_hwtkip)) {
4243                         /* We support only pairwise key */
4244                         err = -EOPNOTSUPP;
4245                         goto out_unlock;
4246                 }
4247
4248                 if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
4249                         if (WARN_ON(!sta)) {
4250                                 err = -EOPNOTSUPP;
4251                                 goto out_unlock;
4252                         }
4253                         /* Pairwise key with an assigned MAC address. */
4254                         err = b43_key_write(dev, -1, algorithm,
4255                                             key->key, key->keylen,
4256                                             sta->addr, key);
4257                 } else {
4258                         /* Group key */
4259                         err = b43_key_write(dev, index, algorithm,
4260                                             key->key, key->keylen, NULL, key);
4261                 }
4262                 if (err)
4263                         goto out_unlock;
4264
4265                 if (algorithm == B43_SEC_ALGO_WEP40 ||
4266                     algorithm == B43_SEC_ALGO_WEP104) {
4267                         b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
4268                 } else {
4269                         b43_hf_write(dev,
4270                                      b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
4271                 }
4272                 key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
4273                 if (algorithm == B43_SEC_ALGO_TKIP)
4274                         key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
4275                 break;
4276         case DISABLE_KEY: {
4277                 err = b43_key_clear(dev, key->hw_key_idx);
4278                 if (err)
4279                         goto out_unlock;
4280                 break;
4281         }
4282         default:
4283                 B43_WARN_ON(1);
4284         }
4285
4286 out_unlock:
4287         if (!err) {
4288                 b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
4289                        "mac: %pM\n",
4290                        cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
4291                        sta ? sta->addr : bcast_addr);
4292                 b43_dump_keymemory(dev);
4293         }
4294         mutex_unlock(&wl->mutex);
4295
4296         return err;
4297 }
4298
4299 static void b43_op_configure_filter(struct ieee80211_hw *hw,
4300                                     unsigned int changed, unsigned int *fflags,
4301                                     u64 multicast)
4302 {
4303         struct b43_wl *wl = hw_to_b43_wl(hw);
4304         struct b43_wldev *dev;
4305
4306         mutex_lock(&wl->mutex);
4307         dev = wl->current_dev;
4308         if (!dev) {
4309                 *fflags = 0;
4310                 goto out_unlock;
4311         }
4312
4313         *fflags &= FIF_PROMISC_IN_BSS |
4314                   FIF_ALLMULTI |
4315                   FIF_FCSFAIL |
4316                   FIF_PLCPFAIL |
4317                   FIF_CONTROL |
4318                   FIF_OTHER_BSS |
4319                   FIF_BCN_PRBRESP_PROMISC;
4320
4321         changed &= FIF_PROMISC_IN_BSS |
4322                    FIF_ALLMULTI |
4323                    FIF_FCSFAIL |
4324                    FIF_PLCPFAIL |
4325                    FIF_CONTROL |
4326                    FIF_OTHER_BSS |
4327                    FIF_BCN_PRBRESP_PROMISC;
4328
4329         wl->filter_flags = *fflags;
4330
4331         if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
4332                 b43_adjust_opmode(dev);
4333
4334 out_unlock:
4335         mutex_unlock(&wl->mutex);
4336 }
4337
4338 /* Locking: wl->mutex
4339  * Returns the current dev. This might be different from the passed in dev,
4340  * because the core might be gone away while we unlocked the mutex. */
4341 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev)
4342 {
4343         struct b43_wl *wl;
4344         struct b43_wldev *orig_dev;
4345         u32 mask;
4346         int queue_num;
4347
4348         if (!dev)
4349                 return NULL;
4350         wl = dev->wl;
4351 redo:
4352         if (!dev || b43_status(dev) < B43_STAT_STARTED)
4353                 return dev;
4354
4355         /* Cancel work. Unlock to avoid deadlocks. */
4356         mutex_unlock(&wl->mutex);
4357         cancel_delayed_work_sync(&dev->periodic_work);
4358         cancel_work_sync(&wl->tx_work);
4359         b43_leds_stop(dev);
4360         mutex_lock(&wl->mutex);
4361         dev = wl->current_dev;
4362         if (!dev || b43_status(dev) < B43_STAT_STARTED) {
4363                 /* Whoops, aliens ate up the device while we were unlocked. */
4364                 return dev;
4365         }
4366
4367         /* Disable interrupts on the device. */
4368         b43_set_status(dev, B43_STAT_INITIALIZED);
4369         if (b43_bus_host_is_sdio(dev->dev)) {
4370                 /* wl->mutex is locked. That is enough. */
4371                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4372                 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4373         } else {
4374                 spin_lock_irq(&wl->hardirq_lock);
4375                 b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4376                 b43_read32(dev, B43_MMIO_GEN_IRQ_MASK); /* Flush */
4377                 spin_unlock_irq(&wl->hardirq_lock);
4378         }
4379         /* Synchronize and free the interrupt handlers. Unlock to avoid deadlocks. */
4380         orig_dev = dev;
4381         mutex_unlock(&wl->mutex);
4382         if (b43_bus_host_is_sdio(dev->dev)) {
4383                 b43_sdio_free_irq(dev);
4384         } else {
4385                 synchronize_irq(dev->dev->irq);
4386                 free_irq(dev->dev->irq, dev);
4387         }
4388         mutex_lock(&wl->mutex);
4389         dev = wl->current_dev;
4390         if (!dev)
4391                 return dev;
4392         if (dev != orig_dev) {
4393                 if (b43_status(dev) >= B43_STAT_STARTED)
4394                         goto redo;
4395                 return dev;
4396         }
4397         mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
4398         B43_WARN_ON(mask != 0xFFFFFFFF && mask);
4399
4400         /* Drain all TX queues. */
4401         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
4402                 while (skb_queue_len(&wl->tx_queue[queue_num])) {
4403                         struct sk_buff *skb;
4404
4405                         skb = skb_dequeue(&wl->tx_queue[queue_num]);
4406                         ieee80211_free_txskb(wl->hw, skb);
4407                 }
4408         }
4409
4410         b43_mac_suspend(dev);
4411         b43_leds_exit(dev);
4412         b43dbg(wl, "Wireless interface stopped\n");
4413
4414         return dev;
4415 }
4416
4417 /* Locking: wl->mutex */
4418 static int b43_wireless_core_start(struct b43_wldev *dev)
4419 {
4420         int err;
4421
4422         B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
4423
4424         drain_txstatus_queue(dev);
4425         if (b43_bus_host_is_sdio(dev->dev)) {
4426                 err = b43_sdio_request_irq(dev, b43_sdio_interrupt_handler);
4427                 if (err) {
4428                         b43err(dev->wl, "Cannot request SDIO IRQ\n");
4429                         goto out;
4430                 }
4431         } else {
4432                 err = request_threaded_irq(dev->dev->irq, b43_interrupt_handler,
4433                                            b43_interrupt_thread_handler,
4434                                            IRQF_SHARED, KBUILD_MODNAME, dev);
4435                 if (err) {
4436                         b43err(dev->wl, "Cannot request IRQ-%d\n",
4437                                dev->dev->irq);
4438                         goto out;
4439                 }
4440         }
4441
4442         /* We are ready to run. */
4443         ieee80211_wake_queues(dev->wl->hw);
4444         b43_set_status(dev, B43_STAT_STARTED);
4445
4446         /* Start data flow (TX/RX). */
4447         b43_mac_enable(dev);
4448         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
4449
4450         /* Start maintenance work */
4451         b43_periodic_tasks_setup(dev);
4452
4453         b43_leds_init(dev);
4454
4455         b43dbg(dev->wl, "Wireless interface started\n");
4456 out:
4457         return err;
4458 }
4459
4460 static char *b43_phy_name(struct b43_wldev *dev, u8 phy_type)
4461 {
4462         switch (phy_type) {
4463         case B43_PHYTYPE_A:
4464                 return "A";
4465         case B43_PHYTYPE_B:
4466                 return "B";
4467         case B43_PHYTYPE_G:
4468                 return "G";
4469         case B43_PHYTYPE_N:
4470                 return "N";
4471         case B43_PHYTYPE_LP:
4472                 return "LP";
4473         case B43_PHYTYPE_SSLPN:
4474                 return "SSLPN";
4475         case B43_PHYTYPE_HT:
4476                 return "HT";
4477         case B43_PHYTYPE_LCN:
4478                 return "LCN";
4479         case B43_PHYTYPE_LCNXN:
4480                 return "LCNXN";
4481         case B43_PHYTYPE_LCN40:
4482                 return "LCN40";
4483         case B43_PHYTYPE_AC:
4484                 return "AC";
4485         }
4486         return "UNKNOWN";
4487 }
4488
4489 /* Get PHY and RADIO versioning numbers */
4490 static int b43_phy_versioning(struct b43_wldev *dev)
4491 {
4492         struct b43_phy *phy = &dev->phy;
4493         const u8 core_rev = dev->dev->core_rev;
4494         u32 tmp;
4495         u8 analog_type;
4496         u8 phy_type;
4497         u8 phy_rev;
4498         u16 radio_manuf;
4499         u16 radio_id;
4500         u16 radio_rev;
4501         u8 radio_ver;
4502         int unsupported = 0;
4503
4504         /* Get PHY versioning */
4505         tmp = b43_read16(dev, B43_MMIO_PHY_VER);
4506         analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
4507         phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
4508         phy_rev = (tmp & B43_PHYVER_VERSION);
4509
4510         /* LCNXN is continuation of N which run out of revisions */
4511         if (phy_type == B43_PHYTYPE_LCNXN) {
4512                 phy_type = B43_PHYTYPE_N;
4513                 phy_rev += 16;
4514         }
4515
4516         switch (phy_type) {
4517 #ifdef CONFIG_B43_PHY_G
4518         case B43_PHYTYPE_G:
4519                 if (phy_rev > 9)
4520                         unsupported = 1;
4521                 break;
4522 #endif
4523 #ifdef CONFIG_B43_PHY_N
4524         case B43_PHYTYPE_N:
4525                 if (phy_rev >= 19)
4526                         unsupported = 1;
4527                 break;
4528 #endif
4529 #ifdef CONFIG_B43_PHY_LP
4530         case B43_PHYTYPE_LP:
4531                 if (phy_rev > 2)
4532                         unsupported = 1;
4533                 break;
4534 #endif
4535 #ifdef CONFIG_B43_PHY_HT
4536         case B43_PHYTYPE_HT:
4537                 if (phy_rev > 1)
4538                         unsupported = 1;
4539                 break;
4540 #endif
4541 #ifdef CONFIG_B43_PHY_LCN
4542         case B43_PHYTYPE_LCN:
4543                 if (phy_rev > 1)
4544                         unsupported = 1;
4545                 break;
4546 #endif
4547 #ifdef CONFIG_B43_PHY_AC
4548         case B43_PHYTYPE_AC:
4549                 if (phy_rev > 1)
4550                         unsupported = 1;
4551                 break;
4552 #endif
4553         default:
4554                 unsupported = 1;
4555         }
4556         if (unsupported) {
4557                 b43err(dev->wl, "FOUND UNSUPPORTED PHY (Analog %u, Type %d (%s), Revision %u)\n",
4558                        analog_type, phy_type, b43_phy_name(dev, phy_type),
4559                        phy_rev);
4560                 return -EOPNOTSUPP;
4561         }
4562         b43info(dev->wl, "Found PHY: Analog %u, Type %d (%s), Revision %u\n",
4563                 analog_type, phy_type, b43_phy_name(dev, phy_type), phy_rev);
4564
4565         /* Get RADIO versioning */
4566         if (core_rev == 40 || core_rev == 42) {
4567                 radio_manuf = 0x17F;
4568
4569                 b43_write16f(dev, B43_MMIO_RADIO24_CONTROL, 0);
4570                 radio_rev = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4571
4572                 b43_write16f(dev, B43_MMIO_RADIO24_CONTROL, 1);
4573                 radio_id = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4574
4575                 radio_ver = 0; /* Is there version somewhere? */
4576         } else if (core_rev >= 24) {
4577                 u16 radio24[3];
4578
4579                 for (tmp = 0; tmp < 3; tmp++) {
4580                         b43_write16f(dev, B43_MMIO_RADIO24_CONTROL, tmp);
4581                         radio24[tmp] = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4582                 }
4583
4584                 radio_manuf = 0x17F;
4585                 radio_id = (radio24[2] << 8) | radio24[1];
4586                 radio_rev = (radio24[0] & 0xF);
4587                 radio_ver = (radio24[0] & 0xF0) >> 4;
4588         } else {
4589                 if (dev->dev->chip_id == 0x4317) {
4590                         if (dev->dev->chip_rev == 0)
4591                                 tmp = 0x3205017F;
4592                         else if (dev->dev->chip_rev == 1)
4593                                 tmp = 0x4205017F;
4594                         else
4595                                 tmp = 0x5205017F;
4596                 } else {
4597                         b43_write16f(dev, B43_MMIO_RADIO_CONTROL,
4598                                      B43_RADIOCTL_ID);
4599                         tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
4600                         b43_write16f(dev, B43_MMIO_RADIO_CONTROL,
4601                                      B43_RADIOCTL_ID);
4602                         tmp |= b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH) << 16;
4603                 }
4604                 radio_manuf = (tmp & 0x00000FFF);
4605                 radio_id = (tmp & 0x0FFFF000) >> 12;
4606                 radio_rev = (tmp & 0xF0000000) >> 28;
4607                 radio_ver = 0; /* Probably not available on old hw */
4608         }
4609
4610         if (radio_manuf != 0x17F /* Broadcom */)
4611                 unsupported = 1;
4612         switch (phy_type) {
4613         case B43_PHYTYPE_A:
4614                 if (radio_id != 0x2060)
4615                         unsupported = 1;
4616                 if (radio_rev != 1)
4617                         unsupported = 1;
4618                 if (radio_manuf != 0x17F)
4619                         unsupported = 1;
4620                 break;
4621         case B43_PHYTYPE_B:
4622                 if ((radio_id & 0xFFF0) != 0x2050)
4623                         unsupported = 1;
4624                 break;
4625         case B43_PHYTYPE_G:
4626                 if (radio_id != 0x2050)
4627                         unsupported = 1;
4628                 break;
4629         case B43_PHYTYPE_N:
4630                 if (radio_id != 0x2055 && radio_id != 0x2056 &&
4631                     radio_id != 0x2057)
4632                         unsupported = 1;
4633                 if (radio_id == 0x2057 &&
4634                     !(radio_rev == 9 || radio_rev == 14))
4635                         unsupported = 1;
4636                 break;
4637         case B43_PHYTYPE_LP:
4638                 if (radio_id != 0x2062 && radio_id != 0x2063)
4639                         unsupported = 1;
4640                 break;
4641         case B43_PHYTYPE_HT:
4642                 if (radio_id != 0x2059)
4643                         unsupported = 1;
4644                 break;
4645         case B43_PHYTYPE_LCN:
4646                 if (radio_id != 0x2064)
4647                         unsupported = 1;
4648                 break;
4649         case B43_PHYTYPE_AC:
4650                 if (radio_id != 0x2069)
4651                         unsupported = 1;
4652                 break;
4653         default:
4654                 B43_WARN_ON(1);
4655         }
4656         if (unsupported) {
4657                 b43err(dev->wl,
4658                        "FOUND UNSUPPORTED RADIO (Manuf 0x%X, ID 0x%X, Revision %u, Version %u)\n",
4659                        radio_manuf, radio_id, radio_rev, radio_ver);
4660                 return -EOPNOTSUPP;
4661         }
4662         b43info(dev->wl,
4663                 "Found Radio: Manuf 0x%X, ID 0x%X, Revision %u, Version %u\n",
4664                 radio_manuf, radio_id, radio_rev, radio_ver);
4665
4666         /* FIXME: b43 treats "id" as "ver" and ignores the real "ver" */
4667         phy->radio_manuf = radio_manuf;
4668         phy->radio_ver = radio_id;
4669         phy->radio_rev = radio_rev;
4670
4671         phy->analog = analog_type;
4672         phy->type = phy_type;
4673         phy->rev = phy_rev;
4674
4675         return 0;
4676 }
4677
4678 static void setup_struct_phy_for_init(struct b43_wldev *dev,
4679                                       struct b43_phy *phy)
4680 {
4681         phy->hardware_power_control = !!modparam_hwpctl;
4682         phy->next_txpwr_check_time = jiffies;
4683         /* PHY TX errors counter. */
4684         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
4685
4686 #if B43_DEBUG
4687         phy->phy_locked = false;
4688         phy->radio_locked = false;
4689 #endif
4690 }
4691
4692 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
4693 {
4694         dev->dfq_valid = false;
4695
4696         /* Assume the radio is enabled. If it's not enabled, the state will
4697          * immediately get fixed on the first periodic work run. */
4698         dev->radio_hw_enable = true;
4699
4700         /* Stats */
4701         memset(&dev->stats, 0, sizeof(dev->stats));
4702
4703         setup_struct_phy_for_init(dev, &dev->phy);
4704
4705         /* IRQ related flags */
4706         dev->irq_reason = 0;
4707         memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
4708         dev->irq_mask = B43_IRQ_MASKTEMPLATE;
4709         if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
4710                 dev->irq_mask &= ~B43_IRQ_PHY_TXERR;
4711
4712         dev->mac_suspended = 1;
4713
4714         /* Noise calculation context */
4715         memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
4716 }
4717
4718 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
4719 {
4720         struct ssb_sprom *sprom = dev->dev->bus_sprom;
4721         u64 hf;
4722
4723         if (!modparam_btcoex)
4724                 return;
4725         if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
4726                 return;
4727         if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
4728                 return;
4729
4730         hf = b43_hf_read(dev);
4731         if (sprom->boardflags_lo & B43_BFL_BTCMOD)
4732                 hf |= B43_HF_BTCOEXALT;
4733         else
4734                 hf |= B43_HF_BTCOEX;
4735         b43_hf_write(dev, hf);
4736 }
4737
4738 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
4739 {
4740         if (!modparam_btcoex)
4741                 return;
4742         //TODO
4743 }
4744
4745 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
4746 {
4747         struct ssb_bus *bus;
4748         u32 tmp;
4749
4750 #ifdef CONFIG_B43_SSB
4751         if (dev->dev->bus_type != B43_BUS_SSB)
4752                 return;
4753 #else
4754         return;
4755 #endif
4756
4757         bus = dev->dev->sdev->bus;
4758
4759         if ((bus->chip_id == 0x4311 && bus->chip_rev == 2) ||
4760             (bus->chip_id == 0x4312)) {
4761                 tmp = ssb_read32(dev->dev->sdev, SSB_IMCFGLO);
4762                 tmp &= ~SSB_IMCFGLO_REQTO;
4763                 tmp &= ~SSB_IMCFGLO_SERTO;
4764                 tmp |= 0x3;
4765                 ssb_write32(dev->dev->sdev, SSB_IMCFGLO, tmp);
4766                 ssb_commit_settings(bus);
4767         }
4768 }
4769
4770 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
4771 {
4772         u16 pu_delay;
4773
4774         /* The time value is in microseconds. */
4775         if (dev->phy.type == B43_PHYTYPE_A)
4776                 pu_delay = 3700;
4777         else
4778                 pu_delay = 1050;
4779         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
4780                 pu_delay = 500;
4781         if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
4782                 pu_delay = max(pu_delay, (u16)2400);
4783
4784         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
4785 }
4786
4787 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
4788 static void b43_set_pretbtt(struct b43_wldev *dev)
4789 {
4790         u16 pretbtt;
4791
4792         /* The time value is in microseconds. */
4793         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC)) {
4794                 pretbtt = 2;
4795         } else {
4796                 if (dev->phy.type == B43_PHYTYPE_A)
4797                         pretbtt = 120;
4798                 else
4799                         pretbtt = 250;
4800         }
4801         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
4802         b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
4803 }
4804
4805 /* Shutdown a wireless core */
4806 /* Locking: wl->mutex */
4807 static void b43_wireless_core_exit(struct b43_wldev *dev)
4808 {
4809         B43_WARN_ON(dev && b43_status(dev) > B43_STAT_INITIALIZED);
4810         if (!dev || b43_status(dev) != B43_STAT_INITIALIZED)
4811                 return;
4812
4813         b43_set_status(dev, B43_STAT_UNINIT);
4814
4815         /* Stop the microcode PSM. */
4816         b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
4817                       B43_MACCTL_PSM_JMP0);
4818
4819         switch (dev->dev->bus_type) {
4820 #ifdef CONFIG_B43_BCMA
4821         case B43_BUS_BCMA:
4822                 bcma_core_pci_down(dev->dev->bdev->bus);
4823                 break;
4824 #endif
4825 #ifdef CONFIG_B43_SSB
4826         case B43_BUS_SSB:
4827                 /* TODO */
4828                 break;
4829 #endif
4830         }
4831
4832         b43_dma_free(dev);
4833         b43_pio_free(dev);
4834         b43_chip_exit(dev);
4835         dev->phy.ops->switch_analog(dev, 0);
4836         if (dev->wl->current_beacon) {
4837                 dev_kfree_skb_any(dev->wl->current_beacon);
4838                 dev->wl->current_beacon = NULL;
4839         }
4840
4841         b43_device_disable(dev, 0);
4842         b43_bus_may_powerdown(dev);
4843 }
4844
4845 /* Initialize a wireless core */
4846 static int b43_wireless_core_init(struct b43_wldev *dev)
4847 {
4848         struct ssb_sprom *sprom = dev->dev->bus_sprom;
4849         struct b43_phy *phy = &dev->phy;
4850         int err;
4851         u64 hf;
4852
4853         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4854
4855         err = b43_bus_powerup(dev, 0);
4856         if (err)
4857                 goto out;
4858         if (!b43_device_is_enabled(dev))
4859                 b43_wireless_core_reset(dev, phy->gmode);
4860
4861         /* Reset all data structures. */
4862         setup_struct_wldev_for_init(dev);
4863         phy->ops->prepare_structs(dev);
4864
4865         /* Enable IRQ routing to this device. */
4866         switch (dev->dev->bus_type) {
4867 #ifdef CONFIG_B43_BCMA
4868         case B43_BUS_BCMA:
4869                 bcma_core_pci_irq_ctl(&dev->dev->bdev->bus->drv_pci[0],
4870                                       dev->dev->bdev, true);
4871                 bcma_core_pci_up(dev->dev->bdev->bus);
4872                 break;
4873 #endif
4874 #ifdef CONFIG_B43_SSB
4875         case B43_BUS_SSB:
4876                 ssb_pcicore_dev_irqvecs_enable(&dev->dev->sdev->bus->pcicore,
4877                                                dev->dev->sdev);
4878                 break;
4879 #endif
4880         }
4881
4882         b43_imcfglo_timeouts_workaround(dev);
4883         b43_bluetooth_coext_disable(dev);
4884         if (phy->ops->prepare_hardware) {
4885                 err = phy->ops->prepare_hardware(dev);
4886                 if (err)
4887                         goto err_busdown;
4888         }
4889         err = b43_chip_init(dev);
4890         if (err)
4891                 goto err_busdown;
4892         b43_shm_write16(dev, B43_SHM_SHARED,
4893                         B43_SHM_SH_WLCOREREV, dev->dev->core_rev);
4894         hf = b43_hf_read(dev);
4895         if (phy->type == B43_PHYTYPE_G) {
4896                 hf |= B43_HF_SYMW;
4897                 if (phy->rev == 1)
4898                         hf |= B43_HF_GDCW;
4899                 if (sprom->boardflags_lo & B43_BFL_PACTRL)
4900                         hf |= B43_HF_OFDMPABOOST;
4901         }
4902         if (phy->radio_ver == 0x2050) {
4903                 if (phy->radio_rev == 6)
4904                         hf |= B43_HF_4318TSSI;
4905                 if (phy->radio_rev < 6)
4906                         hf |= B43_HF_VCORECALC;
4907         }
4908         if (sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW)
4909                 hf |= B43_HF_DSCRQ; /* Disable slowclock requests from ucode. */
4910 #if defined(CONFIG_B43_SSB) && defined(CONFIG_SSB_DRIVER_PCICORE)
4911         if (dev->dev->bus_type == B43_BUS_SSB &&
4912             dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI &&
4913             dev->dev->sdev->bus->pcicore.dev->id.revision <= 10)
4914                 hf |= B43_HF_PCISCW; /* PCI slow clock workaround. */
4915 #endif
4916         hf &= ~B43_HF_SKCFPUP;
4917         b43_hf_write(dev, hf);
4918
4919         /* tell the ucode MAC capabilities */
4920         if (dev->dev->core_rev >= 13) {
4921                 u32 mac_hw_cap = b43_read32(dev, B43_MMIO_MAC_HW_CAP);
4922
4923                 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_MACHW_L,
4924                                 mac_hw_cap & 0xffff);
4925                 b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_MACHW_H,
4926                                 (mac_hw_cap >> 16) & 0xffff);
4927         }
4928
4929         b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4930                              B43_DEFAULT_LONG_RETRY_LIMIT);
4931         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4932         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4933
4934         /* Disable sending probe responses from firmware.
4935          * Setting the MaxTime to one usec will always trigger
4936          * a timeout, so we never send any probe resp.
4937          * A timeout of zero is infinite. */
4938         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4939
4940         b43_rate_memory_init(dev);
4941         b43_set_phytxctl_defaults(dev);
4942
4943         /* Minimum Contention Window */
4944         if (phy->type == B43_PHYTYPE_B)
4945                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4946         else
4947                 b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4948         /* Maximum Contention Window */
4949         b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4950
4951         /* write phytype and phyvers */
4952         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PHYTYPE, phy->type);
4953         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PHYVER, phy->rev);
4954
4955         if (b43_bus_host_is_pcmcia(dev->dev) ||
4956             b43_bus_host_is_sdio(dev->dev)) {
4957                 dev->__using_pio_transfers = true;
4958                 err = b43_pio_init(dev);
4959         } else if (dev->use_pio) {
4960                 b43warn(dev->wl, "Forced PIO by use_pio module parameter. "
4961                         "This should not be needed and will result in lower "
4962                         "performance.\n");
4963                 dev->__using_pio_transfers = true;
4964                 err = b43_pio_init(dev);
4965         } else {
4966                 dev->__using_pio_transfers = false;
4967                 err = b43_dma_init(dev);
4968         }
4969         if (err)
4970                 goto err_chip_exit;
4971         b43_qos_init(dev);
4972         b43_set_synth_pu_delay(dev, 1);
4973         b43_bluetooth_coext_enable(dev);
4974
4975         b43_bus_powerup(dev, !(sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW));
4976         b43_upload_card_macaddress(dev);
4977         b43_security_init(dev);
4978
4979         ieee80211_wake_queues(dev->wl->hw);
4980
4981         b43_set_status(dev, B43_STAT_INITIALIZED);
4982
4983 out:
4984         return err;
4985
4986 err_chip_exit:
4987         b43_chip_exit(dev);
4988 err_busdown:
4989         b43_bus_may_powerdown(dev);
4990         B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4991         return err;
4992 }
4993
4994 static int b43_op_add_interface(struct ieee80211_hw *hw,
4995                                 struct ieee80211_vif *vif)
4996 {
4997         struct b43_wl *wl = hw_to_b43_wl(hw);
4998         struct b43_wldev *dev;
4999         int err = -EOPNOTSUPP;
5000
5001         /* TODO: allow WDS/AP devices to coexist */
5002
5003         if (vif->type != NL80211_IFTYPE_AP &&
5004             vif->type != NL80211_IFTYPE_MESH_POINT &&
5005             vif->type != NL80211_IFTYPE_STATION &&
5006             vif->type != NL80211_IFTYPE_WDS &&
5007             vif->type != NL80211_IFTYPE_ADHOC)
5008                 return -EOPNOTSUPP;
5009
5010         mutex_lock(&wl->mutex);
5011         if (wl->operating)
5012                 goto out_mutex_unlock;
5013
5014         b43dbg(wl, "Adding Interface type %d\n", vif->type);
5015
5016         dev = wl->current_dev;
5017         wl->operating = true;
5018         wl->vif = vif;
5019         wl->if_type = vif->type;
5020         memcpy(wl->mac_addr, vif->addr, ETH_ALEN);
5021
5022         b43_adjust_opmode(dev);
5023         b43_set_pretbtt(dev);
5024         b43_set_synth_pu_delay(dev, 0);
5025         b43_upload_card_macaddress(dev);
5026
5027         err = 0;
5028  out_mutex_unlock:
5029         mutex_unlock(&wl->mutex);
5030
5031         if (err == 0)
5032                 b43_op_bss_info_changed(hw, vif, &vif->bss_conf, ~0);
5033
5034         return err;
5035 }
5036
5037 static void b43_op_remove_interface(struct ieee80211_hw *hw,
5038                                     struct ieee80211_vif *vif)
5039 {
5040         struct b43_wl *wl = hw_to_b43_wl(hw);
5041         struct b43_wldev *dev = wl->current_dev;
5042
5043         b43dbg(wl, "Removing Interface type %d\n", vif->type);
5044
5045         mutex_lock(&wl->mutex);
5046
5047         B43_WARN_ON(!wl->operating);
5048         B43_WARN_ON(wl->vif != vif);
5049         wl->vif = NULL;
5050
5051         wl->operating = false;
5052
5053         b43_adjust_opmode(dev);
5054         memset(wl->mac_addr, 0, ETH_ALEN);
5055         b43_upload_card_macaddress(dev);
5056
5057         mutex_unlock(&wl->mutex);
5058 }
5059
5060 static int b43_op_start(struct ieee80211_hw *hw)
5061 {
5062         struct b43_wl *wl = hw_to_b43_wl(hw);
5063         struct b43_wldev *dev = wl->current_dev;
5064         int did_init = 0;
5065         int err = 0;
5066
5067         /* Kill all old instance specific information to make sure
5068          * the card won't use it in the short timeframe between start
5069          * and mac80211 reconfiguring it. */
5070         memset(wl->bssid, 0, ETH_ALEN);
5071         memset(wl->mac_addr, 0, ETH_ALEN);
5072         wl->filter_flags = 0;
5073         wl->radiotap_enabled = false;
5074         b43_qos_clear(wl);
5075         wl->beacon0_uploaded = false;
5076         wl->beacon1_uploaded = false;
5077         wl->beacon_templates_virgin = true;
5078         wl->radio_enabled = true;
5079
5080         mutex_lock(&wl->mutex);
5081
5082         if (b43_status(dev) < B43_STAT_INITIALIZED) {
5083                 err = b43_wireless_core_init(dev);
5084                 if (err)
5085                         goto out_mutex_unlock;
5086                 did_init = 1;
5087         }
5088
5089         if (b43_status(dev) < B43_STAT_STARTED) {
5090                 err = b43_wireless_core_start(dev);
5091                 if (err) {
5092                         if (did_init)
5093                                 b43_wireless_core_exit(dev);
5094                         goto out_mutex_unlock;
5095                 }
5096         }
5097
5098         /* XXX: only do if device doesn't support rfkill irq */
5099         wiphy_rfkill_start_polling(hw->wiphy);
5100
5101  out_mutex_unlock:
5102         mutex_unlock(&wl->mutex);
5103
5104         /*
5105          * Configuration may have been overwritten during initialization.
5106          * Reload the configuration, but only if initialization was
5107          * successful. Reloading the configuration after a failed init
5108          * may hang the system.
5109          */
5110         if (!err)
5111                 b43_op_config(hw, ~0);
5112
5113         return err;
5114 }
5115
5116 static void b43_op_stop(struct ieee80211_hw *hw)
5117 {
5118         struct b43_wl *wl = hw_to_b43_wl(hw);
5119         struct b43_wldev *dev = wl->current_dev;
5120
5121         cancel_work_sync(&(wl->beacon_update_trigger));
5122
5123         if (!dev)
5124                 goto out;
5125
5126         mutex_lock(&wl->mutex);
5127         if (b43_status(dev) >= B43_STAT_STARTED) {
5128                 dev = b43_wireless_core_stop(dev);
5129                 if (!dev)
5130                         goto out_unlock;
5131         }
5132         b43_wireless_core_exit(dev);
5133         wl->radio_enabled = false;
5134
5135 out_unlock:
5136         mutex_unlock(&wl->mutex);
5137 out:
5138         cancel_work_sync(&(wl->txpower_adjust_work));
5139 }
5140
5141 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
5142                                  struct ieee80211_sta *sta, bool set)
5143 {
5144         struct b43_wl *wl = hw_to_b43_wl(hw);
5145
5146         b43_update_templates(wl);
5147
5148         return 0;
5149 }
5150
5151 static void b43_op_sta_notify(struct ieee80211_hw *hw,
5152                               struct ieee80211_vif *vif,
5153                               enum sta_notify_cmd notify_cmd,
5154                               struct ieee80211_sta *sta)
5155 {
5156         struct b43_wl *wl = hw_to_b43_wl(hw);
5157
5158         B43_WARN_ON(!vif || wl->vif != vif);
5159 }
5160
5161 static void b43_op_sw_scan_start_notifier(struct ieee80211_hw *hw,
5162                                           struct ieee80211_vif *vif,
5163                                           const u8 *mac_addr)
5164 {
5165         struct b43_wl *wl = hw_to_b43_wl(hw);
5166         struct b43_wldev *dev;
5167
5168         mutex_lock(&wl->mutex);
5169         dev = wl->current_dev;
5170         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
5171                 /* Disable CFP update during scan on other channels. */
5172                 b43_hf_write(dev, b43_hf_read(dev) | B43_HF_SKCFPUP);
5173         }
5174         mutex_unlock(&wl->mutex);
5175 }
5176
5177 static void b43_op_sw_scan_complete_notifier(struct ieee80211_hw *hw,
5178                                              struct ieee80211_vif *vif)
5179 {
5180         struct b43_wl *wl = hw_to_b43_wl(hw);
5181         struct b43_wldev *dev;
5182
5183         mutex_lock(&wl->mutex);
5184         dev = wl->current_dev;
5185         if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
5186                 /* Re-enable CFP update. */
5187                 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_SKCFPUP);
5188         }
5189         mutex_unlock(&wl->mutex);
5190 }
5191
5192 static int b43_op_get_survey(struct ieee80211_hw *hw, int idx,
5193                              struct survey_info *survey)
5194 {
5195         struct b43_wl *wl = hw_to_b43_wl(hw);
5196         struct b43_wldev *dev = wl->current_dev;
5197         struct ieee80211_conf *conf = &hw->conf;
5198
5199         if (idx != 0)
5200                 return -ENOENT;
5201
5202         survey->channel = conf->chandef.chan;
5203         survey->filled = SURVEY_INFO_NOISE_DBM;
5204         survey->noise = dev->stats.link_noise;
5205
5206         return 0;
5207 }
5208
5209 static const struct ieee80211_ops b43_hw_ops = {
5210         .tx                     = b43_op_tx,
5211         .conf_tx                = b43_op_conf_tx,
5212         .add_interface          = b43_op_add_interface,
5213         .remove_interface       = b43_op_remove_interface,
5214         .config                 = b43_op_config,
5215         .bss_info_changed       = b43_op_bss_info_changed,
5216         .configure_filter       = b43_op_configure_filter,
5217         .set_key                = b43_op_set_key,
5218         .update_tkip_key        = b43_op_update_tkip_key,
5219         .get_stats              = b43_op_get_stats,
5220         .get_tsf                = b43_op_get_tsf,
5221         .set_tsf                = b43_op_set_tsf,
5222         .start                  = b43_op_start,
5223         .stop                   = b43_op_stop,
5224         .set_tim                = b43_op_beacon_set_tim,
5225         .sta_notify             = b43_op_sta_notify,
5226         .sw_scan_start          = b43_op_sw_scan_start_notifier,
5227         .sw_scan_complete       = b43_op_sw_scan_complete_notifier,
5228         .get_survey             = b43_op_get_survey,
5229         .rfkill_poll            = b43_rfkill_poll,
5230 };
5231
5232 /* Hard-reset the chip. Do not call this directly.
5233  * Use b43_controller_restart()
5234  */
5235 static void b43_chip_reset(struct work_struct *work)
5236 {
5237         struct b43_wldev *dev =
5238             container_of(work, struct b43_wldev, restart_work);
5239         struct b43_wl *wl = dev->wl;
5240         int err = 0;
5241         int prev_status;
5242
5243         mutex_lock(&wl->mutex);
5244
5245         prev_status = b43_status(dev);
5246         /* Bring the device down... */
5247         if (prev_status >= B43_STAT_STARTED) {
5248                 dev = b43_wireless_core_stop(dev);
5249                 if (!dev) {
5250                         err = -ENODEV;
5251                         goto out;
5252                 }
5253         }
5254         if (prev_status >= B43_STAT_INITIALIZED)
5255                 b43_wireless_core_exit(dev);
5256
5257         /* ...and up again. */
5258         if (prev_status >= B43_STAT_INITIALIZED) {
5259                 err = b43_wireless_core_init(dev);
5260                 if (err)
5261                         goto out;
5262         }
5263         if (prev_status >= B43_STAT_STARTED) {
5264                 err = b43_wireless_core_start(dev);
5265                 if (err) {
5266                         b43_wireless_core_exit(dev);
5267                         goto out;
5268                 }
5269         }
5270 out:
5271         if (err)
5272                 wl->current_dev = NULL; /* Failed to init the dev. */
5273         mutex_unlock(&wl->mutex);
5274
5275         if (err) {
5276                 b43err(wl, "Controller restart FAILED\n");
5277                 return;
5278         }
5279
5280         /* reload configuration */
5281         b43_op_config(wl->hw, ~0);
5282         if (wl->vif)
5283                 b43_op_bss_info_changed(wl->hw, wl->vif, &wl->vif->bss_conf, ~0);
5284
5285         b43info(wl, "Controller restarted\n");
5286 }
5287
5288 static int b43_setup_bands(struct b43_wldev *dev,
5289                            bool have_2ghz_phy, bool have_5ghz_phy)
5290 {
5291         struct ieee80211_hw *hw = dev->wl->hw;
5292         struct b43_phy *phy = &dev->phy;
5293         bool limited_2g;
5294         bool limited_5g;
5295
5296         /* We don't support all 2 GHz channels on some devices */
5297         limited_2g = phy->radio_ver == 0x2057 &&
5298                      (phy->radio_rev == 9 || phy->radio_rev == 14);
5299         limited_5g = phy->radio_ver == 0x2057 &&
5300                      phy->radio_rev == 9;
5301
5302         if (have_2ghz_phy)
5303                 hw->wiphy->bands[IEEE80211_BAND_2GHZ] = limited_2g ?
5304                         &b43_band_2ghz_limited : &b43_band_2GHz;
5305         if (dev->phy.type == B43_PHYTYPE_N) {
5306                 if (have_5ghz_phy)
5307                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = limited_5g ?
5308                                 &b43_band_5GHz_nphy_limited :
5309                                 &b43_band_5GHz_nphy;
5310         } else {
5311                 if (have_5ghz_phy)
5312                         hw->wiphy->bands[IEEE80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
5313         }
5314
5315         dev->phy.supports_2ghz = have_2ghz_phy;
5316         dev->phy.supports_5ghz = have_5ghz_phy;
5317
5318         return 0;
5319 }
5320
5321 static void b43_wireless_core_detach(struct b43_wldev *dev)
5322 {
5323         /* We release firmware that late to not be required to re-request
5324          * is all the time when we reinit the core. */
5325         b43_release_firmware(dev);
5326         b43_phy_free(dev);
5327 }
5328
5329 static void b43_supported_bands(struct b43_wldev *dev, bool *have_2ghz_phy,
5330                                 bool *have_5ghz_phy)
5331 {
5332         u16 dev_id = 0;
5333
5334 #ifdef CONFIG_B43_BCMA
5335         if (dev->dev->bus_type == B43_BUS_BCMA &&
5336             dev->dev->bdev->bus->hosttype == BCMA_HOSTTYPE_PCI)
5337                 dev_id = dev->dev->bdev->bus->host_pci->device;
5338 #endif
5339 #ifdef CONFIG_B43_SSB
5340         if (dev->dev->bus_type == B43_BUS_SSB &&
5341             dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI)
5342                 dev_id = dev->dev->sdev->bus->host_pci->device;
5343 #endif
5344         /* Override with SPROM value if available */
5345         if (dev->dev->bus_sprom->dev_id)
5346                 dev_id = dev->dev->bus_sprom->dev_id;
5347
5348         /* Note: below IDs can be "virtual" (not maching e.g. real PCI ID) */
5349         switch (dev_id) {
5350         case 0x4324: /* BCM4306 */
5351         case 0x4312: /* BCM4311 */
5352         case 0x4319: /* BCM4318 */
5353         case 0x4328: /* BCM4321 */
5354         case 0x432b: /* BCM4322 */
5355         case 0x4350: /* BCM43222 */
5356         case 0x4353: /* BCM43224 */
5357         case 0x0576: /* BCM43224 */
5358         case 0x435f: /* BCM6362 */
5359         case 0x4331: /* BCM4331 */
5360         case 0x4359: /* BCM43228 */
5361         case 0x43a0: /* BCM4360 */
5362         case 0x43b1: /* BCM4352 */
5363                 /* Dual band devices */
5364                 *have_2ghz_phy = true;
5365                 *have_5ghz_phy = true;
5366                 return;
5367         case 0x4321: /* BCM4306 */
5368         case 0x4313: /* BCM4311 */
5369         case 0x431a: /* BCM4318 */
5370         case 0x432a: /* BCM4321 */
5371         case 0x432d: /* BCM4322 */
5372         case 0x4352: /* BCM43222 */
5373         case 0x435a: /* BCM43228 */
5374         case 0x4333: /* BCM4331 */
5375         case 0x43a2: /* BCM4360 */
5376         case 0x43b3: /* BCM4352 */
5377                 /* 5 GHz only devices */
5378                 *have_2ghz_phy = false;
5379                 *have_5ghz_phy = true;
5380                 return;
5381         }
5382
5383         /* As a fallback, try to guess using PHY type */
5384         switch (dev->phy.type) {
5385         case B43_PHYTYPE_A:
5386                 *have_2ghz_phy = false;
5387                 *have_5ghz_phy = true;
5388                 return;
5389         case B43_PHYTYPE_G:
5390         case B43_PHYTYPE_N:
5391         case B43_PHYTYPE_LP:
5392         case B43_PHYTYPE_HT:
5393         case B43_PHYTYPE_LCN:
5394                 *have_2ghz_phy = true;
5395                 *have_5ghz_phy = false;
5396                 return;
5397         }
5398
5399         B43_WARN_ON(1);
5400 }
5401
5402 static int b43_wireless_core_attach(struct b43_wldev *dev)
5403 {
5404         struct b43_wl *wl = dev->wl;
5405         struct b43_phy *phy = &dev->phy;
5406         int err;
5407         u32 tmp;
5408         bool have_2ghz_phy = false, have_5ghz_phy = false;
5409
5410         /* Do NOT do any device initialization here.
5411          * Do it in wireless_core_init() instead.
5412          * This function is for gathering basic information about the HW, only.
5413          * Also some structs may be set up here. But most likely you want to have
5414          * that in core_init(), too.
5415          */
5416
5417         err = b43_bus_powerup(dev, 0);
5418         if (err) {
5419                 b43err(wl, "Bus powerup failed\n");
5420                 goto out;
5421         }
5422
5423         phy->do_full_init = true;
5424
5425         /* Try to guess supported bands for the first init needs */
5426         switch (dev->dev->bus_type) {
5427 #ifdef CONFIG_B43_BCMA
5428         case B43_BUS_BCMA:
5429                 tmp = bcma_aread32(dev->dev->bdev, BCMA_IOST);
5430                 have_2ghz_phy = !!(tmp & B43_BCMA_IOST_2G_PHY);
5431                 have_5ghz_phy = !!(tmp & B43_BCMA_IOST_5G_PHY);
5432                 break;
5433 #endif
5434 #ifdef CONFIG_B43_SSB
5435         case B43_BUS_SSB:
5436                 if (dev->dev->core_rev >= 5) {
5437                         tmp = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
5438                         have_2ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_2GHZ_PHY);
5439                         have_5ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_5GHZ_PHY);
5440                 } else
5441                         B43_WARN_ON(1);
5442                 break;
5443 #endif
5444         }
5445
5446         dev->phy.gmode = have_2ghz_phy;
5447         b43_wireless_core_reset(dev, dev->phy.gmode);
5448
5449         /* Get the PHY type. */
5450         err = b43_phy_versioning(dev);
5451         if (err)
5452                 goto err_powerdown;
5453
5454         /* Get real info about supported bands */
5455         b43_supported_bands(dev, &have_2ghz_phy, &have_5ghz_phy);
5456
5457         /* We don't support 5 GHz on some PHYs yet */
5458         if (have_5ghz_phy) {
5459                 switch (dev->phy.type) {
5460                 case B43_PHYTYPE_A:
5461                 case B43_PHYTYPE_G:
5462                 case B43_PHYTYPE_LP:
5463                 case B43_PHYTYPE_HT:
5464                         b43warn(wl, "5 GHz band is unsupported on this PHY\n");
5465                         have_5ghz_phy = false;
5466                 }
5467         }
5468
5469         if (!have_2ghz_phy && !have_5ghz_phy) {
5470                 b43err(wl, "b43 can't support any band on this device\n");
5471                 err = -EOPNOTSUPP;
5472                 goto err_powerdown;
5473         }
5474
5475         err = b43_phy_allocate(dev);
5476         if (err)
5477                 goto err_powerdown;
5478
5479         dev->phy.gmode = have_2ghz_phy;
5480         b43_wireless_core_reset(dev, dev->phy.gmode);
5481
5482         err = b43_validate_chipaccess(dev);
5483         if (err)
5484                 goto err_phy_free;
5485         err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
5486         if (err)
5487                 goto err_phy_free;
5488
5489         /* Now set some default "current_dev" */
5490         if (!wl->current_dev)
5491                 wl->current_dev = dev;
5492         INIT_WORK(&dev->restart_work, b43_chip_reset);
5493
5494         dev->phy.ops->switch_analog(dev, 0);
5495         b43_device_disable(dev, 0);
5496         b43_bus_may_powerdown(dev);
5497
5498 out:
5499         return err;
5500
5501 err_phy_free:
5502         b43_phy_free(dev);
5503 err_powerdown:
5504         b43_bus_may_powerdown(dev);
5505         return err;
5506 }
5507
5508 static void b43_one_core_detach(struct b43_bus_dev *dev)
5509 {
5510         struct b43_wldev *wldev;
5511         struct b43_wl *wl;
5512
5513         /* Do not cancel ieee80211-workqueue based work here.
5514          * See comment in b43_remove(). */
5515
5516         wldev = b43_bus_get_wldev(dev);
5517         wl = wldev->wl;
5518         b43_debugfs_remove_device(wldev);
5519         b43_wireless_core_detach(wldev);
5520         list_del(&wldev->list);
5521         b43_bus_set_wldev(dev, NULL);
5522         kfree(wldev);
5523 }
5524
5525 static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl)
5526 {
5527         struct b43_wldev *wldev;
5528         int err = -ENOMEM;
5529
5530         wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
5531         if (!wldev)
5532                 goto out;
5533
5534         wldev->use_pio = b43_modparam_pio;
5535         wldev->dev = dev;
5536         wldev->wl = wl;
5537         b43_set_status(wldev, B43_STAT_UNINIT);
5538         wldev->bad_frames_preempt = modparam_bad_frames_preempt;
5539         INIT_LIST_HEAD(&wldev->list);
5540
5541         err = b43_wireless_core_attach(wldev);
5542         if (err)
5543                 goto err_kfree_wldev;
5544
5545         b43_bus_set_wldev(dev, wldev);
5546         b43_debugfs_add_device(wldev);
5547
5548       out:
5549         return err;
5550
5551       err_kfree_wldev:
5552         kfree(wldev);
5553         return err;
5554 }
5555
5556 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice)         ( \
5557         (pdev->vendor == PCI_VENDOR_ID_##_vendor) &&                    \
5558         (pdev->device == _device) &&                                    \
5559         (pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) &&       \
5560         (pdev->subsystem_device == _subdevice)                          )
5561
5562 #ifdef CONFIG_B43_SSB
5563 static void b43_sprom_fixup(struct ssb_bus *bus)
5564 {
5565         struct pci_dev *pdev;
5566
5567         /* boardflags workarounds */
5568         if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
5569             bus->chip_id == 0x4301 && bus->sprom.board_rev == 0x74)
5570                 bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
5571         if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
5572             bus->boardinfo.type == 0x4E && bus->sprom.board_rev > 0x40)
5573                 bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
5574         if (bus->bustype == SSB_BUSTYPE_PCI) {
5575                 pdev = bus->host_pci;
5576                 if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
5577                     IS_PDEV(pdev, BROADCOM, 0x4320,    DELL, 0x0003) ||
5578                     IS_PDEV(pdev, BROADCOM, 0x4320,      HP, 0x12f8) ||
5579                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
5580                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
5581                     IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
5582                     IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
5583                         bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
5584         }
5585 }
5586
5587 static void b43_wireless_exit(struct b43_bus_dev *dev, struct b43_wl *wl)
5588 {
5589         struct ieee80211_hw *hw = wl->hw;
5590
5591         ssb_set_devtypedata(dev->sdev, NULL);
5592         ieee80211_free_hw(hw);
5593 }
5594 #endif
5595
5596 static struct b43_wl *b43_wireless_init(struct b43_bus_dev *dev)
5597 {
5598         struct ssb_sprom *sprom = dev->bus_sprom;
5599         struct ieee80211_hw *hw;
5600         struct b43_wl *wl;
5601         char chip_name[6];
5602         int queue_num;
5603
5604         hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
5605         if (!hw) {
5606                 b43err(NULL, "Could not allocate ieee80211 device\n");
5607                 return ERR_PTR(-ENOMEM);
5608         }
5609         wl = hw_to_b43_wl(hw);
5610
5611         /* fill hw info */
5612         hw->flags = IEEE80211_HW_RX_INCLUDES_FCS |
5613                     IEEE80211_HW_SIGNAL_DBM;
5614
5615         hw->wiphy->interface_modes =
5616                 BIT(NL80211_IFTYPE_AP) |
5617                 BIT(NL80211_IFTYPE_MESH_POINT) |
5618                 BIT(NL80211_IFTYPE_STATION) |
5619                 BIT(NL80211_IFTYPE_WDS) |
5620                 BIT(NL80211_IFTYPE_ADHOC);
5621
5622         hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
5623
5624         wl->hw_registred = false;
5625         hw->max_rates = 2;
5626         SET_IEEE80211_DEV(hw, dev->dev);
5627         if (is_valid_ether_addr(sprom->et1mac))
5628                 SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
5629         else
5630                 SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
5631
5632         /* Initialize struct b43_wl */
5633         wl->hw = hw;
5634         mutex_init(&wl->mutex);
5635         spin_lock_init(&wl->hardirq_lock);
5636         spin_lock_init(&wl->beacon_lock);
5637         INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
5638         INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
5639         INIT_WORK(&wl->tx_work, b43_tx_work);
5640
5641         /* Initialize queues and flags. */
5642         for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
5643                 skb_queue_head_init(&wl->tx_queue[queue_num]);
5644                 wl->tx_queue_stopped[queue_num] = 0;
5645         }
5646
5647         snprintf(chip_name, ARRAY_SIZE(chip_name),
5648                  (dev->chip_id > 0x9999) ? "%d" : "%04X", dev->chip_id);
5649         b43info(wl, "Broadcom %s WLAN found (core revision %u)\n", chip_name,
5650                 dev->core_rev);
5651         return wl;
5652 }
5653
5654 #ifdef CONFIG_B43_BCMA
5655 static int b43_bcma_probe(struct bcma_device *core)
5656 {
5657         struct b43_bus_dev *dev;
5658         struct b43_wl *wl;
5659         int err;
5660
5661         if (!modparam_allhwsupport &&
5662             (core->id.rev == 0x17 || core->id.rev == 0x18)) {
5663                 pr_err("Support for cores revisions 0x17 and 0x18 disabled by module param allhwsupport=0. Try b43.allhwsupport=1\n");
5664                 return -ENOTSUPP;
5665         }
5666
5667         dev = b43_bus_dev_bcma_init(core);
5668         if (!dev)
5669                 return -ENODEV;
5670
5671         wl = b43_wireless_init(dev);
5672         if (IS_ERR(wl)) {
5673                 err = PTR_ERR(wl);
5674                 goto bcma_out;
5675         }
5676
5677         err = b43_one_core_attach(dev, wl);
5678         if (err)
5679                 goto bcma_err_wireless_exit;
5680
5681         /* setup and start work to load firmware */
5682         INIT_WORK(&wl->firmware_load, b43_request_firmware);
5683         schedule_work(&wl->firmware_load);
5684
5685 bcma_out:
5686         return err;
5687
5688 bcma_err_wireless_exit:
5689         ieee80211_free_hw(wl->hw);
5690         return err;
5691 }
5692
5693 static void b43_bcma_remove(struct bcma_device *core)
5694 {
5695         struct b43_wldev *wldev = bcma_get_drvdata(core);
5696         struct b43_wl *wl = wldev->wl;
5697
5698         /* We must cancel any work here before unregistering from ieee80211,
5699          * as the ieee80211 unreg will destroy the workqueue. */
5700         cancel_work_sync(&wldev->restart_work);
5701         cancel_work_sync(&wl->firmware_load);
5702
5703         B43_WARN_ON(!wl);
5704         if (!wldev->fw.ucode.data)
5705                 return;                 /* NULL if firmware never loaded */
5706         if (wl->current_dev == wldev && wl->hw_registred) {
5707                 b43_leds_stop(wldev);
5708                 ieee80211_unregister_hw(wl->hw);
5709         }
5710
5711         b43_one_core_detach(wldev->dev);
5712
5713         /* Unregister HW RNG driver */
5714         b43_rng_exit(wl);
5715
5716         b43_leds_unregister(wl);
5717
5718         ieee80211_free_hw(wl->hw);
5719 }
5720
5721 static struct bcma_driver b43_bcma_driver = {
5722         .name           = KBUILD_MODNAME,
5723         .id_table       = b43_bcma_tbl,
5724         .probe          = b43_bcma_probe,
5725         .remove         = b43_bcma_remove,
5726 };
5727 #endif
5728
5729 #ifdef CONFIG_B43_SSB
5730 static
5731 int b43_ssb_probe(struct ssb_device *sdev, const struct ssb_device_id *id)
5732 {
5733         struct b43_bus_dev *dev;
5734         struct b43_wl *wl;
5735         int err;
5736
5737         dev = b43_bus_dev_ssb_init(sdev);
5738         if (!dev)
5739                 return -ENOMEM;
5740
5741         wl = ssb_get_devtypedata(sdev);
5742         if (wl) {
5743                 b43err(NULL, "Dual-core devices are not supported\n");
5744                 err = -ENOTSUPP;
5745                 goto err_ssb_kfree_dev;
5746         }
5747
5748         b43_sprom_fixup(sdev->bus);
5749
5750         wl = b43_wireless_init(dev);
5751         if (IS_ERR(wl)) {
5752                 err = PTR_ERR(wl);
5753                 goto err_ssb_kfree_dev;
5754         }
5755         ssb_set_devtypedata(sdev, wl);
5756         B43_WARN_ON(ssb_get_devtypedata(sdev) != wl);
5757
5758         err = b43_one_core_attach(dev, wl);
5759         if (err)
5760                 goto err_ssb_wireless_exit;
5761
5762         /* setup and start work to load firmware */
5763         INIT_WORK(&wl->firmware_load, b43_request_firmware);
5764         schedule_work(&wl->firmware_load);
5765
5766         return err;
5767
5768 err_ssb_wireless_exit:
5769         b43_wireless_exit(dev, wl);
5770 err_ssb_kfree_dev:
5771         kfree(dev);
5772         return err;
5773 }
5774
5775 static void b43_ssb_remove(struct ssb_device *sdev)
5776 {
5777         struct b43_wl *wl = ssb_get_devtypedata(sdev);
5778         struct b43_wldev *wldev = ssb_get_drvdata(sdev);
5779         struct b43_bus_dev *dev = wldev->dev;
5780
5781         /* We must cancel any work here before unregistering from ieee80211,
5782          * as the ieee80211 unreg will destroy the workqueue. */
5783         cancel_work_sync(&wldev->restart_work);
5784         cancel_work_sync(&wl->firmware_load);
5785
5786         B43_WARN_ON(!wl);
5787         if (!wldev->fw.ucode.data)
5788                 return;                 /* NULL if firmware never loaded */
5789         if (wl->current_dev == wldev && wl->hw_registred) {
5790                 b43_leds_stop(wldev);
5791                 ieee80211_unregister_hw(wl->hw);
5792         }
5793
5794         b43_one_core_detach(dev);
5795
5796         /* Unregister HW RNG driver */
5797         b43_rng_exit(wl);
5798
5799         b43_leds_unregister(wl);
5800         b43_wireless_exit(dev, wl);
5801 }
5802
5803 static struct ssb_driver b43_ssb_driver = {
5804         .name           = KBUILD_MODNAME,
5805         .id_table       = b43_ssb_tbl,
5806         .probe          = b43_ssb_probe,
5807         .remove         = b43_ssb_remove,
5808 };
5809 #endif /* CONFIG_B43_SSB */
5810
5811 /* Perform a hardware reset. This can be called from any context. */
5812 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
5813 {
5814         /* Must avoid requeueing, if we are in shutdown. */
5815         if (b43_status(dev) < B43_STAT_INITIALIZED)
5816                 return;
5817         b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
5818         ieee80211_queue_work(dev->wl->hw, &dev->restart_work);
5819 }
5820
5821 static void b43_print_driverinfo(void)
5822 {
5823         const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
5824                    *feat_leds = "", *feat_sdio = "";
5825
5826 #ifdef CONFIG_B43_PCI_AUTOSELECT
5827         feat_pci = "P";
5828 #endif
5829 #ifdef CONFIG_B43_PCMCIA
5830         feat_pcmcia = "M";
5831 #endif
5832 #ifdef CONFIG_B43_PHY_N
5833         feat_nphy = "N";
5834 #endif
5835 #ifdef CONFIG_B43_LEDS
5836         feat_leds = "L";
5837 #endif
5838 #ifdef CONFIG_B43_SDIO
5839         feat_sdio = "S";
5840 #endif
5841         printk(KERN_INFO "Broadcom 43xx driver loaded "
5842                "[ Features: %s%s%s%s%s ]\n",
5843                feat_pci, feat_pcmcia, feat_nphy,
5844                feat_leds, feat_sdio);
5845 }
5846
5847 static int __init b43_init(void)
5848 {
5849         int err;
5850
5851         b43_debugfs_init();
5852         err = b43_pcmcia_init();
5853         if (err)
5854                 goto err_dfs_exit;
5855         err = b43_sdio_init();
5856         if (err)
5857                 goto err_pcmcia_exit;
5858 #ifdef CONFIG_B43_BCMA
5859         err = bcma_driver_register(&b43_bcma_driver);
5860         if (err)
5861                 goto err_sdio_exit;
5862 #endif
5863 #ifdef CONFIG_B43_SSB
5864         err = ssb_driver_register(&b43_ssb_driver);
5865         if (err)
5866                 goto err_bcma_driver_exit;
5867 #endif
5868         b43_print_driverinfo();
5869
5870         return err;
5871
5872 #ifdef CONFIG_B43_SSB
5873 err_bcma_driver_exit:
5874 #endif
5875 #ifdef CONFIG_B43_BCMA
5876         bcma_driver_unregister(&b43_bcma_driver);
5877 err_sdio_exit:
5878 #endif
5879         b43_sdio_exit();
5880 err_pcmcia_exit:
5881         b43_pcmcia_exit();
5882 err_dfs_exit:
5883         b43_debugfs_exit();
5884         return err;
5885 }
5886
5887 static void __exit b43_exit(void)
5888 {
5889 #ifdef CONFIG_B43_SSB
5890         ssb_driver_unregister(&b43_ssb_driver);
5891 #endif
5892 #ifdef CONFIG_B43_BCMA
5893         bcma_driver_unregister(&b43_bcma_driver);
5894 #endif
5895         b43_sdio_exit();
5896         b43_pcmcia_exit();
5897         b43_debugfs_exit();
5898 }
5899
5900 module_init(b43_init)
5901 module_exit(b43_exit)
Unnamed repository; edit this file 'description' to name the repository.