316a913860d7833a3754bef53d6f044189a02c27
[kernel.git] / drivers / net / wireless / b43 / main.c
1 /*
2
3   Broadcom B43 wireless driver
4
5   Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6   Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7   Copyright (c) 2005-2009 Michael Buesch <mb@bu3sch.de>
8   Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9   Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
10
11   SDIO support
12   Copyright (c) 2009 Albert Herranz <albert_herranz@yahoo.es>
13
14   Some parts of the code in this file are derived from the ipw2200
15   driver  Copyright(c) 2003 - 2004 Intel Corporation.
16
17   This program is free software; you can redistribute it and/or modify
18   it under the terms of the GNU General Public License as published by
19   the Free Software Foundation; either version 2 of the License, or
20   (at your option) any later version.
21
22   This program is distributed in the hope that it will be useful,
23   but WITHOUT ANY WARRANTY; without even the implied warranty of
24   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
25   GNU General Public License for more details.
26
27   You should have received a copy of the GNU General Public License
28   along with this program; see the file COPYING.  If not, write to
29   the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
30   Boston, MA 02110-1301, USA.
31
32 */
33
34 #include <linux/delay.h>
35 #include <linux/init.h>
36 #include <linux/moduleparam.h>
37 #include <linux/if_arp.h>
38 #include <linux/etherdevice.h>
39 #include <linux/firmware.h>
40 #include <linux/wireless.h>
41 #include <linux/workqueue.h>
42 #include <linux/skbuff.h>
43 #include <linux/io.h>
44 #include <linux/dma-mapping.h>
45 #include <asm/unaligned.h>
46
47 #include "b43.h"
48 #include "main.h"
49 #include "debugfs.h"
50 #include "phy_common.h"
51 #include "phy_g.h"
52 #include "phy_n.h"
53 #include "dma.h"
54 #include "pio.h"
55 #include "sysfs.h"
56 #include "xmit.h"
57 #include "lo.h"
58 #include "pcmcia.h"
59 #include "sdio.h"
60 #include <linux/mmc/sdio_func.h>
61
62 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
63 MODULE_AUTHOR("Martin Langer");
64 MODULE_AUTHOR("Stefano Brivio");
65 MODULE_AUTHOR("Michael Buesch");
66 MODULE_AUTHOR("Gábor Stefanik");
67 MODULE_LICENSE("GPL");
68
69 MODULE_FIRMWARE(B43_SUPPORTED_FIRMWARE_ID);
70 MODULE_FIRMWARE("b43/ucode11.fw");
71 MODULE_FIRMWARE("b43/ucode13.fw");
72 MODULE_FIRMWARE("b43/ucode14.fw");
73 MODULE_FIRMWARE("b43/ucode15.fw");
74 MODULE_FIRMWARE("b43/ucode5.fw");
75 MODULE_FIRMWARE("b43/ucode9.fw");
76
77 static int modparam_bad_frames_preempt;
78 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
79 MODULE_PARM_DESC(bad_frames_preempt,
80                  "enable(1) / disable(0) Bad Frames Preemption");
81
82 static char modparam_fwpostfix[16];
83 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
84 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
85
86 static int modparam_hwpctl;
87 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
88 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
89
90 static int modparam_nohwcrypt;
91 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
92 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
93
94 static int modparam_hwtkip;
95 module_param_named(hwtkip, modparam_hwtkip, int, 0444);
96 MODULE_PARM_DESC(hwtkip, "Enable hardware tkip.");
97
98 static int modparam_qos = 1;
99 module_param_named(qos, modparam_qos, int, 0444);
100 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
101
102 static int modparam_btcoex = 1;
103 module_param_named(btcoex, modparam_btcoex, int, 0444);
104 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistence (default on)");
105
106 int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
107 module_param_named(verbose, b43_modparam_verbose, int, 0644);
108 MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
109
110 static int modparam_pio;
111 module_param_named(pio, modparam_pio, int, 0444);
112 MODULE_PARM_DESC(pio, "enable(1) / disable(0) PIO mode");
113
114 static const struct ssb_device_id b43_ssb_tbl[] = {
115         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
116         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
117         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
118         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
119         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
120         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
121         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 12),
122         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
123         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
124         SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
125         SSB_DEVTABLE_END
126 };
127
128 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
129
130 /* Channel and ratetables are shared for all devices.
131  * They can't be const, because ieee80211 puts some precalculated
132  * data in there. This data is the same for all devices, so we don't
133  * get concurrency issues */
134 #define RATETAB_ENT(_rateid, _flags) \
135         {                                                               \
136                 .bitrate        = B43_RATE_TO_BASE100KBPS(_rateid),     \
137                 .hw_value       = (_rateid),                            \
138                 .flags          = (_flags),                             \
139         }
140
141 /*
142  * NOTE: When changing this, sync with xmit.c's
143  *       b43_plcp_get_bitrate_idx_* functions!
144  */
145 static struct ieee80211_rate __b43_ratetable[] = {
146         RATETAB_ENT(B43_CCK_RATE_1MB, 0),
147         RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
148         RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
149         RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
150         RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
151         RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
152         RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
153         RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
154         RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
155         RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
156         RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
157         RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
158 };
159
160 #define b43_a_ratetable         (__b43_ratetable + 4)
161 #define b43_a_ratetable_size    8
162 #define b43_b_ratetable         (__b43_ratetable + 0)
163 #define b43_b_ratetable_size    4
164 #define b43_g_ratetable         (__b43_ratetable + 0)
165 #define b43_g_ratetable_size    12
166
167 #define CHAN4G(_channel, _freq, _flags) {                       \
168         .band                   = IEEE80211_BAND_2GHZ,          \
169         .center_freq            = (_freq),                      \
170         .hw_value               = (_channel),                   \
171         .flags                  = (_flags),                     \
172         .max_antenna_gain       = 0,                            \
173         .max_power              = 30,                           \
174 }
175 static struct ieee80211_channel b43_2ghz_chantable[] = {
176         CHAN4G(1, 2412, 0),
177         CHAN4G(2, 2417, 0),
178         CHAN4G(3, 2422, 0),
179         CHAN4G(4, 2427, 0),
180         CHAN4G(5, 2432, 0),
181         CHAN4G(6, 2437, 0),
182         CHAN4G(7, 2442, 0),
183         CHAN4G(8, 2447, 0),
184         CHAN4G(9, 2452, 0),
185         CHAN4G(10, 2457, 0),
186         CHAN4G(11, 2462, 0),
187         CHAN4G(12, 2467, 0),
188         CHAN4G(13, 2472, 0),
189         CHAN4G(14, 2484, 0),
190 };
191 #undef CHAN4G
192
193 #define CHAN5G(_channel, _flags) {                              \
194         .band                   = IEEE80211_BAND_5GHZ,          \
195         .center_freq            = 5000 + (5 * (_channel)),      \
196         .hw_value               = (_channel),                   \
197         .flags                  = (_flags),                     \
198         .max_antenna_gain       = 0,                            \
199         .max_power              = 30,                           \
200 }
201 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
202         CHAN5G(32, 0),          CHAN5G(34, 0),
203         CHAN5G(36, 0),          CHAN5G(38, 0),
204         CHAN5G(40, 0),          CHAN5G(42, 0),
205         CHAN5G(44, 0),          CHAN5G(46, 0),
206         CHAN5G(48, 0),          CHAN5G(50, 0),
207         CHAN5G(52, 0),          CHAN5G(54, 0),
208         CHAN5G(56, 0),          CHAN5G(58, 0),
209         CHAN5G(60, 0),          CHAN5G(62, 0),
210         CHAN5G(64, 0),          CHAN5G(66, 0),
211         CHAN5G(68, 0),          CHAN5G(70, 0),
212         CHAN5G(72, 0),          CHAN5G(74, 0),
213         CHAN5G(76, 0),          CHAN5G(78, 0),
214         CHAN5G(80, 0),          CHAN5G(82, 0),
215         CHAN5G(84, 0),          CHAN5G(86, 0),
216         CHAN5G(88, 0),          CHAN5G(90, 0),
217         CHAN5G(92, 0),          CHAN5G(94, 0),
218         CHAN5G(96, 0),          CHAN5G(98, 0),
219         CHAN5G(100, 0),         CHAN5G(102, 0),
220         CHAN5G(104, 0),         CHAN5G(106, 0),
221         CHAN5G(108, 0),         CHAN5G(110, 0),
222         CHAN5G(112, 0),         CHAN5G(114, 0),
223         CHAN5G(116, 0),         CHAN5G(118, 0),
224         CHAN5G(120, 0),         CHAN5G(122, 0),
225         CHAN5G(124, 0),         CHAN5G(126, 0),
226         CHAN5G(128, 0),         CHAN5G(130, 0),
227         CHAN5G(132, 0),         CHAN5G(134, 0),
228         CHAN5G(136, 0),         CHAN5G(138, 0),
229         CHAN5G(140, 0),         CHAN5G(142, 0),
230         CHAN5G(144, 0),         CHAN5G(145, 0),
231         CHAN5G(146, 0),         CHAN5G(147, 0),
232         CHAN5G(148, 0),         CHAN5G(149, 0),
233         CHAN5G(150, 0),         CHAN5G(151, 0),
234         CHAN5G(152, 0),         CHAN5G(153, 0),
235         CHAN5G(154, 0),         CHAN5G(155, 0),
236         CHAN5G(156, 0),         CHAN5G(157, 0),
237         CHAN5G(158, 0),         CHAN5G(159, 0),
238         CHAN5G(160, 0),         CHAN5G(161, 0),
239         CHAN5G(162, 0),         CHAN5G(163, 0),
240         CHAN5G(164, 0),         CHAN5G(165, 0),
241         CHAN5G(166, 0),         CHAN5G(168, 0),
242         CHAN5G(170, 0),         CHAN5G(172, 0),
243         CHAN5G(174, 0),         CHAN5G(176, 0),
244         CHAN5G(178, 0),         CHAN5G(180, 0),
245         CHAN5G(182, 0),         CHAN5G(184, 0),
246         CHAN5G(186, 0),         CHAN5G(188, 0),
247         CHAN5G(190, 0),         CHAN5G(192, 0),
248         CHAN5G(194, 0),         CHAN5G(196, 0),
249         CHAN5G(198, 0),         CHAN5G(200, 0),
250         CHAN5G(202, 0),         CHAN5G(204, 0),
251         CHAN5G(206, 0),         CHAN5G(208, 0),
252         CHAN5G(210, 0),         CHAN5G(212, 0),
253         CHAN5G(214, 0),         CHAN5G(216, 0),
254         CHAN5G(218, 0),         CHAN5G(220, 0),
255         CHAN5G(222, 0),         CHAN5G(224, 0),
256         CHAN5G(226, 0),         CHAN5G(228, 0),
257 };
258
259 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
260         CHAN5G(34, 0),          CHAN5G(36, 0),
261         CHAN5G(38, 0),          CHAN5G(40, 0),
262         CHAN5G(42, 0),          CHAN5G(44, 0),
263         CHAN5G(46, 0),          CHAN5G(48, 0),
264         CHAN5G(52, 0),          CHAN5G(56, 0),
265         CHAN5G(60, 0),          CHAN5G(64, 0),
266         CHAN5G(100, 0),         CHAN5G(104, 0),
267         CHAN5G(108, 0),         CHAN5G(112, 0),
268         CHAN5G(116, 0),         CHAN5G(120, 0),
269         CHAN5G(124, 0),         CHAN5G(128, 0),
270         CHAN5G(132, 0),         CHAN5G(136, 0),
271         CHAN5G(140, 0),         CHAN5G(149, 0),
272         CHAN5G(153, 0),         CHAN5G(157, 0),
273         CHAN5G(161, 0),         CHAN5G(165, 0),
274         CHAN5G(184, 0),         CHAN5G(188, 0),
275         CHAN5G(192, 0),         CHAN5G(196, 0),
276         CHAN5G(200, 0),         CHAN5G(204, 0),
277         CHAN5G(208, 0),         CHAN5G(212, 0),
278         CHAN5G(216, 0),
279 };
280 #undef CHAN5G
281
282 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
283         .band           = IEEE80211_BAND_5GHZ,
284         .channels       = b43_5ghz_nphy_chantable,
285         .n_channels     = ARRAY_SIZE(b43_5ghz_nphy_chantable),
286         .bitrates       = b43_a_ratetable,
287         .n_bitrates     = b43_a_ratetable_size,
288 };
289
290 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
291         .band           = IEEE80211_BAND_5GHZ,
292         .channels       = b43_5ghz_aphy_chantable,
293         .n_channels     = ARRAY_SIZE(b43_5ghz_aphy_chantable),
294         .bitrates       = b43_a_ratetable,
295         .n_bitrates     = b43_a_ratetable_size,
296 };
297
298 static struct ieee80211_supported_band b43_band_2GHz = {
299         .band           = IEEE80211_BAND_2GHZ,
300         .channels       = b43_2ghz_chantable,
301         .n_channels     = ARRAY_SIZE(b43_2ghz_chantable),
302         .bitrates       = b43_g_ratetable,
303         .n_bitrates     = b43_g_ratetable_size,
304 };
305
306 static void b43_wireless_core_exit(struct b43_wldev *dev);
307 static int b43_wireless_core_init(struct b43_wldev *dev);
308 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev);
309 static int b43_wireless_core_start(struct b43_wldev *dev);
310
311 static int b43_ratelimit(struct b43_wl *wl)
312 {
313         if (!wl || !wl->current_dev)
314                 return 1;
315         if (b43_status(wl->current_dev) < B43_STAT_STARTED)
316                 return 1;
317         /* We are up and running.
318          * Ratelimit the messages to avoid DoS over the net. */
319         return net_ratelimit();
320 }
321
322 void b43info(struct b43_wl *wl, const char *fmt, ...)
323 {
324         va_list args;
325
326         if (b43_modparam_verbose < B43_VERBOSITY_INFO)
327                 return;
328         if (!b43_ratelimit(wl))
329                 return;
330         va_start(args, fmt);
331         printk(KERN_INFO "b43-%s: ",
332                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
333         vprintk(fmt, args);
334         va_end(args);
335 }
336
337 void b43err(struct b43_wl *wl, const char *fmt, ...)
338 {
339         va_list args;
340
341         if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
342                 return;
343         if (!b43_ratelimit(wl))
344                 return;
345         va_start(args, fmt);
346         printk(KERN_ERR "b43-%s ERROR: ",
347                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
348         vprintk(fmt, args);
349         va_end(args);
350 }
351
352 void b43warn(struct b43_wl *wl, const char *fmt, ...)
353 {
354         va_list args;
355
356         if (b43_modparam_verbose < B43_VERBOSITY_WARN)
357                 return;
358         if (!b43_ratelimit(wl))
359                 return;
360         va_start(args, fmt);
361         printk(KERN_WARNING "b43-%s warning: ",
362                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
363         vprintk(fmt, args);
364         va_end(args);
365 }
366
367 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
368 {
369         va_list args;
370
371         if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
372                 return;
373         va_start(args, fmt);
374         printk(KERN_DEBUG "b43-%s debug: ",
375                (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan");
376         vprintk(fmt, args);
377         va_end(args);
378 }
379
380 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
381 {
382         u32 macctl;
383
384         B43_WARN_ON(offset % 4 != 0);
385
386         macctl = b43_read32(dev, B43_MMIO_MACCTL);
387         if (macctl & B43_MACCTL_BE)
388                 val = swab32(val);
389
390         b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
391         mmiowb();
392         b43_write32(dev, B43_MMIO_RAM_DATA, val);
393 }
394
395 static inline void b43_shm_control_word(struct b43_wldev *dev,
396                                         u16 routing, u16 offset)
397 {
398         u32 control;
399
400         /* "offset" is the WORD offset. */
401         control = routing;
402         control <<= 16;
403         control |= offset;
404         b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
405 }
406
407 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
408 {
409         u32 ret;
410
411         if (routing == B43_SHM_SHARED) {
412                 B43_WARN_ON(offset & 0x0001);
413                 if (offset & 0x0003) {
414                         /* Unaligned access */
415                         b43_shm_control_word(dev, routing, offset >> 2);
416                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
417                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
418                         ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
419
420                         goto out;
421                 }
422                 offset >>= 2;
423         }
424         b43_shm_control_word(dev, routing, offset);
425         ret = b43_read32(dev, B43_MMIO_SHM_DATA);
426 out:
427         return ret;
428 }
429
430 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
431 {
432         u16 ret;
433
434         if (routing == B43_SHM_SHARED) {
435                 B43_WARN_ON(offset & 0x0001);
436                 if (offset & 0x0003) {
437                         /* Unaligned access */
438                         b43_shm_control_word(dev, routing, offset >> 2);
439                         ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
440
441                         goto out;
442                 }
443                 offset >>= 2;
444         }
445         b43_shm_control_word(dev, routing, offset);
446         ret = b43_read16(dev, B43_MMIO_SHM_DATA);
447 out:
448         return ret;
449 }
450
451 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
452 {
453         if (routing == B43_SHM_SHARED) {
454                 B43_WARN_ON(offset & 0x0001);
455                 if (offset & 0x0003) {
456                         /* Unaligned access */
457                         b43_shm_control_word(dev, routing, offset >> 2);
458                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
459                                     value & 0xFFFF);
460                         b43_shm_control_word(dev, routing, (offset >> 2) + 1);
461                         b43_write16(dev, B43_MMIO_SHM_DATA,
462                                     (value >> 16) & 0xFFFF);
463                         return;
464                 }
465                 offset >>= 2;
466         }
467         b43_shm_control_word(dev, routing, offset);
468         b43_write32(dev, B43_MMIO_SHM_DATA, value);
469 }
470
471 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
472 {
473         if (routing == B43_SHM_SHARED) {
474                 B43_WARN_ON(offset & 0x0001);
475                 if (offset & 0x0003) {
476                         /* Unaligned access */
477                         b43_shm_control_word(dev, routing, offset >> 2);
478                         b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
479                         return;
480                 }
481                 offset >>= 2;
482         }
483         b43_shm_control_word(dev, routing, offset);
484         b43_write16(dev, B43_MMIO_SHM_DATA, value);
485 }
486
487 /* Read HostFlags */
488 u64 b43_hf_read(struct b43_wldev *dev)
489 {
490         u64 ret;
491
492         ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI);
493         ret <<= 16;
494         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI);
495         ret <<= 16;
496         ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO);
497
498         return ret;
499 }
500
501 /* Write HostFlags */
502 void b43_hf_write(struct b43_wldev *dev, u64 value)
503 {
504         u16 lo, mi, hi;
505
506         lo = (value & 0x00000000FFFFULL);
507         mi = (value & 0x0000FFFF0000ULL) >> 16;
508         hi = (value & 0xFFFF00000000ULL) >> 32;
509         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFLO, lo);
510         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFMI, mi);
511         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTFHI, hi);
512 }
513
514 /* Read the firmware capabilities bitmask (Opensource firmware only) */
515 static u16 b43_fwcapa_read(struct b43_wldev *dev)
516 {
517         B43_WARN_ON(!dev->fw.opensource);
518         return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
519 }
520
521 void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
522 {
523         u32 low, high;
524
525         B43_WARN_ON(dev->dev->id.revision < 3);
526
527         /* The hardware guarantees us an atomic read, if we
528          * read the low register first. */
529         low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
530         high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
531
532         *tsf = high;
533         *tsf <<= 32;
534         *tsf |= low;
535 }
536
537 static void b43_time_lock(struct b43_wldev *dev)
538 {
539         u32 macctl;
540
541         macctl = b43_read32(dev, B43_MMIO_MACCTL);
542         macctl |= B43_MACCTL_TBTTHOLD;
543         b43_write32(dev, B43_MMIO_MACCTL, macctl);
544         /* Commit the write */
545         b43_read32(dev, B43_MMIO_MACCTL);
546 }
547
548 static void b43_time_unlock(struct b43_wldev *dev)
549 {
550         u32 macctl;
551
552         macctl = b43_read32(dev, B43_MMIO_MACCTL);
553         macctl &= ~B43_MACCTL_TBTTHOLD;
554         b43_write32(dev, B43_MMIO_MACCTL, macctl);
555         /* Commit the write */
556         b43_read32(dev, B43_MMIO_MACCTL);
557 }
558
559 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
560 {
561         u32 low, high;
562
563         B43_WARN_ON(dev->dev->id.revision < 3);
564
565         low = tsf;
566         high = (tsf >> 32);
567         /* The hardware guarantees us an atomic write, if we
568          * write the low register first. */
569         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
570         mmiowb();
571         b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
572         mmiowb();
573 }
574
575 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
576 {
577         b43_time_lock(dev);
578         b43_tsf_write_locked(dev, tsf);
579         b43_time_unlock(dev);
580 }
581
582 static
583 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
584 {
585         static const u8 zero_addr[ETH_ALEN] = { 0 };
586         u16 data;
587
588         if (!mac)
589                 mac = zero_addr;
590
591         offset |= 0x0020;
592         b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
593
594         data = mac[0];
595         data |= mac[1] << 8;
596         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
597         data = mac[2];
598         data |= mac[3] << 8;
599         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
600         data = mac[4];
601         data |= mac[5] << 8;
602         b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
603 }
604
605 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
606 {
607         const u8 *mac;
608         const u8 *bssid;
609         u8 mac_bssid[ETH_ALEN * 2];
610         int i;
611         u32 tmp;
612
613         bssid = dev->wl->bssid;
614         mac = dev->wl->mac_addr;
615
616         b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
617
618         memcpy(mac_bssid, mac, ETH_ALEN);
619         memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
620
621         /* Write our MAC address and BSSID to template ram */
622         for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
623                 tmp = (u32) (mac_bssid[i + 0]);
624                 tmp |= (u32) (mac_bssid[i + 1]) << 8;
625                 tmp |= (u32) (mac_bssid[i + 2]) << 16;
626                 tmp |= (u32) (mac_bssid[i + 3]) << 24;
627                 b43_ram_write(dev, 0x20 + i, tmp);
628         }
629 }
630
631 static void b43_upload_card_macaddress(struct b43_wldev *dev)
632 {
633         b43_write_mac_bssid_templates(dev);
634         b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
635 }
636
637 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
638 {
639         /* slot_time is in usec. */
640         if (dev->phy.type != B43_PHYTYPE_G)
641                 return;
642         b43_write16(dev, 0x684, 510 + slot_time);
643         b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
644 }
645
646 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
647 {
648         b43_set_slot_time(dev, 9);
649 }
650
651 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
652 {
653         b43_set_slot_time(dev, 20);
654 }
655
656 /* DummyTransmission function, as documented on
657  * http://bcm-v4.sipsolutions.net/802.11/DummyTransmission
658  */
659 void b43_dummy_transmission(struct b43_wldev *dev, bool ofdm, bool pa_on)
660 {
661         struct b43_phy *phy = &dev->phy;
662         unsigned int i, max_loop;
663         u16 value;
664         u32 buffer[5] = {
665                 0x00000000,
666                 0x00D40000,
667                 0x00000000,
668                 0x01000000,
669                 0x00000000,
670         };
671
672         if (ofdm) {
673                 max_loop = 0x1E;
674                 buffer[0] = 0x000201CC;
675         } else {
676                 max_loop = 0xFA;
677                 buffer[0] = 0x000B846E;
678         }
679
680         for (i = 0; i < 5; i++)
681                 b43_ram_write(dev, i * 4, buffer[i]);
682
683         b43_write16(dev, 0x0568, 0x0000);
684         if (dev->dev->id.revision < 11)
685                 b43_write16(dev, 0x07C0, 0x0000);
686         else
687                 b43_write16(dev, 0x07C0, 0x0100);
688         value = (ofdm ? 0x41 : 0x40);
689         b43_write16(dev, 0x050C, value);
690         if ((phy->type == B43_PHYTYPE_N) || (phy->type == B43_PHYTYPE_LP))
691                 b43_write16(dev, 0x0514, 0x1A02);
692         b43_write16(dev, 0x0508, 0x0000);
693         b43_write16(dev, 0x050A, 0x0000);
694         b43_write16(dev, 0x054C, 0x0000);
695         b43_write16(dev, 0x056A, 0x0014);
696         b43_write16(dev, 0x0568, 0x0826);
697         b43_write16(dev, 0x0500, 0x0000);
698         if (!pa_on && (phy->type == B43_PHYTYPE_N)) {
699                 //SPEC TODO
700         }
701
702         switch (phy->type) {
703         case B43_PHYTYPE_N:
704                 b43_write16(dev, 0x0502, 0x00D0);
705                 break;
706         case B43_PHYTYPE_LP:
707                 b43_write16(dev, 0x0502, 0x0050);
708                 break;
709         default:
710                 b43_write16(dev, 0x0502, 0x0030);
711         }
712
713         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
714                 b43_radio_write16(dev, 0x0051, 0x0017);
715         for (i = 0x00; i < max_loop; i++) {
716                 value = b43_read16(dev, 0x050E);
717                 if (value & 0x0080)
718                         break;
719                 udelay(10);
720         }
721         for (i = 0x00; i < 0x0A; i++) {
722                 value = b43_read16(dev, 0x050E);
723                 if (value & 0x0400)
724                         break;
725                 udelay(10);
726         }
727         for (i = 0x00; i < 0x19; i++) {
728                 value = b43_read16(dev, 0x0690);
729                 if (!(value & 0x0100))
730                         break;
731                 udelay(10);
732         }
733         if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
734                 b43_radio_write16(dev, 0x0051, 0x0037);
735 }
736
737 static void key_write(struct b43_wldev *dev,
738                       u8 index, u8 algorithm, const u8 *key)
739 {
740         unsigned int i;
741         u32 offset;
742         u16 value;
743         u16 kidx;
744
745         /* Key index/algo block */
746         kidx = b43_kidx_to_fw(dev, index);
747         value = ((kidx << 4) | algorithm);
748         b43_shm_write16(dev, B43_SHM_SHARED,
749                         B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
750
751         /* Write the key to the Key Table Pointer offset */
752         offset = dev->ktp + (index * B43_SEC_KEYSIZE);
753         for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
754                 value = key[i];
755                 value |= (u16) (key[i + 1]) << 8;
756                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
757         }
758 }
759
760 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
761 {
762         u32 addrtmp[2] = { 0, 0, };
763         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
764
765         if (b43_new_kidx_api(dev))
766                 pairwise_keys_start = B43_NR_GROUP_KEYS;
767
768         B43_WARN_ON(index < pairwise_keys_start);
769         /* We have four default TX keys and possibly four default RX keys.
770          * Physical mac 0 is mapped to physical key 4 or 8, depending
771          * on the firmware version.
772          * So we must adjust the index here.
773          */
774         index -= pairwise_keys_start;
775         B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
776
777         if (addr) {
778                 addrtmp[0] = addr[0];
779                 addrtmp[0] |= ((u32) (addr[1]) << 8);
780                 addrtmp[0] |= ((u32) (addr[2]) << 16);
781                 addrtmp[0] |= ((u32) (addr[3]) << 24);
782                 addrtmp[1] = addr[4];
783                 addrtmp[1] |= ((u32) (addr[5]) << 8);
784         }
785
786         /* Receive match transmitter address (RCMTA) mechanism */
787         b43_shm_write32(dev, B43_SHM_RCMTA,
788                         (index * 2) + 0, addrtmp[0]);
789         b43_shm_write16(dev, B43_SHM_RCMTA,
790                         (index * 2) + 1, addrtmp[1]);
791 }
792
793 /* The ucode will use phase1 key with TEK key to decrypt rx packets.
794  * When a packet is received, the iv32 is checked.
795  * - if it doesn't the packet is returned without modification (and software
796  *   decryption can be done). That's what happen when iv16 wrap.
797  * - if it does, the rc4 key is computed, and decryption is tried.
798  *   Either it will success and B43_RX_MAC_DEC is returned,
799  *   either it fails and B43_RX_MAC_DEC|B43_RX_MAC_DECERR is returned
800  *   and the packet is not usable (it got modified by the ucode).
801  * So in order to never have B43_RX_MAC_DECERR, we should provide
802  * a iv32 and phase1key that match. Because we drop packets in case of
803  * B43_RX_MAC_DECERR, if we have a correct iv32 but a wrong phase1key, all
804  * packets will be lost without higher layer knowing (ie no resync possible
805  * until next wrap).
806  *
807  * NOTE : this should support 50 key like RCMTA because
808  * (B43_SHM_SH_KEYIDXBLOCK - B43_SHM_SH_TKIPTSCTTAK)/14 = 50
809  */
810 static void rx_tkip_phase1_write(struct b43_wldev *dev, u8 index, u32 iv32,
811                 u16 *phase1key)
812 {
813         unsigned int i;
814         u32 offset;
815         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
816
817         if (!modparam_hwtkip)
818                 return;
819
820         if (b43_new_kidx_api(dev))
821                 pairwise_keys_start = B43_NR_GROUP_KEYS;
822
823         B43_WARN_ON(index < pairwise_keys_start);
824         /* We have four default TX keys and possibly four default RX keys.
825          * Physical mac 0 is mapped to physical key 4 or 8, depending
826          * on the firmware version.
827          * So we must adjust the index here.
828          */
829         index -= pairwise_keys_start;
830         B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
831
832         if (b43_debug(dev, B43_DBG_KEYS)) {
833                 b43dbg(dev->wl, "rx_tkip_phase1_write : idx 0x%x, iv32 0x%x\n",
834                                 index, iv32);
835         }
836         /* Write the key to the  RX tkip shared mem */
837         offset = B43_SHM_SH_TKIPTSCTTAK + index * (10 + 4);
838         for (i = 0; i < 10; i += 2) {
839                 b43_shm_write16(dev, B43_SHM_SHARED, offset + i,
840                                 phase1key ? phase1key[i / 2] : 0);
841         }
842         b43_shm_write16(dev, B43_SHM_SHARED, offset + i, iv32);
843         b43_shm_write16(dev, B43_SHM_SHARED, offset + i + 2, iv32 >> 16);
844 }
845
846 static void b43_op_update_tkip_key(struct ieee80211_hw *hw,
847                                    struct ieee80211_vif *vif,
848                                    struct ieee80211_key_conf *keyconf,
849                                    struct ieee80211_sta *sta,
850                                    u32 iv32, u16 *phase1key)
851 {
852         struct b43_wl *wl = hw_to_b43_wl(hw);
853         struct b43_wldev *dev;
854         int index = keyconf->hw_key_idx;
855
856         if (B43_WARN_ON(!modparam_hwtkip))
857                 return;
858
859         /* This is only called from the RX path through mac80211, where
860          * our mutex is already locked. */
861         B43_WARN_ON(!mutex_is_locked(&wl->mutex));
862         dev = wl->current_dev;
863         B43_WARN_ON(!dev || b43_status(dev) < B43_STAT_INITIALIZED);
864
865         keymac_write(dev, index, NULL); /* First zero out mac to avoid race */
866
867         rx_tkip_phase1_write(dev, index, iv32, phase1key);
868         /* only pairwise TKIP keys are supported right now */
869         if (WARN_ON(!sta))
870                 return;
871         keymac_write(dev, index, sta->addr);
872 }
873
874 static void do_key_write(struct b43_wldev *dev,
875                          u8 index, u8 algorithm,
876                          const u8 *key, size_t key_len, const u8 *mac_addr)
877 {
878         u8 buf[B43_SEC_KEYSIZE] = { 0, };
879         u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
880
881         if (b43_new_kidx_api(dev))
882                 pairwise_keys_start = B43_NR_GROUP_KEYS;
883
884         B43_WARN_ON(index >= ARRAY_SIZE(dev->key));
885         B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
886
887         if (index >= pairwise_keys_start)
888                 keymac_write(dev, index, NULL); /* First zero out mac. */
889         if (algorithm == B43_SEC_ALGO_TKIP) {
890                 /*
891                  * We should provide an initial iv32, phase1key pair.
892                  * We could start with iv32=0 and compute the corresponding
893                  * phase1key, but this means calling ieee80211_get_tkip_key
894                  * with a fake skb (or export other tkip function).
895                  * Because we are lazy we hope iv32 won't start with
896                  * 0xffffffff and let's b43_op_update_tkip_key provide a
897                  * correct pair.
898                  */
899                 rx_tkip_phase1_write(dev, index, 0xffffffff, (u16*)buf);
900         } else if (index >= pairwise_keys_start) /* clear it */
901                 rx_tkip_phase1_write(dev, index, 0, NULL);
902         if (key)
903                 memcpy(buf, key, key_len);
904         key_write(dev, index, algorithm, buf);
905         if (index >= pairwise_keys_start)
906                 keymac_write(dev, index, mac_addr);
907
908         dev->key[index].algorithm = algorithm;
909 }
910
911 static int b43_key_write(struct b43_wldev *dev,
912                          int index, u8 algorithm,
913                          const u8 *key, size_t key_len,
914                          const u8 *mac_addr,
915                          struct ieee80211_key_conf *keyconf)
916 {
917         int i;
918         int pairwise_keys_start;
919
920         /* For ALG_TKIP the key is encoded as a 256-bit (32 byte) data block:
921          *      - Temporal Encryption Key (128 bits)
922          *      - Temporal Authenticator Tx MIC Key (64 bits)
923          *      - Temporal Authenticator Rx MIC Key (64 bits)
924          *
925          *      Hardware only store TEK
926          */
927         if (algorithm == B43_SEC_ALGO_TKIP && key_len == 32)
928                 key_len = 16;
929         if (key_len > B43_SEC_KEYSIZE)
930                 return -EINVAL;
931         for (i = 0; i < ARRAY_SIZE(dev->key); i++) {
932                 /* Check that we don't already have this key. */
933                 B43_WARN_ON(dev->key[i].keyconf == keyconf);
934         }
935         if (index < 0) {
936                 /* Pairwise key. Get an empty slot for the key. */
937                 if (b43_new_kidx_api(dev))
938                         pairwise_keys_start = B43_NR_GROUP_KEYS;
939                 else
940                         pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
941                 for (i = pairwise_keys_start;
942                      i < pairwise_keys_start + B43_NR_PAIRWISE_KEYS;
943                      i++) {
944                         B43_WARN_ON(i >= ARRAY_SIZE(dev->key));
945                         if (!dev->key[i].keyconf) {
946                                 /* found empty */
947                                 index = i;
948                                 break;
949                         }
950                 }
951                 if (index < 0) {
952                         b43warn(dev->wl, "Out of hardware key memory\n");
953                         return -ENOSPC;
954                 }
955         } else
956                 B43_WARN_ON(index > 3);
957
958         do_key_write(dev, index, algorithm, key, key_len, mac_addr);
959         if ((index <= 3) && !b43_new_kidx_api(dev)) {
960                 /* Default RX key */
961                 B43_WARN_ON(mac_addr);
962                 do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
963         }
964         keyconf->hw_key_idx = index;
965         dev->key[index].keyconf = keyconf;
966
967         return 0;
968 }
969
970 static int b43_key_clear(struct b43_wldev *dev, int index)
971 {
972         if (B43_WARN_ON((index < 0) || (index >= ARRAY_SIZE(dev->key))))
973                 return -EINVAL;
974         do_key_write(dev, index, B43_SEC_ALGO_NONE,
975                      NULL, B43_SEC_KEYSIZE, NULL);
976         if ((index <= 3) && !b43_new_kidx_api(dev)) {
977                 do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
978                              NULL, B43_SEC_KEYSIZE, NULL);
979         }
980         dev->key[index].keyconf = NULL;
981
982         return 0;
983 }
984
985 static void b43_clear_keys(struct b43_wldev *dev)
986 {
987         int i, count;
988
989         if (b43_new_kidx_api(dev))
990                 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
991         else
992                 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
993         for (i = 0; i < count; i++)
994                 b43_key_clear(dev, i);
995 }
996
997 static void b43_dump_keymemory(struct b43_wldev *dev)
998 {
999         unsigned int i, index, count, offset, pairwise_keys_start;
1000         u8 mac[ETH_ALEN];
1001         u16 algo;
1002         u32 rcmta0;
1003         u16 rcmta1;
1004         u64 hf;
1005         struct b43_key *key;
1006
1007         if (!b43_debug(dev, B43_DBG_KEYS))
1008                 return;
1009
1010         hf = b43_hf_read(dev);
1011         b43dbg(dev->wl, "Hardware key memory dump:  USEDEFKEYS=%u\n",
1012                !!(hf & B43_HF_USEDEFKEYS));
1013         if (b43_new_kidx_api(dev)) {
1014                 pairwise_keys_start = B43_NR_GROUP_KEYS;
1015                 count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1016         } else {
1017                 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1018                 count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1019         }
1020         for (index = 0; index < count; index++) {
1021                 key = &(dev->key[index]);
1022                 printk(KERN_DEBUG "Key slot %02u: %s",
1023                        index, (key->keyconf == NULL) ? " " : "*");
1024                 offset = dev->ktp + (index * B43_SEC_KEYSIZE);
1025                 for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
1026                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1027                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1028                 }
1029
1030                 algo = b43_shm_read16(dev, B43_SHM_SHARED,
1031                                       B43_SHM_SH_KEYIDXBLOCK + (index * 2));
1032                 printk("   Algo: %04X/%02X", algo, key->algorithm);
1033
1034                 if (index >= pairwise_keys_start) {
1035                         if (key->algorithm == B43_SEC_ALGO_TKIP) {
1036                                 printk("   TKIP: ");
1037                                 offset = B43_SHM_SH_TKIPTSCTTAK + (index - 4) * (10 + 4);
1038                                 for (i = 0; i < 14; i += 2) {
1039                                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1040                                         printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1041                                 }
1042                         }
1043                         rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
1044                                                 ((index - pairwise_keys_start) * 2) + 0);
1045                         rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
1046                                                 ((index - pairwise_keys_start) * 2) + 1);
1047                         *((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
1048                         *((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
1049                         printk("   MAC: %pM", mac);
1050                 } else
1051                         printk("   DEFAULT KEY");
1052                 printk("\n");
1053         }
1054 }
1055
1056 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1057 {
1058         u32 macctl;
1059         u16 ucstat;
1060         bool hwps;
1061         bool awake;
1062         int i;
1063
1064         B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1065                     (ps_flags & B43_PS_DISABLED));
1066         B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1067
1068         if (ps_flags & B43_PS_ENABLED) {
1069                 hwps = 1;
1070         } else if (ps_flags & B43_PS_DISABLED) {
1071                 hwps = 0;
1072         } else {
1073                 //TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1074                 //      and thus is not an AP and we are associated, set bit 25
1075         }
1076         if (ps_flags & B43_PS_AWAKE) {
1077                 awake = 1;
1078         } else if (ps_flags & B43_PS_ASLEEP) {
1079                 awake = 0;
1080         } else {
1081                 //TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1082                 //      or we are associated, or FIXME, or the latest PS-Poll packet sent was
1083                 //      successful, set bit26
1084         }
1085
1086 /* FIXME: For now we force awake-on and hwps-off */
1087         hwps = 0;
1088         awake = 1;
1089
1090         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1091         if (hwps)
1092                 macctl |= B43_MACCTL_HWPS;
1093         else
1094                 macctl &= ~B43_MACCTL_HWPS;
1095         if (awake)
1096                 macctl |= B43_MACCTL_AWAKE;
1097         else
1098                 macctl &= ~B43_MACCTL_AWAKE;
1099         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1100         /* Commit write */
1101         b43_read32(dev, B43_MMIO_MACCTL);
1102         if (awake && dev->dev->id.revision >= 5) {
1103                 /* Wait for the microcode to wake up. */
1104                 for (i = 0; i < 100; i++) {
1105                         ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1106                                                 B43_SHM_SH_UCODESTAT);
1107                         if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1108                                 break;
1109                         udelay(10);
1110                 }
1111         }
1112 }
1113
1114 void b43_wireless_core_reset(struct b43_wldev *dev, u32 flags)
1115 {
1116         u32 tmslow;
1117         u32 macctl;
1118
1119         flags |= B43_TMSLOW_PHYCLKEN;
1120         flags |= B43_TMSLOW_PHYRESET;
1121         ssb_device_enable(dev->dev, flags);
1122         msleep(2);              /* Wait for the PLL to turn on. */
1123
1124         /* Now take the PHY out of Reset again */
1125         tmslow = ssb_read32(dev->dev, SSB_TMSLOW);
1126         tmslow |= SSB_TMSLOW_FGC;
1127         tmslow &= ~B43_TMSLOW_PHYRESET;
1128         ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1129         ssb_read32(dev->dev, SSB_TMSLOW);       /* flush */
1130         msleep(1);
1131         tmslow &= ~SSB_TMSLOW_FGC;
1132         ssb_write32(dev->dev, SSB_TMSLOW, tmslow);
1133         ssb_read32(dev->dev, SSB_TMSLOW);       /* flush */
1134         msleep(1);
1135
1136         /* Turn Analog ON, but only if we already know the PHY-type.
1137          * This protects against very early setup where we don't know the
1138          * PHY-type, yet. wireless_core_reset will be called once again later,
1139          * when we know the PHY-type. */
1140         if (dev->phy.ops)
1141                 dev->phy.ops->switch_analog(dev, 1);
1142
1143         macctl = b43_read32(dev, B43_MMIO_MACCTL);
1144         macctl &= ~B43_MACCTL_GMODE;
1145         if (flags & B43_TMSLOW_GMODE)
1146                 macctl |= B43_MACCTL_GMODE;
1147         macctl |= B43_MACCTL_IHR_ENABLED;
1148         b43_write32(dev, B43_MMIO_MACCTL, macctl);
1149 }
1150
1151 static void handle_irq_transmit_status(struct b43_wldev *dev)
1152 {
1153         u32 v0, v1;
1154         u16 tmp;
1155         struct b43_txstatus stat;
1156
1157         while (1) {
1158                 v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1159                 if (!(v0 & 0x00000001))
1160                         break;
1161                 v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1162
1163                 stat.cookie = (v0 >> 16);
1164                 stat.seq = (v1 & 0x0000FFFF);
1165                 stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1166                 tmp = (v0 & 0x0000FFFF);
1167                 stat.frame_count = ((tmp & 0xF000) >> 12);
1168                 stat.rts_count = ((tmp & 0x0F00) >> 8);
1169                 stat.supp_reason = ((tmp & 0x001C) >> 2);
1170                 stat.pm_indicated = !!(tmp & 0x0080);
1171                 stat.intermediate = !!(tmp & 0x0040);
1172                 stat.for_ampdu = !!(tmp & 0x0020);
1173                 stat.acked = !!(tmp & 0x0002);
1174
1175                 b43_handle_txstatus(dev, &stat);
1176         }
1177 }
1178
1179 static void drain_txstatus_queue(struct b43_wldev *dev)
1180 {
1181         u32 dummy;
1182
1183         if (dev->dev->id.revision < 5)
1184                 return;
1185         /* Read all entries from the microcode TXstatus FIFO
1186          * and throw them away.
1187          */
1188         while (1) {
1189                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1190                 if (!(dummy & 0x00000001))
1191                         break;
1192                 dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1193         }
1194 }
1195
1196 static u32 b43_jssi_read(struct b43_wldev *dev)
1197 {
1198         u32 val = 0;
1199
1200         val = b43_shm_read16(dev, B43_SHM_SHARED, 0x08A);
1201         val <<= 16;
1202         val |= b43_shm_read16(dev, B43_SHM_SHARED, 0x088);
1203
1204         return val;
1205 }
1206
1207 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1208 {
1209         b43_shm_write16(dev, B43_SHM_SHARED, 0x088, (jssi & 0x0000FFFF));
1210         b43_shm_write16(dev, B43_SHM_SHARED, 0x08A, (jssi & 0xFFFF0000) >> 16);
1211 }
1212
1213 static void b43_generate_noise_sample(struct b43_wldev *dev)
1214 {
1215         b43_jssi_write(dev, 0x7F7F7F7F);
1216         b43_write32(dev, B43_MMIO_MACCMD,
1217                     b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1218 }
1219
1220 static void b43_calculate_link_quality(struct b43_wldev *dev)
1221 {
1222         /* Top half of Link Quality calculation. */
1223
1224         if (dev->phy.type != B43_PHYTYPE_G)
1225                 return;
1226         if (dev->noisecalc.calculation_running)
1227                 return;
1228         dev->noisecalc.calculation_running = 1;
1229         dev->noisecalc.nr_samples = 0;
1230
1231         b43_generate_noise_sample(dev);
1232 }
1233
1234 static void handle_irq_noise(struct b43_wldev *dev)
1235 {
1236         struct b43_phy_g *phy = dev->phy.g;
1237         u16 tmp;
1238         u8 noise[4];
1239         u8 i, j;
1240         s32 average;
1241
1242         /* Bottom half of Link Quality calculation. */
1243
1244         if (dev->phy.type != B43_PHYTYPE_G)
1245                 return;
1246
1247         /* Possible race condition: It might be possible that the user
1248          * changed to a different channel in the meantime since we
1249          * started the calculation. We ignore that fact, since it's
1250          * not really that much of a problem. The background noise is
1251          * an estimation only anyway. Slightly wrong results will get damped
1252          * by the averaging of the 8 sample rounds. Additionally the
1253          * value is shortlived. So it will be replaced by the next noise
1254          * calculation round soon. */
1255
1256         B43_WARN_ON(!dev->noisecalc.calculation_running);
1257         *((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1258         if (noise[0] == 0x7F || noise[1] == 0x7F ||
1259             noise[2] == 0x7F || noise[3] == 0x7F)
1260                 goto generate_new;
1261
1262         /* Get the noise samples. */
1263         B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1264         i = dev->noisecalc.nr_samples;
1265         noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1266         noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1267         noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1268         noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1269         dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1270         dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1271         dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1272         dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1273         dev->noisecalc.nr_samples++;
1274         if (dev->noisecalc.nr_samples == 8) {
1275                 /* Calculate the Link Quality by the noise samples. */
1276                 average = 0;
1277                 for (i = 0; i < 8; i++) {
1278                         for (j = 0; j < 4; j++)
1279                                 average += dev->noisecalc.samples[i][j];
1280                 }
1281                 average /= (8 * 4);
1282                 average *= 125;
1283                 average += 64;
1284                 average /= 128;
1285                 tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1286                 tmp = (tmp / 128) & 0x1F;
1287                 if (tmp >= 8)
1288                         average += 2;
1289                 else
1290                         average -= 25;
1291                 if (tmp == 8)
1292                         average -= 72;
1293                 else
1294                         average -= 48;
1295
1296                 dev->stats.link_noise = average;
1297                 dev->noisecalc.calculation_running = 0;
1298                 return;
1299         }
1300 generate_new:
1301         b43_generate_noise_sample(dev);
1302 }
1303
1304 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1305 {
1306         if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1307                 ///TODO: PS TBTT
1308         } else {
1309                 if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1310                         b43_power_saving_ctl_bits(dev, 0);
1311         }
1312         if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1313                 dev->dfq_valid = 1;
1314 }
1315
1316 static void handle_irq_atim_end(struct b43_wldev *dev)
1317 {
1318         if (dev->dfq_valid) {
1319                 b43_write32(dev, B43_MMIO_MACCMD,
1320                             b43_read32(dev, B43_MMIO_MACCMD)
1321                             | B43_MACCMD_DFQ_VALID);
1322                 dev->dfq_valid = 0;
1323         }
1324 }
1325
1326 static void handle_irq_pmq(struct b43_wldev *dev)
1327 {
1328         u32 tmp;
1329
1330         //TODO: AP mode.
1331
1332         while (1) {
1333                 tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1334                 if (!(tmp & 0x00000008))
1335                         break;
1336         }
1337         /* 16bit write is odd, but correct. */
1338         b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1339 }
1340
1341 static void b43_write_template_common(struct b43_wldev *dev,
1342                                       const u8 *data, u16 size,
1343                                       u16 ram_offset,
1344                                       u16 shm_size_offset, u8 rate)
1345 {
1346         u32 i, tmp;
1347         struct b43_plcp_hdr4 plcp;
1348
1349         plcp.data = 0;
1350         b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1351         b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1352         ram_offset += sizeof(u32);
1353         /* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1354          * So leave the first two bytes of the next write blank.
1355          */
1356         tmp = (u32) (data[0]) << 16;
1357         tmp |= (u32) (data[1]) << 24;
1358         b43_ram_write(dev, ram_offset, tmp);
1359         ram_offset += sizeof(u32);
1360         for (i = 2; i < size; i += sizeof(u32)) {
1361                 tmp = (u32) (data[i + 0]);
1362                 if (i + 1 < size)
1363                         tmp |= (u32) (data[i + 1]) << 8;
1364                 if (i + 2 < size)
1365                         tmp |= (u32) (data[i + 2]) << 16;
1366                 if (i + 3 < size)
1367                         tmp |= (u32) (data[i + 3]) << 24;
1368                 b43_ram_write(dev, ram_offset + i - 2, tmp);
1369         }
1370         b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1371                         size + sizeof(struct b43_plcp_hdr6));
1372 }
1373
1374 /* Check if the use of the antenna that ieee80211 told us to
1375  * use is possible. This will fall back to DEFAULT.
1376  * "antenna_nr" is the antenna identifier we got from ieee80211. */
1377 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1378                                   u8 antenna_nr)
1379 {
1380         u8 antenna_mask;
1381
1382         if (antenna_nr == 0) {
1383                 /* Zero means "use default antenna". That's always OK. */
1384                 return 0;
1385         }
1386
1387         /* Get the mask of available antennas. */
1388         if (dev->phy.gmode)
1389                 antenna_mask = dev->dev->bus->sprom.ant_available_bg;
1390         else
1391                 antenna_mask = dev->dev->bus->sprom.ant_available_a;
1392
1393         if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1394                 /* This antenna is not available. Fall back to default. */
1395                 return 0;
1396         }
1397
1398         return antenna_nr;
1399 }
1400
1401 /* Convert a b43 antenna number value to the PHY TX control value. */
1402 static u16 b43_antenna_to_phyctl(int antenna)
1403 {
1404         switch (antenna) {
1405         case B43_ANTENNA0:
1406                 return B43_TXH_PHY_ANT0;
1407         case B43_ANTENNA1:
1408                 return B43_TXH_PHY_ANT1;
1409         case B43_ANTENNA2:
1410                 return B43_TXH_PHY_ANT2;
1411         case B43_ANTENNA3:
1412                 return B43_TXH_PHY_ANT3;
1413         case B43_ANTENNA_AUTO0:
1414         case B43_ANTENNA_AUTO1:
1415                 return B43_TXH_PHY_ANT01AUTO;
1416         }
1417         B43_WARN_ON(1);
1418         return 0;
1419 }
1420
1421 static void b43_write_beacon_template(struct b43_wldev *dev,
1422                                       u16 ram_offset,
1423                                       u16 shm_size_offset)
1424 {
1425         unsigned int i, len, variable_len;
1426         const struct ieee80211_mgmt *bcn;
1427         const u8 *ie;
1428         bool tim_found = 0;
1429         unsigned int rate;
1430         u16 ctl;
1431         int antenna;
1432         struct ieee80211_tx_info *info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1433
1434         bcn = (const struct ieee80211_mgmt *)(dev->wl->current_beacon->data);
1435         len = min((size_t) dev->wl->current_beacon->len,
1436                   0x200 - sizeof(struct b43_plcp_hdr6));
1437         rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1438
1439         b43_write_template_common(dev, (const u8 *)bcn,
1440                                   len, ram_offset, shm_size_offset, rate);
1441
1442         /* Write the PHY TX control parameters. */
1443         antenna = B43_ANTENNA_DEFAULT;
1444         antenna = b43_antenna_to_phyctl(antenna);
1445         ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1446         /* We can't send beacons with short preamble. Would get PHY errors. */
1447         ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1448         ctl &= ~B43_TXH_PHY_ANT;
1449         ctl &= ~B43_TXH_PHY_ENC;
1450         ctl |= antenna;
1451         if (b43_is_cck_rate(rate))
1452                 ctl |= B43_TXH_PHY_ENC_CCK;
1453         else
1454                 ctl |= B43_TXH_PHY_ENC_OFDM;
1455         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1456
1457         /* Find the position of the TIM and the DTIM_period value
1458          * and write them to SHM. */
1459         ie = bcn->u.beacon.variable;
1460         variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1461         for (i = 0; i < variable_len - 2; ) {
1462                 uint8_t ie_id, ie_len;
1463
1464                 ie_id = ie[i];
1465                 ie_len = ie[i + 1];
1466                 if (ie_id == 5) {
1467                         u16 tim_position;
1468                         u16 dtim_period;
1469                         /* This is the TIM Information Element */
1470
1471                         /* Check whether the ie_len is in the beacon data range. */
1472                         if (variable_len < ie_len + 2 + i)
1473                                 break;
1474                         /* A valid TIM is at least 4 bytes long. */
1475                         if (ie_len < 4)
1476                                 break;
1477                         tim_found = 1;
1478
1479                         tim_position = sizeof(struct b43_plcp_hdr6);
1480                         tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1481                         tim_position += i;
1482
1483                         dtim_period = ie[i + 3];
1484
1485                         b43_shm_write16(dev, B43_SHM_SHARED,
1486                                         B43_SHM_SH_TIMBPOS, tim_position);
1487                         b43_shm_write16(dev, B43_SHM_SHARED,
1488                                         B43_SHM_SH_DTIMPER, dtim_period);
1489                         break;
1490                 }
1491                 i += ie_len + 2;
1492         }
1493         if (!tim_found) {
1494                 /*
1495                  * If ucode wants to modify TIM do it behind the beacon, this
1496                  * will happen, for example, when doing mesh networking.
1497                  */
1498                 b43_shm_write16(dev, B43_SHM_SHARED,
1499                                 B43_SHM_SH_TIMBPOS,
1500                                 len + sizeof(struct b43_plcp_hdr6));
1501                 b43_shm_write16(dev, B43_SHM_SHARED,
1502                                 B43_SHM_SH_DTIMPER, 0);
1503         }
1504         b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1505 }
1506
1507 static void b43_upload_beacon0(struct b43_wldev *dev)
1508 {
1509         struct b43_wl *wl = dev->wl;
1510
1511         if (wl->beacon0_uploaded)
1512                 return;
1513         b43_write_beacon_template(dev, 0x68, 0x18);
1514         wl->beacon0_uploaded = 1;
1515 }
1516
1517 static void b43_upload_beacon1(struct b43_wldev *dev)
1518 {
1519         struct b43_wl *wl = dev->wl;
1520
1521         if (wl->beacon1_uploaded)
1522                 return;
1523         b43_write_beacon_template(dev, 0x468, 0x1A);
1524         wl->beacon1_uploaded = 1;
1525 }
1526
1527 static void handle_irq_beacon(struct b43_wldev *dev)
1528 {
1529         struct b43_wl *wl = dev->wl;
1530         u32 cmd, beacon0_valid, beacon1_valid;
1531
1532         if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1533             !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
1534                 return;
1535
1536         /* This is the bottom half of the asynchronous beacon update. */
1537
1538         /* Ignore interrupt in the future. */
1539         dev->irq_mask &= ~B43_IRQ_BEACON;
1540
1541         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1542         beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1543         beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1544
1545         /* Schedule interrupt manually, if busy. */
1546         if (beacon0_valid && beacon1_valid) {
1547                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1548                 dev->irq_mask |= B43_IRQ_BEACON;
1549                 return;
1550         }
1551
1552         if (unlikely(wl->beacon_templates_virgin)) {
1553                 /* We never uploaded a beacon before.
1554                  * Upload both templates now, but only mark one valid. */
1555                 wl->beacon_templates_virgin = 0;
1556                 b43_upload_beacon0(dev);
1557                 b43_upload_beacon1(dev);
1558                 cmd = b43_read32(dev, B43_MMIO_MACCMD);
1559                 cmd |= B43_MACCMD_BEACON0_VALID;
1560                 b43_write32(dev, B43_MMIO_MACCMD, cmd);
1561         } else {
1562                 if (!beacon0_valid) {
1563                         b43_upload_beacon0(dev);
1564                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1565                         cmd |= B43_MACCMD_BEACON0_VALID;
1566                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1567                 } else if (!beacon1_valid) {
1568                         b43_upload_beacon1(dev);
1569                         cmd = b43_read32(dev, B43_MMIO_MACCMD);
1570                         cmd |= B43_MACCMD_BEACON1_VALID;
1571                         b43_write32(dev, B43_MMIO_MACCMD, cmd);
1572                 }
1573         }
1574 }
1575
1576 static void b43_do_beacon_update_trigger_work(struct b43_wldev *dev)
1577 {
1578         u32 old_irq_mask = dev->irq_mask;
1579
1580         /* update beacon right away or defer to irq */
1581         handle_irq_beacon(dev);
1582         if (old_irq_mask != dev->irq_mask) {
1583                 /* The handler updated the IRQ mask. */
1584                 B43_WARN_ON(!dev->irq_mask);
1585                 if (b43_read32(dev, B43_MMIO_GEN_IRQ_MASK)) {
1586                         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1587                 } else {
1588                         /* Device interrupts are currently disabled. That means
1589                          * we just ran the hardirq handler and scheduled the
1590                          * IRQ thread. The thread will write the IRQ mask when
1591                          * it finished, so there's nothing to do here. Writing
1592                          * the mask _here_ would incorrectly re-enable IRQs. */
1593                 }
1594         }
1595 }
1596
1597 static void b43_beacon_update_trigger_work(struct work_struct *work)
1598 {
1599         struct b43_wl *wl = container_of(work, struct b43_wl,
1600                                          beacon_update_trigger);
1601         struct b43_wldev *dev;
1602
1603         mutex_lock(&wl->mutex);
1604         dev = wl->current_dev;
1605         if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1606                 if (dev->dev->bus->bustype == SSB_BUSTYPE_SDIO) {
1607                         /* wl->mutex is enough. */
1608                         b43_do_beacon_update_trigger_work(dev);
1609                         mmiowb();
1610                 } else {
1611                         spin_lock_irq(&wl->hardirq_lock);
1612                         b43_do_beacon_update_trigger_work(dev);
1613                         mmiowb();
1614                         spin_unlock_irq(&wl->hardirq_lock);
1615                 }
1616         }
1617         mutex_unlock(&wl->mutex);
1618 }
1619
1620 /* Asynchronously update the packet templates in template RAM.
1621  * Locking: Requires wl->mutex to be locked. */
1622 static void b43_update_templates(struct b43_wl *wl)
1623 {
1624         struct sk_buff *beacon;
1625
1626         /* This is the top half of the ansynchronous beacon update.
1627          * The bottom half is the beacon IRQ.
1628          * Beacon update must be asynchronous to avoid sending an
1629          * invalid beacon. This can happen for example, if the firmware
1630          * transmits a beacon while we are updating it. */
1631
1632         /* We could modify the existing beacon and set the aid bit in
1633          * the TIM field, but that would probably require resizing and
1634          * moving of data within the beacon template.
1635          * Simply request a new beacon and let mac80211 do the hard work. */
1636         beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1637         if (unlikely(!beacon))
1638                 return;
1639
1640         if (wl->current_beacon)
1641                 dev_kfree_skb_any(wl->current_beacon);
1642         wl->current_beacon = beacon;
1643         wl->beacon0_uploaded = 0;
1644         wl->beacon1_uploaded = 0;
1645         ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1646 }
1647
1648 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1649 {
1650         b43_time_lock(dev);
1651         if (dev->dev->id.revision >= 3) {
1652                 b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1653                 b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1654         } else {
1655                 b43_write16(dev, 0x606, (beacon_int >> 6));
1656                 b43_write16(dev, 0x610, beacon_int);
1657         }
1658         b43_time_unlock(dev);
1659         b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1660 }
1661
1662 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1663 {
1664         u16 reason;
1665
1666         /* Read the register that contains the reason code for the panic. */
1667         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1668         b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1669
1670         switch (reason) {
1671         default:
1672                 b43dbg(dev->wl, "The panic reason is unknown.\n");
1673                 /* fallthrough */
1674         case B43_FWPANIC_DIE:
1675                 /* Do not restart the controller or firmware.
1676                  * The device is nonfunctional from now on.
1677                  * Restarting would result in this panic to trigger again,
1678                  * so we avoid that recursion. */
1679                 break;
1680         case B43_FWPANIC_RESTART:
1681                 b43_controller_restart(dev, "Microcode panic");
1682                 break;
1683         }
1684 }
1685
1686 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1687 {
1688         unsigned int i, cnt;
1689         u16 reason, marker_id, marker_line;
1690         __le16 *buf;
1691
1692         /* The proprietary firmware doesn't have this IRQ. */
1693         if (!dev->fw.opensource)
1694                 return;
1695
1696         /* Read the register that contains the reason code for this IRQ. */
1697         reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1698
1699         switch (reason) {
1700         case B43_DEBUGIRQ_PANIC:
1701                 b43_handle_firmware_panic(dev);
1702                 break;
1703         case B43_DEBUGIRQ_DUMP_SHM:
1704                 if (!B43_DEBUG)
1705                         break; /* Only with driver debugging enabled. */
1706                 buf = kmalloc(4096, GFP_ATOMIC);
1707                 if (!buf) {
1708                         b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1709                         goto out;
1710                 }
1711                 for (i = 0; i < 4096; i += 2) {
1712                         u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1713                         buf[i / 2] = cpu_to_le16(tmp);
1714                 }
1715                 b43info(dev->wl, "Shared memory dump:\n");
1716                 print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1717                                16, 2, buf, 4096, 1);
1718                 kfree(buf);
1719                 break;
1720         case B43_DEBUGIRQ_DUMP_REGS:
1721                 if (!B43_DEBUG)
1722                         break; /* Only with driver debugging enabled. */
1723                 b43info(dev->wl, "Microcode register dump:\n");
1724                 for (i = 0, cnt = 0; i < 64; i++) {
1725                         u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1726                         if (cnt == 0)
1727                                 printk(KERN_INFO);
1728                         printk("r%02u: 0x%04X  ", i, tmp);
1729                         cnt++;
1730                         if (cnt == 6) {
1731                                 printk("\n");
1732                                 cnt = 0;
1733                         }
1734                 }
1735                 printk("\n");
1736                 break;
1737         case B43_DEBUGIRQ_MARKER:
1738                 if (!B43_DEBUG)
1739                         break; /* Only with driver debugging enabled. */
1740                 marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1741                                            B43_MARKER_ID_REG);
1742                 marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1743                                              B43_MARKER_LINE_REG);
1744                 b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1745                         "at line number %u\n",
1746                         marker_id, marker_line);
1747                 break;
1748         default:
1749                 b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1750                        reason);
1751         }
1752 out:
1753         /* Acknowledge the debug-IRQ, so the firmware can continue. */
1754         b43_shm_write16(dev, B43_SHM_SCRATCH,
1755                         B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1756 }
1757
1758 static void b43_do_interrupt_thread(struct b43_wldev *dev)
1759 {
1760         u32 reason;
1761         u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1762         u32 merged_dma_reason = 0;
1763         int i;
1764
1765         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
1766                 return;
1767
1768         reason = dev->irq_reason;
1769         for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1770                 dma_reason[i] = dev->dma_reason[i];
1771                 merged_dma_reason |= dma_reason[i];
1772         }
1773
1774         if (unlikely(reason & B43_IRQ_MAC_TXERR))
1775                 b43err(dev->wl, "MAC transmission error\n");
1776
1777         if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1778                 b43err(dev->wl, "PHY transmission error\n");
1779                 rmb();
1780                 if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
1781                         atomic_set(&dev->phy.txerr_cnt,
1782                                    B43_PHY_TX_BADNESS_LIMIT);
1783                         b43err(dev->wl, "Too many PHY TX errors, "
1784                                         "restarting the controller\n");
1785                         b43_controller_restart(dev, "PHY TX errors");
1786                 }
1787         }
1788
1789         if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK |
1790                                           B43_DMAIRQ_NONFATALMASK))) {
1791                 if (merged_dma_reason & B43_DMAIRQ_FATALMASK) {
1792                         b43err(dev->wl, "Fatal DMA error: "
1793                                "0x%08X, 0x%08X, 0x%08X, "
1794                                "0x%08X, 0x%08X, 0x%08X\n",
1795                                dma_reason[0], dma_reason[1],
1796                                dma_reason[2], dma_reason[3],
1797                                dma_reason[4], dma_reason[5]);
1798                         b43err(dev->wl, "This device does not support DMA "
1799                                "on your system. Please use PIO instead.\n");
1800                         b43err(dev->wl, "Unload the b43 module and reload "
1801                                "with 'pio=1'\n");
1802                         return;
1803                 }
1804                 if (merged_dma_reason & B43_DMAIRQ_NONFATALMASK) {
1805                         b43err(dev->wl, "DMA error: "
1806                                "0x%08X, 0x%08X, 0x%08X, "
1807                                "0x%08X, 0x%08X, 0x%08X\n",
1808                                dma_reason[0], dma_reason[1],
1809                                dma_reason[2], dma_reason[3],
1810                                dma_reason[4], dma_reason[5]);
1811                 }
1812         }
1813
1814         if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
1815                 handle_irq_ucode_debug(dev);
1816         if (reason & B43_IRQ_TBTT_INDI)
1817                 handle_irq_tbtt_indication(dev);
1818         if (reason & B43_IRQ_ATIM_END)
1819                 handle_irq_atim_end(dev);
1820         if (reason & B43_IRQ_BEACON)
1821                 handle_irq_beacon(dev);
1822         if (reason & B43_IRQ_PMQ)
1823                 handle_irq_pmq(dev);
1824         if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
1825                 ;/* TODO */
1826         if (reason & B43_IRQ_NOISESAMPLE_OK)
1827                 handle_irq_noise(dev);
1828
1829         /* Check the DMA reason registers for received data. */
1830         if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
1831                 if (b43_using_pio_transfers(dev))
1832                         b43_pio_rx(dev->pio.rx_queue);
1833                 else
1834                         b43_dma_rx(dev->dma.rx_ring);
1835         }
1836         B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
1837         B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
1838         B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
1839         B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
1840         B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
1841
1842         if (reason & B43_IRQ_TX_OK)
1843                 handle_irq_transmit_status(dev);
1844
1845         /* Re-enable interrupts on the device by restoring the current interrupt mask. */
1846         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1847
1848 #if B43_DEBUG
1849         if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
1850                 dev->irq_count++;
1851                 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
1852                         if (reason & (1 << i))
1853                                 dev->irq_bit_count[i]++;
1854                 }
1855         }
1856 #endif
1857 }
1858
1859 /* Interrupt thread handler. Handles device interrupts in thread context. */
1860 static irqreturn_t b43_interrupt_thread_handler(int irq, void *dev_id)
1861 {
1862         struct b43_wldev *dev = dev_id;
1863
1864         mutex_lock(&dev->wl->mutex);
1865         b43_do_interrupt_thread(dev);
1866         mmiowb();
1867         mutex_unlock(&dev->wl->mutex);
1868
1869         return IRQ_HANDLED;
1870 }
1871
1872 static irqreturn_t b43_do_interrupt(struct b43_wldev *dev)
1873 {
1874         u32 reason;
1875
1876         /* This code runs under wl->hardirq_lock, but _only_ on non-SDIO busses.
1877          * On SDIO, this runs under wl->mutex. */
1878
1879         reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
1880         if (reason == 0xffffffff)       /* shared IRQ */
1881                 return IRQ_NONE;
1882         reason &= dev->irq_mask;
1883         if (!reason)
1884                 return IRQ_HANDLED;
1885
1886         dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
1887             & 0x0001DC00;
1888         dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
1889             & 0x0000DC00;
1890         dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
1891             & 0x0000DC00;
1892         dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
1893             & 0x0001DC00;
1894         dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
1895             & 0x0000DC00;
1896 /* Unused ring
1897         dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
1898             & 0x0000DC00;
1899 */
1900
1901         /* ACK the interrupt. */
1902         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
1903         b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
1904         b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
1905         b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
1906         b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
1907         b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
1908 /* Unused ring
1909         b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
1910 */
1911
1912         /* Disable IRQs on the device. The IRQ thread handler will re-enable them. */
1913         b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
1914         /* Save the reason bitmasks for the IRQ thread handler. */
1915         dev->irq_reason = reason;
1916
1917         return IRQ_WAKE_THREAD;
1918 }
1919
1920 /* Interrupt handler top-half. This runs with interrupts disabled. */
1921 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
1922 {
1923         struct b43_wldev *dev = dev_id;
1924         irqreturn_t ret;
1925
1926         if (unlikely(b43_status(dev) < B43_STAT_STARTED))
1927                 return IRQ_NONE;
1928
1929         spin_lock(&dev->wl->hardirq_lock);
1930         ret = b43_do_interrupt(dev);
1931         mmiowb();
1932         spin_unlock(&dev->wl->hardirq_lock);
1933
1934         return ret;
1935 }
1936
1937 /* SDIO interrupt handler. This runs in process context. */
1938 static void b43_sdio_interrupt_handler(struct b43_wldev *dev)
1939 {
1940         struct b43_wl *wl = dev->wl;
1941         irqreturn_t ret;
1942
1943         mutex_lock(&wl->mutex);
1944
1945         ret = b43_do_interrupt(dev);
1946         if (ret == IRQ_WAKE_THREAD)
1947                 b43_do_interrupt_thread(dev);
1948
1949         mutex_unlock(&wl->mutex);
1950 }
1951
1952 void b43_do_release_fw(struct b43_firmware_file *fw)
1953 {
1954         release_firmware(fw->data);
1955         fw->data = NULL;
1956         fw->filename = NULL;
1957 }
1958
1959 static void b43_release_firmware(struct b43_wldev *dev)
1960 {
1961         b43_do_release_fw(&dev->fw.ucode);
1962         b43_do_release_fw(&dev->fw.pcm);
1963         b43_do_release_fw(&dev->fw.initvals);
1964         b43_do_release_fw(&dev->fw.initvals_band);
1965 }
1966
1967 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
1968 {
1969         const char text[] =
1970                 "You must go to " \
1971                 "http://wireless.kernel.org/en/users/Drivers/b43#devicefirmware " \
1972                 "and download the correct firmware for this driver version. " \
1973                 "Please carefully read all instructions on this website.\n";
1974
1975         if (error)
1976                 b43err(wl, text);
1977         else
1978                 b43warn(wl, text);
1979 }
1980
1981 int b43_do_request_fw(struct b43_request_fw_context *ctx,
1982                       const char *name,
1983                       struct b43_firmware_file *fw)
1984 {
1985         const struct firmware *blob;
1986         struct b43_fw_header *hdr;
1987         u32 size;
1988         int err;
1989
1990         if (!name) {
1991                 /* Don't fetch anything. Free possibly cached firmware. */
1992                 /* FIXME: We should probably keep it anyway, to save some headache
1993                  * on suspend/resume with multiband devices. */
1994                 b43_do_release_fw(fw);
1995                 return 0;
1996         }
1997         if (fw->filename) {
1998                 if ((fw->type == ctx->req_type) &&
1999                     (strcmp(fw->filename, name) == 0))
2000                         return 0; /* Already have this fw. */
2001                 /* Free the cached firmware first. */
2002                 /* FIXME: We should probably do this later after we successfully
2003                  * got the new fw. This could reduce headache with multiband devices.
2004                  * We could also redesign this to cache the firmware for all possible
2005                  * bands all the time. */
2006                 b43_do_release_fw(fw);
2007         }
2008
2009         switch (ctx->req_type) {
2010         case B43_FWTYPE_PROPRIETARY:
2011                 snprintf(ctx->fwname, sizeof(ctx->fwname),
2012                          "b43%s/%s.fw",
2013                          modparam_fwpostfix, name);
2014                 break;
2015         case B43_FWTYPE_OPENSOURCE:
2016                 snprintf(ctx->fwname, sizeof(ctx->fwname),
2017                          "b43-open%s/%s.fw",
2018                          modparam_fwpostfix, name);
2019                 break;
2020         default:
2021                 B43_WARN_ON(1);
2022                 return -ENOSYS;
2023         }
2024         err = request_firmware(&blob, ctx->fwname, ctx->dev->dev->dev);
2025         if (err == -ENOENT) {
2026                 snprintf(ctx->errors[ctx->req_type],
2027                          sizeof(ctx->errors[ctx->req_type]),
2028                          "Firmware file \"%s\" not found\n", ctx->fwname);
2029                 return err;
2030         } else if (err) {
2031                 snprintf(ctx->errors[ctx->req_type],
2032                          sizeof(ctx->errors[ctx->req_type]),
2033                          "Firmware file \"%s\" request failed (err=%d)\n",
2034                          ctx->fwname, err);
2035                 return err;
2036         }
2037         if (blob->size < sizeof(struct b43_fw_header))
2038                 goto err_format;
2039         hdr = (struct b43_fw_header *)(blob->data);
2040         switch (hdr->type) {
2041         case B43_FW_TYPE_UCODE:
2042         case B43_FW_TYPE_PCM:
2043                 size = be32_to_cpu(hdr->size);
2044                 if (size != blob->size - sizeof(struct b43_fw_header))
2045                         goto err_format;
2046                 /* fallthrough */
2047         case B43_FW_TYPE_IV:
2048                 if (hdr->ver != 1)
2049                         goto err_format;
2050                 break;
2051         default:
2052                 goto err_format;
2053         }
2054
2055         fw->data = blob;
2056         fw->filename = name;
2057         fw->type = ctx->req_type;
2058
2059         return 0;
2060
2061 err_format:
2062         snprintf(ctx->errors[ctx->req_type],
2063                  sizeof(ctx->errors[ctx->req_type]),
2064                  "Firmware file \"%s\" format error.\n", ctx->fwname);
2065         release_firmware(blob);
2066
2067         return -EPROTO;
2068 }
2069
2070 static int b43_try_request_fw(struct b43_request_fw_context *ctx)
2071 {
2072         struct b43_wldev *dev = ctx->dev;
2073         struct b43_firmware *fw = &ctx->dev->fw;
2074         const u8 rev = ctx->dev->dev->id.revision;
2075         const char *filename;
2076         u32 tmshigh;
2077         int err;
2078
2079         /* Get microcode */
2080         tmshigh = ssb_read32(dev->dev, SSB_TMSHIGH);
2081         if ((rev >= 5) && (rev <= 10))
2082                 filename = "ucode5";
2083         else if ((rev >= 11) && (rev <= 12))
2084                 filename = "ucode11";
2085         else if (rev == 13)
2086                 filename = "ucode13";
2087         else if (rev == 14)
2088                 filename = "ucode14";
2089         else if (rev >= 15)
2090                 filename = "ucode15";
2091         else
2092                 goto err_no_ucode;
2093         err = b43_do_request_fw(ctx, filename, &fw->ucode);
2094         if (err)
2095                 goto err_load;
2096
2097         /* Get PCM code */
2098         if ((rev >= 5) && (rev <= 10))
2099                 filename = "pcm5";
2100         else if (rev >= 11)
2101                 filename = NULL;
2102         else
2103                 goto err_no_pcm;
2104         fw->pcm_request_failed = 0;
2105         err = b43_do_request_fw(ctx, filename, &fw->pcm);
2106         if (err == -ENOENT) {
2107                 /* We did not find a PCM file? Not fatal, but
2108                  * core rev <= 10 must do without hwcrypto then. */
2109                 fw->pcm_request_failed = 1;
2110         } else if (err)
2111                 goto err_load;
2112
2113         /* Get initvals */
2114         switch (dev->phy.type) {
2115         case B43_PHYTYPE_A:
2116                 if ((rev >= 5) && (rev <= 10)) {
2117                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2118                                 filename = "a0g1initvals5";
2119                         else
2120                                 filename = "a0g0initvals5";
2121                 } else
2122                         goto err_no_initvals;
2123                 break;
2124         case B43_PHYTYPE_G:
2125                 if ((rev >= 5) && (rev <= 10))
2126                         filename = "b0g0initvals5";
2127                 else if (rev >= 13)
2128                         filename = "b0g0initvals13";
2129                 else
2130                         goto err_no_initvals;
2131                 break;
2132         case B43_PHYTYPE_N:
2133                 if ((rev >= 11) && (rev <= 12))
2134                         filename = "n0initvals11";
2135                 else
2136                         goto err_no_initvals;
2137                 break;
2138         case B43_PHYTYPE_LP:
2139                 if (rev == 13)
2140                         filename = "lp0initvals13";
2141                 else if (rev == 14)
2142                         filename = "lp0initvals14";
2143                 else if (rev >= 15)
2144                         filename = "lp0initvals15";
2145                 else
2146                         goto err_no_initvals;
2147                 break;
2148         default:
2149                 goto err_no_initvals;
2150         }
2151         err = b43_do_request_fw(ctx, filename, &fw->initvals);
2152         if (err)
2153                 goto err_load;
2154
2155         /* Get bandswitch initvals */
2156         switch (dev->phy.type) {
2157         case B43_PHYTYPE_A:
2158                 if ((rev >= 5) && (rev <= 10)) {
2159                         if (tmshigh & B43_TMSHIGH_HAVE_2GHZ_PHY)
2160                                 filename = "a0g1bsinitvals5";
2161                         else
2162                                 filename = "a0g0bsinitvals5";
2163                 } else if (rev >= 11)
2164                         filename = NULL;
2165                 else
2166                         goto err_no_initvals;
2167                 break;
2168         case B43_PHYTYPE_G:
2169                 if ((rev >= 5) && (rev <= 10))
2170                         filename = "b0g0bsinitvals5";
2171                 else if (rev >= 11)
2172                         filename = NULL;
2173                 else
2174                         goto err_no_initvals;
2175                 break;
2176         case B43_PHYTYPE_N:
2177                 if ((rev >= 11) && (rev <= 12))
2178                         filename = "n0bsinitvals11";
2179                 else
2180                         goto err_no_initvals;
2181                 break;
2182         case B43_PHYTYPE_LP:
2183                 if (rev == 13)
2184                         filename = "lp0bsinitvals13";
2185                 else if (rev == 14)
2186                         filename = "lp0bsinitvals14";
2187                 else if (rev >= 15)
2188                         filename = "lp0bsinitvals15";
2189                 else
2190                         goto err_no_initvals;
2191                 break;
2192         default:
2193                 goto err_no_initvals;
2194         }
2195         err = b43_do_request_fw(ctx, filename, &fw->initvals_band);
2196         if (err)
2197                 goto err_load;
2198
2199         return 0;
2200
2201 err_no_ucode:
2202         err = ctx->fatal_failure = -EOPNOTSUPP;
2203         b43err(dev->wl, "The driver does not know which firmware (ucode) "
2204                "is required for your device (wl-core rev %u)\n", rev);
2205         goto error;
2206
2207 err_no_pcm:
2208         err = ctx->fatal_failure = -EOPNOTSUPP;
2209         b43err(dev->wl, "The driver does not know which firmware (PCM) "
2210                "is required for your device (wl-core rev %u)\n", rev);
2211         goto error;
2212
2213 err_no_initvals:
2214         err = ctx->fatal_failure = -EOPNOTSUPP;
2215         b43err(dev->wl, "The driver does not know which firmware (initvals) "
2216                "is required for your device (wl-core rev %u)\n", rev);
2217         goto error;
2218
2219 err_load:
2220         /* We failed to load this firmware image. The error message
2221          * already is in ctx->errors. Return and let our caller decide
2222          * what to do. */
2223         goto error;
2224
2225 error:
2226         b43_release_firmware(dev);
2227         return err;
2228 }
2229
2230 static int b43_request_firmware(struct b43_wldev *dev)
2231 {
2232         struct b43_request_fw_context *ctx;
2233         unsigned int i;
2234         int err;
2235         const char *errmsg;
2236
2237         ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2238         if (!ctx)
2239                 return -ENOMEM;
2240         ctx->dev = dev;
2241
2242         ctx->req_type = B43_FWTYPE_PROPRIETARY;
2243         err = b43_try_request_fw(ctx);
2244         if (!err)
2245                 goto out; /* Successfully loaded it. */
2246         err = ctx->fatal_failure;
2247         if (err)
2248                 goto out;
2249
2250         ctx->req_type = B43_FWTYPE_OPENSOURCE;
2251         err = b43_try_request_fw(ctx);
2252         if (!err)
2253                 goto out; /* Successfully loaded it. */
2254         err = ctx->fatal_failure;
2255         if (err)
2256                 goto out;
2257
2258         /* Could not find a usable firmware. Print the errors. */
2259         for (i = 0; i < B43_NR_FWTYPES; i++) {
2260                 errmsg = ctx->errors[i];
2261                 if (strlen(errmsg))
2262                         b43err(dev->wl, errmsg);
2263         }
2264         b43_print_fw_helptext(dev->wl, 1);
2265         err = -ENOENT;
2266
2267 out:
2268         kfree(ctx);
2269         return err;
2270 }
2271
2272 static int b43_upload_microcode(struct b43_wldev *dev)
2273 {
2274         const size_t hdr_len = sizeof(struct b43_fw_header);
2275         const __be32 *data;
2276         unsigned int i, len;
2277         u16 fwrev, fwpatch, fwdate, fwtime;
2278         u32 tmp, macctl;
2279         int err = 0;
2280
2281         /* Jump the microcode PSM to offset 0 */
2282         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2283         B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2284         macctl |= B43_MACCTL_PSM_JMP0;
2285         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2286         /* Zero out all microcode PSM registers and shared memory. */
2287         for (i = 0; i < 64; i++)
2288                 b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2289         for (i = 0; i < 4096; i += 2)
2290                 b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2291
2292         /* Upload Microcode. */
2293         data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2294         len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2295         b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2296         for (i = 0; i < len; i++) {
2297                 b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2298                 udelay(10);
2299         }
2300
2301         if (dev->fw.pcm.data) {
2302                 /* Upload PCM data. */
2303                 data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2304                 len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2305                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2306                 b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2307                 /* No need for autoinc bit in SHM_HW */
2308                 b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2309                 for (i = 0; i < len; i++) {
2310                         b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2311                         udelay(10);
2312                 }
2313         }
2314
2315         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2316
2317         /* Start the microcode PSM */
2318         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2319         macctl &= ~B43_MACCTL_PSM_JMP0;
2320         macctl |= B43_MACCTL_PSM_RUN;
2321         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2322
2323         /* Wait for the microcode to load and respond */
2324         i = 0;
2325         while (1) {
2326                 tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2327                 if (tmp == B43_IRQ_MAC_SUSPENDED)
2328                         break;
2329                 i++;
2330                 if (i >= 20) {
2331                         b43err(dev->wl, "Microcode not responding\n");
2332                         b43_print_fw_helptext(dev->wl, 1);
2333                         err = -ENODEV;
2334                         goto error;
2335                 }
2336                 msleep(50);
2337         }
2338         b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);       /* dummy read */
2339
2340         /* Get and check the revisions. */
2341         fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2342         fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2343         fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2344         fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2345
2346         if (fwrev <= 0x128) {
2347                 b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2348                        "binary drivers older than version 4.x is unsupported. "
2349                        "You must upgrade your firmware files.\n");
2350                 b43_print_fw_helptext(dev->wl, 1);
2351                 err = -EOPNOTSUPP;
2352                 goto error;
2353         }
2354         dev->fw.rev = fwrev;
2355         dev->fw.patch = fwpatch;
2356         dev->fw.opensource = (fwdate == 0xFFFF);
2357
2358         /* Default to use-all-queues. */
2359         dev->wl->hw->queues = dev->wl->mac80211_initially_registered_queues;
2360         dev->qos_enabled = !!modparam_qos;
2361         /* Default to firmware/hardware crypto acceleration. */
2362         dev->hwcrypto_enabled = 1;
2363
2364         if (dev->fw.opensource) {
2365                 u16 fwcapa;
2366
2367                 /* Patchlevel info is encoded in the "time" field. */
2368                 dev->fw.patch = fwtime;
2369                 b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2370                         dev->fw.rev, dev->fw.patch);
2371
2372                 fwcapa = b43_fwcapa_read(dev);
2373                 if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2374                         b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2375                         /* Disable hardware crypto and fall back to software crypto. */
2376                         dev->hwcrypto_enabled = 0;
2377                 }
2378                 if (!(fwcapa & B43_FWCAPA_QOS)) {
2379                         b43info(dev->wl, "QoS not supported by firmware\n");
2380                         /* Disable QoS. Tweak hw->queues to 1. It will be restored before
2381                          * ieee80211_unregister to make sure the networking core can
2382                          * properly free possible resources. */
2383                         dev->wl->hw->queues = 1;
2384                         dev->qos_enabled = 0;
2385                 }
2386         } else {
2387                 b43info(dev->wl, "Loading firmware version %u.%u "
2388                         "(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2389                         fwrev, fwpatch,
2390                         (fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2391                         (fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2392                 if (dev->fw.pcm_request_failed) {
2393                         b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2394                                 "Hardware accelerated cryptography is disabled.\n");
2395                         b43_print_fw_helptext(dev->wl, 0);
2396                 }
2397         }
2398
2399         if (b43_is_old_txhdr_format(dev)) {
2400                 /* We're over the deadline, but we keep support for old fw
2401                  * until it turns out to be in major conflict with something new. */
2402                 b43warn(dev->wl, "You are using an old firmware image. "
2403                         "Support for old firmware will be removed soon "
2404                         "(official deadline was July 2008).\n");
2405                 b43_print_fw_helptext(dev->wl, 0);
2406         }
2407
2408         return 0;
2409
2410 error:
2411         macctl = b43_read32(dev, B43_MMIO_MACCTL);
2412         macctl &= ~B43_MACCTL_PSM_RUN;
2413         macctl |= B43_MACCTL_PSM_JMP0;
2414         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2415
2416         return err;
2417 }
2418
2419 static int b43_write_initvals(struct b43_wldev *dev,
2420                               const struct b43_iv *ivals,
2421                               size_t count,
2422                               size_t array_size)
2423 {
2424         const struct b43_iv *iv;
2425         u16 offset;
2426         size_t i;
2427         bool bit32;
2428
2429         BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2430         iv = ivals;
2431         for (i = 0; i < count; i++) {
2432                 if (array_size < sizeof(iv->offset_size))
2433                         goto err_format;
2434                 array_size -= sizeof(iv->offset_size);
2435                 offset = be16_to_cpu(iv->offset_size);
2436                 bit32 = !!(offset & B43_IV_32BIT);
2437                 offset &= B43_IV_OFFSET_MASK;
2438                 if (offset >= 0x1000)
2439                         goto err_format;
2440                 if (bit32) {
2441                         u32 value;
2442
2443                         if (array_size < sizeof(iv->data.d32))
2444                                 goto err_format;
2445                         array_size -= sizeof(iv->data.d32);
2446
2447                         value = get_unaligned_be32(&iv->data.d32);
2448                         b43_write32(dev, offset, value);
2449
2450                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2451                                                         sizeof(__be16) +
2452                                                         sizeof(__be32));
2453                 } else {
2454                         u16 value;
2455
2456                         if (array_size < sizeof(iv->data.d16))
2457                                 goto err_format;
2458                         array_size -= sizeof(iv->data.d16);
2459
2460                         value = be16_to_cpu(iv->data.d16);
2461                         b43_write16(dev, offset, value);
2462
2463                         iv = (const struct b43_iv *)((const uint8_t *)iv +
2464                                                         sizeof(__be16) +
2465                                                         sizeof(__be16));
2466                 }
2467         }
2468         if (array_size)
2469                 goto err_format;
2470
2471         return 0;
2472
2473 err_format:
2474         b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2475         b43_print_fw_helptext(dev->wl, 1);
2476
2477         return -EPROTO;
2478 }
2479
2480 static int b43_upload_initvals(struct b43_wldev *dev)
2481 {
2482         const size_t hdr_len = sizeof(struct b43_fw_header);
2483         const struct b43_fw_header *hdr;
2484         struct b43_firmware *fw = &dev->fw;
2485         const struct b43_iv *ivals;
2486         size_t count;
2487         int err;
2488
2489         hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2490         ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2491         count = be32_to_cpu(hdr->size);
2492         err = b43_write_initvals(dev, ivals, count,
2493                                  fw->initvals.data->size - hdr_len);
2494         if (err)
2495                 goto out;
2496         if (fw->initvals_band.data) {
2497                 hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2498                 ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2499                 count = be32_to_cpu(hdr->size);
2500                 err = b43_write_initvals(dev, ivals, count,
2501                                          fw->initvals_band.data->size - hdr_len);
2502                 if (err)
2503                         goto out;
2504         }
2505 out:
2506
2507         return err;
2508 }
2509
2510 /* Initialize the GPIOs
2511  * http://bcm-specs.sipsolutions.net/GPIO
2512  */
2513 static int b43_gpio_init(struct b43_wldev *dev)
2514 {
2515         struct ssb_bus *bus = dev->dev->bus;
2516         struct ssb_device *gpiodev, *pcidev = NULL;
2517         u32 mask, set;
2518
2519         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2520                     & ~B43_MACCTL_GPOUTSMSK);
2521
2522         b43_write16(dev, B43_MMIO_GPIO_MASK, b43_read16(dev, B43_MMIO_GPIO_MASK)
2523                     | 0x000F);
2524
2525         mask = 0x0000001F;
2526         set = 0x0000000F;
2527         if (dev->dev->bus->chip_id == 0x4301) {
2528                 mask |= 0x0060;
2529                 set |= 0x0060;
2530         }
2531         if (0 /* FIXME: conditional unknown */ ) {
2532                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2533                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2534                             | 0x0100);
2535                 mask |= 0x0180;
2536                 set |= 0x0180;
2537         }
2538         if (dev->dev->bus->sprom.boardflags_lo & B43_BFL_PACTRL) {
2539                 b43_write16(dev, B43_MMIO_GPIO_MASK,
2540                             b43_read16(dev, B43_MMIO_GPIO_MASK)
2541                             | 0x0200);
2542                 mask |= 0x0200;
2543                 set |= 0x0200;
2544         }
2545         if (dev->dev->id.revision >= 2)
2546                 mask |= 0x0010; /* FIXME: This is redundant. */
2547
2548 #ifdef CONFIG_SSB_DRIVER_PCICORE
2549         pcidev = bus->pcicore.dev;
2550 #endif
2551         gpiodev = bus->chipco.dev ? : pcidev;
2552         if (!gpiodev)
2553                 return 0;
2554         ssb_write32(gpiodev, B43_GPIO_CONTROL,
2555                     (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2556                      & mask) | set);
2557
2558         return 0;
2559 }
2560
2561 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2562 static void b43_gpio_cleanup(struct b43_wldev *dev)
2563 {
2564         struct ssb_bus *bus = dev->dev->bus;
2565         struct ssb_device *gpiodev, *pcidev = NULL;
2566
2567 #ifdef CONFIG_SSB_DRIVER_PCICORE
2568         pcidev = bus->pcicore.dev;
2569 #endif
2570         gpiodev = bus->chipco.dev ? : pcidev;
2571         if (!gpiodev)
2572                 return;
2573         ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2574 }
2575
2576 /* http://bcm-specs.sipsolutions.net/EnableMac */
2577 void b43_mac_enable(struct b43_wldev *dev)
2578 {
2579         if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2580                 u16 fwstate;
2581
2582                 fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2583                                          B43_SHM_SH_UCODESTAT);
2584                 if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2585                     (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2586                         b43err(dev->wl, "b43_mac_enable(): The firmware "
2587                                "should be suspended, but current state is %u\n",
2588                                fwstate);
2589                 }
2590         }
2591
2592         dev->mac_suspended--;
2593         B43_WARN_ON(dev->mac_suspended < 0);
2594         if (dev->mac_suspended == 0) {
2595                 b43_write32(dev, B43_MMIO_MACCTL,
2596                             b43_read32(dev, B43_MMIO_MACCTL)
2597                             | B43_MACCTL_ENABLED);
2598                 b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2599                             B43_IRQ_MAC_SUSPENDED);
2600                 /* Commit writes */
2601                 b43_read32(dev, B43_MMIO_MACCTL);
2602                 b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2603                 b43_power_saving_ctl_bits(dev, 0);
2604         }
2605 }
2606
2607 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
2608 void b43_mac_suspend(struct b43_wldev *dev)
2609 {
2610         int i;
2611         u32 tmp;
2612
2613         might_sleep();
2614         B43_WARN_ON(dev->mac_suspended < 0);
2615
2616         if (dev->mac_suspended == 0) {
2617                 b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
2618                 b43_write32(dev, B43_MMIO_MACCTL,
2619                             b43_read32(dev, B43_MMIO_MACCTL)
2620                             & ~B43_MACCTL_ENABLED);
2621                 /* force pci to flush the write */
2622                 b43_read32(dev, B43_MMIO_MACCTL);
2623                 for (i = 35; i; i--) {
2624                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2625                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2626                                 goto out;
2627                         udelay(10);
2628                 }
2629                 /* Hm, it seems this will take some time. Use msleep(). */
2630                 for (i = 40; i; i--) {
2631                         tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2632                         if (tmp & B43_IRQ_MAC_SUSPENDED)
2633                                 goto out;
2634                         msleep(1);
2635                 }
2636                 b43err(dev->wl, "MAC suspend failed\n");
2637         }
2638 out:
2639         dev->mac_suspended++;
2640 }
2641
2642 static void b43_adjust_opmode(struct b43_wldev *dev)
2643 {
2644         struct b43_wl *wl = dev->wl;
2645         u32 ctl;
2646         u16 cfp_pretbtt;
2647
2648         ctl = b43_read32(dev, B43_MMIO_MACCTL);
2649         /* Reset status to STA infrastructure mode. */
2650         ctl &= ~B43_MACCTL_AP;
2651         ctl &= ~B43_MACCTL_KEEP_CTL;
2652         ctl &= ~B43_MACCTL_KEEP_BADPLCP;
2653         ctl &= ~B43_MACCTL_KEEP_BAD;
2654         ctl &= ~B43_MACCTL_PROMISC;
2655         ctl &= ~B43_MACCTL_BEACPROMISC;
2656         ctl |= B43_MACCTL_INFRA;
2657
2658         if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
2659             b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
2660                 ctl |= B43_MACCTL_AP;
2661         else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
2662                 ctl &= ~B43_MACCTL_INFRA;
2663
2664         if (wl->filter_flags & FIF_CONTROL)
2665                 ctl |= B43_MACCTL_KEEP_CTL;
2666         if (wl->filter_flags & FIF_FCSFAIL)
2667                 ctl |= B43_MACCTL_KEEP_BAD;
2668         if (wl->filter_flags & FIF_PLCPFAIL)
2669                 ctl |= B43_MACCTL_KEEP_BADPLCP;
2670         if (wl->filter_flags & FIF_PROMISC_IN_BSS)
2671                 ctl |= B43_MACCTL_PROMISC;
2672         if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
2673                 ctl |= B43_MACCTL_BEACPROMISC;
2674
2675         /* Workaround: On old hardware the HW-MAC-address-filter
2676          * doesn't work properly, so always run promisc in filter
2677          * it in software. */
2678         if (dev->dev->id.revision <= 4)
2679                 ctl |= B43_MACCTL_PROMISC;
2680
2681         b43_write32(dev, B43_MMIO_MACCTL, ctl);
2682
2683         cfp_pretbtt = 2;
2684         if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
2685                 if (dev->dev->bus->chip_id == 0x4306 &&
2686                     dev->dev->bus->chip_rev == 3)
2687                         cfp_pretbtt = 100;
2688                 else
2689                         cfp_pretbtt = 50;
2690         }
2691         b43_write16(dev, 0x612, cfp_pretbtt);
2692
2693         /* FIXME: We don't currently implement the PMQ mechanism,
2694          *        so always disable it. If we want to implement PMQ,
2695          *        we need to enable it here (clear DISCPMQ) in AP mode.
2696          */
2697         if (0  /* ctl & B43_MACCTL_AP */) {
2698                 b43_write32(dev, B43_MMIO_MACCTL,
2699                             b43_read32(dev, B43_MMIO_MACCTL)
2700                             & ~B43_MACCTL_DISCPMQ);
2701         } else {
2702                 b43_write32(dev, B43_MMIO_MACCTL,
2703                             b43_read32(dev, B43_MMIO_MACCTL)
2704                             | B43_MACCTL_DISCPMQ);
2705         }
2706 }
2707
2708 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
2709 {
2710         u16 offset;
2711
2712         if (is_ofdm) {
2713                 offset = 0x480;
2714                 offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
2715         } else {
2716                 offset = 0x4C0;
2717                 offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
2718         }
2719         b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
2720                         b43_shm_read16(dev, B43_SHM_SHARED, offset));
2721 }
2722
2723 static void b43_rate_memory_init(struct b43_wldev *dev)
2724 {
2725         switch (dev->phy.type) {
2726         case B43_PHYTYPE_A:
2727         case B43_PHYTYPE_G:
2728         case B43_PHYTYPE_N:
2729         case B43_PHYTYPE_LP:
2730                 b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
2731                 b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
2732                 b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
2733                 b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
2734                 b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
2735                 b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
2736                 b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
2737                 if (dev->phy.type == B43_PHYTYPE_A)
2738                         break;
2739                 /* fallthrough */
2740         case B43_PHYTYPE_B:
2741                 b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
2742                 b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
2743                 b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
2744                 b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
2745                 break;
2746         default:
2747                 B43_WARN_ON(1);
2748         }
2749 }
2750
2751 /* Set the default values for the PHY TX Control Words. */
2752 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
2753 {
2754         u16 ctl = 0;
2755
2756         ctl |= B43_TXH_PHY_ENC_CCK;
2757         ctl |= B43_TXH_PHY_ANT01AUTO;
2758         ctl |= B43_TXH_PHY_TXPWR;
2759
2760         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
2761         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
2762         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
2763 }
2764
2765 /* Set the TX-Antenna for management frames sent by firmware. */
2766 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
2767 {
2768         u16 ant;
2769         u16 tmp;
2770
2771         ant = b43_antenna_to_phyctl(antenna);
2772
2773         /* For ACK/CTS */
2774         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
2775         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2776         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
2777         /* For Probe Resposes */
2778         tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
2779         tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
2780         b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
2781 }
2782
2783 /* This is the opposite of b43_chip_init() */
2784 static void b43_chip_exit(struct b43_wldev *dev)
2785 {
2786         b43_phy_exit(dev);
2787         b43_gpio_cleanup(dev);
2788         /* firmware is released later */
2789 }
2790
2791 /* Initialize the chip
2792  * http://bcm-specs.sipsolutions.net/ChipInit
2793  */
2794 static int b43_chip_init(struct b43_wldev *dev)
2795 {
2796         struct b43_phy *phy = &dev->phy;
2797         int err;
2798         u32 value32, macctl;
2799         u16 value16;
2800
2801         /* Initialize the MAC control */
2802         macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
2803         if (dev->phy.gmode)
2804                 macctl |= B43_MACCTL_GMODE;
2805         macctl |= B43_MACCTL_INFRA;
2806         b43_write32(dev, B43_MMIO_MACCTL, macctl);
2807
2808         err = b43_request_firmware(dev);
2809         if (err)
2810                 goto out;
2811         err = b43_upload_microcode(dev);
2812         if (err)
2813                 goto out;       /* firmware is released later */
2814
2815         err = b43_gpio_init(dev);
2816         if (err)
2817                 goto out;       /* firmware is released later */
2818
2819         err = b43_upload_initvals(dev);
2820         if (err)
2821                 goto err_gpio_clean;
2822
2823         /* Turn the Analog on and initialize the PHY. */
2824         phy->ops->switch_analog(dev, 1);
2825         err = b43_phy_init(dev);
2826         if (err)
2827                 goto err_gpio_clean;
2828
2829         /* Disable Interference Mitigation. */
2830         if (phy->ops->interf_mitigation)
2831                 phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
2832
2833         /* Select the antennae */
2834         if (phy->ops->set_rx_antenna)
2835                 phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
2836         b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
2837
2838         if (phy->type == B43_PHYTYPE_B) {
2839                 value16 = b43_read16(dev, 0x005E);
2840                 value16 |= 0x0004;
2841                 b43_write16(dev, 0x005E, value16);
2842         }
2843         b43_write32(dev, 0x0100, 0x01000000);
2844         if (dev->dev->id.revision < 5)
2845                 b43_write32(dev, 0x010C, 0x01000000);
2846
2847         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2848                     & ~B43_MACCTL_INFRA);
2849         b43_write32(dev, B43_MMIO_MACCTL, b43_read32(dev, B43_MMIO_MACCTL)
2850                     | B43_MACCTL_INFRA);
2851
2852         /* Probe Response Timeout value */
2853         /* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
2854         b43_shm_write16(dev, B43_SHM_SHARED, 0x0074, 0x0000);
2855
2856         /* Initially set the wireless operation mode. */
2857         b43_adjust_opmode(dev);
2858
2859         if (dev->dev->id.revision < 3) {
2860                 b43_write16(dev, 0x060E, 0x0000);
2861                 b43_write16(dev, 0x0610, 0x8000);
2862                 b43_write16(dev, 0x0604, 0x0000);
2863                 b43_write16(dev, 0x0606, 0x0200);
2864         } else {
2865                 b43_write32(dev, 0x0188, 0x80000000);
2866                 b43_write32(dev, 0x018C, 0x02000000);
2867         }
2868         b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
2869         b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001DC00);
2870         b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
2871         b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
2872         b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
2873         b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
2874         b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
2875
2876         value32 = ssb_read32(dev->dev, SSB_TMSLOW);
2877         value32 |= 0x00100000;
2878         ssb_write32(dev->dev, SSB_TMSLOW, value32);
2879
2880         b43_write16(dev, B43_MMIO_POWERUP_DELAY,
2881                     dev->dev->bus->chipco.fast_pwrup_delay);
2882
2883         err = 0;
2884         b43dbg(dev->wl, "Chip initialized\n");
2885 out:
2886         return err;
2887
2888 err_gpio_clean:
2889         b43_gpio_cleanup(dev);
2890         return err;
2891 }
2892
2893 static void b43_periodic_every60sec(struct b43_wldev *dev)
2894 {
2895         const struct b43_phy_operations *ops = dev->phy.ops;
2896
2897         if (ops->pwork_60sec)
2898                 ops->pwork_60sec(dev);
2899
2900         /* Force check the TX power emission now. */
2901         b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
2902 }
2903
2904 static void b43_periodic_every30sec(struct b43_wldev *dev)
2905 {
2906         /* Update device statistics. */
2907         b43_calculate_link_quality(dev);
2908 }
2909
2910 static void b43_periodic_every15sec(struct b43_wldev *dev)
2911 {
2912         struct b43_phy *phy = &dev->phy;
2913         u16 wdr;
2914
2915         if (dev->fw.opensource) {
2916                 /* Check if the firmware is still alive.
2917                  * It will reset the watchdog counter to 0 in its idle loop. */
2918                 wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
2919                 if (unlikely(wdr)) {
2920                         b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
2921                         b43_controller_restart(dev, "Firmware watchdog");
2922                         return;
2923                 } else {
2924                         b43_shm_write16(dev, B43_SHM_SCRATCH,
2925                                         B43_WATCHDOG_REG, 1);
2926                 }
2927         }
2928
2929         if (phy->ops->pwork_15sec)
2930                 phy->ops->pwork_15sec(dev);
2931
2932         atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
2933         wmb();
2934
2935 #if B43_DEBUG
2936         if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
2937                 unsigned int i;
2938
2939                 b43dbg(dev->wl, "Stats: %7u IRQs/sec, %7u TX/sec, %7u RX/sec\n",
2940                        dev->irq_count / 15,
2941                        dev->tx_count / 15,
2942                        dev->rx_count / 15);
2943                 dev->irq_count = 0;
2944                 dev->tx_count = 0;
2945                 dev->rx_count = 0;
2946                 for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
2947                         if (dev->irq_bit_count[i]) {
2948                                 b43dbg(dev->wl, "Stats: %7u IRQ-%02u/sec (0x%08X)\n",
2949                                        dev->irq_bit_count[i] / 15, i, (1 << i));
2950                                 dev->irq_bit_count[i] = 0;
2951                         }
2952                 }
2953         }
2954 #endif
2955 }
2956
2957 static void do_periodic_work(struct b43_wldev *dev)
2958 {
2959         unsigned int state;
2960
2961         state = dev->periodic_state;
2962         if (state % 4 == 0)
2963                 b43_periodic_every60sec(dev);
2964         if (state % 2 == 0)
2965                 b43_periodic_every30sec(dev);
2966         b43_periodic_every15sec(dev);
2967 }
2968
2969 /* Periodic work locking policy:
2970  *      The whole periodic work handler is protected by
2971  *      wl->mutex. If another lock is needed somewhere in the
2972  *      pwork callchain, it's acquired in-place, where it's needed.
2973  */
2974 static void b43_periodic_work_handler(struct work_struct *work)
2975 {
2976         struct b43_wldev *dev = container_of(work, struct b43_wldev,
2977                                              periodic_work.work);
2978         struct b43_wl *wl = dev->wl;
2979         unsigned long delay;
2980
2981         mutex_lock(&wl->mutex);
2982
2983         if (unlikely(b43_status(dev) != B43_STAT_STARTED))
2984                 goto out;
2985         if (b43_debug(dev, B43_DBG_PWORK_STOP))
2986                 goto out_requeue;
2987
2988         do_periodic_work(dev);
2989
2990         dev->periodic_state++;
2991 out_requeue:
2992         if (b43_debug(dev, B43_DBG_PWORK_FAST))
2993                 delay = msecs_to_jiffies(50);
2994         else
2995                 delay = round_jiffies_relative(HZ * 15);
2996         ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
2997 out:
2998         mutex_unlock(&wl->mutex);
2999 }
3000
3001 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
3002 {
3003         struct delayed_work *work = &dev->periodic_work;
3004
3005         dev->periodic_state = 0;
3006         INIT_DELAYED_WORK(work, b43_periodic_work_handler);
3007         ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
3008 }
3009
3010 /* Check if communication with the device works correctly. */
3011 static int b43_validate_chipaccess(struct b43_wldev *dev)
3012 {
3013         u32 v, backup0, backup4;
3014
3015         backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
3016         backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
3017
3018         /* Check for read/write and endianness problems. */
3019         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
3020         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
3021                 goto error;
3022         b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
3023         if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
3024                 goto error;
3025
3026         /* Check if unaligned 32bit SHM_SHARED access works properly.
3027          * However, don't bail out on failure, because it's noncritical. */
3028         b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
3029         b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
3030         b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
3031         b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
3032         if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
3033                 b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
3034         b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
3035         if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
3036             b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
3037             b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
3038             b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
3039                 b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
3040
3041         b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
3042         b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
3043
3044         if ((dev->dev->id.revision >= 3) && (dev->dev->id.revision <= 10)) {
3045                 /* The 32bit register shadows the two 16bit registers
3046                  * with update sideeffects. Validate this. */
3047                 b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
3048                 b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
3049                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
3050                         goto error;
3051                 if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
3052                         goto error;
3053         }
3054         b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
3055
3056         v = b43_read32(dev, B43_MMIO_MACCTL);
3057         v |= B43_MACCTL_GMODE;
3058         if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
3059                 goto error;
3060
3061         return 0;
3062 error:
3063         b43err(dev->wl, "Failed to validate the chipaccess\n");
3064         return -ENODEV;
3065 }
3066
3067 static void b43_security_init(struct b43_wldev *dev)
3068 {
3069         dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
3070         /* KTP is a word address, but we address SHM bytewise.
3071          * So multiply by two.
3072          */
3073         dev->ktp *= 2;
3074         /* Number of RCMTA address slots */
3075         b43_write16(dev, B43_MMIO_RCMTA_COUNT, B43_NR_PAIRWISE_KEYS);
3076         /* Clear the key memory. */
3077         b43_clear_keys(dev);
3078 }
3079
3080 #ifdef CONFIG_B43_HWRNG
3081 static int b43_rng_read(struct hwrng *rng, u32 *data)
3082 {
3083         struct b43_wl *wl = (struct b43_wl *)rng->priv;
3084         struct b43_wldev *dev;
3085         int count = -ENODEV;
3086
3087         mutex_lock(&wl->mutex);
3088         dev = wl->current_dev;
3089         if (likely(dev && b43_status(dev) >= B43_STAT_INITIALIZED)) {
3090                 *data = b43_read16(dev, B43_MMIO_RNG);
3091                 count = sizeof(u16);
3092         }
3093         mutex_unlock(&wl->mutex);
3094
3095         return count;
3096 }
3097 #endif /* CONFIG_B43_HWRNG */
3098
3099 static void b43_rng_exit(struct b43_wl *wl)
3100 {
3101 #ifdef CONFIG_B43_HWRNG
3102         if (wl->rng_initialized)
3103                 hwrng_unregister(&wl->rng);
3104 #endif /* CONFIG_B43_HWRNG */
3105 }
3106
3107 static int b43_rng_init(struct b43_wl *wl)
3108 {
3109         int err = 0;
3110
3111 #ifdef CONFIG_B43_HWRNG
3112         snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3113                  "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3114         wl->rng.name = wl->rng_name;
3115         wl->rng.data_read = b43_rng_read;
3116         wl->rng.priv = (unsigned long)wl;
3117         wl->rng_initialized = 1;
3118         err = hwrng_register(&wl->rng);
3119         if (err) {
3120                 wl->rng_initialized = 0;
3121                 b43err(wl, "Failed to register the random "
3122                        "number generator (%d)\n", err);
3123         }
3124 #endif /* CONFIG_B43_HWRNG */
3125
3126         return err;
3127 }
3128
3129 static void b43_tx_work(struct work_struct *work)
3130 {
3131         struct b43_wl *wl = container_of(work, struct b43_wl, tx_work);
3132         struct b43_wldev *dev;
3133         struct sk_buff *skb;
3134         int err = 0;
3135
3136         mutex_lock(&wl->mutex);
3137         dev = wl->current_dev;
3138         if (unlikely(!dev || b43_status(dev) < B43_STAT_STARTED)) {
3139                 mutex_unlock(&wl->mutex);
3140                 return;
3141         }
3142
3143         while (skb_queue_len(&wl->tx_queue)) {
3144                 skb = skb_dequeue(&wl->tx_queue);
3145
3146                 if (b43_using_pio_transfers(dev))
3147                         err = b43_pio_tx(dev, skb);
3148                 else
3149                         err = b43_dma_tx(dev, skb);
3150                 if (unlikely(err))
3151                         dev_kfree_skb(skb); /* Drop it */
3152         }
3153
3154 #if B43_DEBUG
3155         dev->tx_count++;
3156 #endif
3157         mutex_unlock(&wl->mutex);
3158 }
3159
3160 static int b43_op_tx(struct ieee80211_hw *hw,
3161                      struct sk_buff *skb)
3162 {
3163         struct b43_wl *wl = hw_to_b43_wl(hw);
3164
3165         if (unlikely(skb->len < 2 + 2 + 6)) {
3166                 /* Too short, this can't be a valid frame. */
3167                 dev_kfree_skb_any(skb);
3168                 return NETDEV_TX_OK;
3169         }
3170         B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3171
3172         skb_queue_tail(&wl->tx_queue, skb);
3173         ieee80211_queue_work(wl->hw, &wl->tx_work);
3174
3175         return NETDEV_TX_OK;
3176 }
3177
3178 static void b43_qos_params_upload(struct b43_wldev *dev,
3179                                   const struct ieee80211_tx_queue_params *p,
3180                                   u16 shm_offset)
3181 {
3182         u16 params[B43_NR_QOSPARAMS];
3183         int bslots, tmp;
3184         unsigned int i;
3185
3186         if (!dev->qos_enabled)
3187                 return;
3188
3189         bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3190
3191         memset(&params, 0, sizeof(params));
3192
3193         params[B43_QOSPARAM_TXOP] = p->txop * 32;
3194         params[B43_QOSPARAM_CWMIN] = p->cw_min;
3195         params[B43_QOSPARAM_CWMAX] = p->cw_max;
3196         params[B43_QOSPARAM_CWCUR] = p->cw_min;
3197         params[B43_QOSPARAM_AIFS] = p->aifs;
3198         params[B43_QOSPARAM_BSLOTS] = bslots;
3199         params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3200
3201         for (i = 0; i < ARRAY_SIZE(params); i++) {
3202                 if (i == B43_QOSPARAM_STATUS) {
3203                         tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3204                                              shm_offset + (i * 2));
3205                         /* Mark the parameters as updated. */
3206                         tmp |= 0x100;
3207                         b43_shm_write16(dev, B43_SHM_SHARED,
3208                                         shm_offset + (i * 2),
3209                                         tmp);
3210                 } else {
3211                         b43_shm_write16(dev, B43_SHM_SHARED,
3212                                         shm_offset + (i * 2),
3213                                         params[i]);
3214                 }
3215         }
3216 }
3217
3218 /* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3219 static const u16 b43_qos_shm_offsets[] = {
3220         /* [mac80211-queue-nr] = SHM_OFFSET, */
3221         [0] = B43_QOS_VOICE,
3222         [1] = B43_QOS_VIDEO,
3223         [2] = B43_QOS_BESTEFFORT,
3224         [3] = B43_QOS_BACKGROUND,
3225 };
3226
3227 /* Update all QOS parameters in hardware. */
3228 static void b43_qos_upload_all(struct b43_wldev *dev)
3229 {
3230         struct b43_wl *wl = dev->wl;
3231         struct b43_qos_params *params;
3232         unsigned int i;
3233
3234         if (!dev->qos_enabled)
3235                 return;
3236
3237         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3238                      ARRAY_SIZE(wl->qos_params));
3239
3240         b43_mac_suspend(dev);
3241         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3242                 params = &(wl->qos_params[i]);
3243                 b43_qos_params_upload(dev, &(params->p),
3244                                       b43_qos_shm_offsets[i]);
3245         }
3246         b43_mac_enable(dev);
3247 }
3248
3249 static void b43_qos_clear(struct b43_wl *wl)
3250 {
3251         struct b43_qos_params *params;
3252         unsigned int i;
3253
3254         /* Initialize QoS parameters to sane defaults. */
3255
3256         BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3257                      ARRAY_SIZE(wl->qos_params));
3258
3259         for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3260                 params = &(wl->qos_params[i]);
3261
3262                 switch (b43_qos_shm_offsets[i]) {
3263                 case B43_QOS_VOICE:
3264                         params->p.txop = 0;
3265                         params->p.aifs = 2;
3266                         params->p.cw_min = 0x0001;
3267                         params->p.cw_max = 0x0001;
3268                         break;
3269                 case B43_QOS_VIDEO:
3270                         params->p.txop = 0;
3271                         params->p.aifs = 2;
3272                         params->p.cw_min = 0x0001;
3273                         params->p.cw_max = 0x0001;
3274                         break;
3275                 case B43_QOS_BESTEFFORT:
3276                         params->p.txop = 0;
3277                         params->p.aifs = 3;
3278                         params->p.cw_min = 0x0001;
3279                         params->p.cw_max = 0x03FF;
3280                         break;
3281                 case B43_QOS_BACKGROUND:
3282                         params->p.txop = 0;
3283                         params->p.aifs = 7;
3284                         params->p.cw_min = 0x0001;
3285                         params->p.cw_max = 0x03FF;
3286                         break;
3287                 default:
3288                         B43_WARN_ON(1);
3289                 }
3290         }
3291 }
3292
3293 /* Initialize the core's QOS capabilities */
3294 static void b43_qos_init(struct b43_wldev *dev)
3295 {
3296         if (!dev->qos_enabled) {
3297                 /* Disable QOS support. */
3298                 b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_EDCF);
3299                 b43_write16(dev, B43_MMIO_IFSCTL,
3300                             b43_read16(dev, B43_MMIO_IFSCTL)
3301                             & ~B43_MMIO_IFSCTL_USE_EDCF);
3302                 b43dbg(dev->wl, "QoS disabled\n");
3303                 return;
3304         }
3305
3306         /* Upload the current QOS parameters. */
3307         b43_qos_upload_all(dev);
3308