xref: /linux/drivers/net/wireless/broadcom/b43/main.c (revision bd628c1bed7902ec1f24ba0fe70758949146abbe)
1 /*
2 
3   Broadcom B43 wireless driver
4 
5   Copyright (c) 2005 Martin Langer <martin-langer@gmx.de>
6   Copyright (c) 2005 Stefano Brivio <stefano.brivio@polimi.it>
7   Copyright (c) 2005-2009 Michael Buesch <m@bues.ch>
8   Copyright (c) 2005 Danny van Dyk <kugelfang@gentoo.org>
9   Copyright (c) 2005 Andreas Jaggi <andreas.jaggi@waterwave.ch>
10   Copyright (c) 2010-2011 Rafał Miłecki <zajec5@gmail.com>
11 
12   SDIO support
13   Copyright (c) 2009 Albert Herranz <albert_herranz@yahoo.es>
14 
15   Some parts of the code in this file are derived from the ipw2200
16   driver  Copyright(c) 2003 - 2004 Intel Corporation.
17 
18   This program is free software; you can redistribute it and/or modify
19   it under the terms of the GNU General Public License as published by
20   the Free Software Foundation; either version 2 of the License, or
21   (at your option) any later version.
22 
23   This program is distributed in the hope that it will be useful,
24   but WITHOUT ANY WARRANTY; without even the implied warranty of
25   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
26   GNU General Public License for more details.
27 
28   You should have received a copy of the GNU General Public License
29   along with this program; see the file COPYING.  If not, write to
30   the Free Software Foundation, Inc., 51 Franklin Steet, Fifth Floor,
31   Boston, MA 02110-1301, USA.
32 
33 */
34 
35 #include <linux/delay.h>
36 #include <linux/init.h>
37 #include <linux/module.h>
38 #include <linux/if_arp.h>
39 #include <linux/etherdevice.h>
40 #include <linux/firmware.h>
41 #include <linux/workqueue.h>
42 #include <linux/skbuff.h>
43 #include <linux/io.h>
44 #include <linux/dma-mapping.h>
45 #include <linux/slab.h>
46 #include <asm/unaligned.h>
47 
48 #include "b43.h"
49 #include "main.h"
50 #include "debugfs.h"
51 #include "phy_common.h"
52 #include "phy_g.h"
53 #include "phy_n.h"
54 #include "dma.h"
55 #include "pio.h"
56 #include "sysfs.h"
57 #include "xmit.h"
58 #include "lo.h"
59 #include "sdio.h"
60 #include <linux/mmc/sdio_func.h>
61 
62 MODULE_DESCRIPTION("Broadcom B43 wireless driver");
63 MODULE_AUTHOR("Martin Langer");
64 MODULE_AUTHOR("Stefano Brivio");
65 MODULE_AUTHOR("Michael Buesch");
66 MODULE_AUTHOR("Gábor Stefanik");
67 MODULE_AUTHOR("Rafał Miłecki");
68 MODULE_LICENSE("GPL");
69 
70 MODULE_FIRMWARE("b43/ucode11.fw");
71 MODULE_FIRMWARE("b43/ucode13.fw");
72 MODULE_FIRMWARE("b43/ucode14.fw");
73 MODULE_FIRMWARE("b43/ucode15.fw");
74 MODULE_FIRMWARE("b43/ucode16_lp.fw");
75 MODULE_FIRMWARE("b43/ucode16_mimo.fw");
76 MODULE_FIRMWARE("b43/ucode24_lcn.fw");
77 MODULE_FIRMWARE("b43/ucode25_lcn.fw");
78 MODULE_FIRMWARE("b43/ucode25_mimo.fw");
79 MODULE_FIRMWARE("b43/ucode26_mimo.fw");
80 MODULE_FIRMWARE("b43/ucode29_mimo.fw");
81 MODULE_FIRMWARE("b43/ucode33_lcn40.fw");
82 MODULE_FIRMWARE("b43/ucode30_mimo.fw");
83 MODULE_FIRMWARE("b43/ucode5.fw");
84 MODULE_FIRMWARE("b43/ucode40.fw");
85 MODULE_FIRMWARE("b43/ucode42.fw");
86 MODULE_FIRMWARE("b43/ucode9.fw");
87 
88 static int modparam_bad_frames_preempt;
89 module_param_named(bad_frames_preempt, modparam_bad_frames_preempt, int, 0444);
90 MODULE_PARM_DESC(bad_frames_preempt,
91 		 "enable(1) / disable(0) Bad Frames Preemption");
92 
93 static char modparam_fwpostfix[16];
94 module_param_string(fwpostfix, modparam_fwpostfix, 16, 0444);
95 MODULE_PARM_DESC(fwpostfix, "Postfix for the .fw files to load.");
96 
97 static int modparam_hwpctl;
98 module_param_named(hwpctl, modparam_hwpctl, int, 0444);
99 MODULE_PARM_DESC(hwpctl, "Enable hardware-side power control (default off)");
100 
101 static int modparam_nohwcrypt;
102 module_param_named(nohwcrypt, modparam_nohwcrypt, int, 0444);
103 MODULE_PARM_DESC(nohwcrypt, "Disable hardware encryption.");
104 
105 static int modparam_hwtkip;
106 module_param_named(hwtkip, modparam_hwtkip, int, 0444);
107 MODULE_PARM_DESC(hwtkip, "Enable hardware tkip.");
108 
109 static int modparam_qos = 1;
110 module_param_named(qos, modparam_qos, int, 0444);
111 MODULE_PARM_DESC(qos, "Enable QOS support (default on)");
112 
113 static int modparam_btcoex = 1;
114 module_param_named(btcoex, modparam_btcoex, int, 0444);
115 MODULE_PARM_DESC(btcoex, "Enable Bluetooth coexistence (default on)");
116 
117 int b43_modparam_verbose = B43_VERBOSITY_DEFAULT;
118 module_param_named(verbose, b43_modparam_verbose, int, 0644);
119 MODULE_PARM_DESC(verbose, "Log message verbosity: 0=error, 1=warn, 2=info(default), 3=debug");
120 
121 static int b43_modparam_pio = 0;
122 module_param_named(pio, b43_modparam_pio, int, 0644);
123 MODULE_PARM_DESC(pio, "Use PIO accesses by default: 0=DMA, 1=PIO");
124 
125 static int modparam_allhwsupport = !IS_ENABLED(CONFIG_BRCMSMAC);
126 module_param_named(allhwsupport, modparam_allhwsupport, int, 0444);
127 MODULE_PARM_DESC(allhwsupport, "Enable support for all hardware (even it if overlaps with the brcmsmac driver)");
128 
129 #ifdef CONFIG_B43_BCMA
130 static const struct bcma_device_id b43_bcma_tbl[] = {
131 	BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x11, BCMA_ANY_CLASS),
132 	BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x15, BCMA_ANY_CLASS),
133 	BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x17, BCMA_ANY_CLASS),
134 	BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x18, BCMA_ANY_CLASS),
135 	BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1C, BCMA_ANY_CLASS),
136 	BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1D, BCMA_ANY_CLASS),
137 	BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x1E, BCMA_ANY_CLASS),
138 	BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x28, BCMA_ANY_CLASS),
139 	BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 0x2A, BCMA_ANY_CLASS),
140 	{},
141 };
142 MODULE_DEVICE_TABLE(bcma, b43_bcma_tbl);
143 #endif
144 
145 #ifdef CONFIG_B43_SSB
146 static const struct ssb_device_id b43_ssb_tbl[] = {
147 	SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 5),
148 	SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 6),
149 	SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 7),
150 	SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 9),
151 	SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 10),
152 	SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 11),
153 	SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 12),
154 	SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 13),
155 	SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 15),
156 	SSB_DEVICE(SSB_VENDOR_BROADCOM, SSB_DEV_80211, 16),
157 	{},
158 };
159 MODULE_DEVICE_TABLE(ssb, b43_ssb_tbl);
160 #endif
161 
162 /* Channel and ratetables are shared for all devices.
163  * They can't be const, because ieee80211 puts some precalculated
164  * data in there. This data is the same for all devices, so we don't
165  * get concurrency issues */
166 #define RATETAB_ENT(_rateid, _flags) \
167 	{								\
168 		.bitrate	= B43_RATE_TO_BASE100KBPS(_rateid),	\
169 		.hw_value	= (_rateid),				\
170 		.flags		= (_flags),				\
171 	}
172 
173 /*
174  * NOTE: When changing this, sync with xmit.c's
175  *	 b43_plcp_get_bitrate_idx_* functions!
176  */
177 static struct ieee80211_rate __b43_ratetable[] = {
178 	RATETAB_ENT(B43_CCK_RATE_1MB, 0),
179 	RATETAB_ENT(B43_CCK_RATE_2MB, IEEE80211_RATE_SHORT_PREAMBLE),
180 	RATETAB_ENT(B43_CCK_RATE_5MB, IEEE80211_RATE_SHORT_PREAMBLE),
181 	RATETAB_ENT(B43_CCK_RATE_11MB, IEEE80211_RATE_SHORT_PREAMBLE),
182 	RATETAB_ENT(B43_OFDM_RATE_6MB, 0),
183 	RATETAB_ENT(B43_OFDM_RATE_9MB, 0),
184 	RATETAB_ENT(B43_OFDM_RATE_12MB, 0),
185 	RATETAB_ENT(B43_OFDM_RATE_18MB, 0),
186 	RATETAB_ENT(B43_OFDM_RATE_24MB, 0),
187 	RATETAB_ENT(B43_OFDM_RATE_36MB, 0),
188 	RATETAB_ENT(B43_OFDM_RATE_48MB, 0),
189 	RATETAB_ENT(B43_OFDM_RATE_54MB, 0),
190 };
191 
192 #define b43_a_ratetable		(__b43_ratetable + 4)
193 #define b43_a_ratetable_size	8
194 #define b43_b_ratetable		(__b43_ratetable + 0)
195 #define b43_b_ratetable_size	4
196 #define b43_g_ratetable		(__b43_ratetable + 0)
197 #define b43_g_ratetable_size	12
198 
199 #define CHAN2G(_channel, _freq, _flags) {			\
200 	.band			= NL80211_BAND_2GHZ,		\
201 	.center_freq		= (_freq),			\
202 	.hw_value		= (_channel),			\
203 	.flags			= (_flags),			\
204 	.max_antenna_gain	= 0,				\
205 	.max_power		= 30,				\
206 }
207 static struct ieee80211_channel b43_2ghz_chantable[] = {
208 	CHAN2G(1, 2412, 0),
209 	CHAN2G(2, 2417, 0),
210 	CHAN2G(3, 2422, 0),
211 	CHAN2G(4, 2427, 0),
212 	CHAN2G(5, 2432, 0),
213 	CHAN2G(6, 2437, 0),
214 	CHAN2G(7, 2442, 0),
215 	CHAN2G(8, 2447, 0),
216 	CHAN2G(9, 2452, 0),
217 	CHAN2G(10, 2457, 0),
218 	CHAN2G(11, 2462, 0),
219 	CHAN2G(12, 2467, 0),
220 	CHAN2G(13, 2472, 0),
221 	CHAN2G(14, 2484, 0),
222 };
223 
224 /* No support for the last 3 channels (12, 13, 14) */
225 #define b43_2ghz_chantable_limited_size		11
226 #undef CHAN2G
227 
228 #define CHAN4G(_channel, _flags) {				\
229 	.band			= NL80211_BAND_5GHZ,		\
230 	.center_freq		= 4000 + (5 * (_channel)),	\
231 	.hw_value		= (_channel),			\
232 	.flags			= (_flags),			\
233 	.max_antenna_gain	= 0,				\
234 	.max_power		= 30,				\
235 }
236 #define CHAN5G(_channel, _flags) {				\
237 	.band			= NL80211_BAND_5GHZ,		\
238 	.center_freq		= 5000 + (5 * (_channel)),	\
239 	.hw_value		= (_channel),			\
240 	.flags			= (_flags),			\
241 	.max_antenna_gain	= 0,				\
242 	.max_power		= 30,				\
243 }
244 static struct ieee80211_channel b43_5ghz_nphy_chantable[] = {
245 	CHAN4G(184, 0),		CHAN4G(186, 0),
246 	CHAN4G(188, 0),		CHAN4G(190, 0),
247 	CHAN4G(192, 0),		CHAN4G(194, 0),
248 	CHAN4G(196, 0),		CHAN4G(198, 0),
249 	CHAN4G(200, 0),		CHAN4G(202, 0),
250 	CHAN4G(204, 0),		CHAN4G(206, 0),
251 	CHAN4G(208, 0),		CHAN4G(210, 0),
252 	CHAN4G(212, 0),		CHAN4G(214, 0),
253 	CHAN4G(216, 0),		CHAN4G(218, 0),
254 	CHAN4G(220, 0),		CHAN4G(222, 0),
255 	CHAN4G(224, 0),		CHAN4G(226, 0),
256 	CHAN4G(228, 0),
257 	CHAN5G(32, 0),		CHAN5G(34, 0),
258 	CHAN5G(36, 0),		CHAN5G(38, 0),
259 	CHAN5G(40, 0),		CHAN5G(42, 0),
260 	CHAN5G(44, 0),		CHAN5G(46, 0),
261 	CHAN5G(48, 0),		CHAN5G(50, 0),
262 	CHAN5G(52, 0),		CHAN5G(54, 0),
263 	CHAN5G(56, 0),		CHAN5G(58, 0),
264 	CHAN5G(60, 0),		CHAN5G(62, 0),
265 	CHAN5G(64, 0),		CHAN5G(66, 0),
266 	CHAN5G(68, 0),		CHAN5G(70, 0),
267 	CHAN5G(72, 0),		CHAN5G(74, 0),
268 	CHAN5G(76, 0),		CHAN5G(78, 0),
269 	CHAN5G(80, 0),		CHAN5G(82, 0),
270 	CHAN5G(84, 0),		CHAN5G(86, 0),
271 	CHAN5G(88, 0),		CHAN5G(90, 0),
272 	CHAN5G(92, 0),		CHAN5G(94, 0),
273 	CHAN5G(96, 0),		CHAN5G(98, 0),
274 	CHAN5G(100, 0),		CHAN5G(102, 0),
275 	CHAN5G(104, 0),		CHAN5G(106, 0),
276 	CHAN5G(108, 0),		CHAN5G(110, 0),
277 	CHAN5G(112, 0),		CHAN5G(114, 0),
278 	CHAN5G(116, 0),		CHAN5G(118, 0),
279 	CHAN5G(120, 0),		CHAN5G(122, 0),
280 	CHAN5G(124, 0),		CHAN5G(126, 0),
281 	CHAN5G(128, 0),		CHAN5G(130, 0),
282 	CHAN5G(132, 0),		CHAN5G(134, 0),
283 	CHAN5G(136, 0),		CHAN5G(138, 0),
284 	CHAN5G(140, 0),		CHAN5G(142, 0),
285 	CHAN5G(144, 0),		CHAN5G(145, 0),
286 	CHAN5G(146, 0),		CHAN5G(147, 0),
287 	CHAN5G(148, 0),		CHAN5G(149, 0),
288 	CHAN5G(150, 0),		CHAN5G(151, 0),
289 	CHAN5G(152, 0),		CHAN5G(153, 0),
290 	CHAN5G(154, 0),		CHAN5G(155, 0),
291 	CHAN5G(156, 0),		CHAN5G(157, 0),
292 	CHAN5G(158, 0),		CHAN5G(159, 0),
293 	CHAN5G(160, 0),		CHAN5G(161, 0),
294 	CHAN5G(162, 0),		CHAN5G(163, 0),
295 	CHAN5G(164, 0),		CHAN5G(165, 0),
296 	CHAN5G(166, 0),		CHAN5G(168, 0),
297 	CHAN5G(170, 0),		CHAN5G(172, 0),
298 	CHAN5G(174, 0),		CHAN5G(176, 0),
299 	CHAN5G(178, 0),		CHAN5G(180, 0),
300 	CHAN5G(182, 0),
301 };
302 
303 static struct ieee80211_channel b43_5ghz_nphy_chantable_limited[] = {
304 	CHAN5G(36, 0),		CHAN5G(40, 0),
305 	CHAN5G(44, 0),		CHAN5G(48, 0),
306 	CHAN5G(149, 0),		CHAN5G(153, 0),
307 	CHAN5G(157, 0),		CHAN5G(161, 0),
308 	CHAN5G(165, 0),
309 };
310 
311 static struct ieee80211_channel b43_5ghz_aphy_chantable[] = {
312 	CHAN5G(34, 0),		CHAN5G(36, 0),
313 	CHAN5G(38, 0),		CHAN5G(40, 0),
314 	CHAN5G(42, 0),		CHAN5G(44, 0),
315 	CHAN5G(46, 0),		CHAN5G(48, 0),
316 	CHAN5G(52, 0),		CHAN5G(56, 0),
317 	CHAN5G(60, 0),		CHAN5G(64, 0),
318 	CHAN5G(100, 0),		CHAN5G(104, 0),
319 	CHAN5G(108, 0),		CHAN5G(112, 0),
320 	CHAN5G(116, 0),		CHAN5G(120, 0),
321 	CHAN5G(124, 0),		CHAN5G(128, 0),
322 	CHAN5G(132, 0),		CHAN5G(136, 0),
323 	CHAN5G(140, 0),		CHAN5G(149, 0),
324 	CHAN5G(153, 0),		CHAN5G(157, 0),
325 	CHAN5G(161, 0),		CHAN5G(165, 0),
326 	CHAN5G(184, 0),		CHAN5G(188, 0),
327 	CHAN5G(192, 0),		CHAN5G(196, 0),
328 	CHAN5G(200, 0),		CHAN5G(204, 0),
329 	CHAN5G(208, 0),		CHAN5G(212, 0),
330 	CHAN5G(216, 0),
331 };
332 #undef CHAN4G
333 #undef CHAN5G
334 
335 static struct ieee80211_supported_band b43_band_5GHz_nphy = {
336 	.band		= NL80211_BAND_5GHZ,
337 	.channels	= b43_5ghz_nphy_chantable,
338 	.n_channels	= ARRAY_SIZE(b43_5ghz_nphy_chantable),
339 	.bitrates	= b43_a_ratetable,
340 	.n_bitrates	= b43_a_ratetable_size,
341 };
342 
343 static struct ieee80211_supported_band b43_band_5GHz_nphy_limited = {
344 	.band		= NL80211_BAND_5GHZ,
345 	.channels	= b43_5ghz_nphy_chantable_limited,
346 	.n_channels	= ARRAY_SIZE(b43_5ghz_nphy_chantable_limited),
347 	.bitrates	= b43_a_ratetable,
348 	.n_bitrates	= b43_a_ratetable_size,
349 };
350 
351 static struct ieee80211_supported_band b43_band_5GHz_aphy = {
352 	.band		= NL80211_BAND_5GHZ,
353 	.channels	= b43_5ghz_aphy_chantable,
354 	.n_channels	= ARRAY_SIZE(b43_5ghz_aphy_chantable),
355 	.bitrates	= b43_a_ratetable,
356 	.n_bitrates	= b43_a_ratetable_size,
357 };
358 
359 static struct ieee80211_supported_band b43_band_2GHz = {
360 	.band		= NL80211_BAND_2GHZ,
361 	.channels	= b43_2ghz_chantable,
362 	.n_channels	= ARRAY_SIZE(b43_2ghz_chantable),
363 	.bitrates	= b43_g_ratetable,
364 	.n_bitrates	= b43_g_ratetable_size,
365 };
366 
367 static struct ieee80211_supported_band b43_band_2ghz_limited = {
368 	.band		= NL80211_BAND_2GHZ,
369 	.channels	= b43_2ghz_chantable,
370 	.n_channels	= b43_2ghz_chantable_limited_size,
371 	.bitrates	= b43_g_ratetable,
372 	.n_bitrates	= b43_g_ratetable_size,
373 };
374 
375 static void b43_wireless_core_exit(struct b43_wldev *dev);
376 static int b43_wireless_core_init(struct b43_wldev *dev);
377 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev);
378 static int b43_wireless_core_start(struct b43_wldev *dev);
379 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
380 				    struct ieee80211_vif *vif,
381 				    struct ieee80211_bss_conf *conf,
382 				    u32 changed);
383 
384 static int b43_ratelimit(struct b43_wl *wl)
385 {
386 	if (!wl || !wl->current_dev)
387 		return 1;
388 	if (b43_status(wl->current_dev) < B43_STAT_STARTED)
389 		return 1;
390 	/* We are up and running.
391 	 * Ratelimit the messages to avoid DoS over the net. */
392 	return net_ratelimit();
393 }
394 
395 void b43info(struct b43_wl *wl, const char *fmt, ...)
396 {
397 	struct va_format vaf;
398 	va_list args;
399 
400 	if (b43_modparam_verbose < B43_VERBOSITY_INFO)
401 		return;
402 	if (!b43_ratelimit(wl))
403 		return;
404 
405 	va_start(args, fmt);
406 
407 	vaf.fmt = fmt;
408 	vaf.va = &args;
409 
410 	printk(KERN_INFO "b43-%s: %pV",
411 	       (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
412 
413 	va_end(args);
414 }
415 
416 void b43err(struct b43_wl *wl, const char *fmt, ...)
417 {
418 	struct va_format vaf;
419 	va_list args;
420 
421 	if (b43_modparam_verbose < B43_VERBOSITY_ERROR)
422 		return;
423 	if (!b43_ratelimit(wl))
424 		return;
425 
426 	va_start(args, fmt);
427 
428 	vaf.fmt = fmt;
429 	vaf.va = &args;
430 
431 	printk(KERN_ERR "b43-%s ERROR: %pV",
432 	       (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
433 
434 	va_end(args);
435 }
436 
437 void b43warn(struct b43_wl *wl, const char *fmt, ...)
438 {
439 	struct va_format vaf;
440 	va_list args;
441 
442 	if (b43_modparam_verbose < B43_VERBOSITY_WARN)
443 		return;
444 	if (!b43_ratelimit(wl))
445 		return;
446 
447 	va_start(args, fmt);
448 
449 	vaf.fmt = fmt;
450 	vaf.va = &args;
451 
452 	printk(KERN_WARNING "b43-%s warning: %pV",
453 	       (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
454 
455 	va_end(args);
456 }
457 
458 void b43dbg(struct b43_wl *wl, const char *fmt, ...)
459 {
460 	struct va_format vaf;
461 	va_list args;
462 
463 	if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
464 		return;
465 
466 	va_start(args, fmt);
467 
468 	vaf.fmt = fmt;
469 	vaf.va = &args;
470 
471 	printk(KERN_DEBUG "b43-%s debug: %pV",
472 	       (wl && wl->hw) ? wiphy_name(wl->hw->wiphy) : "wlan", &vaf);
473 
474 	va_end(args);
475 }
476 
477 static void b43_ram_write(struct b43_wldev *dev, u16 offset, u32 val)
478 {
479 	u32 macctl;
480 
481 	B43_WARN_ON(offset % 4 != 0);
482 
483 	macctl = b43_read32(dev, B43_MMIO_MACCTL);
484 	if (macctl & B43_MACCTL_BE)
485 		val = swab32(val);
486 
487 	b43_write32(dev, B43_MMIO_RAM_CONTROL, offset);
488 	mmiowb();
489 	b43_write32(dev, B43_MMIO_RAM_DATA, val);
490 }
491 
492 static inline void b43_shm_control_word(struct b43_wldev *dev,
493 					u16 routing, u16 offset)
494 {
495 	u32 control;
496 
497 	/* "offset" is the WORD offset. */
498 	control = routing;
499 	control <<= 16;
500 	control |= offset;
501 	b43_write32(dev, B43_MMIO_SHM_CONTROL, control);
502 }
503 
504 u32 b43_shm_read32(struct b43_wldev *dev, u16 routing, u16 offset)
505 {
506 	u32 ret;
507 
508 	if (routing == B43_SHM_SHARED) {
509 		B43_WARN_ON(offset & 0x0001);
510 		if (offset & 0x0003) {
511 			/* Unaligned access */
512 			b43_shm_control_word(dev, routing, offset >> 2);
513 			ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
514 			b43_shm_control_word(dev, routing, (offset >> 2) + 1);
515 			ret |= ((u32)b43_read16(dev, B43_MMIO_SHM_DATA)) << 16;
516 
517 			goto out;
518 		}
519 		offset >>= 2;
520 	}
521 	b43_shm_control_word(dev, routing, offset);
522 	ret = b43_read32(dev, B43_MMIO_SHM_DATA);
523 out:
524 	return ret;
525 }
526 
527 u16 b43_shm_read16(struct b43_wldev *dev, u16 routing, u16 offset)
528 {
529 	u16 ret;
530 
531 	if (routing == B43_SHM_SHARED) {
532 		B43_WARN_ON(offset & 0x0001);
533 		if (offset & 0x0003) {
534 			/* Unaligned access */
535 			b43_shm_control_word(dev, routing, offset >> 2);
536 			ret = b43_read16(dev, B43_MMIO_SHM_DATA_UNALIGNED);
537 
538 			goto out;
539 		}
540 		offset >>= 2;
541 	}
542 	b43_shm_control_word(dev, routing, offset);
543 	ret = b43_read16(dev, B43_MMIO_SHM_DATA);
544 out:
545 	return ret;
546 }
547 
548 void b43_shm_write32(struct b43_wldev *dev, u16 routing, u16 offset, u32 value)
549 {
550 	if (routing == B43_SHM_SHARED) {
551 		B43_WARN_ON(offset & 0x0001);
552 		if (offset & 0x0003) {
553 			/* Unaligned access */
554 			b43_shm_control_word(dev, routing, offset >> 2);
555 			b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED,
556 				    value & 0xFFFF);
557 			b43_shm_control_word(dev, routing, (offset >> 2) + 1);
558 			b43_write16(dev, B43_MMIO_SHM_DATA,
559 				    (value >> 16) & 0xFFFF);
560 			return;
561 		}
562 		offset >>= 2;
563 	}
564 	b43_shm_control_word(dev, routing, offset);
565 	b43_write32(dev, B43_MMIO_SHM_DATA, value);
566 }
567 
568 void b43_shm_write16(struct b43_wldev *dev, u16 routing, u16 offset, u16 value)
569 {
570 	if (routing == B43_SHM_SHARED) {
571 		B43_WARN_ON(offset & 0x0001);
572 		if (offset & 0x0003) {
573 			/* Unaligned access */
574 			b43_shm_control_word(dev, routing, offset >> 2);
575 			b43_write16(dev, B43_MMIO_SHM_DATA_UNALIGNED, value);
576 			return;
577 		}
578 		offset >>= 2;
579 	}
580 	b43_shm_control_word(dev, routing, offset);
581 	b43_write16(dev, B43_MMIO_SHM_DATA, value);
582 }
583 
584 /* Read HostFlags */
585 u64 b43_hf_read(struct b43_wldev *dev)
586 {
587 	u64 ret;
588 
589 	ret = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3);
590 	ret <<= 16;
591 	ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2);
592 	ret <<= 16;
593 	ret |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1);
594 
595 	return ret;
596 }
597 
598 /* Write HostFlags */
599 void b43_hf_write(struct b43_wldev *dev, u64 value)
600 {
601 	u16 lo, mi, hi;
602 
603 	lo = (value & 0x00000000FFFFULL);
604 	mi = (value & 0x0000FFFF0000ULL) >> 16;
605 	hi = (value & 0xFFFF00000000ULL) >> 32;
606 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF1, lo);
607 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF2, mi);
608 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_HOSTF3, hi);
609 }
610 
611 /* Read the firmware capabilities bitmask (Opensource firmware only) */
612 static u16 b43_fwcapa_read(struct b43_wldev *dev)
613 {
614 	B43_WARN_ON(!dev->fw.opensource);
615 	return b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_FWCAPA);
616 }
617 
618 void b43_tsf_read(struct b43_wldev *dev, u64 *tsf)
619 {
620 	u32 low, high;
621 
622 	B43_WARN_ON(dev->dev->core_rev < 3);
623 
624 	/* The hardware guarantees us an atomic read, if we
625 	 * read the low register first. */
626 	low = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_LOW);
627 	high = b43_read32(dev, B43_MMIO_REV3PLUS_TSF_HIGH);
628 
629 	*tsf = high;
630 	*tsf <<= 32;
631 	*tsf |= low;
632 }
633 
634 static void b43_time_lock(struct b43_wldev *dev)
635 {
636 	b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_TBTTHOLD);
637 	/* Commit the write */
638 	b43_read32(dev, B43_MMIO_MACCTL);
639 }
640 
641 static void b43_time_unlock(struct b43_wldev *dev)
642 {
643 	b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_TBTTHOLD, 0);
644 	/* Commit the write */
645 	b43_read32(dev, B43_MMIO_MACCTL);
646 }
647 
648 static void b43_tsf_write_locked(struct b43_wldev *dev, u64 tsf)
649 {
650 	u32 low, high;
651 
652 	B43_WARN_ON(dev->dev->core_rev < 3);
653 
654 	low = tsf;
655 	high = (tsf >> 32);
656 	/* The hardware guarantees us an atomic write, if we
657 	 * write the low register first. */
658 	b43_write32(dev, B43_MMIO_REV3PLUS_TSF_LOW, low);
659 	mmiowb();
660 	b43_write32(dev, B43_MMIO_REV3PLUS_TSF_HIGH, high);
661 	mmiowb();
662 }
663 
664 void b43_tsf_write(struct b43_wldev *dev, u64 tsf)
665 {
666 	b43_time_lock(dev);
667 	b43_tsf_write_locked(dev, tsf);
668 	b43_time_unlock(dev);
669 }
670 
671 static
672 void b43_macfilter_set(struct b43_wldev *dev, u16 offset, const u8 *mac)
673 {
674 	static const u8 zero_addr[ETH_ALEN] = { 0 };
675 	u16 data;
676 
677 	if (!mac)
678 		mac = zero_addr;
679 
680 	offset |= 0x0020;
681 	b43_write16(dev, B43_MMIO_MACFILTER_CONTROL, offset);
682 
683 	data = mac[0];
684 	data |= mac[1] << 8;
685 	b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
686 	data = mac[2];
687 	data |= mac[3] << 8;
688 	b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
689 	data = mac[4];
690 	data |= mac[5] << 8;
691 	b43_write16(dev, B43_MMIO_MACFILTER_DATA, data);
692 }
693 
694 static void b43_write_mac_bssid_templates(struct b43_wldev *dev)
695 {
696 	const u8 *mac;
697 	const u8 *bssid;
698 	u8 mac_bssid[ETH_ALEN * 2];
699 	int i;
700 	u32 tmp;
701 
702 	bssid = dev->wl->bssid;
703 	mac = dev->wl->mac_addr;
704 
705 	b43_macfilter_set(dev, B43_MACFILTER_BSSID, bssid);
706 
707 	memcpy(mac_bssid, mac, ETH_ALEN);
708 	memcpy(mac_bssid + ETH_ALEN, bssid, ETH_ALEN);
709 
710 	/* Write our MAC address and BSSID to template ram */
711 	for (i = 0; i < ARRAY_SIZE(mac_bssid); i += sizeof(u32)) {
712 		tmp = (u32) (mac_bssid[i + 0]);
713 		tmp |= (u32) (mac_bssid[i + 1]) << 8;
714 		tmp |= (u32) (mac_bssid[i + 2]) << 16;
715 		tmp |= (u32) (mac_bssid[i + 3]) << 24;
716 		b43_ram_write(dev, 0x20 + i, tmp);
717 	}
718 }
719 
720 static void b43_upload_card_macaddress(struct b43_wldev *dev)
721 {
722 	b43_write_mac_bssid_templates(dev);
723 	b43_macfilter_set(dev, B43_MACFILTER_SELF, dev->wl->mac_addr);
724 }
725 
726 static void b43_set_slot_time(struct b43_wldev *dev, u16 slot_time)
727 {
728 	/* slot_time is in usec. */
729 	/* This test used to exit for all but a G PHY. */
730 	if (b43_current_band(dev->wl) == NL80211_BAND_5GHZ)
731 		return;
732 	b43_write16(dev, B43_MMIO_IFSSLOT, 510 + slot_time);
733 	/* Shared memory location 0x0010 is the slot time and should be
734 	 * set to slot_time; however, this register is initially 0 and changing
735 	 * the value adversely affects the transmit rate for BCM4311
736 	 * devices. Until this behavior is unterstood, delete this step
737 	 *
738 	 * b43_shm_write16(dev, B43_SHM_SHARED, 0x0010, slot_time);
739 	 */
740 }
741 
742 static void b43_short_slot_timing_enable(struct b43_wldev *dev)
743 {
744 	b43_set_slot_time(dev, 9);
745 }
746 
747 static void b43_short_slot_timing_disable(struct b43_wldev *dev)
748 {
749 	b43_set_slot_time(dev, 20);
750 }
751 
752 /* DummyTransmission function, as documented on
753  * http://bcm-v4.sipsolutions.net/802.11/DummyTransmission
754  */
755 void b43_dummy_transmission(struct b43_wldev *dev, bool ofdm, bool pa_on)
756 {
757 	struct b43_phy *phy = &dev->phy;
758 	unsigned int i, max_loop;
759 	u16 value;
760 	u32 buffer[5] = {
761 		0x00000000,
762 		0x00D40000,
763 		0x00000000,
764 		0x01000000,
765 		0x00000000,
766 	};
767 
768 	if (ofdm) {
769 		max_loop = 0x1E;
770 		buffer[0] = 0x000201CC;
771 	} else {
772 		max_loop = 0xFA;
773 		buffer[0] = 0x000B846E;
774 	}
775 
776 	for (i = 0; i < 5; i++)
777 		b43_ram_write(dev, i * 4, buffer[i]);
778 
779 	b43_write16(dev, B43_MMIO_XMTSEL, 0x0000);
780 
781 	if (dev->dev->core_rev < 11)
782 		b43_write16(dev, B43_MMIO_WEPCTL, 0x0000);
783 	else
784 		b43_write16(dev, B43_MMIO_WEPCTL, 0x0100);
785 
786 	value = (ofdm ? 0x41 : 0x40);
787 	b43_write16(dev, B43_MMIO_TXE0_PHYCTL, value);
788 	if (phy->type == B43_PHYTYPE_N || phy->type == B43_PHYTYPE_LP ||
789 	    phy->type == B43_PHYTYPE_LCN)
790 		b43_write16(dev, B43_MMIO_TXE0_PHYCTL1, 0x1A02);
791 
792 	b43_write16(dev, B43_MMIO_TXE0_WM_0, 0x0000);
793 	b43_write16(dev, B43_MMIO_TXE0_WM_1, 0x0000);
794 
795 	b43_write16(dev, B43_MMIO_XMTTPLATETXPTR, 0x0000);
796 	b43_write16(dev, B43_MMIO_XMTTXCNT, 0x0014);
797 	b43_write16(dev, B43_MMIO_XMTSEL, 0x0826);
798 	b43_write16(dev, B43_MMIO_TXE0_CTL, 0x0000);
799 
800 	if (!pa_on && phy->type == B43_PHYTYPE_N)
801 		; /*b43_nphy_pa_override(dev, false) */
802 
803 	switch (phy->type) {
804 	case B43_PHYTYPE_N:
805 	case B43_PHYTYPE_LCN:
806 		b43_write16(dev, B43_MMIO_TXE0_AUX, 0x00D0);
807 		break;
808 	case B43_PHYTYPE_LP:
809 		b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0050);
810 		break;
811 	default:
812 		b43_write16(dev, B43_MMIO_TXE0_AUX, 0x0030);
813 	}
814 	b43_read16(dev, B43_MMIO_TXE0_AUX);
815 
816 	if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
817 		b43_radio_write16(dev, 0x0051, 0x0017);
818 	for (i = 0x00; i < max_loop; i++) {
819 		value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
820 		if (value & 0x0080)
821 			break;
822 		udelay(10);
823 	}
824 	for (i = 0x00; i < 0x0A; i++) {
825 		value = b43_read16(dev, B43_MMIO_TXE0_STATUS);
826 		if (value & 0x0400)
827 			break;
828 		udelay(10);
829 	}
830 	for (i = 0x00; i < 0x19; i++) {
831 		value = b43_read16(dev, B43_MMIO_IFSSTAT);
832 		if (!(value & 0x0100))
833 			break;
834 		udelay(10);
835 	}
836 	if (phy->radio_ver == 0x2050 && phy->radio_rev <= 0x5)
837 		b43_radio_write16(dev, 0x0051, 0x0037);
838 }
839 
840 static void key_write(struct b43_wldev *dev,
841 		      u8 index, u8 algorithm, const u8 *key)
842 {
843 	unsigned int i;
844 	u32 offset;
845 	u16 value;
846 	u16 kidx;
847 
848 	/* Key index/algo block */
849 	kidx = b43_kidx_to_fw(dev, index);
850 	value = ((kidx << 4) | algorithm);
851 	b43_shm_write16(dev, B43_SHM_SHARED,
852 			B43_SHM_SH_KEYIDXBLOCK + (kidx * 2), value);
853 
854 	/* Write the key to the Key Table Pointer offset */
855 	offset = dev->ktp + (index * B43_SEC_KEYSIZE);
856 	for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
857 		value = key[i];
858 		value |= (u16) (key[i + 1]) << 8;
859 		b43_shm_write16(dev, B43_SHM_SHARED, offset + i, value);
860 	}
861 }
862 
863 static void keymac_write(struct b43_wldev *dev, u8 index, const u8 *addr)
864 {
865 	u32 addrtmp[2] = { 0, 0, };
866 	u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
867 
868 	if (b43_new_kidx_api(dev))
869 		pairwise_keys_start = B43_NR_GROUP_KEYS;
870 
871 	B43_WARN_ON(index < pairwise_keys_start);
872 	/* We have four default TX keys and possibly four default RX keys.
873 	 * Physical mac 0 is mapped to physical key 4 or 8, depending
874 	 * on the firmware version.
875 	 * So we must adjust the index here.
876 	 */
877 	index -= pairwise_keys_start;
878 	B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
879 
880 	if (addr) {
881 		addrtmp[0] = addr[0];
882 		addrtmp[0] |= ((u32) (addr[1]) << 8);
883 		addrtmp[0] |= ((u32) (addr[2]) << 16);
884 		addrtmp[0] |= ((u32) (addr[3]) << 24);
885 		addrtmp[1] = addr[4];
886 		addrtmp[1] |= ((u32) (addr[5]) << 8);
887 	}
888 
889 	/* Receive match transmitter address (RCMTA) mechanism */
890 	b43_shm_write32(dev, B43_SHM_RCMTA,
891 			(index * 2) + 0, addrtmp[0]);
892 	b43_shm_write16(dev, B43_SHM_RCMTA,
893 			(index * 2) + 1, addrtmp[1]);
894 }
895 
896 /* The ucode will use phase1 key with TEK key to decrypt rx packets.
897  * When a packet is received, the iv32 is checked.
898  * - if it doesn't the packet is returned without modification (and software
899  *   decryption can be done). That's what happen when iv16 wrap.
900  * - if it does, the rc4 key is computed, and decryption is tried.
901  *   Either it will success and B43_RX_MAC_DEC is returned,
902  *   either it fails and B43_RX_MAC_DEC|B43_RX_MAC_DECERR is returned
903  *   and the packet is not usable (it got modified by the ucode).
904  * So in order to never have B43_RX_MAC_DECERR, we should provide
905  * a iv32 and phase1key that match. Because we drop packets in case of
906  * B43_RX_MAC_DECERR, if we have a correct iv32 but a wrong phase1key, all
907  * packets will be lost without higher layer knowing (ie no resync possible
908  * until next wrap).
909  *
910  * NOTE : this should support 50 key like RCMTA because
911  * (B43_SHM_SH_KEYIDXBLOCK - B43_SHM_SH_TKIPTSCTTAK)/14 = 50
912  */
913 static void rx_tkip_phase1_write(struct b43_wldev *dev, u8 index, u32 iv32,
914 		u16 *phase1key)
915 {
916 	unsigned int i;
917 	u32 offset;
918 	u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
919 
920 	if (!modparam_hwtkip)
921 		return;
922 
923 	if (b43_new_kidx_api(dev))
924 		pairwise_keys_start = B43_NR_GROUP_KEYS;
925 
926 	B43_WARN_ON(index < pairwise_keys_start);
927 	/* We have four default TX keys and possibly four default RX keys.
928 	 * Physical mac 0 is mapped to physical key 4 or 8, depending
929 	 * on the firmware version.
930 	 * So we must adjust the index here.
931 	 */
932 	index -= pairwise_keys_start;
933 	B43_WARN_ON(index >= B43_NR_PAIRWISE_KEYS);
934 
935 	if (b43_debug(dev, B43_DBG_KEYS)) {
936 		b43dbg(dev->wl, "rx_tkip_phase1_write : idx 0x%x, iv32 0x%x\n",
937 				index, iv32);
938 	}
939 	/* Write the key to the  RX tkip shared mem */
940 	offset = B43_SHM_SH_TKIPTSCTTAK + index * (10 + 4);
941 	for (i = 0; i < 10; i += 2) {
942 		b43_shm_write16(dev, B43_SHM_SHARED, offset + i,
943 				phase1key ? phase1key[i / 2] : 0);
944 	}
945 	b43_shm_write16(dev, B43_SHM_SHARED, offset + i, iv32);
946 	b43_shm_write16(dev, B43_SHM_SHARED, offset + i + 2, iv32 >> 16);
947 }
948 
949 static void b43_op_update_tkip_key(struct ieee80211_hw *hw,
950 				   struct ieee80211_vif *vif,
951 				   struct ieee80211_key_conf *keyconf,
952 				   struct ieee80211_sta *sta,
953 				   u32 iv32, u16 *phase1key)
954 {
955 	struct b43_wl *wl = hw_to_b43_wl(hw);
956 	struct b43_wldev *dev;
957 	int index = keyconf->hw_key_idx;
958 
959 	if (B43_WARN_ON(!modparam_hwtkip))
960 		return;
961 
962 	/* This is only called from the RX path through mac80211, where
963 	 * our mutex is already locked. */
964 	B43_WARN_ON(!mutex_is_locked(&wl->mutex));
965 	dev = wl->current_dev;
966 	B43_WARN_ON(!dev || b43_status(dev) < B43_STAT_INITIALIZED);
967 
968 	keymac_write(dev, index, NULL);	/* First zero out mac to avoid race */
969 
970 	rx_tkip_phase1_write(dev, index, iv32, phase1key);
971 	/* only pairwise TKIP keys are supported right now */
972 	if (WARN_ON(!sta))
973 		return;
974 	keymac_write(dev, index, sta->addr);
975 }
976 
977 static void do_key_write(struct b43_wldev *dev,
978 			 u8 index, u8 algorithm,
979 			 const u8 *key, size_t key_len, const u8 *mac_addr)
980 {
981 	u8 buf[B43_SEC_KEYSIZE] = { 0, };
982 	u8 pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
983 
984 	if (b43_new_kidx_api(dev))
985 		pairwise_keys_start = B43_NR_GROUP_KEYS;
986 
987 	B43_WARN_ON(index >= ARRAY_SIZE(dev->key));
988 	B43_WARN_ON(key_len > B43_SEC_KEYSIZE);
989 
990 	if (index >= pairwise_keys_start)
991 		keymac_write(dev, index, NULL);	/* First zero out mac. */
992 	if (algorithm == B43_SEC_ALGO_TKIP) {
993 		/*
994 		 * We should provide an initial iv32, phase1key pair.
995 		 * We could start with iv32=0 and compute the corresponding
996 		 * phase1key, but this means calling ieee80211_get_tkip_key
997 		 * with a fake skb (or export other tkip function).
998 		 * Because we are lazy we hope iv32 won't start with
999 		 * 0xffffffff and let's b43_op_update_tkip_key provide a
1000 		 * correct pair.
1001 		 */
1002 		rx_tkip_phase1_write(dev, index, 0xffffffff, (u16*)buf);
1003 	} else if (index >= pairwise_keys_start) /* clear it */
1004 		rx_tkip_phase1_write(dev, index, 0, NULL);
1005 	if (key)
1006 		memcpy(buf, key, key_len);
1007 	key_write(dev, index, algorithm, buf);
1008 	if (index >= pairwise_keys_start)
1009 		keymac_write(dev, index, mac_addr);
1010 
1011 	dev->key[index].algorithm = algorithm;
1012 }
1013 
1014 static int b43_key_write(struct b43_wldev *dev,
1015 			 int index, u8 algorithm,
1016 			 const u8 *key, size_t key_len,
1017 			 const u8 *mac_addr,
1018 			 struct ieee80211_key_conf *keyconf)
1019 {
1020 	int i;
1021 	int pairwise_keys_start;
1022 
1023 	/* For ALG_TKIP the key is encoded as a 256-bit (32 byte) data block:
1024 	 * 	- Temporal Encryption Key (128 bits)
1025 	 * 	- Temporal Authenticator Tx MIC Key (64 bits)
1026 	 * 	- Temporal Authenticator Rx MIC Key (64 bits)
1027 	 *
1028 	 * 	Hardware only store TEK
1029 	 */
1030 	if (algorithm == B43_SEC_ALGO_TKIP && key_len == 32)
1031 		key_len = 16;
1032 	if (key_len > B43_SEC_KEYSIZE)
1033 		return -EINVAL;
1034 	for (i = 0; i < ARRAY_SIZE(dev->key); i++) {
1035 		/* Check that we don't already have this key. */
1036 		B43_WARN_ON(dev->key[i].keyconf == keyconf);
1037 	}
1038 	if (index < 0) {
1039 		/* Pairwise key. Get an empty slot for the key. */
1040 		if (b43_new_kidx_api(dev))
1041 			pairwise_keys_start = B43_NR_GROUP_KEYS;
1042 		else
1043 			pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1044 		for (i = pairwise_keys_start;
1045 		     i < pairwise_keys_start + B43_NR_PAIRWISE_KEYS;
1046 		     i++) {
1047 			B43_WARN_ON(i >= ARRAY_SIZE(dev->key));
1048 			if (!dev->key[i].keyconf) {
1049 				/* found empty */
1050 				index = i;
1051 				break;
1052 			}
1053 		}
1054 		if (index < 0) {
1055 			b43warn(dev->wl, "Out of hardware key memory\n");
1056 			return -ENOSPC;
1057 		}
1058 	} else
1059 		B43_WARN_ON(index > 3);
1060 
1061 	do_key_write(dev, index, algorithm, key, key_len, mac_addr);
1062 	if ((index <= 3) && !b43_new_kidx_api(dev)) {
1063 		/* Default RX key */
1064 		B43_WARN_ON(mac_addr);
1065 		do_key_write(dev, index + 4, algorithm, key, key_len, NULL);
1066 	}
1067 	keyconf->hw_key_idx = index;
1068 	dev->key[index].keyconf = keyconf;
1069 
1070 	return 0;
1071 }
1072 
1073 static int b43_key_clear(struct b43_wldev *dev, int index)
1074 {
1075 	if (B43_WARN_ON((index < 0) || (index >= ARRAY_SIZE(dev->key))))
1076 		return -EINVAL;
1077 	do_key_write(dev, index, B43_SEC_ALGO_NONE,
1078 		     NULL, B43_SEC_KEYSIZE, NULL);
1079 	if ((index <= 3) && !b43_new_kidx_api(dev)) {
1080 		do_key_write(dev, index + 4, B43_SEC_ALGO_NONE,
1081 			     NULL, B43_SEC_KEYSIZE, NULL);
1082 	}
1083 	dev->key[index].keyconf = NULL;
1084 
1085 	return 0;
1086 }
1087 
1088 static void b43_clear_keys(struct b43_wldev *dev)
1089 {
1090 	int i, count;
1091 
1092 	if (b43_new_kidx_api(dev))
1093 		count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1094 	else
1095 		count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1096 	for (i = 0; i < count; i++)
1097 		b43_key_clear(dev, i);
1098 }
1099 
1100 static void b43_dump_keymemory(struct b43_wldev *dev)
1101 {
1102 	unsigned int i, index, count, offset, pairwise_keys_start;
1103 	u8 mac[ETH_ALEN];
1104 	u16 algo;
1105 	u32 rcmta0;
1106 	u16 rcmta1;
1107 	u64 hf;
1108 	struct b43_key *key;
1109 
1110 	if (!b43_debug(dev, B43_DBG_KEYS))
1111 		return;
1112 
1113 	hf = b43_hf_read(dev);
1114 	b43dbg(dev->wl, "Hardware key memory dump:  USEDEFKEYS=%u\n",
1115 	       !!(hf & B43_HF_USEDEFKEYS));
1116 	if (b43_new_kidx_api(dev)) {
1117 		pairwise_keys_start = B43_NR_GROUP_KEYS;
1118 		count = B43_NR_GROUP_KEYS + B43_NR_PAIRWISE_KEYS;
1119 	} else {
1120 		pairwise_keys_start = B43_NR_GROUP_KEYS * 2;
1121 		count = B43_NR_GROUP_KEYS * 2 + B43_NR_PAIRWISE_KEYS;
1122 	}
1123 	for (index = 0; index < count; index++) {
1124 		key = &(dev->key[index]);
1125 		printk(KERN_DEBUG "Key slot %02u: %s",
1126 		       index, (key->keyconf == NULL) ? " " : "*");
1127 		offset = dev->ktp + (index * B43_SEC_KEYSIZE);
1128 		for (i = 0; i < B43_SEC_KEYSIZE; i += 2) {
1129 			u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1130 			printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1131 		}
1132 
1133 		algo = b43_shm_read16(dev, B43_SHM_SHARED,
1134 				      B43_SHM_SH_KEYIDXBLOCK + (index * 2));
1135 		printk("   Algo: %04X/%02X", algo, key->algorithm);
1136 
1137 		if (index >= pairwise_keys_start) {
1138 			if (key->algorithm == B43_SEC_ALGO_TKIP) {
1139 				printk("   TKIP: ");
1140 				offset = B43_SHM_SH_TKIPTSCTTAK + (index - 4) * (10 + 4);
1141 				for (i = 0; i < 14; i += 2) {
1142 					u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, offset + i);
1143 					printk("%02X%02X", (tmp & 0xFF), ((tmp >> 8) & 0xFF));
1144 				}
1145 			}
1146 			rcmta0 = b43_shm_read32(dev, B43_SHM_RCMTA,
1147 						((index - pairwise_keys_start) * 2) + 0);
1148 			rcmta1 = b43_shm_read16(dev, B43_SHM_RCMTA,
1149 						((index - pairwise_keys_start) * 2) + 1);
1150 			*((__le32 *)(&mac[0])) = cpu_to_le32(rcmta0);
1151 			*((__le16 *)(&mac[4])) = cpu_to_le16(rcmta1);
1152 			printk("   MAC: %pM", mac);
1153 		} else
1154 			printk("   DEFAULT KEY");
1155 		printk("\n");
1156 	}
1157 }
1158 
1159 void b43_power_saving_ctl_bits(struct b43_wldev *dev, unsigned int ps_flags)
1160 {
1161 	u32 macctl;
1162 	u16 ucstat;
1163 	bool hwps;
1164 	bool awake;
1165 	int i;
1166 
1167 	B43_WARN_ON((ps_flags & B43_PS_ENABLED) &&
1168 		    (ps_flags & B43_PS_DISABLED));
1169 	B43_WARN_ON((ps_flags & B43_PS_AWAKE) && (ps_flags & B43_PS_ASLEEP));
1170 
1171 	if (ps_flags & B43_PS_ENABLED) {
1172 		hwps = true;
1173 	} else if (ps_flags & B43_PS_DISABLED) {
1174 		hwps = false;
1175 	} else {
1176 		//TODO: If powersave is not off and FIXME is not set and we are not in adhoc
1177 		//      and thus is not an AP and we are associated, set bit 25
1178 	}
1179 	if (ps_flags & B43_PS_AWAKE) {
1180 		awake = true;
1181 	} else if (ps_flags & B43_PS_ASLEEP) {
1182 		awake = false;
1183 	} else {
1184 		//TODO: If the device is awake or this is an AP, or we are scanning, or FIXME,
1185 		//      or we are associated, or FIXME, or the latest PS-Poll packet sent was
1186 		//      successful, set bit26
1187 	}
1188 
1189 /* FIXME: For now we force awake-on and hwps-off */
1190 	hwps = false;
1191 	awake = true;
1192 
1193 	macctl = b43_read32(dev, B43_MMIO_MACCTL);
1194 	if (hwps)
1195 		macctl |= B43_MACCTL_HWPS;
1196 	else
1197 		macctl &= ~B43_MACCTL_HWPS;
1198 	if (awake)
1199 		macctl |= B43_MACCTL_AWAKE;
1200 	else
1201 		macctl &= ~B43_MACCTL_AWAKE;
1202 	b43_write32(dev, B43_MMIO_MACCTL, macctl);
1203 	/* Commit write */
1204 	b43_read32(dev, B43_MMIO_MACCTL);
1205 	if (awake && dev->dev->core_rev >= 5) {
1206 		/* Wait for the microcode to wake up. */
1207 		for (i = 0; i < 100; i++) {
1208 			ucstat = b43_shm_read16(dev, B43_SHM_SHARED,
1209 						B43_SHM_SH_UCODESTAT);
1210 			if (ucstat != B43_SHM_SH_UCODESTAT_SLEEP)
1211 				break;
1212 			udelay(10);
1213 		}
1214 	}
1215 }
1216 
1217 /* http://bcm-v4.sipsolutions.net/802.11/PHY/BmacCorePllReset */
1218 void b43_wireless_core_phy_pll_reset(struct b43_wldev *dev)
1219 {
1220 	struct bcma_drv_cc *bcma_cc __maybe_unused;
1221 	struct ssb_chipcommon *ssb_cc __maybe_unused;
1222 
1223 	switch (dev->dev->bus_type) {
1224 #ifdef CONFIG_B43_BCMA
1225 	case B43_BUS_BCMA:
1226 		bcma_cc = &dev->dev->bdev->bus->drv_cc;
1227 
1228 		bcma_cc_write32(bcma_cc, BCMA_CC_PMU_CHIPCTL_ADDR, 0);
1229 		bcma_cc_mask32(bcma_cc, BCMA_CC_PMU_CHIPCTL_DATA, ~0x4);
1230 		bcma_cc_set32(bcma_cc, BCMA_CC_PMU_CHIPCTL_DATA, 0x4);
1231 		bcma_cc_mask32(bcma_cc, BCMA_CC_PMU_CHIPCTL_DATA, ~0x4);
1232 		break;
1233 #endif
1234 #ifdef CONFIG_B43_SSB
1235 	case B43_BUS_SSB:
1236 		ssb_cc = &dev->dev->sdev->bus->chipco;
1237 
1238 		chipco_write32(ssb_cc, SSB_CHIPCO_CHIPCTL_ADDR, 0);
1239 		chipco_mask32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, ~0x4);
1240 		chipco_set32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, 0x4);
1241 		chipco_mask32(ssb_cc, SSB_CHIPCO_CHIPCTL_DATA, ~0x4);
1242 		break;
1243 #endif
1244 	}
1245 }
1246 
1247 #ifdef CONFIG_B43_BCMA
1248 static void b43_bcma_phy_reset(struct b43_wldev *dev)
1249 {
1250 	u32 flags;
1251 
1252 	/* Put PHY into reset */
1253 	flags = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1254 	flags |= B43_BCMA_IOCTL_PHY_RESET;
1255 	flags |= B43_BCMA_IOCTL_PHY_BW_20MHZ; /* Make 20 MHz def */
1256 	bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, flags);
1257 	udelay(2);
1258 
1259 	b43_phy_take_out_of_reset(dev);
1260 }
1261 
1262 static void b43_bcma_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1263 {
1264 	u32 req = B43_BCMA_CLKCTLST_80211_PLL_REQ |
1265 		  B43_BCMA_CLKCTLST_PHY_PLL_REQ;
1266 	u32 status = B43_BCMA_CLKCTLST_80211_PLL_ST |
1267 		     B43_BCMA_CLKCTLST_PHY_PLL_ST;
1268 	u32 flags;
1269 
1270 	flags = B43_BCMA_IOCTL_PHY_CLKEN;
1271 	if (gmode)
1272 		flags |= B43_BCMA_IOCTL_GMODE;
1273 	b43_device_enable(dev, flags);
1274 
1275 	if (dev->phy.type == B43_PHYTYPE_AC) {
1276 		u16 tmp;
1277 
1278 		tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1279 		tmp &= ~B43_BCMA_IOCTL_DAC;
1280 		tmp |= 0x100;
1281 		bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1282 
1283 		tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1284 		tmp &= ~B43_BCMA_IOCTL_PHY_CLKEN;
1285 		bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1286 
1287 		tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
1288 		tmp |= B43_BCMA_IOCTL_PHY_CLKEN;
1289 		bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
1290 	}
1291 
1292 	bcma_core_set_clockmode(dev->dev->bdev, BCMA_CLKMODE_FAST);
1293 	b43_bcma_phy_reset(dev);
1294 	bcma_core_pll_ctl(dev->dev->bdev, req, status, true);
1295 }
1296 #endif
1297 
1298 #ifdef CONFIG_B43_SSB
1299 static void b43_ssb_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1300 {
1301 	u32 flags = 0;
1302 
1303 	if (gmode)
1304 		flags |= B43_TMSLOW_GMODE;
1305 	flags |= B43_TMSLOW_PHYCLKEN;
1306 	flags |= B43_TMSLOW_PHYRESET;
1307 	if (dev->phy.type == B43_PHYTYPE_N)
1308 		flags |= B43_TMSLOW_PHY_BANDWIDTH_20MHZ; /* Make 20 MHz def */
1309 	b43_device_enable(dev, flags);
1310 	msleep(2);		/* Wait for the PLL to turn on. */
1311 
1312 	b43_phy_take_out_of_reset(dev);
1313 }
1314 #endif
1315 
1316 void b43_wireless_core_reset(struct b43_wldev *dev, bool gmode)
1317 {
1318 	u32 macctl;
1319 
1320 	switch (dev->dev->bus_type) {
1321 #ifdef CONFIG_B43_BCMA
1322 	case B43_BUS_BCMA:
1323 		b43_bcma_wireless_core_reset(dev, gmode);
1324 		break;
1325 #endif
1326 #ifdef CONFIG_B43_SSB
1327 	case B43_BUS_SSB:
1328 		b43_ssb_wireless_core_reset(dev, gmode);
1329 		break;
1330 #endif
1331 	}
1332 
1333 	/* Turn Analog ON, but only if we already know the PHY-type.
1334 	 * This protects against very early setup where we don't know the
1335 	 * PHY-type, yet. wireless_core_reset will be called once again later,
1336 	 * when we know the PHY-type. */
1337 	if (dev->phy.ops)
1338 		dev->phy.ops->switch_analog(dev, 1);
1339 
1340 	macctl = b43_read32(dev, B43_MMIO_MACCTL);
1341 	macctl &= ~B43_MACCTL_GMODE;
1342 	if (gmode)
1343 		macctl |= B43_MACCTL_GMODE;
1344 	macctl |= B43_MACCTL_IHR_ENABLED;
1345 	b43_write32(dev, B43_MMIO_MACCTL, macctl);
1346 }
1347 
1348 static void handle_irq_transmit_status(struct b43_wldev *dev)
1349 {
1350 	u32 v0, v1;
1351 	u16 tmp;
1352 	struct b43_txstatus stat;
1353 
1354 	while (1) {
1355 		v0 = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1356 		if (!(v0 & 0x00000001))
1357 			break;
1358 		v1 = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1359 
1360 		stat.cookie = (v0 >> 16);
1361 		stat.seq = (v1 & 0x0000FFFF);
1362 		stat.phy_stat = ((v1 & 0x00FF0000) >> 16);
1363 		tmp = (v0 & 0x0000FFFF);
1364 		stat.frame_count = ((tmp & 0xF000) >> 12);
1365 		stat.rts_count = ((tmp & 0x0F00) >> 8);
1366 		stat.supp_reason = ((tmp & 0x001C) >> 2);
1367 		stat.pm_indicated = !!(tmp & 0x0080);
1368 		stat.intermediate = !!(tmp & 0x0040);
1369 		stat.for_ampdu = !!(tmp & 0x0020);
1370 		stat.acked = !!(tmp & 0x0002);
1371 
1372 		b43_handle_txstatus(dev, &stat);
1373 	}
1374 }
1375 
1376 static void drain_txstatus_queue(struct b43_wldev *dev)
1377 {
1378 	u32 dummy;
1379 
1380 	if (dev->dev->core_rev < 5)
1381 		return;
1382 	/* Read all entries from the microcode TXstatus FIFO
1383 	 * and throw them away.
1384 	 */
1385 	while (1) {
1386 		dummy = b43_read32(dev, B43_MMIO_XMITSTAT_0);
1387 		if (!(dummy & 0x00000001))
1388 			break;
1389 		dummy = b43_read32(dev, B43_MMIO_XMITSTAT_1);
1390 	}
1391 }
1392 
1393 static u32 b43_jssi_read(struct b43_wldev *dev)
1394 {
1395 	u32 val = 0;
1396 
1397 	val = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1);
1398 	val <<= 16;
1399 	val |= b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0);
1400 
1401 	return val;
1402 }
1403 
1404 static void b43_jssi_write(struct b43_wldev *dev, u32 jssi)
1405 {
1406 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI0,
1407 			(jssi & 0x0000FFFF));
1408 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_JSSI1,
1409 			(jssi & 0xFFFF0000) >> 16);
1410 }
1411 
1412 static void b43_generate_noise_sample(struct b43_wldev *dev)
1413 {
1414 	b43_jssi_write(dev, 0x7F7F7F7F);
1415 	b43_write32(dev, B43_MMIO_MACCMD,
1416 		    b43_read32(dev, B43_MMIO_MACCMD) | B43_MACCMD_BGNOISE);
1417 }
1418 
1419 static void b43_calculate_link_quality(struct b43_wldev *dev)
1420 {
1421 	/* Top half of Link Quality calculation. */
1422 
1423 	if (dev->phy.type != B43_PHYTYPE_G)
1424 		return;
1425 	if (dev->noisecalc.calculation_running)
1426 		return;
1427 	dev->noisecalc.calculation_running = true;
1428 	dev->noisecalc.nr_samples = 0;
1429 
1430 	b43_generate_noise_sample(dev);
1431 }
1432 
1433 static void handle_irq_noise(struct b43_wldev *dev)
1434 {
1435 	struct b43_phy_g *phy = dev->phy.g;
1436 	u16 tmp;
1437 	u8 noise[4];
1438 	u8 i, j;
1439 	s32 average;
1440 
1441 	/* Bottom half of Link Quality calculation. */
1442 
1443 	if (dev->phy.type != B43_PHYTYPE_G)
1444 		return;
1445 
1446 	/* Possible race condition: It might be possible that the user
1447 	 * changed to a different channel in the meantime since we
1448 	 * started the calculation. We ignore that fact, since it's
1449 	 * not really that much of a problem. The background noise is
1450 	 * an estimation only anyway. Slightly wrong results will get damped
1451 	 * by the averaging of the 8 sample rounds. Additionally the
1452 	 * value is shortlived. So it will be replaced by the next noise
1453 	 * calculation round soon. */
1454 
1455 	B43_WARN_ON(!dev->noisecalc.calculation_running);
1456 	*((__le32 *)noise) = cpu_to_le32(b43_jssi_read(dev));
1457 	if (noise[0] == 0x7F || noise[1] == 0x7F ||
1458 	    noise[2] == 0x7F || noise[3] == 0x7F)
1459 		goto generate_new;
1460 
1461 	/* Get the noise samples. */
1462 	B43_WARN_ON(dev->noisecalc.nr_samples >= 8);
1463 	i = dev->noisecalc.nr_samples;
1464 	noise[0] = clamp_val(noise[0], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1465 	noise[1] = clamp_val(noise[1], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1466 	noise[2] = clamp_val(noise[2], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1467 	noise[3] = clamp_val(noise[3], 0, ARRAY_SIZE(phy->nrssi_lt) - 1);
1468 	dev->noisecalc.samples[i][0] = phy->nrssi_lt[noise[0]];
1469 	dev->noisecalc.samples[i][1] = phy->nrssi_lt[noise[1]];
1470 	dev->noisecalc.samples[i][2] = phy->nrssi_lt[noise[2]];
1471 	dev->noisecalc.samples[i][3] = phy->nrssi_lt[noise[3]];
1472 	dev->noisecalc.nr_samples++;
1473 	if (dev->noisecalc.nr_samples == 8) {
1474 		/* Calculate the Link Quality by the noise samples. */
1475 		average = 0;
1476 		for (i = 0; i < 8; i++) {
1477 			for (j = 0; j < 4; j++)
1478 				average += dev->noisecalc.samples[i][j];
1479 		}
1480 		average /= (8 * 4);
1481 		average *= 125;
1482 		average += 64;
1483 		average /= 128;
1484 		tmp = b43_shm_read16(dev, B43_SHM_SHARED, 0x40C);
1485 		tmp = (tmp / 128) & 0x1F;
1486 		if (tmp >= 8)
1487 			average += 2;
1488 		else
1489 			average -= 25;
1490 		if (tmp == 8)
1491 			average -= 72;
1492 		else
1493 			average -= 48;
1494 
1495 		dev->stats.link_noise = average;
1496 		dev->noisecalc.calculation_running = false;
1497 		return;
1498 	}
1499 generate_new:
1500 	b43_generate_noise_sample(dev);
1501 }
1502 
1503 static void handle_irq_tbtt_indication(struct b43_wldev *dev)
1504 {
1505 	if (b43_is_mode(dev->wl, NL80211_IFTYPE_AP)) {
1506 		///TODO: PS TBTT
1507 	} else {
1508 		if (1 /*FIXME: the last PSpoll frame was sent successfully */ )
1509 			b43_power_saving_ctl_bits(dev, 0);
1510 	}
1511 	if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
1512 		dev->dfq_valid = true;
1513 }
1514 
1515 static void handle_irq_atim_end(struct b43_wldev *dev)
1516 {
1517 	if (dev->dfq_valid) {
1518 		b43_write32(dev, B43_MMIO_MACCMD,
1519 			    b43_read32(dev, B43_MMIO_MACCMD)
1520 			    | B43_MACCMD_DFQ_VALID);
1521 		dev->dfq_valid = false;
1522 	}
1523 }
1524 
1525 static void handle_irq_pmq(struct b43_wldev *dev)
1526 {
1527 	u32 tmp;
1528 
1529 	//TODO: AP mode.
1530 
1531 	while (1) {
1532 		tmp = b43_read32(dev, B43_MMIO_PS_STATUS);
1533 		if (!(tmp & 0x00000008))
1534 			break;
1535 	}
1536 	/* 16bit write is odd, but correct. */
1537 	b43_write16(dev, B43_MMIO_PS_STATUS, 0x0002);
1538 }
1539 
1540 static void b43_write_template_common(struct b43_wldev *dev,
1541 				      const u8 *data, u16 size,
1542 				      u16 ram_offset,
1543 				      u16 shm_size_offset, u8 rate)
1544 {
1545 	u32 i, tmp;
1546 	struct b43_plcp_hdr4 plcp;
1547 
1548 	plcp.data = 0;
1549 	b43_generate_plcp_hdr(&plcp, size + FCS_LEN, rate);
1550 	b43_ram_write(dev, ram_offset, le32_to_cpu(plcp.data));
1551 	ram_offset += sizeof(u32);
1552 	/* The PLCP is 6 bytes long, but we only wrote 4 bytes, yet.
1553 	 * So leave the first two bytes of the next write blank.
1554 	 */
1555 	tmp = (u32) (data[0]) << 16;
1556 	tmp |= (u32) (data[1]) << 24;
1557 	b43_ram_write(dev, ram_offset, tmp);
1558 	ram_offset += sizeof(u32);
1559 	for (i = 2; i < size; i += sizeof(u32)) {
1560 		tmp = (u32) (data[i + 0]);
1561 		if (i + 1 < size)
1562 			tmp |= (u32) (data[i + 1]) << 8;
1563 		if (i + 2 < size)
1564 			tmp |= (u32) (data[i + 2]) << 16;
1565 		if (i + 3 < size)
1566 			tmp |= (u32) (data[i + 3]) << 24;
1567 		b43_ram_write(dev, ram_offset + i - 2, tmp);
1568 	}
1569 	b43_shm_write16(dev, B43_SHM_SHARED, shm_size_offset,
1570 			size + sizeof(struct b43_plcp_hdr6));
1571 }
1572 
1573 /* Check if the use of the antenna that ieee80211 told us to
1574  * use is possible. This will fall back to DEFAULT.
1575  * "antenna_nr" is the antenna identifier we got from ieee80211. */
1576 u8 b43_ieee80211_antenna_sanitize(struct b43_wldev *dev,
1577 				  u8 antenna_nr)
1578 {
1579 	u8 antenna_mask;
1580 
1581 	if (antenna_nr == 0) {
1582 		/* Zero means "use default antenna". That's always OK. */
1583 		return 0;
1584 	}
1585 
1586 	/* Get the mask of available antennas. */
1587 	if (dev->phy.gmode)
1588 		antenna_mask = dev->dev->bus_sprom->ant_available_bg;
1589 	else
1590 		antenna_mask = dev->dev->bus_sprom->ant_available_a;
1591 
1592 	if (!(antenna_mask & (1 << (antenna_nr - 1)))) {
1593 		/* This antenna is not available. Fall back to default. */
1594 		return 0;
1595 	}
1596 
1597 	return antenna_nr;
1598 }
1599 
1600 /* Convert a b43 antenna number value to the PHY TX control value. */
1601 static u16 b43_antenna_to_phyctl(int antenna)
1602 {
1603 	switch (antenna) {
1604 	case B43_ANTENNA0:
1605 		return B43_TXH_PHY_ANT0;
1606 	case B43_ANTENNA1:
1607 		return B43_TXH_PHY_ANT1;
1608 	case B43_ANTENNA2:
1609 		return B43_TXH_PHY_ANT2;
1610 	case B43_ANTENNA3:
1611 		return B43_TXH_PHY_ANT3;
1612 	case B43_ANTENNA_AUTO0:
1613 	case B43_ANTENNA_AUTO1:
1614 		return B43_TXH_PHY_ANT01AUTO;
1615 	}
1616 	B43_WARN_ON(1);
1617 	return 0;
1618 }
1619 
1620 static void b43_write_beacon_template(struct b43_wldev *dev,
1621 				      u16 ram_offset,
1622 				      u16 shm_size_offset)
1623 {
1624 	unsigned int i, len, variable_len;
1625 	const struct ieee80211_mgmt *bcn;
1626 	const u8 *ie;
1627 	bool tim_found = false;
1628 	unsigned int rate;
1629 	u16 ctl;
1630 	int antenna;
1631 	struct ieee80211_tx_info *info;
1632 	unsigned long flags;
1633 	struct sk_buff *beacon_skb;
1634 
1635 	spin_lock_irqsave(&dev->wl->beacon_lock, flags);
1636 	info = IEEE80211_SKB_CB(dev->wl->current_beacon);
1637 	rate = ieee80211_get_tx_rate(dev->wl->hw, info)->hw_value;
1638 	/* Clone the beacon, so it cannot go away, while we write it to hw. */
1639 	beacon_skb = skb_clone(dev->wl->current_beacon, GFP_ATOMIC);
1640 	spin_unlock_irqrestore(&dev->wl->beacon_lock, flags);
1641 
1642 	if (!beacon_skb) {
1643 		b43dbg(dev->wl, "Could not upload beacon. "
1644 		       "Failed to clone beacon skb.");
1645 		return;
1646 	}
1647 
1648 	bcn = (const struct ieee80211_mgmt *)(beacon_skb->data);
1649 	len = min_t(size_t, beacon_skb->len,
1650 		    0x200 - sizeof(struct b43_plcp_hdr6));
1651 
1652 	b43_write_template_common(dev, (const u8 *)bcn,
1653 				  len, ram_offset, shm_size_offset, rate);
1654 
1655 	/* Write the PHY TX control parameters. */
1656 	antenna = B43_ANTENNA_DEFAULT;
1657 	antenna = b43_antenna_to_phyctl(antenna);
1658 	ctl = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL);
1659 	/* We can't send beacons with short preamble. Would get PHY errors. */
1660 	ctl &= ~B43_TXH_PHY_SHORTPRMBL;
1661 	ctl &= ~B43_TXH_PHY_ANT;
1662 	ctl &= ~B43_TXH_PHY_ENC;
1663 	ctl |= antenna;
1664 	if (b43_is_cck_rate(rate))
1665 		ctl |= B43_TXH_PHY_ENC_CCK;
1666 	else
1667 		ctl |= B43_TXH_PHY_ENC_OFDM;
1668 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
1669 
1670 	/* Find the position of the TIM and the DTIM_period value
1671 	 * and write them to SHM. */
1672 	ie = bcn->u.beacon.variable;
1673 	variable_len = len - offsetof(struct ieee80211_mgmt, u.beacon.variable);
1674 	for (i = 0; i < variable_len - 2; ) {
1675 		uint8_t ie_id, ie_len;
1676 
1677 		ie_id = ie[i];
1678 		ie_len = ie[i + 1];
1679 		if (ie_id == 5) {
1680 			u16 tim_position;
1681 			u16 dtim_period;
1682 			/* This is the TIM Information Element */
1683 
1684 			/* Check whether the ie_len is in the beacon data range. */
1685 			if (variable_len < ie_len + 2 + i)
1686 				break;
1687 			/* A valid TIM is at least 4 bytes long. */
1688 			if (ie_len < 4)
1689 				break;
1690 			tim_found = true;
1691 
1692 			tim_position = sizeof(struct b43_plcp_hdr6);
1693 			tim_position += offsetof(struct ieee80211_mgmt, u.beacon.variable);
1694 			tim_position += i;
1695 
1696 			dtim_period = ie[i + 3];
1697 
1698 			b43_shm_write16(dev, B43_SHM_SHARED,
1699 					B43_SHM_SH_TIMBPOS, tim_position);
1700 			b43_shm_write16(dev, B43_SHM_SHARED,
1701 					B43_SHM_SH_DTIMPER, dtim_period);
1702 			break;
1703 		}
1704 		i += ie_len + 2;
1705 	}
1706 	if (!tim_found) {
1707 		/*
1708 		 * If ucode wants to modify TIM do it behind the beacon, this
1709 		 * will happen, for example, when doing mesh networking.
1710 		 */
1711 		b43_shm_write16(dev, B43_SHM_SHARED,
1712 				B43_SHM_SH_TIMBPOS,
1713 				len + sizeof(struct b43_plcp_hdr6));
1714 		b43_shm_write16(dev, B43_SHM_SHARED,
1715 				B43_SHM_SH_DTIMPER, 0);
1716 	}
1717 	b43dbg(dev->wl, "Updated beacon template at 0x%x\n", ram_offset);
1718 
1719 	dev_kfree_skb_any(beacon_skb);
1720 }
1721 
1722 static void b43_upload_beacon0(struct b43_wldev *dev)
1723 {
1724 	struct b43_wl *wl = dev->wl;
1725 
1726 	if (wl->beacon0_uploaded)
1727 		return;
1728 	b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE0, B43_SHM_SH_BTL0);
1729 	wl->beacon0_uploaded = true;
1730 }
1731 
1732 static void b43_upload_beacon1(struct b43_wldev *dev)
1733 {
1734 	struct b43_wl *wl = dev->wl;
1735 
1736 	if (wl->beacon1_uploaded)
1737 		return;
1738 	b43_write_beacon_template(dev, B43_SHM_SH_BT_BASE1, B43_SHM_SH_BTL1);
1739 	wl->beacon1_uploaded = true;
1740 }
1741 
1742 static void handle_irq_beacon(struct b43_wldev *dev)
1743 {
1744 	struct b43_wl *wl = dev->wl;
1745 	u32 cmd, beacon0_valid, beacon1_valid;
1746 
1747 	if (!b43_is_mode(wl, NL80211_IFTYPE_AP) &&
1748 	    !b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) &&
1749 	    !b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
1750 		return;
1751 
1752 	/* This is the bottom half of the asynchronous beacon update. */
1753 
1754 	/* Ignore interrupt in the future. */
1755 	dev->irq_mask &= ~B43_IRQ_BEACON;
1756 
1757 	cmd = b43_read32(dev, B43_MMIO_MACCMD);
1758 	beacon0_valid = (cmd & B43_MACCMD_BEACON0_VALID);
1759 	beacon1_valid = (cmd & B43_MACCMD_BEACON1_VALID);
1760 
1761 	/* Schedule interrupt manually, if busy. */
1762 	if (beacon0_valid && beacon1_valid) {
1763 		b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_BEACON);
1764 		dev->irq_mask |= B43_IRQ_BEACON;
1765 		return;
1766 	}
1767 
1768 	if (unlikely(wl->beacon_templates_virgin)) {
1769 		/* We never uploaded a beacon before.
1770 		 * Upload both templates now, but only mark one valid. */
1771 		wl->beacon_templates_virgin = false;
1772 		b43_upload_beacon0(dev);
1773 		b43_upload_beacon1(dev);
1774 		cmd = b43_read32(dev, B43_MMIO_MACCMD);
1775 		cmd |= B43_MACCMD_BEACON0_VALID;
1776 		b43_write32(dev, B43_MMIO_MACCMD, cmd);
1777 	} else {
1778 		if (!beacon0_valid) {
1779 			b43_upload_beacon0(dev);
1780 			cmd = b43_read32(dev, B43_MMIO_MACCMD);
1781 			cmd |= B43_MACCMD_BEACON0_VALID;
1782 			b43_write32(dev, B43_MMIO_MACCMD, cmd);
1783 		} else if (!beacon1_valid) {
1784 			b43_upload_beacon1(dev);
1785 			cmd = b43_read32(dev, B43_MMIO_MACCMD);
1786 			cmd |= B43_MACCMD_BEACON1_VALID;
1787 			b43_write32(dev, B43_MMIO_MACCMD, cmd);
1788 		}
1789 	}
1790 }
1791 
1792 static void b43_do_beacon_update_trigger_work(struct b43_wldev *dev)
1793 {
1794 	u32 old_irq_mask = dev->irq_mask;
1795 
1796 	/* update beacon right away or defer to irq */
1797 	handle_irq_beacon(dev);
1798 	if (old_irq_mask != dev->irq_mask) {
1799 		/* The handler updated the IRQ mask. */
1800 		B43_WARN_ON(!dev->irq_mask);
1801 		if (b43_read32(dev, B43_MMIO_GEN_IRQ_MASK)) {
1802 			b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
1803 		} else {
1804 			/* Device interrupts are currently disabled. That means
1805 			 * we just ran the hardirq handler and scheduled the
1806 			 * IRQ thread. The thread will write the IRQ mask when
1807 			 * it finished, so there's nothing to do here. Writing
1808 			 * the mask _here_ would incorrectly re-enable IRQs. */
1809 		}
1810 	}
1811 }
1812 
1813 static void b43_beacon_update_trigger_work(struct work_struct *work)
1814 {
1815 	struct b43_wl *wl = container_of(work, struct b43_wl,
1816 					 beacon_update_trigger);
1817 	struct b43_wldev *dev;
1818 
1819 	mutex_lock(&wl->mutex);
1820 	dev = wl->current_dev;
1821 	if (likely(dev && (b43_status(dev) >= B43_STAT_INITIALIZED))) {
1822 		if (b43_bus_host_is_sdio(dev->dev)) {
1823 			/* wl->mutex is enough. */
1824 			b43_do_beacon_update_trigger_work(dev);
1825 			mmiowb();
1826 		} else {
1827 			spin_lock_irq(&wl->hardirq_lock);
1828 			b43_do_beacon_update_trigger_work(dev);
1829 			mmiowb();
1830 			spin_unlock_irq(&wl->hardirq_lock);
1831 		}
1832 	}
1833 	mutex_unlock(&wl->mutex);
1834 }
1835 
1836 /* Asynchronously update the packet templates in template RAM. */
1837 static void b43_update_templates(struct b43_wl *wl)
1838 {
1839 	struct sk_buff *beacon, *old_beacon;
1840 	unsigned long flags;
1841 
1842 	/* This is the top half of the asynchronous beacon update.
1843 	 * The bottom half is the beacon IRQ.
1844 	 * Beacon update must be asynchronous to avoid sending an
1845 	 * invalid beacon. This can happen for example, if the firmware
1846 	 * transmits a beacon while we are updating it. */
1847 
1848 	/* We could modify the existing beacon and set the aid bit in
1849 	 * the TIM field, but that would probably require resizing and
1850 	 * moving of data within the beacon template.
1851 	 * Simply request a new beacon and let mac80211 do the hard work. */
1852 	beacon = ieee80211_beacon_get(wl->hw, wl->vif);
1853 	if (unlikely(!beacon))
1854 		return;
1855 
1856 	spin_lock_irqsave(&wl->beacon_lock, flags);
1857 	old_beacon = wl->current_beacon;
1858 	wl->current_beacon = beacon;
1859 	wl->beacon0_uploaded = false;
1860 	wl->beacon1_uploaded = false;
1861 	spin_unlock_irqrestore(&wl->beacon_lock, flags);
1862 
1863 	ieee80211_queue_work(wl->hw, &wl->beacon_update_trigger);
1864 
1865 	if (old_beacon)
1866 		dev_kfree_skb_any(old_beacon);
1867 }
1868 
1869 static void b43_set_beacon_int(struct b43_wldev *dev, u16 beacon_int)
1870 {
1871 	b43_time_lock(dev);
1872 	if (dev->dev->core_rev >= 3) {
1873 		b43_write32(dev, B43_MMIO_TSF_CFP_REP, (beacon_int << 16));
1874 		b43_write32(dev, B43_MMIO_TSF_CFP_START, (beacon_int << 10));
1875 	} else {
1876 		b43_write16(dev, 0x606, (beacon_int >> 6));
1877 		b43_write16(dev, 0x610, beacon_int);
1878 	}
1879 	b43_time_unlock(dev);
1880 	b43dbg(dev->wl, "Set beacon interval to %u\n", beacon_int);
1881 }
1882 
1883 static void b43_handle_firmware_panic(struct b43_wldev *dev)
1884 {
1885 	u16 reason;
1886 
1887 	/* Read the register that contains the reason code for the panic. */
1888 	reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_FWPANIC_REASON_REG);
1889 	b43err(dev->wl, "Whoopsy, firmware panic! Reason: %u\n", reason);
1890 
1891 	switch (reason) {
1892 	default:
1893 		b43dbg(dev->wl, "The panic reason is unknown.\n");
1894 		/* fallthrough */
1895 	case B43_FWPANIC_DIE:
1896 		/* Do not restart the controller or firmware.
1897 		 * The device is nonfunctional from now on.
1898 		 * Restarting would result in this panic to trigger again,
1899 		 * so we avoid that recursion. */
1900 		break;
1901 	case B43_FWPANIC_RESTART:
1902 		b43_controller_restart(dev, "Microcode panic");
1903 		break;
1904 	}
1905 }
1906 
1907 static void handle_irq_ucode_debug(struct b43_wldev *dev)
1908 {
1909 	unsigned int i, cnt;
1910 	u16 reason, marker_id, marker_line;
1911 	__le16 *buf;
1912 
1913 	/* The proprietary firmware doesn't have this IRQ. */
1914 	if (!dev->fw.opensource)
1915 		return;
1916 
1917 	/* Read the register that contains the reason code for this IRQ. */
1918 	reason = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_DEBUGIRQ_REASON_REG);
1919 
1920 	switch (reason) {
1921 	case B43_DEBUGIRQ_PANIC:
1922 		b43_handle_firmware_panic(dev);
1923 		break;
1924 	case B43_DEBUGIRQ_DUMP_SHM:
1925 		if (!B43_DEBUG)
1926 			break; /* Only with driver debugging enabled. */
1927 		buf = kmalloc(4096, GFP_ATOMIC);
1928 		if (!buf) {
1929 			b43dbg(dev->wl, "SHM-dump: Failed to allocate memory\n");
1930 			goto out;
1931 		}
1932 		for (i = 0; i < 4096; i += 2) {
1933 			u16 tmp = b43_shm_read16(dev, B43_SHM_SHARED, i);
1934 			buf[i / 2] = cpu_to_le16(tmp);
1935 		}
1936 		b43info(dev->wl, "Shared memory dump:\n");
1937 		print_hex_dump(KERN_INFO, "", DUMP_PREFIX_OFFSET,
1938 			       16, 2, buf, 4096, 1);
1939 		kfree(buf);
1940 		break;
1941 	case B43_DEBUGIRQ_DUMP_REGS:
1942 		if (!B43_DEBUG)
1943 			break; /* Only with driver debugging enabled. */
1944 		b43info(dev->wl, "Microcode register dump:\n");
1945 		for (i = 0, cnt = 0; i < 64; i++) {
1946 			u16 tmp = b43_shm_read16(dev, B43_SHM_SCRATCH, i);
1947 			if (cnt == 0)
1948 				printk(KERN_INFO);
1949 			printk("r%02u: 0x%04X  ", i, tmp);
1950 			cnt++;
1951 			if (cnt == 6) {
1952 				printk("\n");
1953 				cnt = 0;
1954 			}
1955 		}
1956 		printk("\n");
1957 		break;
1958 	case B43_DEBUGIRQ_MARKER:
1959 		if (!B43_DEBUG)
1960 			break; /* Only with driver debugging enabled. */
1961 		marker_id = b43_shm_read16(dev, B43_SHM_SCRATCH,
1962 					   B43_MARKER_ID_REG);
1963 		marker_line = b43_shm_read16(dev, B43_SHM_SCRATCH,
1964 					     B43_MARKER_LINE_REG);
1965 		b43info(dev->wl, "The firmware just executed the MARKER(%u) "
1966 			"at line number %u\n",
1967 			marker_id, marker_line);
1968 		break;
1969 	default:
1970 		b43dbg(dev->wl, "Debug-IRQ triggered for unknown reason: %u\n",
1971 		       reason);
1972 	}
1973 out:
1974 	/* Acknowledge the debug-IRQ, so the firmware can continue. */
1975 	b43_shm_write16(dev, B43_SHM_SCRATCH,
1976 			B43_DEBUGIRQ_REASON_REG, B43_DEBUGIRQ_ACK);
1977 }
1978 
1979 static void b43_do_interrupt_thread(struct b43_wldev *dev)
1980 {
1981 	u32 reason;
1982 	u32 dma_reason[ARRAY_SIZE(dev->dma_reason)];
1983 	u32 merged_dma_reason = 0;
1984 	int i;
1985 
1986 	if (unlikely(b43_status(dev) != B43_STAT_STARTED))
1987 		return;
1988 
1989 	reason = dev->irq_reason;
1990 	for (i = 0; i < ARRAY_SIZE(dma_reason); i++) {
1991 		dma_reason[i] = dev->dma_reason[i];
1992 		merged_dma_reason |= dma_reason[i];
1993 	}
1994 
1995 	if (unlikely(reason & B43_IRQ_MAC_TXERR))
1996 		b43err(dev->wl, "MAC transmission error\n");
1997 
1998 	if (unlikely(reason & B43_IRQ_PHY_TXERR)) {
1999 		b43err(dev->wl, "PHY transmission error\n");
2000 		rmb();
2001 		if (unlikely(atomic_dec_and_test(&dev->phy.txerr_cnt))) {
2002 			atomic_set(&dev->phy.txerr_cnt,
2003 				   B43_PHY_TX_BADNESS_LIMIT);
2004 			b43err(dev->wl, "Too many PHY TX errors, "
2005 					"restarting the controller\n");
2006 			b43_controller_restart(dev, "PHY TX errors");
2007 		}
2008 	}
2009 
2010 	if (unlikely(merged_dma_reason & (B43_DMAIRQ_FATALMASK))) {
2011 		b43err(dev->wl,
2012 			"Fatal DMA error: 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X, 0x%08X\n",
2013 			dma_reason[0], dma_reason[1],
2014 			dma_reason[2], dma_reason[3],
2015 			dma_reason[4], dma_reason[5]);
2016 		b43err(dev->wl, "This device does not support DMA "
2017 			       "on your system. It will now be switched to PIO.\n");
2018 		/* Fall back to PIO transfers if we get fatal DMA errors! */
2019 		dev->use_pio = true;
2020 		b43_controller_restart(dev, "DMA error");
2021 		return;
2022 	}
2023 
2024 	if (unlikely(reason & B43_IRQ_UCODE_DEBUG))
2025 		handle_irq_ucode_debug(dev);
2026 	if (reason & B43_IRQ_TBTT_INDI)
2027 		handle_irq_tbtt_indication(dev);
2028 	if (reason & B43_IRQ_ATIM_END)
2029 		handle_irq_atim_end(dev);
2030 	if (reason & B43_IRQ_BEACON)
2031 		handle_irq_beacon(dev);
2032 	if (reason & B43_IRQ_PMQ)
2033 		handle_irq_pmq(dev);
2034 	if (reason & B43_IRQ_TXFIFO_FLUSH_OK)
2035 		;/* TODO */
2036 	if (reason & B43_IRQ_NOISESAMPLE_OK)
2037 		handle_irq_noise(dev);
2038 
2039 	/* Check the DMA reason registers for received data. */
2040 	if (dma_reason[0] & B43_DMAIRQ_RDESC_UFLOW) {
2041 		if (B43_DEBUG)
2042 			b43warn(dev->wl, "RX descriptor underrun\n");
2043 		b43_dma_handle_rx_overflow(dev->dma.rx_ring);
2044 	}
2045 	if (dma_reason[0] & B43_DMAIRQ_RX_DONE) {
2046 		if (b43_using_pio_transfers(dev))
2047 			b43_pio_rx(dev->pio.rx_queue);
2048 		else
2049 			b43_dma_rx(dev->dma.rx_ring);
2050 	}
2051 	B43_WARN_ON(dma_reason[1] & B43_DMAIRQ_RX_DONE);
2052 	B43_WARN_ON(dma_reason[2] & B43_DMAIRQ_RX_DONE);
2053 	B43_WARN_ON(dma_reason[3] & B43_DMAIRQ_RX_DONE);
2054 	B43_WARN_ON(dma_reason[4] & B43_DMAIRQ_RX_DONE);
2055 	B43_WARN_ON(dma_reason[5] & B43_DMAIRQ_RX_DONE);
2056 
2057 	if (reason & B43_IRQ_TX_OK)
2058 		handle_irq_transmit_status(dev);
2059 
2060 	/* Re-enable interrupts on the device by restoring the current interrupt mask. */
2061 	b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
2062 
2063 #if B43_DEBUG
2064 	if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
2065 		dev->irq_count++;
2066 		for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
2067 			if (reason & (1 << i))
2068 				dev->irq_bit_count[i]++;
2069 		}
2070 	}
2071 #endif
2072 }
2073 
2074 /* Interrupt thread handler. Handles device interrupts in thread context. */
2075 static irqreturn_t b43_interrupt_thread_handler(int irq, void *dev_id)
2076 {
2077 	struct b43_wldev *dev = dev_id;
2078 
2079 	mutex_lock(&dev->wl->mutex);
2080 	b43_do_interrupt_thread(dev);
2081 	mmiowb();
2082 	mutex_unlock(&dev->wl->mutex);
2083 
2084 	return IRQ_HANDLED;
2085 }
2086 
2087 static irqreturn_t b43_do_interrupt(struct b43_wldev *dev)
2088 {
2089 	u32 reason;
2090 
2091 	/* This code runs under wl->hardirq_lock, but _only_ on non-SDIO busses.
2092 	 * On SDIO, this runs under wl->mutex. */
2093 
2094 	reason = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2095 	if (reason == 0xffffffff)	/* shared IRQ */
2096 		return IRQ_NONE;
2097 	reason &= dev->irq_mask;
2098 	if (!reason)
2099 		return IRQ_NONE;
2100 
2101 	dev->dma_reason[0] = b43_read32(dev, B43_MMIO_DMA0_REASON)
2102 	    & 0x0001FC00;
2103 	dev->dma_reason[1] = b43_read32(dev, B43_MMIO_DMA1_REASON)
2104 	    & 0x0000DC00;
2105 	dev->dma_reason[2] = b43_read32(dev, B43_MMIO_DMA2_REASON)
2106 	    & 0x0000DC00;
2107 	dev->dma_reason[3] = b43_read32(dev, B43_MMIO_DMA3_REASON)
2108 	    & 0x0001DC00;
2109 	dev->dma_reason[4] = b43_read32(dev, B43_MMIO_DMA4_REASON)
2110 	    & 0x0000DC00;
2111 /* Unused ring
2112 	dev->dma_reason[5] = b43_read32(dev, B43_MMIO_DMA5_REASON)
2113 	    & 0x0000DC00;
2114 */
2115 
2116 	/* ACK the interrupt. */
2117 	b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, reason);
2118 	b43_write32(dev, B43_MMIO_DMA0_REASON, dev->dma_reason[0]);
2119 	b43_write32(dev, B43_MMIO_DMA1_REASON, dev->dma_reason[1]);
2120 	b43_write32(dev, B43_MMIO_DMA2_REASON, dev->dma_reason[2]);
2121 	b43_write32(dev, B43_MMIO_DMA3_REASON, dev->dma_reason[3]);
2122 	b43_write32(dev, B43_MMIO_DMA4_REASON, dev->dma_reason[4]);
2123 /* Unused ring
2124 	b43_write32(dev, B43_MMIO_DMA5_REASON, dev->dma_reason[5]);
2125 */
2126 
2127 	/* Disable IRQs on the device. The IRQ thread handler will re-enable them. */
2128 	b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
2129 	/* Save the reason bitmasks for the IRQ thread handler. */
2130 	dev->irq_reason = reason;
2131 
2132 	return IRQ_WAKE_THREAD;
2133 }
2134 
2135 /* Interrupt handler top-half. This runs with interrupts disabled. */
2136 static irqreturn_t b43_interrupt_handler(int irq, void *dev_id)
2137 {
2138 	struct b43_wldev *dev = dev_id;
2139 	irqreturn_t ret;
2140 
2141 	if (unlikely(b43_status(dev) < B43_STAT_STARTED))
2142 		return IRQ_NONE;
2143 
2144 	spin_lock(&dev->wl->hardirq_lock);
2145 	ret = b43_do_interrupt(dev);
2146 	mmiowb();
2147 	spin_unlock(&dev->wl->hardirq_lock);
2148 
2149 	return ret;
2150 }
2151 
2152 /* SDIO interrupt handler. This runs in process context. */
2153 static void b43_sdio_interrupt_handler(struct b43_wldev *dev)
2154 {
2155 	struct b43_wl *wl = dev->wl;
2156 	irqreturn_t ret;
2157 
2158 	mutex_lock(&wl->mutex);
2159 
2160 	ret = b43_do_interrupt(dev);
2161 	if (ret == IRQ_WAKE_THREAD)
2162 		b43_do_interrupt_thread(dev);
2163 
2164 	mutex_unlock(&wl->mutex);
2165 }
2166 
2167 void b43_do_release_fw(struct b43_firmware_file *fw)
2168 {
2169 	release_firmware(fw->data);
2170 	fw->data = NULL;
2171 	fw->filename = NULL;
2172 }
2173 
2174 static void b43_release_firmware(struct b43_wldev *dev)
2175 {
2176 	complete(&dev->fw_load_complete);
2177 	b43_do_release_fw(&dev->fw.ucode);
2178 	b43_do_release_fw(&dev->fw.pcm);
2179 	b43_do_release_fw(&dev->fw.initvals);
2180 	b43_do_release_fw(&dev->fw.initvals_band);
2181 }
2182 
2183 static void b43_print_fw_helptext(struct b43_wl *wl, bool error)
2184 {
2185 	const char text[] =
2186 		"You must go to " \
2187 		"http://wireless.kernel.org/en/users/Drivers/b43#devicefirmware " \
2188 		"and download the correct firmware for this driver version. " \
2189 		"Please carefully read all instructions on this website.\n";
2190 
2191 	if (error)
2192 		b43err(wl, text);
2193 	else
2194 		b43warn(wl, text);
2195 }
2196 
2197 static void b43_fw_cb(const struct firmware *firmware, void *context)
2198 {
2199 	struct b43_request_fw_context *ctx = context;
2200 
2201 	ctx->blob = firmware;
2202 	complete(&ctx->dev->fw_load_complete);
2203 }
2204 
2205 int b43_do_request_fw(struct b43_request_fw_context *ctx,
2206 		      const char *name,
2207 		      struct b43_firmware_file *fw, bool async)
2208 {
2209 	struct b43_fw_header *hdr;
2210 	u32 size;
2211 	int err;
2212 
2213 	if (!name) {
2214 		/* Don't fetch anything. Free possibly cached firmware. */
2215 		/* FIXME: We should probably keep it anyway, to save some headache
2216 		 * on suspend/resume with multiband devices. */
2217 		b43_do_release_fw(fw);
2218 		return 0;
2219 	}
2220 	if (fw->filename) {
2221 		if ((fw->type == ctx->req_type) &&
2222 		    (strcmp(fw->filename, name) == 0))
2223 			return 0; /* Already have this fw. */
2224 		/* Free the cached firmware first. */
2225 		/* FIXME: We should probably do this later after we successfully
2226 		 * got the new fw. This could reduce headache with multiband devices.
2227 		 * We could also redesign this to cache the firmware for all possible
2228 		 * bands all the time. */
2229 		b43_do_release_fw(fw);
2230 	}
2231 
2232 	switch (ctx->req_type) {
2233 	case B43_FWTYPE_PROPRIETARY:
2234 		snprintf(ctx->fwname, sizeof(ctx->fwname),
2235 			 "b43%s/%s.fw",
2236 			 modparam_fwpostfix, name);
2237 		break;
2238 	case B43_FWTYPE_OPENSOURCE:
2239 		snprintf(ctx->fwname, sizeof(ctx->fwname),
2240 			 "b43-open%s/%s.fw",
2241 			 modparam_fwpostfix, name);
2242 		break;
2243 	default:
2244 		B43_WARN_ON(1);
2245 		return -ENOSYS;
2246 	}
2247 	if (async) {
2248 		/* do this part asynchronously */
2249 		init_completion(&ctx->dev->fw_load_complete);
2250 		err = request_firmware_nowait(THIS_MODULE, 1, ctx->fwname,
2251 					      ctx->dev->dev->dev, GFP_KERNEL,
2252 					      ctx, b43_fw_cb);
2253 		if (err < 0) {
2254 			pr_err("Unable to load firmware\n");
2255 			return err;
2256 		}
2257 		wait_for_completion(&ctx->dev->fw_load_complete);
2258 		if (ctx->blob)
2259 			goto fw_ready;
2260 	/* On some ARM systems, the async request will fail, but the next sync
2261 	 * request works. For this reason, we fall through here
2262 	 */
2263 	}
2264 	err = request_firmware(&ctx->blob, ctx->fwname,
2265 			       ctx->dev->dev->dev);
2266 	if (err == -ENOENT) {
2267 		snprintf(ctx->errors[ctx->req_type],
2268 			 sizeof(ctx->errors[ctx->req_type]),
2269 			 "Firmware file \"%s\" not found\n",
2270 			 ctx->fwname);
2271 		return err;
2272 	} else if (err) {
2273 		snprintf(ctx->errors[ctx->req_type],
2274 			 sizeof(ctx->errors[ctx->req_type]),
2275 			 "Firmware file \"%s\" request failed (err=%d)\n",
2276 			 ctx->fwname, err);
2277 		return err;
2278 	}
2279 fw_ready:
2280 	if (ctx->blob->size < sizeof(struct b43_fw_header))
2281 		goto err_format;
2282 	hdr = (struct b43_fw_header *)(ctx->blob->data);
2283 	switch (hdr->type) {
2284 	case B43_FW_TYPE_UCODE:
2285 	case B43_FW_TYPE_PCM:
2286 		size = be32_to_cpu(hdr->size);
2287 		if (size != ctx->blob->size - sizeof(struct b43_fw_header))
2288 			goto err_format;
2289 		/* fallthrough */
2290 	case B43_FW_TYPE_IV:
2291 		if (hdr->ver != 1)
2292 			goto err_format;
2293 		break;
2294 	default:
2295 		goto err_format;
2296 	}
2297 
2298 	fw->data = ctx->blob;
2299 	fw->filename = name;
2300 	fw->type = ctx->req_type;
2301 
2302 	return 0;
2303 
2304 err_format:
2305 	snprintf(ctx->errors[ctx->req_type],
2306 		 sizeof(ctx->errors[ctx->req_type]),
2307 		 "Firmware file \"%s\" format error.\n", ctx->fwname);
2308 	release_firmware(ctx->blob);
2309 
2310 	return -EPROTO;
2311 }
2312 
2313 /* http://bcm-v4.sipsolutions.net/802.11/Init/Firmware */
2314 static int b43_try_request_fw(struct b43_request_fw_context *ctx)
2315 {
2316 	struct b43_wldev *dev = ctx->dev;
2317 	struct b43_firmware *fw = &ctx->dev->fw;
2318 	struct b43_phy *phy = &dev->phy;
2319 	const u8 rev = ctx->dev->dev->core_rev;
2320 	const char *filename;
2321 	int err;
2322 
2323 	/* Get microcode */
2324 	filename = NULL;
2325 	switch (rev) {
2326 	case 42:
2327 		if (phy->type == B43_PHYTYPE_AC)
2328 			filename = "ucode42";
2329 		break;
2330 	case 40:
2331 		if (phy->type == B43_PHYTYPE_AC)
2332 			filename = "ucode40";
2333 		break;
2334 	case 33:
2335 		if (phy->type == B43_PHYTYPE_LCN40)
2336 			filename = "ucode33_lcn40";
2337 		break;
2338 	case 30:
2339 		if (phy->type == B43_PHYTYPE_N)
2340 			filename = "ucode30_mimo";
2341 		break;
2342 	case 29:
2343 		if (phy->type == B43_PHYTYPE_HT)
2344 			filename = "ucode29_mimo";
2345 		break;
2346 	case 26:
2347 		if (phy->type == B43_PHYTYPE_HT)
2348 			filename = "ucode26_mimo";
2349 		break;
2350 	case 28:
2351 	case 25:
2352 		if (phy->type == B43_PHYTYPE_N)
2353 			filename = "ucode25_mimo";
2354 		else if (phy->type == B43_PHYTYPE_LCN)
2355 			filename = "ucode25_lcn";
2356 		break;
2357 	case 24:
2358 		if (phy->type == B43_PHYTYPE_LCN)
2359 			filename = "ucode24_lcn";
2360 		break;
2361 	case 23:
2362 		if (phy->type == B43_PHYTYPE_N)
2363 			filename = "ucode16_mimo";
2364 		break;
2365 	case 16 ... 19:
2366 		if (phy->type == B43_PHYTYPE_N)
2367 			filename = "ucode16_mimo";
2368 		else if (phy->type == B43_PHYTYPE_LP)
2369 			filename = "ucode16_lp";
2370 		break;
2371 	case 15:
2372 		filename = "ucode15";
2373 		break;
2374 	case 14:
2375 		filename = "ucode14";
2376 		break;
2377 	case 13:
2378 		filename = "ucode13";
2379 		break;
2380 	case 11 ... 12:
2381 		filename = "ucode11";
2382 		break;
2383 	case 5 ... 10:
2384 		filename = "ucode5";
2385 		break;
2386 	}
2387 	if (!filename)
2388 		goto err_no_ucode;
2389 	err = b43_do_request_fw(ctx, filename, &fw->ucode, true);
2390 	if (err)
2391 		goto err_load;
2392 
2393 	/* Get PCM code */
2394 	if ((rev >= 5) && (rev <= 10))
2395 		filename = "pcm5";
2396 	else if (rev >= 11)
2397 		filename = NULL;
2398 	else
2399 		goto err_no_pcm;
2400 	fw->pcm_request_failed = false;
2401 	err = b43_do_request_fw(ctx, filename, &fw->pcm, false);
2402 	if (err == -ENOENT) {
2403 		/* We did not find a PCM file? Not fatal, but
2404 		 * core rev <= 10 must do without hwcrypto then. */
2405 		fw->pcm_request_failed = true;
2406 	} else if (err)
2407 		goto err_load;
2408 
2409 	/* Get initvals */
2410 	filename = NULL;
2411 	switch (dev->phy.type) {
2412 	case B43_PHYTYPE_G:
2413 		if (rev == 13)
2414 			filename = "b0g0initvals13";
2415 		else if (rev >= 5 && rev <= 10)
2416 			filename = "b0g0initvals5";
2417 		break;
2418 	case B43_PHYTYPE_N:
2419 		if (rev == 30)
2420 			filename = "n16initvals30";
2421 		else if (rev == 28 || rev == 25)
2422 			filename = "n0initvals25";
2423 		else if (rev == 24)
2424 			filename = "n0initvals24";
2425 		else if (rev == 23)
2426 			filename = "n0initvals16"; /* What about n0initvals22? */
2427 		else if (rev >= 16 && rev <= 18)
2428 			filename = "n0initvals16";
2429 		else if (rev >= 11 && rev <= 12)
2430 			filename = "n0initvals11";
2431 		break;
2432 	case B43_PHYTYPE_LP:
2433 		if (rev >= 16 && rev <= 18)
2434 			filename = "lp0initvals16";
2435 		else if (rev == 15)
2436 			filename = "lp0initvals15";
2437 		else if (rev == 14)
2438 			filename = "lp0initvals14";
2439 		else if (rev == 13)
2440 			filename = "lp0initvals13";
2441 		break;
2442 	case B43_PHYTYPE_HT:
2443 		if (rev == 29)
2444 			filename = "ht0initvals29";
2445 		else if (rev == 26)
2446 			filename = "ht0initvals26";
2447 		break;
2448 	case B43_PHYTYPE_LCN:
2449 		if (rev == 24)
2450 			filename = "lcn0initvals24";
2451 		break;
2452 	case B43_PHYTYPE_LCN40:
2453 		if (rev == 33)
2454 			filename = "lcn400initvals33";
2455 		break;
2456 	case B43_PHYTYPE_AC:
2457 		if (rev == 42)
2458 			filename = "ac1initvals42";
2459 		else if (rev == 40)
2460 			filename = "ac0initvals40";
2461 		break;
2462 	}
2463 	if (!filename)
2464 		goto err_no_initvals;
2465 	err = b43_do_request_fw(ctx, filename, &fw->initvals, false);
2466 	if (err)
2467 		goto err_load;
2468 
2469 	/* Get bandswitch initvals */
2470 	filename = NULL;
2471 	switch (dev->phy.type) {
2472 	case B43_PHYTYPE_G:
2473 		if (rev == 13)
2474 			filename = "b0g0bsinitvals13";
2475 		else if (rev >= 5 && rev <= 10)
2476 			filename = "b0g0bsinitvals5";
2477 		break;
2478 	case B43_PHYTYPE_N:
2479 		if (rev == 30)
2480 			filename = "n16bsinitvals30";
2481 		else if (rev == 28 || rev == 25)
2482 			filename = "n0bsinitvals25";
2483 		else if (rev == 24)
2484 			filename = "n0bsinitvals24";
2485 		else if (rev == 23)
2486 			filename = "n0bsinitvals16"; /* What about n0bsinitvals22? */
2487 		else if (rev >= 16 && rev <= 18)
2488 			filename = "n0bsinitvals16";
2489 		else if (rev >= 11 && rev <= 12)
2490 			filename = "n0bsinitvals11";
2491 		break;
2492 	case B43_PHYTYPE_LP:
2493 		if (rev >= 16 && rev <= 18)
2494 			filename = "lp0bsinitvals16";
2495 		else if (rev == 15)
2496 			filename = "lp0bsinitvals15";
2497 		else if (rev == 14)
2498 			filename = "lp0bsinitvals14";
2499 		else if (rev == 13)
2500 			filename = "lp0bsinitvals13";
2501 		break;
2502 	case B43_PHYTYPE_HT:
2503 		if (rev == 29)
2504 			filename = "ht0bsinitvals29";
2505 		else if (rev == 26)
2506 			filename = "ht0bsinitvals26";
2507 		break;
2508 	case B43_PHYTYPE_LCN:
2509 		if (rev == 24)
2510 			filename = "lcn0bsinitvals24";
2511 		break;
2512 	case B43_PHYTYPE_LCN40:
2513 		if (rev == 33)
2514 			filename = "lcn400bsinitvals33";
2515 		break;
2516 	case B43_PHYTYPE_AC:
2517 		if (rev == 42)
2518 			filename = "ac1bsinitvals42";
2519 		else if (rev == 40)
2520 			filename = "ac0bsinitvals40";
2521 		break;
2522 	}
2523 	if (!filename)
2524 		goto err_no_initvals;
2525 	err = b43_do_request_fw(ctx, filename, &fw->initvals_band, false);
2526 	if (err)
2527 		goto err_load;
2528 
2529 	fw->opensource = (ctx->req_type == B43_FWTYPE_OPENSOURCE);
2530 
2531 	return 0;
2532 
2533 err_no_ucode:
2534 	err = ctx->fatal_failure = -EOPNOTSUPP;
2535 	b43err(dev->wl, "The driver does not know which firmware (ucode) "
2536 	       "is required for your device (wl-core rev %u)\n", rev);
2537 	goto error;
2538 
2539 err_no_pcm:
2540 	err = ctx->fatal_failure = -EOPNOTSUPP;
2541 	b43err(dev->wl, "The driver does not know which firmware (PCM) "
2542 	       "is required for your device (wl-core rev %u)\n", rev);
2543 	goto error;
2544 
2545 err_no_initvals:
2546 	err = ctx->fatal_failure = -EOPNOTSUPP;
2547 	b43err(dev->wl, "The driver does not know which firmware (initvals) "
2548 	       "is required for your device (wl-core rev %u)\n", rev);
2549 	goto error;
2550 
2551 err_load:
2552 	/* We failed to load this firmware image. The error message
2553 	 * already is in ctx->errors. Return and let our caller decide
2554 	 * what to do. */
2555 	goto error;
2556 
2557 error:
2558 	b43_release_firmware(dev);
2559 	return err;
2560 }
2561 
2562 static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl);
2563 static void b43_one_core_detach(struct b43_bus_dev *dev);
2564 static int b43_rng_init(struct b43_wl *wl);
2565 
2566 static void b43_request_firmware(struct work_struct *work)
2567 {
2568 	struct b43_wl *wl = container_of(work,
2569 			    struct b43_wl, firmware_load);
2570 	struct b43_wldev *dev = wl->current_dev;
2571 	struct b43_request_fw_context *ctx;
2572 	unsigned int i;
2573 	int err;
2574 	const char *errmsg;
2575 
2576 	ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
2577 	if (!ctx)
2578 		return;
2579 	ctx->dev = dev;
2580 
2581 	ctx->req_type = B43_FWTYPE_PROPRIETARY;
2582 	err = b43_try_request_fw(ctx);
2583 	if (!err)
2584 		goto start_ieee80211; /* Successfully loaded it. */
2585 	/* Was fw version known? */
2586 	if (ctx->fatal_failure)
2587 		goto out;
2588 
2589 	/* proprietary fw not found, try open source */
2590 	ctx->req_type = B43_FWTYPE_OPENSOURCE;
2591 	err = b43_try_request_fw(ctx);
2592 	if (!err)
2593 		goto start_ieee80211; /* Successfully loaded it. */
2594 	if(ctx->fatal_failure)
2595 		goto out;
2596 
2597 	/* Could not find a usable firmware. Print the errors. */
2598 	for (i = 0; i < B43_NR_FWTYPES; i++) {
2599 		errmsg = ctx->errors[i];
2600 		if (strlen(errmsg))
2601 			b43err(dev->wl, "%s", errmsg);
2602 	}
2603 	b43_print_fw_helptext(dev->wl, 1);
2604 	goto out;
2605 
2606 start_ieee80211:
2607 	wl->hw->queues = B43_QOS_QUEUE_NUM;
2608 	if (!modparam_qos || dev->fw.opensource)
2609 		wl->hw->queues = 1;
2610 
2611 	err = ieee80211_register_hw(wl->hw);
2612 	if (err)
2613 		goto err_one_core_detach;
2614 	wl->hw_registered = true;
2615 	b43_leds_register(wl->current_dev);
2616 
2617 	/* Register HW RNG driver */
2618 	b43_rng_init(wl);
2619 
2620 	goto out;
2621 
2622 err_one_core_detach:
2623 	b43_one_core_detach(dev->dev);
2624 
2625 out:
2626 	kfree(ctx);
2627 }
2628 
2629 static int b43_upload_microcode(struct b43_wldev *dev)
2630 {
2631 	struct wiphy *wiphy = dev->wl->hw->wiphy;
2632 	const size_t hdr_len = sizeof(struct b43_fw_header);
2633 	const __be32 *data;
2634 	unsigned int i, len;
2635 	u16 fwrev, fwpatch, fwdate, fwtime;
2636 	u32 tmp, macctl;
2637 	int err = 0;
2638 
2639 	/* Jump the microcode PSM to offset 0 */
2640 	macctl = b43_read32(dev, B43_MMIO_MACCTL);
2641 	B43_WARN_ON(macctl & B43_MACCTL_PSM_RUN);
2642 	macctl |= B43_MACCTL_PSM_JMP0;
2643 	b43_write32(dev, B43_MMIO_MACCTL, macctl);
2644 	/* Zero out all microcode PSM registers and shared memory. */
2645 	for (i = 0; i < 64; i++)
2646 		b43_shm_write16(dev, B43_SHM_SCRATCH, i, 0);
2647 	for (i = 0; i < 4096; i += 2)
2648 		b43_shm_write16(dev, B43_SHM_SHARED, i, 0);
2649 
2650 	/* Upload Microcode. */
2651 	data = (__be32 *) (dev->fw.ucode.data->data + hdr_len);
2652 	len = (dev->fw.ucode.data->size - hdr_len) / sizeof(__be32);
2653 	b43_shm_control_word(dev, B43_SHM_UCODE | B43_SHM_AUTOINC_W, 0x0000);
2654 	for (i = 0; i < len; i++) {
2655 		b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2656 		udelay(10);
2657 	}
2658 
2659 	if (dev->fw.pcm.data) {
2660 		/* Upload PCM data. */
2661 		data = (__be32 *) (dev->fw.pcm.data->data + hdr_len);
2662 		len = (dev->fw.pcm.data->size - hdr_len) / sizeof(__be32);
2663 		b43_shm_control_word(dev, B43_SHM_HW, 0x01EA);
2664 		b43_write32(dev, B43_MMIO_SHM_DATA, 0x00004000);
2665 		/* No need for autoinc bit in SHM_HW */
2666 		b43_shm_control_word(dev, B43_SHM_HW, 0x01EB);
2667 		for (i = 0; i < len; i++) {
2668 			b43_write32(dev, B43_MMIO_SHM_DATA, be32_to_cpu(data[i]));
2669 			udelay(10);
2670 		}
2671 	}
2672 
2673 	b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, B43_IRQ_ALL);
2674 
2675 	/* Start the microcode PSM */
2676 	b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_JMP0,
2677 		      B43_MACCTL_PSM_RUN);
2678 
2679 	/* Wait for the microcode to load and respond */
2680 	i = 0;
2681 	while (1) {
2682 		tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2683 		if (tmp == B43_IRQ_MAC_SUSPENDED)
2684 			break;
2685 		i++;
2686 		if (i >= 20) {
2687 			b43err(dev->wl, "Microcode not responding\n");
2688 			b43_print_fw_helptext(dev->wl, 1);
2689 			err = -ENODEV;
2690 			goto error;
2691 		}
2692 		msleep(50);
2693 	}
2694 	b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);	/* dummy read */
2695 
2696 	/* Get and check the revisions. */
2697 	fwrev = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEREV);
2698 	fwpatch = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEPATCH);
2699 	fwdate = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODEDATE);
2700 	fwtime = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_UCODETIME);
2701 
2702 	if (fwrev <= 0x128) {
2703 		b43err(dev->wl, "YOUR FIRMWARE IS TOO OLD. Firmware from "
2704 		       "binary drivers older than version 4.x is unsupported. "
2705 		       "You must upgrade your firmware files.\n");
2706 		b43_print_fw_helptext(dev->wl, 1);
2707 		err = -EOPNOTSUPP;
2708 		goto error;
2709 	}
2710 	dev->fw.rev = fwrev;
2711 	dev->fw.patch = fwpatch;
2712 	if (dev->fw.rev >= 598)
2713 		dev->fw.hdr_format = B43_FW_HDR_598;
2714 	else if (dev->fw.rev >= 410)
2715 		dev->fw.hdr_format = B43_FW_HDR_410;
2716 	else
2717 		dev->fw.hdr_format = B43_FW_HDR_351;
2718 	WARN_ON(dev->fw.opensource != (fwdate == 0xFFFF));
2719 
2720 	dev->qos_enabled = dev->wl->hw->queues > 1;
2721 	/* Default to firmware/hardware crypto acceleration. */
2722 	dev->hwcrypto_enabled = true;
2723 
2724 	if (dev->fw.opensource) {
2725 		u16 fwcapa;
2726 
2727 		/* Patchlevel info is encoded in the "time" field. */
2728 		dev->fw.patch = fwtime;
2729 		b43info(dev->wl, "Loading OpenSource firmware version %u.%u\n",
2730 			dev->fw.rev, dev->fw.patch);
2731 
2732 		fwcapa = b43_fwcapa_read(dev);
2733 		if (!(fwcapa & B43_FWCAPA_HWCRYPTO) || dev->fw.pcm_request_failed) {
2734 			b43info(dev->wl, "Hardware crypto acceleration not supported by firmware\n");
2735 			/* Disable hardware crypto and fall back to software crypto. */
2736 			dev->hwcrypto_enabled = false;
2737 		}
2738 		/* adding QoS support should use an offline discovery mechanism */
2739 		WARN(fwcapa & B43_FWCAPA_QOS, "QoS in OpenFW not supported\n");
2740 	} else {
2741 		b43info(dev->wl, "Loading firmware version %u.%u "
2742 			"(20%.2i-%.2i-%.2i %.2i:%.2i:%.2i)\n",
2743 			fwrev, fwpatch,
2744 			(fwdate >> 12) & 0xF, (fwdate >> 8) & 0xF, fwdate & 0xFF,
2745 			(fwtime >> 11) & 0x1F, (fwtime >> 5) & 0x3F, fwtime & 0x1F);
2746 		if (dev->fw.pcm_request_failed) {
2747 			b43warn(dev->wl, "No \"pcm5.fw\" firmware file found. "
2748 				"Hardware accelerated cryptography is disabled.\n");
2749 			b43_print_fw_helptext(dev->wl, 0);
2750 		}
2751 	}
2752 
2753 	snprintf(wiphy->fw_version, sizeof(wiphy->fw_version), "%u.%u",
2754 			dev->fw.rev, dev->fw.patch);
2755 	wiphy->hw_version = dev->dev->core_id;
2756 
2757 	if (dev->fw.hdr_format == B43_FW_HDR_351) {
2758 		/* We're over the deadline, but we keep support for old fw
2759 		 * until it turns out to be in major conflict with something new. */
2760 		b43warn(dev->wl, "You are using an old firmware image. "
2761 			"Support for old firmware will be removed soon "
2762 			"(official deadline was July 2008).\n");
2763 		b43_print_fw_helptext(dev->wl, 0);
2764 	}
2765 
2766 	return 0;
2767 
2768 error:
2769 	/* Stop the microcode PSM. */
2770 	b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
2771 		      B43_MACCTL_PSM_JMP0);
2772 
2773 	return err;
2774 }
2775 
2776 static int b43_write_initvals(struct b43_wldev *dev,
2777 			      const struct b43_iv *ivals,
2778 			      size_t count,
2779 			      size_t array_size)
2780 {
2781 	const struct b43_iv *iv;
2782 	u16 offset;
2783 	size_t i;
2784 	bool bit32;
2785 
2786 	BUILD_BUG_ON(sizeof(struct b43_iv) != 6);
2787 	iv = ivals;
2788 	for (i = 0; i < count; i++) {
2789 		if (array_size < sizeof(iv->offset_size))
2790 			goto err_format;
2791 		array_size -= sizeof(iv->offset_size);
2792 		offset = be16_to_cpu(iv->offset_size);
2793 		bit32 = !!(offset & B43_IV_32BIT);
2794 		offset &= B43_IV_OFFSET_MASK;
2795 		if (offset >= 0x1000)
2796 			goto err_format;
2797 		if (bit32) {
2798 			u32 value;
2799 
2800 			if (array_size < sizeof(iv->data.d32))
2801 				goto err_format;
2802 			array_size -= sizeof(iv->data.d32);
2803 
2804 			value = get_unaligned_be32(&iv->data.d32);
2805 			b43_write32(dev, offset, value);
2806 
2807 			iv = (const struct b43_iv *)((const uint8_t *)iv +
2808 							sizeof(__be16) +
2809 							sizeof(__be32));
2810 		} else {
2811 			u16 value;
2812 
2813 			if (array_size < sizeof(iv->data.d16))
2814 				goto err_format;
2815 			array_size -= sizeof(iv->data.d16);
2816 
2817 			value = be16_to_cpu(iv->data.d16);
2818 			b43_write16(dev, offset, value);
2819 
2820 			iv = (const struct b43_iv *)((const uint8_t *)iv +
2821 							sizeof(__be16) +
2822 							sizeof(__be16));
2823 		}
2824 	}
2825 	if (array_size)
2826 		goto err_format;
2827 
2828 	return 0;
2829 
2830 err_format:
2831 	b43err(dev->wl, "Initial Values Firmware file-format error.\n");
2832 	b43_print_fw_helptext(dev->wl, 1);
2833 
2834 	return -EPROTO;
2835 }
2836 
2837 static int b43_upload_initvals(struct b43_wldev *dev)
2838 {
2839 	const size_t hdr_len = sizeof(struct b43_fw_header);
2840 	const struct b43_fw_header *hdr;
2841 	struct b43_firmware *fw = &dev->fw;
2842 	const struct b43_iv *ivals;
2843 	size_t count;
2844 
2845 	hdr = (const struct b43_fw_header *)(fw->initvals.data->data);
2846 	ivals = (const struct b43_iv *)(fw->initvals.data->data + hdr_len);
2847 	count = be32_to_cpu(hdr->size);
2848 	return b43_write_initvals(dev, ivals, count,
2849 				 fw->initvals.data->size - hdr_len);
2850 }
2851 
2852 static int b43_upload_initvals_band(struct b43_wldev *dev)
2853 {
2854 	const size_t hdr_len = sizeof(struct b43_fw_header);
2855 	const struct b43_fw_header *hdr;
2856 	struct b43_firmware *fw = &dev->fw;
2857 	const struct b43_iv *ivals;
2858 	size_t count;
2859 
2860 	if (!fw->initvals_band.data)
2861 		return 0;
2862 
2863 	hdr = (const struct b43_fw_header *)(fw->initvals_band.data->data);
2864 	ivals = (const struct b43_iv *)(fw->initvals_band.data->data + hdr_len);
2865 	count = be32_to_cpu(hdr->size);
2866 	return b43_write_initvals(dev, ivals, count,
2867 				  fw->initvals_band.data->size - hdr_len);
2868 }
2869 
2870 /* Initialize the GPIOs
2871  * http://bcm-specs.sipsolutions.net/GPIO
2872  */
2873 
2874 #ifdef CONFIG_B43_SSB
2875 static struct ssb_device *b43_ssb_gpio_dev(struct b43_wldev *dev)
2876 {
2877 	struct ssb_bus *bus = dev->dev->sdev->bus;
2878 
2879 #ifdef CONFIG_SSB_DRIVER_PCICORE
2880 	return (bus->chipco.dev ? bus->chipco.dev : bus->pcicore.dev);
2881 #else
2882 	return bus->chipco.dev;
2883 #endif
2884 }
2885 #endif
2886 
2887 static int b43_gpio_init(struct b43_wldev *dev)
2888 {
2889 #ifdef CONFIG_B43_SSB
2890 	struct ssb_device *gpiodev;
2891 #endif
2892 	u32 mask, set;
2893 
2894 	b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_GPOUTSMSK, 0);
2895 	b43_maskset16(dev, B43_MMIO_GPIO_MASK, ~0, 0xF);
2896 
2897 	mask = 0x0000001F;
2898 	set = 0x0000000F;
2899 	if (dev->dev->chip_id == 0x4301) {
2900 		mask |= 0x0060;
2901 		set |= 0x0060;
2902 	} else if (dev->dev->chip_id == 0x5354) {
2903 		/* Don't allow overtaking buttons GPIOs */
2904 		set &= 0x2; /* 0x2 is LED GPIO on BCM5354 */
2905 	}
2906 
2907 	if (0 /* FIXME: conditional unknown */ ) {
2908 		b43_write16(dev, B43_MMIO_GPIO_MASK,
2909 			    b43_read16(dev, B43_MMIO_GPIO_MASK)
2910 			    | 0x0100);
2911 		/* BT Coexistance Input */
2912 		mask |= 0x0080;
2913 		set |= 0x0080;
2914 		/* BT Coexistance Out */
2915 		mask |= 0x0100;
2916 		set |= 0x0100;
2917 	}
2918 	if (dev->dev->bus_sprom->boardflags_lo & B43_BFL_PACTRL) {
2919 		/* PA is controlled by gpio 9, let ucode handle it */
2920 		b43_write16(dev, B43_MMIO_GPIO_MASK,
2921 			    b43_read16(dev, B43_MMIO_GPIO_MASK)
2922 			    | 0x0200);
2923 		mask |= 0x0200;
2924 		set |= 0x0200;
2925 	}
2926 
2927 	switch (dev->dev->bus_type) {
2928 #ifdef CONFIG_B43_BCMA
2929 	case B43_BUS_BCMA:
2930 		bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, mask, set);
2931 		break;
2932 #endif
2933 #ifdef CONFIG_B43_SSB
2934 	case B43_BUS_SSB:
2935 		gpiodev = b43_ssb_gpio_dev(dev);
2936 		if (gpiodev)
2937 			ssb_write32(gpiodev, B43_GPIO_CONTROL,
2938 				    (ssb_read32(gpiodev, B43_GPIO_CONTROL)
2939 				    & ~mask) | set);
2940 		break;
2941 #endif
2942 	}
2943 
2944 	return 0;
2945 }
2946 
2947 /* Turn off all GPIO stuff. Call this on module unload, for example. */
2948 static void b43_gpio_cleanup(struct b43_wldev *dev)
2949 {
2950 #ifdef CONFIG_B43_SSB
2951 	struct ssb_device *gpiodev;
2952 #endif
2953 
2954 	switch (dev->dev->bus_type) {
2955 #ifdef CONFIG_B43_BCMA
2956 	case B43_BUS_BCMA:
2957 		bcma_chipco_gpio_control(&dev->dev->bdev->bus->drv_cc, ~0, 0);
2958 		break;
2959 #endif
2960 #ifdef CONFIG_B43_SSB
2961 	case B43_BUS_SSB:
2962 		gpiodev = b43_ssb_gpio_dev(dev);
2963 		if (gpiodev)
2964 			ssb_write32(gpiodev, B43_GPIO_CONTROL, 0);
2965 		break;
2966 #endif
2967 	}
2968 }
2969 
2970 /* http://bcm-specs.sipsolutions.net/EnableMac */
2971 void b43_mac_enable(struct b43_wldev *dev)
2972 {
2973 	if (b43_debug(dev, B43_DBG_FIRMWARE)) {
2974 		u16 fwstate;
2975 
2976 		fwstate = b43_shm_read16(dev, B43_SHM_SHARED,
2977 					 B43_SHM_SH_UCODESTAT);
2978 		if ((fwstate != B43_SHM_SH_UCODESTAT_SUSP) &&
2979 		    (fwstate != B43_SHM_SH_UCODESTAT_SLEEP)) {
2980 			b43err(dev->wl, "b43_mac_enable(): The firmware "
2981 			       "should be suspended, but current state is %u\n",
2982 			       fwstate);
2983 		}
2984 	}
2985 
2986 	dev->mac_suspended--;
2987 	B43_WARN_ON(dev->mac_suspended < 0);
2988 	if (dev->mac_suspended == 0) {
2989 		b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_ENABLED);
2990 		b43_write32(dev, B43_MMIO_GEN_IRQ_REASON,
2991 			    B43_IRQ_MAC_SUSPENDED);
2992 		/* Commit writes */
2993 		b43_read32(dev, B43_MMIO_MACCTL);
2994 		b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
2995 		b43_power_saving_ctl_bits(dev, 0);
2996 	}
2997 }
2998 
2999 /* http://bcm-specs.sipsolutions.net/SuspendMAC */
3000 void b43_mac_suspend(struct b43_wldev *dev)
3001 {
3002 	int i;
3003 	u32 tmp;
3004 
3005 	might_sleep();
3006 	B43_WARN_ON(dev->mac_suspended < 0);
3007 
3008 	if (dev->mac_suspended == 0) {
3009 		b43_power_saving_ctl_bits(dev, B43_PS_AWAKE);
3010 		b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_ENABLED, 0);
3011 		/* force pci to flush the write */
3012 		b43_read32(dev, B43_MMIO_MACCTL);
3013 		for (i = 35; i; i--) {
3014 			tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
3015 			if (tmp & B43_IRQ_MAC_SUSPENDED)
3016 				goto out;
3017 			udelay(10);
3018 		}
3019 		/* Hm, it seems this will take some time. Use msleep(). */
3020 		for (i = 40; i; i--) {
3021 			tmp = b43_read32(dev, B43_MMIO_GEN_IRQ_REASON);
3022 			if (tmp & B43_IRQ_MAC_SUSPENDED)
3023 				goto out;
3024 			msleep(1);
3025 		}
3026 		b43err(dev->wl, "MAC suspend failed\n");
3027 	}
3028 out:
3029 	dev->mac_suspended++;
3030 }
3031 
3032 /* http://bcm-v4.sipsolutions.net/802.11/PHY/N/MacPhyClkSet */
3033 void b43_mac_phy_clock_set(struct b43_wldev *dev, bool on)
3034 {
3035 	u32 tmp;
3036 
3037 	switch (dev->dev->bus_type) {
3038 #ifdef CONFIG_B43_BCMA
3039 	case B43_BUS_BCMA:
3040 		tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
3041 		if (on)
3042 			tmp |= B43_BCMA_IOCTL_MACPHYCLKEN;
3043 		else
3044 			tmp &= ~B43_BCMA_IOCTL_MACPHYCLKEN;
3045 		bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
3046 		break;
3047 #endif
3048 #ifdef CONFIG_B43_SSB
3049 	case B43_BUS_SSB:
3050 		tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3051 		if (on)
3052 			tmp |= B43_TMSLOW_MACPHYCLKEN;
3053 		else
3054 			tmp &= ~B43_TMSLOW_MACPHYCLKEN;
3055 		ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3056 		break;
3057 #endif
3058 	}
3059 }
3060 
3061 /* brcms_b_switch_macfreq */
3062 void b43_mac_switch_freq(struct b43_wldev *dev, u8 spurmode)
3063 {
3064 	u16 chip_id = dev->dev->chip_id;
3065 
3066 	if (chip_id == BCMA_CHIP_ID_BCM4331) {
3067 		switch (spurmode) {
3068 		case 2: /* 168 Mhz: 2^26/168 = 0x61862 */
3069 			b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x1862);
3070 			b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3071 			break;
3072 		case 1: /* 164 Mhz: 2^26/164 = 0x63e70 */
3073 			b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x3e70);
3074 			b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3075 			break;
3076 		default: /* 160 Mhz: 2^26/160 = 0x66666 */
3077 			b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x6666);
3078 			b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x6);
3079 			break;
3080 		}
3081 	} else if (chip_id == BCMA_CHIP_ID_BCM43131 ||
3082 	    chip_id == BCMA_CHIP_ID_BCM43217 ||
3083 	    chip_id == BCMA_CHIP_ID_BCM43222 ||
3084 	    chip_id == BCMA_CHIP_ID_BCM43224 ||
3085 	    chip_id == BCMA_CHIP_ID_BCM43225 ||
3086 	    chip_id == BCMA_CHIP_ID_BCM43227 ||
3087 	    chip_id == BCMA_CHIP_ID_BCM43228) {
3088 		switch (spurmode) {
3089 		case 2: /* 126 Mhz */
3090 			b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x2082);
3091 			b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3092 			break;
3093 		case 1: /* 123 Mhz */
3094 			b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x5341);
3095 			b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3096 			break;
3097 		default: /* 120 Mhz */
3098 			b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x8889);
3099 			b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0x8);
3100 			break;
3101 		}
3102 	} else if (dev->phy.type == B43_PHYTYPE_LCN) {
3103 		switch (spurmode) {
3104 		case 1: /* 82 Mhz */
3105 			b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0x7CE0);
3106 			b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0xC);
3107 			break;
3108 		default: /* 80 Mhz */
3109 			b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_LOW, 0xCCCD);
3110 			b43_write16(dev, B43_MMIO_TSF_CLK_FRAC_HIGH, 0xC);
3111 			break;
3112 		}
3113 	}
3114 }
3115 
3116 static void b43_adjust_opmode(struct b43_wldev *dev)
3117 {
3118 	struct b43_wl *wl = dev->wl;
3119 	u32 ctl;
3120 	u16 cfp_pretbtt;
3121 
3122 	ctl = b43_read32(dev, B43_MMIO_MACCTL);
3123 	/* Reset status to STA infrastructure mode. */
3124 	ctl &= ~B43_MACCTL_AP;
3125 	ctl &= ~B43_MACCTL_KEEP_CTL;
3126 	ctl &= ~B43_MACCTL_KEEP_BADPLCP;
3127 	ctl &= ~B43_MACCTL_KEEP_BAD;
3128 	ctl &= ~B43_MACCTL_PROMISC;
3129 	ctl &= ~B43_MACCTL_BEACPROMISC;
3130 	ctl |= B43_MACCTL_INFRA;
3131 
3132 	if (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
3133 	    b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT))
3134 		ctl |= B43_MACCTL_AP;
3135 	else if (b43_is_mode(wl, NL80211_IFTYPE_ADHOC))
3136 		ctl &= ~B43_MACCTL_INFRA;
3137 
3138 	if (wl->filter_flags & FIF_CONTROL)
3139 		ctl |= B43_MACCTL_KEEP_CTL;
3140 	if (wl->filter_flags & FIF_FCSFAIL)
3141 		ctl |= B43_MACCTL_KEEP_BAD;
3142 	if (wl->filter_flags & FIF_PLCPFAIL)
3143 		ctl |= B43_MACCTL_KEEP_BADPLCP;
3144 	if (wl->filter_flags & FIF_BCN_PRBRESP_PROMISC)
3145 		ctl |= B43_MACCTL_BEACPROMISC;
3146 
3147 	/* Workaround: On old hardware the HW-MAC-address-filter
3148 	 * doesn't work properly, so always run promisc in filter
3149 	 * it in software. */
3150 	if (dev->dev->core_rev <= 4)
3151 		ctl |= B43_MACCTL_PROMISC;
3152 
3153 	b43_write32(dev, B43_MMIO_MACCTL, ctl);
3154 
3155 	cfp_pretbtt = 2;
3156 	if ((ctl & B43_MACCTL_INFRA) && !(ctl & B43_MACCTL_AP)) {
3157 		if (dev->dev->chip_id == 0x4306 &&
3158 		    dev->dev->chip_rev == 3)
3159 			cfp_pretbtt = 100;
3160 		else
3161 			cfp_pretbtt = 50;
3162 	}
3163 	b43_write16(dev, 0x612, cfp_pretbtt);
3164 
3165 	/* FIXME: We don't currently implement the PMQ mechanism,
3166 	 *        so always disable it. If we want to implement PMQ,
3167 	 *        we need to enable it here (clear DISCPMQ) in AP mode.
3168 	 */
3169 	if (0  /* ctl & B43_MACCTL_AP */)
3170 		b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_DISCPMQ, 0);
3171 	else
3172 		b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_DISCPMQ);
3173 }
3174 
3175 static void b43_rate_memory_write(struct b43_wldev *dev, u16 rate, int is_ofdm)
3176 {
3177 	u16 offset;
3178 
3179 	if (is_ofdm) {
3180 		offset = 0x480;
3181 		offset += (b43_plcp_get_ratecode_ofdm(rate) & 0x000F) * 2;
3182 	} else {
3183 		offset = 0x4C0;
3184 		offset += (b43_plcp_get_ratecode_cck(rate) & 0x000F) * 2;
3185 	}
3186 	b43_shm_write16(dev, B43_SHM_SHARED, offset + 0x20,
3187 			b43_shm_read16(dev, B43_SHM_SHARED, offset));
3188 }
3189 
3190 static void b43_rate_memory_init(struct b43_wldev *dev)
3191 {
3192 	switch (dev->phy.type) {
3193 	case B43_PHYTYPE_G:
3194 	case B43_PHYTYPE_N:
3195 	case B43_PHYTYPE_LP:
3196 	case B43_PHYTYPE_HT:
3197 	case B43_PHYTYPE_LCN:
3198 		b43_rate_memory_write(dev, B43_OFDM_RATE_6MB, 1);
3199 		b43_rate_memory_write(dev, B43_OFDM_RATE_9MB, 1);
3200 		b43_rate_memory_write(dev, B43_OFDM_RATE_12MB, 1);
3201 		b43_rate_memory_write(dev, B43_OFDM_RATE_18MB, 1);
3202 		b43_rate_memory_write(dev, B43_OFDM_RATE_24MB, 1);
3203 		b43_rate_memory_write(dev, B43_OFDM_RATE_36MB, 1);
3204 		b43_rate_memory_write(dev, B43_OFDM_RATE_48MB, 1);
3205 		b43_rate_memory_write(dev, B43_OFDM_RATE_54MB, 1);
3206 		/* fallthrough */
3207 	case B43_PHYTYPE_B:
3208 		b43_rate_memory_write(dev, B43_CCK_RATE_1MB, 0);
3209 		b43_rate_memory_write(dev, B43_CCK_RATE_2MB, 0);
3210 		b43_rate_memory_write(dev, B43_CCK_RATE_5MB, 0);
3211 		b43_rate_memory_write(dev, B43_CCK_RATE_11MB, 0);
3212 		break;
3213 	default:
3214 		B43_WARN_ON(1);
3215 	}
3216 }
3217 
3218 /* Set the default values for the PHY TX Control Words. */
3219 static void b43_set_phytxctl_defaults(struct b43_wldev *dev)
3220 {
3221 	u16 ctl = 0;
3222 
3223 	ctl |= B43_TXH_PHY_ENC_CCK;
3224 	ctl |= B43_TXH_PHY_ANT01AUTO;
3225 	ctl |= B43_TXH_PHY_TXPWR;
3226 
3227 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BEACPHYCTL, ctl);
3228 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, ctl);
3229 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, ctl);
3230 }
3231 
3232 /* Set the TX-Antenna for management frames sent by firmware. */
3233 static void b43_mgmtframe_txantenna(struct b43_wldev *dev, int antenna)
3234 {
3235 	u16 ant;
3236 	u16 tmp;
3237 
3238 	ant = b43_antenna_to_phyctl(antenna);
3239 
3240 	/* For ACK/CTS */
3241 	tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL);
3242 	tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3243 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_ACKCTSPHYCTL, tmp);
3244 	/* For Probe Resposes */
3245 	tmp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL);
3246 	tmp = (tmp & ~B43_TXH_PHY_ANT) | ant;
3247 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRPHYCTL, tmp);
3248 }
3249 
3250 /* This is the opposite of b43_chip_init() */
3251 static void b43_chip_exit(struct b43_wldev *dev)
3252 {
3253 	b43_phy_exit(dev);
3254 	b43_gpio_cleanup(dev);
3255 	/* firmware is released later */
3256 }
3257 
3258 /* Initialize the chip
3259  * http://bcm-specs.sipsolutions.net/ChipInit
3260  */
3261 static int b43_chip_init(struct b43_wldev *dev)
3262 {
3263 	struct b43_phy *phy = &dev->phy;
3264 	int err;
3265 	u32 macctl;
3266 	u16 value16;
3267 
3268 	/* Initialize the MAC control */
3269 	macctl = B43_MACCTL_IHR_ENABLED | B43_MACCTL_SHM_ENABLED;
3270 	if (dev->phy.gmode)
3271 		macctl |= B43_MACCTL_GMODE;
3272 	macctl |= B43_MACCTL_INFRA;
3273 	b43_write32(dev, B43_MMIO_MACCTL, macctl);
3274 
3275 	err = b43_upload_microcode(dev);
3276 	if (err)
3277 		goto out;	/* firmware is released later */
3278 
3279 	err = b43_gpio_init(dev);
3280 	if (err)
3281 		goto out;	/* firmware is released later */
3282 
3283 	err = b43_upload_initvals(dev);
3284 	if (err)
3285 		goto err_gpio_clean;
3286 
3287 	err = b43_upload_initvals_band(dev);
3288 	if (err)
3289 		goto err_gpio_clean;
3290 
3291 	/* Turn the Analog on and initialize the PHY. */
3292 	phy->ops->switch_analog(dev, 1);
3293 	err = b43_phy_init(dev);
3294 	if (err)
3295 		goto err_gpio_clean;
3296 
3297 	/* Disable Interference Mitigation. */
3298 	if (phy->ops->interf_mitigation)
3299 		phy->ops->interf_mitigation(dev, B43_INTERFMODE_NONE);
3300 
3301 	/* Select the antennae */
3302 	if (phy->ops->set_rx_antenna)
3303 		phy->ops->set_rx_antenna(dev, B43_ANTENNA_DEFAULT);
3304 	b43_mgmtframe_txantenna(dev, B43_ANTENNA_DEFAULT);
3305 
3306 	if (phy->type == B43_PHYTYPE_B) {
3307 		value16 = b43_read16(dev, 0x005E);
3308 		value16 |= 0x0004;
3309 		b43_write16(dev, 0x005E, value16);
3310 	}
3311 	b43_write32(dev, 0x0100, 0x01000000);
3312 	if (dev->dev->core_rev < 5)
3313 		b43_write32(dev, 0x010C, 0x01000000);
3314 
3315 	b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_INFRA, 0);
3316 	b43_maskset32(dev, B43_MMIO_MACCTL, ~0, B43_MACCTL_INFRA);
3317 
3318 	/* Probe Response Timeout value */
3319 	/* FIXME: Default to 0, has to be set by ioctl probably... :-/ */
3320 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 0);
3321 
3322 	/* Initially set the wireless operation mode. */
3323 	b43_adjust_opmode(dev);
3324 
3325 	if (dev->dev->core_rev < 3) {
3326 		b43_write16(dev, 0x060E, 0x0000);
3327 		b43_write16(dev, 0x0610, 0x8000);
3328 		b43_write16(dev, 0x0604, 0x0000);
3329 		b43_write16(dev, 0x0606, 0x0200);
3330 	} else {
3331 		b43_write32(dev, 0x0188, 0x80000000);
3332 		b43_write32(dev, 0x018C, 0x02000000);
3333 	}
3334 	b43_write32(dev, B43_MMIO_GEN_IRQ_REASON, 0x00004000);
3335 	b43_write32(dev, B43_MMIO_DMA0_IRQ_MASK, 0x0001FC00);
3336 	b43_write32(dev, B43_MMIO_DMA1_IRQ_MASK, 0x0000DC00);
3337 	b43_write32(dev, B43_MMIO_DMA2_IRQ_MASK, 0x0000DC00);
3338 	b43_write32(dev, B43_MMIO_DMA3_IRQ_MASK, 0x0001DC00);
3339 	b43_write32(dev, B43_MMIO_DMA4_IRQ_MASK, 0x0000DC00);
3340 	b43_write32(dev, B43_MMIO_DMA5_IRQ_MASK, 0x0000DC00);
3341 
3342 	b43_mac_phy_clock_set(dev, true);
3343 
3344 	switch (dev->dev->bus_type) {
3345 #ifdef CONFIG_B43_BCMA
3346 	case B43_BUS_BCMA:
3347 		/* FIXME: 0xE74 is quite common, but should be read from CC */
3348 		b43_write16(dev, B43_MMIO_POWERUP_DELAY, 0xE74);
3349 		break;
3350 #endif
3351 #ifdef CONFIG_B43_SSB
3352 	case B43_BUS_SSB:
3353 		b43_write16(dev, B43_MMIO_POWERUP_DELAY,
3354 			    dev->dev->sdev->bus->chipco.fast_pwrup_delay);
3355 		break;
3356 #endif
3357 	}
3358 
3359 	err = 0;
3360 	b43dbg(dev->wl, "Chip initialized\n");
3361 out:
3362 	return err;
3363 
3364 err_gpio_clean:
3365 	b43_gpio_cleanup(dev);
3366 	return err;
3367 }
3368 
3369 static void b43_periodic_every60sec(struct b43_wldev *dev)
3370 {
3371 	const struct b43_phy_operations *ops = dev->phy.ops;
3372 
3373 	if (ops->pwork_60sec)
3374 		ops->pwork_60sec(dev);
3375 
3376 	/* Force check the TX power emission now. */
3377 	b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME);
3378 }
3379 
3380 static void b43_periodic_every30sec(struct b43_wldev *dev)
3381 {
3382 	/* Update device statistics. */
3383 	b43_calculate_link_quality(dev);
3384 }
3385 
3386 static void b43_periodic_every15sec(struct b43_wldev *dev)
3387 {
3388 	struct b43_phy *phy = &dev->phy;
3389 	u16 wdr;
3390 
3391 	if (dev->fw.opensource) {
3392 		/* Check if the firmware is still alive.
3393 		 * It will reset the watchdog counter to 0 in its idle loop. */
3394 		wdr = b43_shm_read16(dev, B43_SHM_SCRATCH, B43_WATCHDOG_REG);
3395 		if (unlikely(wdr)) {
3396 			b43err(dev->wl, "Firmware watchdog: The firmware died!\n");
3397 			b43_controller_restart(dev, "Firmware watchdog");
3398 			return;
3399 		} else {
3400 			b43_shm_write16(dev, B43_SHM_SCRATCH,
3401 					B43_WATCHDOG_REG, 1);
3402 		}
3403 	}
3404 
3405 	if (phy->ops->pwork_15sec)
3406 		phy->ops->pwork_15sec(dev);
3407 
3408 	atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
3409 	wmb();
3410 
3411 #if B43_DEBUG
3412 	if (b43_debug(dev, B43_DBG_VERBOSESTATS)) {
3413 		unsigned int i;
3414 
3415 		b43dbg(dev->wl, "Stats: %7u IRQs/sec, %7u TX/sec, %7u RX/sec\n",
3416 		       dev->irq_count / 15,
3417 		       dev->tx_count / 15,
3418 		       dev->rx_count / 15);
3419 		dev->irq_count = 0;
3420 		dev->tx_count = 0;
3421 		dev->rx_count = 0;
3422 		for (i = 0; i < ARRAY_SIZE(dev->irq_bit_count); i++) {
3423 			if (dev->irq_bit_count[i]) {
3424 				b43dbg(dev->wl, "Stats: %7u IRQ-%02u/sec (0x%08X)\n",
3425 				       dev->irq_bit_count[i] / 15, i, (1 << i));
3426 				dev->irq_bit_count[i] = 0;
3427 			}
3428 		}
3429 	}
3430 #endif
3431 }
3432 
3433 static void do_periodic_work(struct b43_wldev *dev)
3434 {
3435 	unsigned int state;
3436 
3437 	state = dev->periodic_state;
3438 	if (state % 4 == 0)
3439 		b43_periodic_every60sec(dev);
3440 	if (state % 2 == 0)
3441 		b43_periodic_every30sec(dev);
3442 	b43_periodic_every15sec(dev);
3443 }
3444 
3445 /* Periodic work locking policy:
3446  * 	The whole periodic work handler is protected by
3447  * 	wl->mutex. If another lock is needed somewhere in the
3448  * 	pwork callchain, it's acquired in-place, where it's needed.
3449  */
3450 static void b43_periodic_work_handler(struct work_struct *work)
3451 {
3452 	struct b43_wldev *dev = container_of(work, struct b43_wldev,
3453 					     periodic_work.work);
3454 	struct b43_wl *wl = dev->wl;
3455 	unsigned long delay;
3456 
3457 	mutex_lock(&wl->mutex);
3458 
3459 	if (unlikely(b43_status(dev) != B43_STAT_STARTED))
3460 		goto out;
3461 	if (b43_debug(dev, B43_DBG_PWORK_STOP))
3462 		goto out_requeue;
3463 
3464 	do_periodic_work(dev);
3465 
3466 	dev->periodic_state++;
3467 out_requeue:
3468 	if (b43_debug(dev, B43_DBG_PWORK_FAST))
3469 		delay = msecs_to_jiffies(50);
3470 	else
3471 		delay = round_jiffies_relative(HZ * 15);
3472 	ieee80211_queue_delayed_work(wl->hw, &dev->periodic_work, delay);
3473 out:
3474 	mutex_unlock(&wl->mutex);
3475 }
3476 
3477 static void b43_periodic_tasks_setup(struct b43_wldev *dev)
3478 {
3479 	struct delayed_work *work = &dev->periodic_work;
3480 
3481 	dev->periodic_state = 0;
3482 	INIT_DELAYED_WORK(work, b43_periodic_work_handler);
3483 	ieee80211_queue_delayed_work(dev->wl->hw, work, 0);
3484 }
3485 
3486 /* Check if communication with the device works correctly. */
3487 static int b43_validate_chipaccess(struct b43_wldev *dev)
3488 {
3489 	u32 v, backup0, backup4;
3490 
3491 	backup0 = b43_shm_read32(dev, B43_SHM_SHARED, 0);
3492 	backup4 = b43_shm_read32(dev, B43_SHM_SHARED, 4);
3493 
3494 	/* Check for read/write and endianness problems. */
3495 	b43_shm_write32(dev, B43_SHM_SHARED, 0, 0x55AAAA55);
3496 	if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0x55AAAA55)
3497 		goto error;
3498 	b43_shm_write32(dev, B43_SHM_SHARED, 0, 0xAA5555AA);
3499 	if (b43_shm_read32(dev, B43_SHM_SHARED, 0) != 0xAA5555AA)
3500 		goto error;
3501 
3502 	/* Check if unaligned 32bit SHM_SHARED access works properly.
3503 	 * However, don't bail out on failure, because it's noncritical. */
3504 	b43_shm_write16(dev, B43_SHM_SHARED, 0, 0x1122);
3505 	b43_shm_write16(dev, B43_SHM_SHARED, 2, 0x3344);
3506 	b43_shm_write16(dev, B43_SHM_SHARED, 4, 0x5566);
3507 	b43_shm_write16(dev, B43_SHM_SHARED, 6, 0x7788);
3508 	if (b43_shm_read32(dev, B43_SHM_SHARED, 2) != 0x55663344)
3509 		b43warn(dev->wl, "Unaligned 32bit SHM read access is broken\n");
3510 	b43_shm_write32(dev, B43_SHM_SHARED, 2, 0xAABBCCDD);
3511 	if (b43_shm_read16(dev, B43_SHM_SHARED, 0) != 0x1122 ||
3512 	    b43_shm_read16(dev, B43_SHM_SHARED, 2) != 0xCCDD ||
3513 	    b43_shm_read16(dev, B43_SHM_SHARED, 4) != 0xAABB ||
3514 	    b43_shm_read16(dev, B43_SHM_SHARED, 6) != 0x7788)
3515 		b43warn(dev->wl, "Unaligned 32bit SHM write access is broken\n");
3516 
3517 	b43_shm_write32(dev, B43_SHM_SHARED, 0, backup0);
3518 	b43_shm_write32(dev, B43_SHM_SHARED, 4, backup4);
3519 
3520 	if ((dev->dev->core_rev >= 3) && (dev->dev->core_rev <= 10)) {
3521 		/* The 32bit register shadows the two 16bit registers
3522 		 * with update sideeffects. Validate this. */
3523 		b43_write16(dev, B43_MMIO_TSF_CFP_START, 0xAAAA);
3524 		b43_write32(dev, B43_MMIO_TSF_CFP_START, 0xCCCCBBBB);
3525 		if (b43_read16(dev, B43_MMIO_TSF_CFP_START_LOW) != 0xBBBB)
3526 			goto error;
3527 		if (b43_read16(dev, B43_MMIO_TSF_CFP_START_HIGH) != 0xCCCC)
3528 			goto error;
3529 	}
3530 	b43_write32(dev, B43_MMIO_TSF_CFP_START, 0);
3531 
3532 	v = b43_read32(dev, B43_MMIO_MACCTL);
3533 	v |= B43_MACCTL_GMODE;
3534 	if (v != (B43_MACCTL_GMODE | B43_MACCTL_IHR_ENABLED))
3535 		goto error;
3536 
3537 	return 0;
3538 error:
3539 	b43err(dev->wl, "Failed to validate the chipaccess\n");
3540 	return -ENODEV;
3541 }
3542 
3543 static void b43_security_init(struct b43_wldev *dev)
3544 {
3545 	dev->ktp = b43_shm_read16(dev, B43_SHM_SHARED, B43_SHM_SH_KTP);
3546 	/* KTP is a word address, but we address SHM bytewise.
3547 	 * So multiply by two.
3548 	 */
3549 	dev->ktp *= 2;
3550 	/* Number of RCMTA address slots */
3551 	b43_write16(dev, B43_MMIO_RCMTA_COUNT, B43_NR_PAIRWISE_KEYS);
3552 	/* Clear the key memory. */
3553 	b43_clear_keys(dev);
3554 }
3555 
3556 #ifdef CONFIG_B43_HWRNG
3557 static int b43_rng_read(struct hwrng *rng, u32 *data)
3558 {
3559 	struct b43_wl *wl = (struct b43_wl *)rng->priv;
3560 	struct b43_wldev *dev;
3561 	int count = -ENODEV;
3562 
3563 	mutex_lock(&wl->mutex);
3564 	dev = wl->current_dev;
3565 	if (likely(dev && b43_status(dev) >= B43_STAT_INITIALIZED)) {
3566 		*data = b43_read16(dev, B43_MMIO_RNG);
3567 		count = sizeof(u16);
3568 	}
3569 	mutex_unlock(&wl->mutex);
3570 
3571 	return count;
3572 }
3573 #endif /* CONFIG_B43_HWRNG */
3574 
3575 static void b43_rng_exit(struct b43_wl *wl)
3576 {
3577 #ifdef CONFIG_B43_HWRNG
3578 	if (wl->rng_initialized)
3579 		hwrng_unregister(&wl->rng);
3580 #endif /* CONFIG_B43_HWRNG */
3581 }
3582 
3583 static int b43_rng_init(struct b43_wl *wl)
3584 {
3585 	int err = 0;
3586 
3587 #ifdef CONFIG_B43_HWRNG
3588 	snprintf(wl->rng_name, ARRAY_SIZE(wl->rng_name),
3589 		 "%s_%s", KBUILD_MODNAME, wiphy_name(wl->hw->wiphy));
3590 	wl->rng.name = wl->rng_name;
3591 	wl->rng.data_read = b43_rng_read;
3592 	wl->rng.priv = (unsigned long)wl;
3593 	wl->rng_initialized = true;
3594 	err = hwrng_register(&wl->rng);
3595 	if (err) {
3596 		wl->rng_initialized = false;
3597 		b43err(wl, "Failed to register the random "
3598 		       "number generator (%d)\n", err);
3599 	}
3600 #endif /* CONFIG_B43_HWRNG */
3601 
3602 	return err;
3603 }
3604 
3605 static void b43_tx_work(struct work_struct *work)
3606 {
3607 	struct b43_wl *wl = container_of(work, struct b43_wl, tx_work);
3608 	struct b43_wldev *dev;
3609 	struct sk_buff *skb;
3610 	int queue_num;
3611 	int err = 0;
3612 
3613 	mutex_lock(&wl->mutex);
3614 	dev = wl->current_dev;
3615 	if (unlikely(!dev || b43_status(dev) < B43_STAT_STARTED)) {
3616 		mutex_unlock(&wl->mutex);
3617 		return;
3618 	}
3619 
3620 	for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
3621 		while (skb_queue_len(&wl->tx_queue[queue_num])) {
3622 			skb = skb_dequeue(&wl->tx_queue[queue_num]);
3623 			if (b43_using_pio_transfers(dev))
3624 				err = b43_pio_tx(dev, skb);
3625 			else
3626 				err = b43_dma_tx(dev, skb);
3627 			if (err == -ENOSPC) {
3628 				wl->tx_queue_stopped[queue_num] = 1;
3629 				ieee80211_stop_queue(wl->hw, queue_num);
3630 				skb_queue_head(&wl->tx_queue[queue_num], skb);
3631 				break;
3632 			}
3633 			if (unlikely(err))
3634 				ieee80211_free_txskb(wl->hw, skb);
3635 			err = 0;
3636 		}
3637 
3638 		if (!err)
3639 			wl->tx_queue_stopped[queue_num] = 0;
3640 	}
3641 
3642 #if B43_DEBUG
3643 	dev->tx_count++;
3644 #endif
3645 	mutex_unlock(&wl->mutex);
3646 }
3647 
3648 static void b43_op_tx(struct ieee80211_hw *hw,
3649 		      struct ieee80211_tx_control *control,
3650 		      struct sk_buff *skb)
3651 {
3652 	struct b43_wl *wl = hw_to_b43_wl(hw);
3653 
3654 	if (unlikely(skb->len < 2 + 2 + 6)) {
3655 		/* Too short, this can't be a valid frame. */
3656 		ieee80211_free_txskb(hw, skb);
3657 		return;
3658 	}
3659 	B43_WARN_ON(skb_shinfo(skb)->nr_frags);
3660 
3661 	skb_queue_tail(&wl->tx_queue[skb->queue_mapping], skb);
3662 	if (!wl->tx_queue_stopped[skb->queue_mapping]) {
3663 		ieee80211_queue_work(wl->hw, &wl->tx_work);
3664 	} else {
3665 		ieee80211_stop_queue(wl->hw, skb->queue_mapping);
3666 	}
3667 }
3668 
3669 static void b43_qos_params_upload(struct b43_wldev *dev,
3670 				  const struct ieee80211_tx_queue_params *p,
3671 				  u16 shm_offset)
3672 {
3673 	u16 params[B43_NR_QOSPARAMS];
3674 	int bslots, tmp;
3675 	unsigned int i;
3676 
3677 	if (!dev->qos_enabled)
3678 		return;
3679 
3680 	bslots = b43_read16(dev, B43_MMIO_RNG) & p->cw_min;
3681 
3682 	memset(&params, 0, sizeof(params));
3683 
3684 	params[B43_QOSPARAM_TXOP] = p->txop * 32;
3685 	params[B43_QOSPARAM_CWMIN] = p->cw_min;
3686 	params[B43_QOSPARAM_CWMAX] = p->cw_max;
3687 	params[B43_QOSPARAM_CWCUR] = p->cw_min;
3688 	params[B43_QOSPARAM_AIFS] = p->aifs;
3689 	params[B43_QOSPARAM_BSLOTS] = bslots;
3690 	params[B43_QOSPARAM_REGGAP] = bslots + p->aifs;
3691 
3692 	for (i = 0; i < ARRAY_SIZE(params); i++) {
3693 		if (i == B43_QOSPARAM_STATUS) {
3694 			tmp = b43_shm_read16(dev, B43_SHM_SHARED,
3695 					     shm_offset + (i * 2));
3696 			/* Mark the parameters as updated. */
3697 			tmp |= 0x100;
3698 			b43_shm_write16(dev, B43_SHM_SHARED,
3699 					shm_offset + (i * 2),
3700 					tmp);
3701 		} else {
3702 			b43_shm_write16(dev, B43_SHM_SHARED,
3703 					shm_offset + (i * 2),
3704 					params[i]);
3705 		}
3706 	}
3707 }
3708 
3709 /* Mapping of mac80211 queue numbers to b43 QoS SHM offsets. */
3710 static const u16 b43_qos_shm_offsets[] = {
3711 	/* [mac80211-queue-nr] = SHM_OFFSET, */
3712 	[0] = B43_QOS_VOICE,
3713 	[1] = B43_QOS_VIDEO,
3714 	[2] = B43_QOS_BESTEFFORT,
3715 	[3] = B43_QOS_BACKGROUND,
3716 };
3717 
3718 /* Update all QOS parameters in hardware. */
3719 static void b43_qos_upload_all(struct b43_wldev *dev)
3720 {
3721 	struct b43_wl *wl = dev->wl;
3722 	struct b43_qos_params *params;
3723 	unsigned int i;
3724 
3725 	if (!dev->qos_enabled)
3726 		return;
3727 
3728 	BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3729 		     ARRAY_SIZE(wl->qos_params));
3730 
3731 	b43_mac_suspend(dev);
3732 	for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3733 		params = &(wl->qos_params[i]);
3734 		b43_qos_params_upload(dev, &(params->p),
3735 				      b43_qos_shm_offsets[i]);
3736 	}
3737 	b43_mac_enable(dev);
3738 }
3739 
3740 static void b43_qos_clear(struct b43_wl *wl)
3741 {
3742 	struct b43_qos_params *params;
3743 	unsigned int i;
3744 
3745 	/* Initialize QoS parameters to sane defaults. */
3746 
3747 	BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3748 		     ARRAY_SIZE(wl->qos_params));
3749 
3750 	for (i = 0; i < ARRAY_SIZE(wl->qos_params); i++) {
3751 		params = &(wl->qos_params[i]);
3752 
3753 		switch (b43_qos_shm_offsets[i]) {
3754 		case B43_QOS_VOICE:
3755 			params->p.txop = 0;
3756 			params->p.aifs = 2;
3757 			params->p.cw_min = 0x0001;
3758 			params->p.cw_max = 0x0001;
3759 			break;
3760 		case B43_QOS_VIDEO:
3761 			params->p.txop = 0;
3762 			params->p.aifs = 2;
3763 			params->p.cw_min = 0x0001;
3764 			params->p.cw_max = 0x0001;
3765 			break;
3766 		case B43_QOS_BESTEFFORT:
3767 			params->p.txop = 0;
3768 			params->p.aifs = 3;
3769 			params->p.cw_min = 0x0001;
3770 			params->p.cw_max = 0x03FF;
3771 			break;
3772 		case B43_QOS_BACKGROUND:
3773 			params->p.txop = 0;
3774 			params->p.aifs = 7;
3775 			params->p.cw_min = 0x0001;
3776 			params->p.cw_max = 0x03FF;
3777 			break;
3778 		default:
3779 			B43_WARN_ON(1);
3780 		}
3781 	}
3782 }
3783 
3784 /* Initialize the core's QOS capabilities */
3785 static void b43_qos_init(struct b43_wldev *dev)
3786 {
3787 	if (!dev->qos_enabled) {
3788 		/* Disable QOS support. */
3789 		b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_EDCF);
3790 		b43_write16(dev, B43_MMIO_IFSCTL,
3791 			    b43_read16(dev, B43_MMIO_IFSCTL)
3792 			    & ~B43_MMIO_IFSCTL_USE_EDCF);
3793 		b43dbg(dev->wl, "QoS disabled\n");
3794 		return;
3795 	}
3796 
3797 	/* Upload the current QOS parameters. */
3798 	b43_qos_upload_all(dev);
3799 
3800 	/* Enable QOS support. */
3801 	b43_hf_write(dev, b43_hf_read(dev) | B43_HF_EDCF);
3802 	b43_write16(dev, B43_MMIO_IFSCTL,
3803 		    b43_read16(dev, B43_MMIO_IFSCTL)
3804 		    | B43_MMIO_IFSCTL_USE_EDCF);
3805 	b43dbg(dev->wl, "QoS enabled\n");
3806 }
3807 
3808 static int b43_op_conf_tx(struct ieee80211_hw *hw,
3809 			  struct ieee80211_vif *vif, u16 _queue,
3810 			  const struct ieee80211_tx_queue_params *params)
3811 {
3812 	struct b43_wl *wl = hw_to_b43_wl(hw);
3813 	struct b43_wldev *dev;
3814 	unsigned int queue = (unsigned int)_queue;
3815 	int err = -ENODEV;
3816 
3817 	if (queue >= ARRAY_SIZE(wl->qos_params)) {
3818 		/* Queue not available or don't support setting
3819 		 * params on this queue. Return success to not
3820 		 * confuse mac80211. */
3821 		return 0;
3822 	}
3823 	BUILD_BUG_ON(ARRAY_SIZE(b43_qos_shm_offsets) !=
3824 		     ARRAY_SIZE(wl->qos_params));
3825 
3826 	mutex_lock(&wl->mutex);
3827 	dev = wl->current_dev;
3828 	if (unlikely(!dev || (b43_status(dev) < B43_STAT_INITIALIZED)))
3829 		goto out_unlock;
3830 
3831 	memcpy(&(wl->qos_params[queue].p), params, sizeof(*params));
3832 	b43_mac_suspend(dev);
3833 	b43_qos_params_upload(dev, &(wl->qos_params[queue].p),
3834 			      b43_qos_shm_offsets[queue]);
3835 	b43_mac_enable(dev);
3836 	err = 0;
3837 
3838 out_unlock:
3839 	mutex_unlock(&wl->mutex);
3840 
3841 	return err;
3842 }
3843 
3844 static int b43_op_get_stats(struct ieee80211_hw *hw,
3845 			    struct ieee80211_low_level_stats *stats)
3846 {
3847 	struct b43_wl *wl = hw_to_b43_wl(hw);
3848 
3849 	mutex_lock(&wl->mutex);
3850 	memcpy(stats, &wl->ieee_stats, sizeof(*stats));
3851 	mutex_unlock(&wl->mutex);
3852 
3853 	return 0;
3854 }
3855 
3856 static u64 b43_op_get_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
3857 {
3858 	struct b43_wl *wl = hw_to_b43_wl(hw);
3859 	struct b43_wldev *dev;
3860 	u64 tsf;
3861 
3862 	mutex_lock(&wl->mutex);
3863 	dev = wl->current_dev;
3864 
3865 	if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3866 		b43_tsf_read(dev, &tsf);
3867 	else
3868 		tsf = 0;
3869 
3870 	mutex_unlock(&wl->mutex);
3871 
3872 	return tsf;
3873 }
3874 
3875 static void b43_op_set_tsf(struct ieee80211_hw *hw,
3876 			   struct ieee80211_vif *vif, u64 tsf)
3877 {
3878 	struct b43_wl *wl = hw_to_b43_wl(hw);
3879 	struct b43_wldev *dev;
3880 
3881 	mutex_lock(&wl->mutex);
3882 	dev = wl->current_dev;
3883 
3884 	if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED))
3885 		b43_tsf_write(dev, tsf);
3886 
3887 	mutex_unlock(&wl->mutex);
3888 }
3889 
3890 static const char *band_to_string(enum nl80211_band band)
3891 {
3892 	switch (band) {
3893 	case NL80211_BAND_5GHZ:
3894 		return "5";
3895 	case NL80211_BAND_2GHZ:
3896 		return "2.4";
3897 	default:
3898 		break;
3899 	}
3900 	B43_WARN_ON(1);
3901 	return "";
3902 }
3903 
3904 /* Expects wl->mutex locked */
3905 static int b43_switch_band(struct b43_wldev *dev,
3906 			   struct ieee80211_channel *chan)
3907 {
3908 	struct b43_phy *phy = &dev->phy;
3909 	bool gmode;
3910 	u32 tmp;
3911 
3912 	switch (chan->band) {
3913 	case NL80211_BAND_5GHZ:
3914 		gmode = false;
3915 		break;
3916 	case NL80211_BAND_2GHZ:
3917 		gmode = true;
3918 		break;
3919 	default:
3920 		B43_WARN_ON(1);
3921 		return -EINVAL;
3922 	}
3923 
3924 	if (!((gmode && phy->supports_2ghz) ||
3925 	      (!gmode && phy->supports_5ghz))) {
3926 		b43err(dev->wl, "This device doesn't support %s-GHz band\n",
3927 		       band_to_string(chan->band));
3928 		return -ENODEV;
3929 	}
3930 
3931 	if (!!phy->gmode == !!gmode) {
3932 		/* This device is already running. */
3933 		return 0;
3934 	}
3935 
3936 	b43dbg(dev->wl, "Switching to %s GHz band\n",
3937 	       band_to_string(chan->band));
3938 
3939 	/* Some new devices don't need disabling radio for band switching */
3940 	if (!(phy->type == B43_PHYTYPE_N && phy->rev >= 3))
3941 		b43_software_rfkill(dev, true);
3942 
3943 	phy->gmode = gmode;
3944 	b43_phy_put_into_reset(dev);
3945 	switch (dev->dev->bus_type) {
3946 #ifdef CONFIG_B43_BCMA
3947 	case B43_BUS_BCMA:
3948 		tmp = bcma_aread32(dev->dev->bdev, BCMA_IOCTL);
3949 		if (gmode)
3950 			tmp |= B43_BCMA_IOCTL_GMODE;
3951 		else
3952 			tmp &= ~B43_BCMA_IOCTL_GMODE;
3953 		bcma_awrite32(dev->dev->bdev, BCMA_IOCTL, tmp);
3954 		break;
3955 #endif
3956 #ifdef CONFIG_B43_SSB
3957 	case B43_BUS_SSB:
3958 		tmp = ssb_read32(dev->dev->sdev, SSB_TMSLOW);
3959 		if (gmode)
3960 			tmp |= B43_TMSLOW_GMODE;
3961 		else
3962 			tmp &= ~B43_TMSLOW_GMODE;
3963 		ssb_write32(dev->dev->sdev, SSB_TMSLOW, tmp);
3964 		break;
3965 #endif
3966 	}
3967 	b43_phy_take_out_of_reset(dev);
3968 
3969 	b43_upload_initvals_band(dev);
3970 
3971 	b43_phy_init(dev);
3972 
3973 	return 0;
3974 }
3975 
3976 static void b43_set_beacon_listen_interval(struct b43_wldev *dev, u16 interval)
3977 {
3978 	interval = min_t(u16, interval, (u16)0xFF);
3979 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_BCN_LI, interval);
3980 }
3981 
3982 /* Write the short and long frame retry limit values. */
3983 static void b43_set_retry_limits(struct b43_wldev *dev,
3984 				 unsigned int short_retry,
3985 				 unsigned int long_retry)
3986 {
3987 	/* The retry limit is a 4-bit counter. Enforce this to avoid overflowing
3988 	 * the chip-internal counter. */
3989 	short_retry = min(short_retry, (unsigned int)0xF);
3990 	long_retry = min(long_retry, (unsigned int)0xF);
3991 
3992 	b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_SRLIMIT,
3993 			short_retry);
3994 	b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_LRLIMIT,
3995 			long_retry);
3996 }
3997 
3998 static int b43_op_config(struct ieee80211_hw *hw, u32 changed)
3999 {
4000 	struct b43_wl *wl = hw_to_b43_wl(hw);
4001 	struct b43_wldev *dev = wl->current_dev;
4002 	struct b43_phy *phy = &dev->phy;
4003 	struct ieee80211_conf *conf = &hw->conf;
4004 	int antenna;
4005 	int err = 0;
4006 
4007 	mutex_lock(&wl->mutex);
4008 	b43_mac_suspend(dev);
4009 
4010 	if (changed & IEEE80211_CONF_CHANGE_LISTEN_INTERVAL)
4011 		b43_set_beacon_listen_interval(dev, conf->listen_interval);
4012 
4013 	if (changed & IEEE80211_CONF_CHANGE_CHANNEL) {
4014 		phy->chandef = &conf->chandef;
4015 		phy->channel = conf->chandef.chan->hw_value;
4016 
4017 		/* Switch the band (if necessary). */
4018 		err = b43_switch_band(dev, conf->chandef.chan);
4019 		if (err)
4020 			goto out_mac_enable;
4021 
4022 		/* Switch to the requested channel.
4023 		 * The firmware takes care of races with the TX handler.
4024 		 */
4025 		b43_switch_channel(dev, phy->channel);
4026 	}
4027 
4028 	if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
4029 		b43_set_retry_limits(dev, conf->short_frame_max_tx_count,
4030 					  conf->long_frame_max_tx_count);
4031 	changed &= ~IEEE80211_CONF_CHANGE_RETRY_LIMITS;
4032 	if (!changed)
4033 		goto out_mac_enable;
4034 
4035 	dev->wl->radiotap_enabled = !!(conf->flags & IEEE80211_CONF_MONITOR);
4036 
4037 	/* Adjust the desired TX power level. */
4038 	if (conf->power_level != 0) {
4039 		if (conf->power_level != phy->desired_txpower) {
4040 			phy->desired_txpower = conf->power_level;
4041 			b43_phy_txpower_check(dev, B43_TXPWR_IGNORE_TIME |
4042 						   B43_TXPWR_IGNORE_TSSI);
4043 		}
4044 	}
4045 
4046 	/* Antennas for RX and management frame TX. */
4047 	antenna = B43_ANTENNA_DEFAULT;
4048 	b43_mgmtframe_txantenna(dev, antenna);
4049 	antenna = B43_ANTENNA_DEFAULT;
4050 	if (phy->ops->set_rx_antenna)
4051 		phy->ops->set_rx_antenna(dev, antenna);
4052 
4053 	if (wl->radio_enabled != phy->radio_on) {
4054 		if (wl->radio_enabled) {
4055 			b43_software_rfkill(dev, false);
4056 			b43info(dev->wl, "Radio turned on by software\n");
4057 			if (!dev->radio_hw_enable) {
4058 				b43info(dev->wl, "The hardware RF-kill button "
4059 					"still turns the radio physically off. "
4060 					"Press the button to turn it on.\n");
4061 			}
4062 		} else {
4063 			b43_software_rfkill(dev, true);
4064 			b43info(dev->wl, "Radio turned off by software\n");
4065 		}
4066 	}
4067 
4068 out_mac_enable:
4069 	b43_mac_enable(dev);
4070 	mutex_unlock(&wl->mutex);
4071 
4072 	return err;
4073 }
4074 
4075 static void b43_update_basic_rates(struct b43_wldev *dev, u32 brates)
4076 {
4077 	struct ieee80211_supported_band *sband =
4078 		dev->wl->hw->wiphy->bands[b43_current_band(dev->wl)];
4079 	struct ieee80211_rate *rate;
4080 	int i;
4081 	u16 basic, direct, offset, basic_offset, rateptr;
4082 
4083 	for (i = 0; i < sband->n_bitrates; i++) {
4084 		rate = &sband->bitrates[i];
4085 
4086 		if (b43_is_cck_rate(rate->hw_value)) {
4087 			direct = B43_SHM_SH_CCKDIRECT;
4088 			basic = B43_SHM_SH_CCKBASIC;
4089 			offset = b43_plcp_get_ratecode_cck(rate->hw_value);
4090 			offset &= 0xF;
4091 		} else {
4092 			direct = B43_SHM_SH_OFDMDIRECT;
4093 			basic = B43_SHM_SH_OFDMBASIC;
4094 			offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
4095 			offset &= 0xF;
4096 		}
4097 
4098 		rate = ieee80211_get_response_rate(sband, brates, rate->bitrate);
4099 
4100 		if (b43_is_cck_rate(rate->hw_value)) {
4101 			basic_offset = b43_plcp_get_ratecode_cck(rate->hw_value);
4102 			basic_offset &= 0xF;
4103 		} else {
4104 			basic_offset = b43_plcp_get_ratecode_ofdm(rate->hw_value);
4105 			basic_offset &= 0xF;
4106 		}
4107 
4108 		/*
4109 		 * Get the pointer that we need to point to
4110 		 * from the direct map
4111 		 */
4112 		rateptr = b43_shm_read16(dev, B43_SHM_SHARED,
4113 					 direct + 2 * basic_offset);
4114 		/* and write it to the basic map */
4115 		b43_shm_write16(dev, B43_SHM_SHARED, basic + 2 * offset,
4116 				rateptr);
4117 	}
4118 }
4119 
4120 static void b43_op_bss_info_changed(struct ieee80211_hw *hw,
4121 				    struct ieee80211_vif *vif,
4122 				    struct ieee80211_bss_conf *conf,
4123 				    u32 changed)
4124 {
4125 	struct b43_wl *wl = hw_to_b43_wl(hw);
4126 	struct b43_wldev *dev;
4127 
4128 	mutex_lock(&wl->mutex);
4129 
4130 	dev = wl->current_dev;
4131 	if (!dev || b43_status(dev) < B43_STAT_STARTED)
4132 		goto out_unlock_mutex;
4133 
4134 	B43_WARN_ON(wl->vif != vif);
4135 
4136 	if (changed & BSS_CHANGED_BSSID) {
4137 		if (conf->bssid)
4138 			memcpy(wl->bssid, conf->bssid, ETH_ALEN);
4139 		else
4140 			eth_zero_addr(wl->bssid);
4141 	}
4142 
4143 	if (b43_status(dev) >= B43_STAT_INITIALIZED) {
4144 		if (changed & BSS_CHANGED_BEACON &&
4145 		    (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
4146 		     b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
4147 		     b43_is_mode(wl, NL80211_IFTYPE_ADHOC)))
4148 			b43_update_templates(wl);
4149 
4150 		if (changed & BSS_CHANGED_BSSID)
4151 			b43_write_mac_bssid_templates(dev);
4152 	}
4153 
4154 	b43_mac_suspend(dev);
4155 
4156 	/* Update templates for AP/mesh mode. */
4157 	if (changed & BSS_CHANGED_BEACON_INT &&
4158 	    (b43_is_mode(wl, NL80211_IFTYPE_AP) ||
4159 	     b43_is_mode(wl, NL80211_IFTYPE_MESH_POINT) ||
4160 	     b43_is_mode(wl, NL80211_IFTYPE_ADHOC)) &&
4161 	    conf->beacon_int)
4162 		b43_set_beacon_int(dev, conf->beacon_int);
4163 
4164 	if (changed & BSS_CHANGED_BASIC_RATES)
4165 		b43_update_basic_rates(dev, conf->basic_rates);
4166 
4167 	if (changed & BSS_CHANGED_ERP_SLOT) {
4168 		if (conf->use_short_slot)
4169 			b43_short_slot_timing_enable(dev);
4170 		else
4171 			b43_short_slot_timing_disable(dev);
4172 	}
4173 
4174 	b43_mac_enable(dev);
4175 out_unlock_mutex:
4176 	mutex_unlock(&wl->mutex);
4177 }
4178 
4179 static int b43_op_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
4180 			  struct ieee80211_vif *vif, struct ieee80211_sta *sta,
4181 			  struct ieee80211_key_conf *key)
4182 {
4183 	struct b43_wl *wl = hw_to_b43_wl(hw);
4184 	struct b43_wldev *dev;
4185 	u8 algorithm;
4186 	u8 index;
4187 	int err;
4188 	static const u8 bcast_addr[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
4189 
4190 	if (modparam_nohwcrypt)
4191 		return -ENOSPC; /* User disabled HW-crypto */
4192 
4193 	if ((vif->type == NL80211_IFTYPE_ADHOC ||
4194 	     vif->type == NL80211_IFTYPE_MESH_POINT) &&
4195 	    (key->cipher == WLAN_CIPHER_SUITE_TKIP ||
4196 	     key->cipher == WLAN_CIPHER_SUITE_CCMP) &&
4197 	    !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
4198 		/*
4199 		 * For now, disable hw crypto for the RSN IBSS group keys. This
4200 		 * could be optimized in the future, but until that gets
4201 		 * implemented, use of software crypto for group addressed
4202 		 * frames is a acceptable to allow RSN IBSS to be used.
4203 		 */
4204 		return -EOPNOTSUPP;
4205 	}
4206 
4207 	mutex_lock(&wl->mutex);
4208 
4209 	dev = wl->current_dev;
4210 	err = -ENODEV;
4211 	if (!dev || b43_status(dev) < B43_STAT_INITIALIZED)
4212 		goto out_unlock;
4213 
4214 	if (dev->fw.pcm_request_failed || !dev->hwcrypto_enabled) {
4215 		/* We don't have firmware for the crypto engine.
4216 		 * Must use software-crypto. */
4217 		err = -EOPNOTSUPP;
4218 		goto out_unlock;
4219 	}
4220 
4221 	err = -EINVAL;
4222 	switch (key->cipher) {
4223 	case WLAN_CIPHER_SUITE_WEP40:
4224 		algorithm = B43_SEC_ALGO_WEP40;
4225 		break;
4226 	case WLAN_CIPHER_SUITE_WEP104:
4227 		algorithm = B43_SEC_ALGO_WEP104;
4228 		break;
4229 	case WLAN_CIPHER_SUITE_TKIP:
4230 		algorithm = B43_SEC_ALGO_TKIP;
4231 		break;
4232 	case WLAN_CIPHER_SUITE_CCMP:
4233 		algorithm = B43_SEC_ALGO_AES;
4234 		break;
4235 	default:
4236 		B43_WARN_ON(1);
4237 		goto out_unlock;
4238 	}
4239 	index = (u8) (key->keyidx);
4240 	if (index > 3)
4241 		goto out_unlock;
4242 
4243 	switch (cmd) {
4244 	case SET_KEY:
4245 		if (algorithm == B43_SEC_ALGO_TKIP &&
4246 		    (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE) ||
4247 		    !modparam_hwtkip)) {
4248 			/* We support only pairwise key */
4249 			err = -EOPNOTSUPP;
4250 			goto out_unlock;
4251 		}
4252 
4253 		if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
4254 			if (WARN_ON(!sta)) {
4255 				err = -EOPNOTSUPP;
4256 				goto out_unlock;
4257 			}
4258 			/* Pairwise key with an assigned MAC address. */
4259 			err = b43_key_write(dev, -1, algorithm,
4260 					    key->key, key->keylen,
4261 					    sta->addr, key);
4262 		} else {
4263 			/* Group key */
4264 			err = b43_key_write(dev, index, algorithm,
4265 					    key->key, key->keylen, NULL, key);
4266 		}
4267 		if (err)
4268 			goto out_unlock;
4269 
4270 		if (algorithm == B43_SEC_ALGO_WEP40 ||
4271 		    algorithm == B43_SEC_ALGO_WEP104) {
4272 			b43_hf_write(dev, b43_hf_read(dev) | B43_HF_USEDEFKEYS);
4273 		} else {
4274 			b43_hf_write(dev,
4275 				     b43_hf_read(dev) & ~B43_HF_USEDEFKEYS);
4276 		}
4277 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
4278 		if (algorithm == B43_SEC_ALGO_TKIP)
4279 			key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
4280 		break;
4281 	case DISABLE_KEY: {
4282 		err = b43_key_clear(dev, key->hw_key_idx);
4283 		if (err)
4284 			goto out_unlock;
4285 		break;
4286 	}
4287 	default:
4288 		B43_WARN_ON(1);
4289 	}
4290 
4291 out_unlock:
4292 	if (!err) {
4293 		b43dbg(wl, "%s hardware based encryption for keyidx: %d, "
4294 		       "mac: %pM\n",
4295 		       cmd == SET_KEY ? "Using" : "Disabling", key->keyidx,
4296 		       sta ? sta->addr : bcast_addr);
4297 		b43_dump_keymemory(dev);
4298 	}
4299 	mutex_unlock(&wl->mutex);
4300 
4301 	return err;
4302 }
4303 
4304 static void b43_op_configure_filter(struct ieee80211_hw *hw,
4305 				    unsigned int changed, unsigned int *fflags,
4306 				    u64 multicast)
4307 {
4308 	struct b43_wl *wl = hw_to_b43_wl(hw);
4309 	struct b43_wldev *dev;
4310 
4311 	mutex_lock(&wl->mutex);
4312 	dev = wl->current_dev;
4313 	if (!dev) {
4314 		*fflags = 0;
4315 		goto out_unlock;
4316 	}
4317 
4318 	*fflags &= FIF_ALLMULTI |
4319 		  FIF_FCSFAIL |
4320 		  FIF_PLCPFAIL |
4321 		  FIF_CONTROL |
4322 		  FIF_OTHER_BSS |
4323 		  FIF_BCN_PRBRESP_PROMISC;
4324 
4325 	changed &= FIF_ALLMULTI |
4326 		   FIF_FCSFAIL |
4327 		   FIF_PLCPFAIL |
4328 		   FIF_CONTROL |
4329 		   FIF_OTHER_BSS |
4330 		   FIF_BCN_PRBRESP_PROMISC;
4331 
4332 	wl->filter_flags = *fflags;
4333 
4334 	if (changed && b43_status(dev) >= B43_STAT_INITIALIZED)
4335 		b43_adjust_opmode(dev);
4336 
4337 out_unlock:
4338 	mutex_unlock(&wl->mutex);
4339 }
4340 
4341 /* Locking: wl->mutex
4342  * Returns the current dev. This might be different from the passed in dev,
4343  * because the core might be gone away while we unlocked the mutex. */
4344 static struct b43_wldev * b43_wireless_core_stop(struct b43_wldev *dev)
4345 {
4346 	struct b43_wl *wl;
4347 	struct b43_wldev *orig_dev;
4348 	u32 mask;
4349 	int queue_num;
4350 
4351 	if (!dev)
4352 		return NULL;
4353 	wl = dev->wl;
4354 redo:
4355 	if (!dev || b43_status(dev) < B43_STAT_STARTED)
4356 		return dev;
4357 
4358 	/* Cancel work. Unlock to avoid deadlocks. */
4359 	mutex_unlock(&wl->mutex);
4360 	cancel_delayed_work_sync(&dev->periodic_work);
4361 	cancel_work_sync(&wl->tx_work);
4362 	b43_leds_stop(dev);
4363 	mutex_lock(&wl->mutex);
4364 	dev = wl->current_dev;
4365 	if (!dev || b43_status(dev) < B43_STAT_STARTED) {
4366 		/* Whoops, aliens ate up the device while we were unlocked. */
4367 		return dev;
4368 	}
4369 
4370 	/* Disable interrupts on the device. */
4371 	b43_set_status(dev, B43_STAT_INITIALIZED);
4372 	if (b43_bus_host_is_sdio(dev->dev)) {
4373 		/* wl->mutex is locked. That is enough. */
4374 		b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4375 		b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);	/* Flush */
4376 	} else {
4377 		spin_lock_irq(&wl->hardirq_lock);
4378 		b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, 0);
4379 		b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);	/* Flush */
4380 		spin_unlock_irq(&wl->hardirq_lock);
4381 	}
4382 	/* Synchronize and free the interrupt handlers. Unlock to avoid deadlocks. */
4383 	orig_dev = dev;
4384 	mutex_unlock(&wl->mutex);
4385 	if (b43_bus_host_is_sdio(dev->dev))
4386 		b43_sdio_free_irq(dev);
4387 	else
4388 		free_irq(dev->dev->irq, dev);
4389 	mutex_lock(&wl->mutex);
4390 	dev = wl->current_dev;
4391 	if (!dev)
4392 		return dev;
4393 	if (dev != orig_dev) {
4394 		if (b43_status(dev) >= B43_STAT_STARTED)
4395 			goto redo;
4396 		return dev;
4397 	}
4398 	mask = b43_read32(dev, B43_MMIO_GEN_IRQ_MASK);
4399 	B43_WARN_ON(mask != 0xFFFFFFFF && mask);
4400 
4401 	/* Drain all TX queues. */
4402 	for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
4403 		while (skb_queue_len(&wl->tx_queue[queue_num])) {
4404 			struct sk_buff *skb;
4405 
4406 			skb = skb_dequeue(&wl->tx_queue[queue_num]);
4407 			ieee80211_free_txskb(wl->hw, skb);
4408 		}
4409 	}
4410 
4411 	b43_mac_suspend(dev);
4412 	b43_leds_exit(dev);
4413 	b43dbg(wl, "Wireless interface stopped\n");
4414 
4415 	return dev;
4416 }
4417 
4418 /* Locking: wl->mutex */
4419 static int b43_wireless_core_start(struct b43_wldev *dev)
4420 {
4421 	int err;
4422 
4423 	B43_WARN_ON(b43_status(dev) != B43_STAT_INITIALIZED);
4424 
4425 	drain_txstatus_queue(dev);
4426 	if (b43_bus_host_is_sdio(dev->dev)) {
4427 		err = b43_sdio_request_irq(dev, b43_sdio_interrupt_handler);
4428 		if (err) {
4429 			b43err(dev->wl, "Cannot request SDIO IRQ\n");
4430 			goto out;
4431 		}
4432 	} else {
4433 		err = request_threaded_irq(dev->dev->irq, b43_interrupt_handler,
4434 					   b43_interrupt_thread_handler,
4435 					   IRQF_SHARED, KBUILD_MODNAME, dev);
4436 		if (err) {
4437 			b43err(dev->wl, "Cannot request IRQ-%d\n",
4438 			       dev->dev->irq);
4439 			goto out;
4440 		}
4441 	}
4442 
4443 	/* We are ready to run. */
4444 	ieee80211_wake_queues(dev->wl->hw);
4445 	b43_set_status(dev, B43_STAT_STARTED);
4446 
4447 	/* Start data flow (TX/RX). */
4448 	b43_mac_enable(dev);
4449 	b43_write32(dev, B43_MMIO_GEN_IRQ_MASK, dev->irq_mask);
4450 
4451 	/* Start maintenance work */
4452 	b43_periodic_tasks_setup(dev);
4453 
4454 	b43_leds_init(dev);
4455 
4456 	b43dbg(dev->wl, "Wireless interface started\n");
4457 out:
4458 	return err;
4459 }
4460 
4461 static char *b43_phy_name(struct b43_wldev *dev, u8 phy_type)
4462 {
4463 	switch (phy_type) {
4464 	case B43_PHYTYPE_A:
4465 		return "A";
4466 	case B43_PHYTYPE_B:
4467 		return "B";
4468 	case B43_PHYTYPE_G:
4469 		return "G";
4470 	case B43_PHYTYPE_N:
4471 		return "N";
4472 	case B43_PHYTYPE_LP:
4473 		return "LP";
4474 	case B43_PHYTYPE_SSLPN:
4475 		return "SSLPN";
4476 	case B43_PHYTYPE_HT:
4477 		return "HT";
4478 	case B43_PHYTYPE_LCN:
4479 		return "LCN";
4480 	case B43_PHYTYPE_LCNXN:
4481 		return "LCNXN";
4482 	case B43_PHYTYPE_LCN40:
4483 		return "LCN40";
4484 	case B43_PHYTYPE_AC:
4485 		return "AC";
4486 	}
4487 	return "UNKNOWN";
4488 }
4489 
4490 /* Get PHY and RADIO versioning numbers */
4491 static int b43_phy_versioning(struct b43_wldev *dev)
4492 {
4493 	struct b43_phy *phy = &dev->phy;
4494 	const u8 core_rev = dev->dev->core_rev;
4495 	u32 tmp;
4496 	u8 analog_type;
4497 	u8 phy_type;
4498 	u8 phy_rev;
4499 	u16 radio_manuf;
4500 	u16 radio_id;
4501 	u16 radio_rev;
4502 	u8 radio_ver;
4503 	int unsupported = 0;
4504 
4505 	/* Get PHY versioning */
4506 	tmp = b43_read16(dev, B43_MMIO_PHY_VER);
4507 	analog_type = (tmp & B43_PHYVER_ANALOG) >> B43_PHYVER_ANALOG_SHIFT;
4508 	phy_type = (tmp & B43_PHYVER_TYPE) >> B43_PHYVER_TYPE_SHIFT;
4509 	phy_rev = (tmp & B43_PHYVER_VERSION);
4510 
4511 	/* LCNXN is continuation of N which run out of revisions */
4512 	if (phy_type == B43_PHYTYPE_LCNXN) {
4513 		phy_type = B43_PHYTYPE_N;
4514 		phy_rev += 16;
4515 	}
4516 
4517 	switch (phy_type) {
4518 #ifdef CONFIG_B43_PHY_G
4519 	case B43_PHYTYPE_G:
4520 		if (phy_rev > 9)
4521 			unsupported = 1;
4522 		break;
4523 #endif
4524 #ifdef CONFIG_B43_PHY_N
4525 	case B43_PHYTYPE_N:
4526 		if (phy_rev >= 19)
4527 			unsupported = 1;
4528 		break;
4529 #endif
4530 #ifdef CONFIG_B43_PHY_LP
4531 	case B43_PHYTYPE_LP:
4532 		if (phy_rev > 2)
4533 			unsupported = 1;
4534 		break;
4535 #endif
4536 #ifdef CONFIG_B43_PHY_HT
4537 	case B43_PHYTYPE_HT:
4538 		if (phy_rev > 1)
4539 			unsupported = 1;
4540 		break;
4541 #endif
4542 #ifdef CONFIG_B43_PHY_LCN
4543 	case B43_PHYTYPE_LCN:
4544 		if (phy_rev > 1)
4545 			unsupported = 1;
4546 		break;
4547 #endif
4548 #ifdef CONFIG_B43_PHY_AC
4549 	case B43_PHYTYPE_AC:
4550 		if (phy_rev > 1)
4551 			unsupported = 1;
4552 		break;
4553 #endif
4554 	default:
4555 		unsupported = 1;
4556 	}
4557 	if (unsupported) {
4558 		b43err(dev->wl, "FOUND UNSUPPORTED PHY (Analog %u, Type %d (%s), Revision %u)\n",
4559 		       analog_type, phy_type, b43_phy_name(dev, phy_type),
4560 		       phy_rev);
4561 		return -EOPNOTSUPP;
4562 	}
4563 	b43info(dev->wl, "Found PHY: Analog %u, Type %d (%s), Revision %u\n",
4564 		analog_type, phy_type, b43_phy_name(dev, phy_type), phy_rev);
4565 
4566 	/* Get RADIO versioning */
4567 	if (core_rev == 40 || core_rev == 42) {
4568 		radio_manuf = 0x17F;
4569 
4570 		b43_write16f(dev, B43_MMIO_RADIO24_CONTROL, 0);
4571 		radio_rev = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4572 
4573 		b43_write16f(dev, B43_MMIO_RADIO24_CONTROL, 1);
4574 		radio_id = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4575 
4576 		radio_ver = 0; /* Is there version somewhere? */
4577 	} else if (core_rev >= 24) {
4578 		u16 radio24[3];
4579 
4580 		for (tmp = 0; tmp < 3; tmp++) {
4581 			b43_write16f(dev, B43_MMIO_RADIO24_CONTROL, tmp);
4582 			radio24[tmp] = b43_read16(dev, B43_MMIO_RADIO24_DATA);
4583 		}
4584 
4585 		radio_manuf = 0x17F;
4586 		radio_id = (radio24[2] << 8) | radio24[1];
4587 		radio_rev = (radio24[0] & 0xF);
4588 		radio_ver = (radio24[0] & 0xF0) >> 4;
4589 	} else {
4590 		if (dev->dev->chip_id == 0x4317) {
4591 			if (dev->dev->chip_rev == 0)
4592 				tmp = 0x3205017F;
4593 			else if (dev->dev->chip_rev == 1)
4594 				tmp = 0x4205017F;
4595 			else
4596 				tmp = 0x5205017F;
4597 		} else {
4598 			b43_write16f(dev, B43_MMIO_RADIO_CONTROL,
4599 				     B43_RADIOCTL_ID);
4600 			tmp = b43_read16(dev, B43_MMIO_RADIO_DATA_LOW);
4601 			b43_write16f(dev, B43_MMIO_RADIO_CONTROL,
4602 				     B43_RADIOCTL_ID);
4603 			tmp |= b43_read16(dev, B43_MMIO_RADIO_DATA_HIGH) << 16;
4604 		}
4605 		radio_manuf = (tmp & 0x00000FFF);
4606 		radio_id = (tmp & 0x0FFFF000) >> 12;
4607 		radio_rev = (tmp & 0xF0000000) >> 28;
4608 		radio_ver = 0; /* Probably not available on old hw */
4609 	}
4610 
4611 	if (radio_manuf != 0x17F /* Broadcom */)
4612 		unsupported = 1;
4613 	switch (phy_type) {
4614 	case B43_PHYTYPE_B:
4615 		if ((radio_id & 0xFFF0) != 0x2050)
4616 			unsupported = 1;
4617 		break;
4618 	case B43_PHYTYPE_G:
4619 		if (radio_id != 0x2050)
4620 			unsupported = 1;
4621 		break;
4622 	case B43_PHYTYPE_N:
4623 		if (radio_id != 0x2055 && radio_id != 0x2056 &&
4624 		    radio_id != 0x2057)
4625 			unsupported = 1;
4626 		if (radio_id == 0x2057 &&
4627 		    !(radio_rev == 9 || radio_rev == 14))
4628 			unsupported = 1;
4629 		break;
4630 	case B43_PHYTYPE_LP:
4631 		if (radio_id != 0x2062 && radio_id != 0x2063)
4632 			unsupported = 1;
4633 		break;
4634 	case B43_PHYTYPE_HT:
4635 		if (radio_id != 0x2059)
4636 			unsupported = 1;
4637 		break;
4638 	case B43_PHYTYPE_LCN:
4639 		if (radio_id != 0x2064)
4640 			unsupported = 1;
4641 		break;
4642 	case B43_PHYTYPE_AC:
4643 		if (radio_id != 0x2069)
4644 			unsupported = 1;
4645 		break;
4646 	default:
4647 		B43_WARN_ON(1);
4648 	}
4649 	if (unsupported) {
4650 		b43err(dev->wl,
4651 		       "FOUND UNSUPPORTED RADIO (Manuf 0x%X, ID 0x%X, Revision %u, Version %u)\n",
4652 		       radio_manuf, radio_id, radio_rev, radio_ver);
4653 		return -EOPNOTSUPP;
4654 	}
4655 	b43info(dev->wl,
4656 		"Found Radio: Manuf 0x%X, ID 0x%X, Revision %u, Version %u\n",
4657 		radio_manuf, radio_id, radio_rev, radio_ver);
4658 
4659 	/* FIXME: b43 treats "id" as "ver" and ignores the real "ver" */
4660 	phy->radio_manuf = radio_manuf;
4661 	phy->radio_ver = radio_id;
4662 	phy->radio_rev = radio_rev;
4663 
4664 	phy->analog = analog_type;
4665 	phy->type = phy_type;
4666 	phy->rev = phy_rev;
4667 
4668 	return 0;
4669 }
4670 
4671 static void setup_struct_phy_for_init(struct b43_wldev *dev,
4672 				      struct b43_phy *phy)
4673 {
4674 	phy->hardware_power_control = !!modparam_hwpctl;
4675 	phy->next_txpwr_check_time = jiffies;
4676 	/* PHY TX errors counter. */
4677 	atomic_set(&phy->txerr_cnt, B43_PHY_TX_BADNESS_LIMIT);
4678 
4679 #if B43_DEBUG
4680 	phy->phy_locked = false;
4681 	phy->radio_locked = false;
4682 #endif
4683 }
4684 
4685 static void setup_struct_wldev_for_init(struct b43_wldev *dev)
4686 {
4687 	dev->dfq_valid = false;
4688 
4689 	/* Assume the radio is enabled. If it's not enabled, the state will
4690 	 * immediately get fixed on the first periodic work run. */
4691 	dev->radio_hw_enable = true;
4692 
4693 	/* Stats */
4694 	memset(&dev->stats, 0, sizeof(dev->stats));
4695 
4696 	setup_struct_phy_for_init(dev, &dev->phy);
4697 
4698 	/* IRQ related flags */
4699 	dev->irq_reason = 0;
4700 	memset(dev->dma_reason, 0, sizeof(dev->dma_reason));
4701 	dev->irq_mask = B43_IRQ_MASKTEMPLATE;
4702 	if (b43_modparam_verbose < B43_VERBOSITY_DEBUG)
4703 		dev->irq_mask &= ~B43_IRQ_PHY_TXERR;
4704 
4705 	dev->mac_suspended = 1;
4706 
4707 	/* Noise calculation context */
4708 	memset(&dev->noisecalc, 0, sizeof(dev->noisecalc));
4709 }
4710 
4711 static void b43_bluetooth_coext_enable(struct b43_wldev *dev)
4712 {
4713 	struct ssb_sprom *sprom = dev->dev->bus_sprom;
4714 	u64 hf;
4715 
4716 	if (!modparam_btcoex)
4717 		return;
4718 	if (!(sprom->boardflags_lo & B43_BFL_BTCOEXIST))
4719 		return;
4720 	if (dev->phy.type != B43_PHYTYPE_B && !dev->phy.gmode)
4721 		return;
4722 
4723 	hf = b43_hf_read(dev);
4724 	if (sprom->boardflags_lo & B43_BFL_BTCMOD)
4725 		hf |= B43_HF_BTCOEXALT;
4726 	else
4727 		hf |= B43_HF_BTCOEX;
4728 	b43_hf_write(dev, hf);
4729 }
4730 
4731 static void b43_bluetooth_coext_disable(struct b43_wldev *dev)
4732 {
4733 	if (!modparam_btcoex)
4734 		return;
4735 	//TODO
4736 }
4737 
4738 static void b43_imcfglo_timeouts_workaround(struct b43_wldev *dev)
4739 {
4740 	struct ssb_bus *bus;
4741 	u32 tmp;
4742 
4743 #ifdef CONFIG_B43_SSB
4744 	if (dev->dev->bus_type != B43_BUS_SSB)
4745 		return;
4746 #else
4747 	return;
4748 #endif
4749 
4750 	bus = dev->dev->sdev->bus;
4751 
4752 	if ((bus->chip_id == 0x4311 && bus->chip_rev == 2) ||
4753 	    (bus->chip_id == 0x4312)) {
4754 		tmp = ssb_read32(dev->dev->sdev, SSB_IMCFGLO);
4755 		tmp &= ~SSB_IMCFGLO_REQTO;
4756 		tmp &= ~SSB_IMCFGLO_SERTO;
4757 		tmp |= 0x3;
4758 		ssb_write32(dev->dev->sdev, SSB_IMCFGLO, tmp);
4759 		ssb_commit_settings(bus);
4760 	}
4761 }
4762 
4763 static void b43_set_synth_pu_delay(struct b43_wldev *dev, bool idle)
4764 {
4765 	u16 pu_delay;
4766 
4767 	/* The time value is in microseconds. */
4768 	pu_delay = 1050;
4769 	if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC) || idle)
4770 		pu_delay = 500;
4771 	if ((dev->phy.radio_ver == 0x2050) && (dev->phy.radio_rev == 8))
4772 		pu_delay = max(pu_delay, (u16)2400);
4773 
4774 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SPUWKUP, pu_delay);
4775 }
4776 
4777 /* Set the TSF CFP pre-TargetBeaconTransmissionTime. */
4778 static void b43_set_pretbtt(struct b43_wldev *dev)
4779 {
4780 	u16 pretbtt;
4781 
4782 	/* The time value is in microseconds. */
4783 	if (b43_is_mode(dev->wl, NL80211_IFTYPE_ADHOC))
4784 		pretbtt = 2;
4785 	else
4786 		pretbtt = 250;
4787 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRETBTT, pretbtt);
4788 	b43_write16(dev, B43_MMIO_TSF_CFP_PRETBTT, pretbtt);
4789 }
4790 
4791 /* Shutdown a wireless core */
4792 /* Locking: wl->mutex */
4793 static void b43_wireless_core_exit(struct b43_wldev *dev)
4794 {
4795 	B43_WARN_ON(dev && b43_status(dev) > B43_STAT_INITIALIZED);
4796 	if (!dev || b43_status(dev) != B43_STAT_INITIALIZED)
4797 		return;
4798 
4799 	b43_set_status(dev, B43_STAT_UNINIT);
4800 
4801 	/* Stop the microcode PSM. */
4802 	b43_maskset32(dev, B43_MMIO_MACCTL, ~B43_MACCTL_PSM_RUN,
4803 		      B43_MACCTL_PSM_JMP0);
4804 
4805 	switch (dev->dev->bus_type) {
4806 #ifdef CONFIG_B43_BCMA
4807 	case B43_BUS_BCMA:
4808 		bcma_host_pci_down(dev->dev->bdev->bus);
4809 		break;
4810 #endif
4811 #ifdef CONFIG_B43_SSB
4812 	case B43_BUS_SSB:
4813 		/* TODO */
4814 		break;
4815 #endif
4816 	}
4817 
4818 	b43_dma_free(dev);
4819 	b43_pio_free(dev);
4820 	b43_chip_exit(dev);
4821 	dev->phy.ops->switch_analog(dev, 0);
4822 	if (dev->wl->current_beacon) {
4823 		dev_kfree_skb_any(dev->wl->current_beacon);
4824 		dev->wl->current_beacon = NULL;
4825 	}
4826 
4827 	b43_device_disable(dev, 0);
4828 	b43_bus_may_powerdown(dev);
4829 }
4830 
4831 /* Initialize a wireless core */
4832 static int b43_wireless_core_init(struct b43_wldev *dev)
4833 {
4834 	struct ssb_sprom *sprom = dev->dev->bus_sprom;
4835 	struct b43_phy *phy = &dev->phy;
4836 	int err;
4837 	u64 hf;
4838 
4839 	B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4840 
4841 	err = b43_bus_powerup(dev, 0);
4842 	if (err)
4843 		goto out;
4844 	if (!b43_device_is_enabled(dev))
4845 		b43_wireless_core_reset(dev, phy->gmode);
4846 
4847 	/* Reset all data structures. */
4848 	setup_struct_wldev_for_init(dev);
4849 	phy->ops->prepare_structs(dev);
4850 
4851 	/* Enable IRQ routing to this device. */
4852 	switch (dev->dev->bus_type) {
4853 #ifdef CONFIG_B43_BCMA
4854 	case B43_BUS_BCMA:
4855 		bcma_host_pci_irq_ctl(dev->dev->bdev->bus,
4856 				      dev->dev->bdev, true);
4857 		bcma_host_pci_up(dev->dev->bdev->bus);
4858 		break;
4859 #endif
4860 #ifdef CONFIG_B43_SSB
4861 	case B43_BUS_SSB:
4862 		ssb_pcicore_dev_irqvecs_enable(&dev->dev->sdev->bus->pcicore,
4863 					       dev->dev->sdev);
4864 		break;
4865 #endif
4866 	}
4867 
4868 	b43_imcfglo_timeouts_workaround(dev);
4869 	b43_bluetooth_coext_disable(dev);
4870 	if (phy->ops->prepare_hardware) {
4871 		err = phy->ops->prepare_hardware(dev);
4872 		if (err)
4873 			goto err_busdown;
4874 	}
4875 	err = b43_chip_init(dev);
4876 	if (err)
4877 		goto err_busdown;
4878 	b43_shm_write16(dev, B43_SHM_SHARED,
4879 			B43_SHM_SH_WLCOREREV, dev->dev->core_rev);
4880 	hf = b43_hf_read(dev);
4881 	if (phy->type == B43_PHYTYPE_G) {
4882 		hf |= B43_HF_SYMW;
4883 		if (phy->rev == 1)
4884 			hf |= B43_HF_GDCW;
4885 		if (sprom->boardflags_lo & B43_BFL_PACTRL)
4886 			hf |= B43_HF_OFDMPABOOST;
4887 	}
4888 	if (phy->radio_ver == 0x2050) {
4889 		if (phy->radio_rev == 6)
4890 			hf |= B43_HF_4318TSSI;
4891 		if (phy->radio_rev < 6)
4892 			hf |= B43_HF_VCORECALC;
4893 	}
4894 	if (sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW)
4895 		hf |= B43_HF_DSCRQ; /* Disable slowclock requests from ucode. */
4896 #if defined(CONFIG_B43_SSB) && defined(CONFIG_SSB_DRIVER_PCICORE)
4897 	if (dev->dev->bus_type == B43_BUS_SSB &&
4898 	    dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI &&
4899 	    dev->dev->sdev->bus->pcicore.dev->id.revision <= 10)
4900 		hf |= B43_HF_PCISCW; /* PCI slow clock workaround. */
4901 #endif
4902 	hf &= ~B43_HF_SKCFPUP;
4903 	b43_hf_write(dev, hf);
4904 
4905 	/* tell the ucode MAC capabilities */
4906 	if (dev->dev->core_rev >= 13) {
4907 		u32 mac_hw_cap = b43_read32(dev, B43_MMIO_MAC_HW_CAP);
4908 
4909 		b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_MACHW_L,
4910 				mac_hw_cap & 0xffff);
4911 		b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_MACHW_H,
4912 				(mac_hw_cap >> 16) & 0xffff);
4913 	}
4914 
4915 	b43_set_retry_limits(dev, B43_DEFAULT_SHORT_RETRY_LIMIT,
4916 			     B43_DEFAULT_LONG_RETRY_LIMIT);
4917 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_SFFBLIM, 3);
4918 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_LFFBLIM, 2);
4919 
4920 	/* Disable sending probe responses from firmware.
4921 	 * Setting the MaxTime to one usec will always trigger
4922 	 * a timeout, so we never send any probe resp.
4923 	 * A timeout of zero is infinite. */
4924 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PRMAXTIME, 1);
4925 
4926 	b43_rate_memory_init(dev);
4927 	b43_set_phytxctl_defaults(dev);
4928 
4929 	/* Minimum Contention Window */
4930 	if (phy->type == B43_PHYTYPE_B)
4931 		b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0x1F);
4932 	else
4933 		b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MINCONT, 0xF);
4934 	/* Maximum Contention Window */
4935 	b43_shm_write16(dev, B43_SHM_SCRATCH, B43_SHM_SC_MAXCONT, 0x3FF);
4936 
4937 	/* write phytype and phyvers */
4938 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PHYTYPE, phy->type);
4939 	b43_shm_write16(dev, B43_SHM_SHARED, B43_SHM_SH_PHYVER, phy->rev);
4940 
4941 	if (b43_bus_host_is_pcmcia(dev->dev) ||
4942 	    b43_bus_host_is_sdio(dev->dev)) {
4943 		dev->__using_pio_transfers = true;
4944 		err = b43_pio_init(dev);
4945 	} else if (dev->use_pio) {
4946 		b43warn(dev->wl, "Forced PIO by use_pio module parameter. "
4947 			"This should not be needed and will result in lower "
4948 			"performance.\n");
4949 		dev->__using_pio_transfers = true;
4950 		err = b43_pio_init(dev);
4951 	} else {
4952 		dev->__using_pio_transfers = false;
4953 		err = b43_dma_init(dev);
4954 	}
4955 	if (err)
4956 		goto err_chip_exit;
4957 	b43_qos_init(dev);
4958 	b43_set_synth_pu_delay(dev, 1);
4959 	b43_bluetooth_coext_enable(dev);
4960 
4961 	b43_bus_powerup(dev, !(sprom->boardflags_lo & B43_BFL_XTAL_NOSLOW));
4962 	b43_upload_card_macaddress(dev);
4963 	b43_security_init(dev);
4964 
4965 	ieee80211_wake_queues(dev->wl->hw);
4966 
4967 	b43_set_status(dev, B43_STAT_INITIALIZED);
4968 
4969 out:
4970 	return err;
4971 
4972 err_chip_exit:
4973 	b43_chip_exit(dev);
4974 err_busdown:
4975 	b43_bus_may_powerdown(dev);
4976 	B43_WARN_ON(b43_status(dev) != B43_STAT_UNINIT);
4977 	return err;
4978 }
4979 
4980 static int b43_op_add_interface(struct ieee80211_hw *hw,
4981 				struct ieee80211_vif *vif)
4982 {
4983 	struct b43_wl *wl = hw_to_b43_wl(hw);
4984 	struct b43_wldev *dev;
4985 	int err = -EOPNOTSUPP;
4986 
4987 	/* TODO: allow WDS/AP devices to coexist */
4988 
4989 	if (vif->type != NL80211_IFTYPE_AP &&
4990 	    vif->type != NL80211_IFTYPE_MESH_POINT &&
4991 	    vif->type != NL80211_IFTYPE_STATION &&
4992 	    vif->type != NL80211_IFTYPE_WDS &&
4993 	    vif->type != NL80211_IFTYPE_ADHOC)
4994 		return -EOPNOTSUPP;
4995 
4996 	mutex_lock(&wl->mutex);
4997 	if (wl->operating)
4998 		goto out_mutex_unlock;
4999 
5000 	b43dbg(wl, "Adding Interface type %d\n", vif->type);
5001 
5002 	dev = wl->current_dev;
5003 	wl->operating = true;
5004 	wl->vif = vif;
5005 	wl->if_type = vif->type;
5006 	memcpy(wl->mac_addr, vif->addr, ETH_ALEN);
5007 
5008 	b43_adjust_opmode(dev);
5009 	b43_set_pretbtt(dev);
5010 	b43_set_synth_pu_delay(dev, 0);
5011 	b43_upload_card_macaddress(dev);
5012 
5013 	err = 0;
5014  out_mutex_unlock:
5015 	mutex_unlock(&wl->mutex);
5016 
5017 	if (err == 0)
5018 		b43_op_bss_info_changed(hw, vif, &vif->bss_conf, ~0);
5019 
5020 	return err;
5021 }
5022 
5023 static void b43_op_remove_interface(struct ieee80211_hw *hw,
5024 				    struct ieee80211_vif *vif)
5025 {
5026 	struct b43_wl *wl = hw_to_b43_wl(hw);
5027 	struct b43_wldev *dev = wl->current_dev;
5028 
5029 	b43dbg(wl, "Removing Interface type %d\n", vif->type);
5030 
5031 	mutex_lock(&wl->mutex);
5032 
5033 	B43_WARN_ON(!wl->operating);
5034 	B43_WARN_ON(wl->vif != vif);
5035 	wl->vif = NULL;
5036 
5037 	wl->operating = false;
5038 
5039 	b43_adjust_opmode(dev);
5040 	eth_zero_addr(wl->mac_addr);
5041 	b43_upload_card_macaddress(dev);
5042 
5043 	mutex_unlock(&wl->mutex);
5044 }
5045 
5046 static int b43_op_start(struct ieee80211_hw *hw)
5047 {
5048 	struct b43_wl *wl = hw_to_b43_wl(hw);
5049 	struct b43_wldev *dev = wl->current_dev;
5050 	int did_init = 0;
5051 	int err = 0;
5052 
5053 	/* Kill all old instance specific information to make sure
5054 	 * the card won't use it in the short timeframe between start
5055 	 * and mac80211 reconfiguring it. */
5056 	eth_zero_addr(wl->bssid);
5057 	eth_zero_addr(wl->mac_addr);
5058 	wl->filter_flags = 0;
5059 	wl->radiotap_enabled = false;
5060 	b43_qos_clear(wl);
5061 	wl->beacon0_uploaded = false;
5062 	wl->beacon1_uploaded = false;
5063 	wl->beacon_templates_virgin = true;
5064 	wl->radio_enabled = true;
5065 
5066 	mutex_lock(&wl->mutex);
5067 
5068 	if (b43_status(dev) < B43_STAT_INITIALIZED) {
5069 		err = b43_wireless_core_init(dev);
5070 		if (err)
5071 			goto out_mutex_unlock;
5072 		did_init = 1;
5073 	}
5074 
5075 	if (b43_status(dev) < B43_STAT_STARTED) {
5076 		err = b43_wireless_core_start(dev);
5077 		if (err) {
5078 			if (did_init)
5079 				b43_wireless_core_exit(dev);
5080 			goto out_mutex_unlock;
5081 		}
5082 	}
5083 
5084 	/* XXX: only do if device doesn't support rfkill irq */
5085 	wiphy_rfkill_start_polling(hw->wiphy);
5086 
5087  out_mutex_unlock:
5088 	mutex_unlock(&wl->mutex);
5089 
5090 	/*
5091 	 * Configuration may have been overwritten during initialization.
5092 	 * Reload the configuration, but only if initialization was
5093 	 * successful. Reloading the configuration after a failed init
5094 	 * may hang the system.
5095 	 */
5096 	if (!err)
5097 		b43_op_config(hw, ~0);
5098 
5099 	return err;
5100 }
5101 
5102 static void b43_op_stop(struct ieee80211_hw *hw)
5103 {
5104 	struct b43_wl *wl = hw_to_b43_wl(hw);
5105 	struct b43_wldev *dev = wl->current_dev;
5106 
5107 	cancel_work_sync(&(wl->beacon_update_trigger));
5108 
5109 	if (!dev)
5110 		goto out;
5111 
5112 	mutex_lock(&wl->mutex);
5113 	if (b43_status(dev) >= B43_STAT_STARTED) {
5114 		dev = b43_wireless_core_stop(dev);
5115 		if (!dev)
5116 			goto out_unlock;
5117 	}
5118 	b43_wireless_core_exit(dev);
5119 	wl->radio_enabled = false;
5120 
5121 out_unlock:
5122 	mutex_unlock(&wl->mutex);
5123 out:
5124 	cancel_work_sync(&(wl->txpower_adjust_work));
5125 }
5126 
5127 static int b43_op_beacon_set_tim(struct ieee80211_hw *hw,
5128 				 struct ieee80211_sta *sta, bool set)
5129 {
5130 	struct b43_wl *wl = hw_to_b43_wl(hw);
5131 
5132 	b43_update_templates(wl);
5133 
5134 	return 0;
5135 }
5136 
5137 static void b43_op_sta_notify(struct ieee80211_hw *hw,
5138 			      struct ieee80211_vif *vif,
5139 			      enum sta_notify_cmd notify_cmd,
5140 			      struct ieee80211_sta *sta)
5141 {
5142 	struct b43_wl *wl = hw_to_b43_wl(hw);
5143 
5144 	B43_WARN_ON(!vif || wl->vif != vif);
5145 }
5146 
5147 static void b43_op_sw_scan_start_notifier(struct ieee80211_hw *hw,
5148 					  struct ieee80211_vif *vif,
5149 					  const u8 *mac_addr)
5150 {
5151 	struct b43_wl *wl = hw_to_b43_wl(hw);
5152 	struct b43_wldev *dev;
5153 
5154 	mutex_lock(&wl->mutex);
5155 	dev = wl->current_dev;
5156 	if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
5157 		/* Disable CFP update during scan on other channels. */
5158 		b43_hf_write(dev, b43_hf_read(dev) | B43_HF_SKCFPUP);
5159 	}
5160 	mutex_unlock(&wl->mutex);
5161 }
5162 
5163 static void b43_op_sw_scan_complete_notifier(struct ieee80211_hw *hw,
5164 					     struct ieee80211_vif *vif)
5165 {
5166 	struct b43_wl *wl = hw_to_b43_wl(hw);
5167 	struct b43_wldev *dev;
5168 
5169 	mutex_lock(&wl->mutex);
5170 	dev = wl->current_dev;
5171 	if (dev && (b43_status(dev) >= B43_STAT_INITIALIZED)) {
5172 		/* Re-enable CFP update. */
5173 		b43_hf_write(dev, b43_hf_read(dev) & ~B43_HF_SKCFPUP);
5174 	}
5175 	mutex_unlock(&wl->mutex);
5176 }
5177 
5178 static int b43_op_get_survey(struct ieee80211_hw *hw, int idx,
5179 			     struct survey_info *survey)
5180 {
5181 	struct b43_wl *wl = hw_to_b43_wl(hw);
5182 	struct b43_wldev *dev = wl->current_dev;
5183 	struct ieee80211_conf *conf = &hw->conf;
5184 
5185 	if (idx != 0)
5186 		return -ENOENT;
5187 
5188 	survey->channel = conf->chandef.chan;
5189 	survey->filled = SURVEY_INFO_NOISE_DBM;
5190 	survey->noise = dev->stats.link_noise;
5191 
5192 	return 0;
5193 }
5194 
5195 static const struct ieee80211_ops b43_hw_ops = {
5196 	.tx			= b43_op_tx,
5197 	.conf_tx		= b43_op_conf_tx,
5198 	.add_interface		= b43_op_add_interface,
5199 	.remove_interface	= b43_op_remove_interface,
5200 	.config			= b43_op_config,
5201 	.bss_info_changed	= b43_op_bss_info_changed,
5202 	.configure_filter	= b43_op_configure_filter,
5203 	.set_key		= b43_op_set_key,
5204 	.update_tkip_key	= b43_op_update_tkip_key,
5205 	.get_stats		= b43_op_get_stats,
5206 	.get_tsf		= b43_op_get_tsf,
5207 	.set_tsf		= b43_op_set_tsf,
5208 	.start			= b43_op_start,
5209 	.stop			= b43_op_stop,
5210 	.set_tim		= b43_op_beacon_set_tim,
5211 	.sta_notify		= b43_op_sta_notify,
5212 	.sw_scan_start		= b43_op_sw_scan_start_notifier,
5213 	.sw_scan_complete	= b43_op_sw_scan_complete_notifier,
5214 	.get_survey		= b43_op_get_survey,
5215 	.rfkill_poll		= b43_rfkill_poll,
5216 };
5217 
5218 /* Hard-reset the chip. Do not call this directly.
5219  * Use b43_controller_restart()
5220  */
5221 static void b43_chip_reset(struct work_struct *work)
5222 {
5223 	struct b43_wldev *dev =
5224 	    container_of(work, struct b43_wldev, restart_work);
5225 	struct b43_wl *wl = dev->wl;
5226 	int err = 0;
5227 	int prev_status;
5228 
5229 	mutex_lock(&wl->mutex);
5230 
5231 	prev_status = b43_status(dev);
5232 	/* Bring the device down... */
5233 	if (prev_status >= B43_STAT_STARTED) {
5234 		dev = b43_wireless_core_stop(dev);
5235 		if (!dev) {
5236 			err = -ENODEV;
5237 			goto out;
5238 		}
5239 	}
5240 	if (prev_status >= B43_STAT_INITIALIZED)
5241 		b43_wireless_core_exit(dev);
5242 
5243 	/* ...and up again. */
5244 	if (prev_status >= B43_STAT_INITIALIZED) {
5245 		err = b43_wireless_core_init(dev);
5246 		if (err)
5247 			goto out;
5248 	}
5249 	if (prev_status >= B43_STAT_STARTED) {
5250 		err = b43_wireless_core_start(dev);
5251 		if (err) {
5252 			b43_wireless_core_exit(dev);
5253 			goto out;
5254 		}
5255 	}
5256 out:
5257 	if (err)
5258 		wl->current_dev = NULL; /* Failed to init the dev. */
5259 	mutex_unlock(&wl->mutex);
5260 
5261 	if (err) {
5262 		b43err(wl, "Controller restart FAILED\n");
5263 		return;
5264 	}
5265 
5266 	/* reload configuration */
5267 	b43_op_config(wl->hw, ~0);
5268 	if (wl->vif)
5269 		b43_op_bss_info_changed(wl->hw, wl->vif, &wl->vif->bss_conf, ~0);
5270 
5271 	b43info(wl, "Controller restarted\n");
5272 }
5273 
5274 static int b43_setup_bands(struct b43_wldev *dev,
5275 			   bool have_2ghz_phy, bool have_5ghz_phy)
5276 {
5277 	struct ieee80211_hw *hw = dev->wl->hw;
5278 	struct b43_phy *phy = &dev->phy;
5279 	bool limited_2g;
5280 	bool limited_5g;
5281 
5282 	/* We don't support all 2 GHz channels on some devices */
5283 	limited_2g = phy->radio_ver == 0x2057 &&
5284 		     (phy->radio_rev == 9 || phy->radio_rev == 14);
5285 	limited_5g = phy->radio_ver == 0x2057 &&
5286 		     phy->radio_rev == 9;
5287 
5288 	if (have_2ghz_phy)
5289 		hw->wiphy->bands[NL80211_BAND_2GHZ] = limited_2g ?
5290 			&b43_band_2ghz_limited : &b43_band_2GHz;
5291 	if (dev->phy.type == B43_PHYTYPE_N) {
5292 		if (have_5ghz_phy)
5293 			hw->wiphy->bands[NL80211_BAND_5GHZ] = limited_5g ?
5294 				&b43_band_5GHz_nphy_limited :
5295 				&b43_band_5GHz_nphy;
5296 	} else {
5297 		if (have_5ghz_phy)
5298 			hw->wiphy->bands[NL80211_BAND_5GHZ] = &b43_band_5GHz_aphy;
5299 	}
5300 
5301 	dev->phy.supports_2ghz = have_2ghz_phy;
5302 	dev->phy.supports_5ghz = have_5ghz_phy;
5303 
5304 	return 0;
5305 }
5306 
5307 static void b43_wireless_core_detach(struct b43_wldev *dev)
5308 {
5309 	/* We release firmware that late to not be required to re-request
5310 	 * is all the time when we reinit the core. */
5311 	b43_release_firmware(dev);
5312 	b43_phy_free(dev);
5313 }
5314 
5315 static void b43_supported_bands(struct b43_wldev *dev, bool *have_2ghz_phy,
5316 				bool *have_5ghz_phy)
5317 {
5318 	u16 dev_id = 0;
5319 
5320 #ifdef CONFIG_B43_BCMA
5321 	if (dev->dev->bus_type == B43_BUS_BCMA &&
5322 	    dev->dev->bdev->bus->hosttype == BCMA_HOSTTYPE_PCI)
5323 		dev_id = dev->dev->bdev->bus->host_pci->device;
5324 #endif
5325 #ifdef CONFIG_B43_SSB
5326 	if (dev->dev->bus_type == B43_BUS_SSB &&
5327 	    dev->dev->sdev->bus->bustype == SSB_BUSTYPE_PCI)
5328 		dev_id = dev->dev->sdev->bus->host_pci->device;
5329 #endif
5330 	/* Override with SPROM value if available */
5331 	if (dev->dev->bus_sprom->dev_id)
5332 		dev_id = dev->dev->bus_sprom->dev_id;
5333 
5334 	/* Note: below IDs can be "virtual" (not maching e.g. real PCI ID) */
5335 	switch (dev_id) {
5336 	case 0x4324: /* BCM4306 */
5337 	case 0x4312: /* BCM4311 */
5338 	case 0x4319: /* BCM4318 */
5339 	case 0x4328: /* BCM4321 */
5340 	case 0x432b: /* BCM4322 */
5341 	case 0x4350: /* BCM43222 */
5342 	case 0x4353: /* BCM43224 */
5343 	case 0x0576: /* BCM43224 */
5344 	case 0x435f: /* BCM6362 */
5345 	case 0x4331: /* BCM4331 */
5346 	case 0x4359: /* BCM43228 */
5347 	case 0x43a0: /* BCM4360 */
5348 	case 0x43b1: /* BCM4352 */
5349 		/* Dual band devices */
5350 		*have_2ghz_phy = true;
5351 		*have_5ghz_phy = true;
5352 		return;
5353 	case 0x4321: /* BCM4306 */
5354 		/* There are 14e4:4321 PCI devs with 2.4 GHz BCM4321 (N-PHY) */
5355 		if (dev->phy.type != B43_PHYTYPE_G)
5356 			break;
5357 		/* fall through */
5358 	case 0x4313: /* BCM4311 */
5359 	case 0x431a: /* BCM4318 */
5360 	case 0x432a: /* BCM4321 */
5361 	case 0x432d: /* BCM4322 */
5362 	case 0x4352: /* BCM43222 */
5363 	case 0x435a: /* BCM43228 */
5364 	case 0x4333: /* BCM4331 */
5365 	case 0x43a2: /* BCM4360 */
5366 	case 0x43b3: /* BCM4352 */
5367 		/* 5 GHz only devices */
5368 		*have_2ghz_phy = false;
5369 		*have_5ghz_phy = true;
5370 		return;
5371 	}
5372 
5373 	/* As a fallback, try to guess using PHY type */
5374 	switch (dev->phy.type) {
5375 	case B43_PHYTYPE_G:
5376 	case B43_PHYTYPE_N:
5377 	case B43_PHYTYPE_LP:
5378 	case B43_PHYTYPE_HT:
5379 	case B43_PHYTYPE_LCN:
5380 		*have_2ghz_phy = true;
5381 		*have_5ghz_phy = false;
5382 		return;
5383 	}
5384 
5385 	B43_WARN_ON(1);
5386 }
5387 
5388 static int b43_wireless_core_attach(struct b43_wldev *dev)
5389 {
5390 	struct b43_wl *wl = dev->wl;
5391 	struct b43_phy *phy = &dev->phy;
5392 	int err;
5393 	u32 tmp;
5394 	bool have_2ghz_phy = false, have_5ghz_phy = false;
5395 
5396 	/* Do NOT do any device initialization here.
5397 	 * Do it in wireless_core_init() instead.
5398 	 * This function is for gathering basic information about the HW, only.
5399 	 * Also some structs may be set up here. But most likely you want to have
5400 	 * that in core_init(), too.
5401 	 */
5402 
5403 	err = b43_bus_powerup(dev, 0);
5404 	if (err) {
5405 		b43err(wl, "Bus powerup failed\n");
5406 		goto out;
5407 	}
5408 
5409 	phy->do_full_init = true;
5410 
5411 	/* Try to guess supported bands for the first init needs */
5412 	switch (dev->dev->bus_type) {
5413 #ifdef CONFIG_B43_BCMA
5414 	case B43_BUS_BCMA:
5415 		tmp = bcma_aread32(dev->dev->bdev, BCMA_IOST);
5416 		have_2ghz_phy = !!(tmp & B43_BCMA_IOST_2G_PHY);
5417 		have_5ghz_phy = !!(tmp & B43_BCMA_IOST_5G_PHY);
5418 		break;
5419 #endif
5420 #ifdef CONFIG_B43_SSB
5421 	case B43_BUS_SSB:
5422 		if (dev->dev->core_rev >= 5) {
5423 			tmp = ssb_read32(dev->dev->sdev, SSB_TMSHIGH);
5424 			have_2ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_2GHZ_PHY);
5425 			have_5ghz_phy = !!(tmp & B43_TMSHIGH_HAVE_5GHZ_PHY);
5426 		} else
5427 			B43_WARN_ON(1);
5428 		break;
5429 #endif
5430 	}
5431 
5432 	dev->phy.gmode = have_2ghz_phy;
5433 	b43_wireless_core_reset(dev, dev->phy.gmode);
5434 
5435 	/* Get the PHY type. */
5436 	err = b43_phy_versioning(dev);
5437 	if (err)
5438 		goto err_powerdown;
5439 
5440 	/* Get real info about supported bands */
5441 	b43_supported_bands(dev, &have_2ghz_phy, &have_5ghz_phy);
5442 
5443 	/* We don't support 5 GHz on some PHYs yet */
5444 	if (have_5ghz_phy) {
5445 		switch (dev->phy.type) {
5446 		case B43_PHYTYPE_G:
5447 		case B43_PHYTYPE_LP:
5448 		case B43_PHYTYPE_HT:
5449 			b43warn(wl, "5 GHz band is unsupported on this PHY\n");
5450 			have_5ghz_phy = false;
5451 		}
5452 	}
5453 
5454 	if (!have_2ghz_phy && !have_5ghz_phy) {
5455 		b43err(wl, "b43 can't support any band on this device\n");
5456 		err = -EOPNOTSUPP;
5457 		goto err_powerdown;
5458 	}
5459 
5460 	err = b43_phy_allocate(dev);
5461 	if (err)
5462 		goto err_powerdown;
5463 
5464 	dev->phy.gmode = have_2ghz_phy;
5465 	b43_wireless_core_reset(dev, dev->phy.gmode);
5466 
5467 	err = b43_validate_chipaccess(dev);
5468 	if (err)
5469 		goto err_phy_free;
5470 	err = b43_setup_bands(dev, have_2ghz_phy, have_5ghz_phy);
5471 	if (err)
5472 		goto err_phy_free;
5473 
5474 	/* Now set some default "current_dev" */
5475 	if (!wl->current_dev)
5476 		wl->current_dev = dev;
5477 	INIT_WORK(&dev->restart_work, b43_chip_reset);
5478 
5479 	dev->phy.ops->switch_analog(dev, 0);
5480 	b43_device_disable(dev, 0);
5481 	b43_bus_may_powerdown(dev);
5482 
5483 out:
5484 	return err;
5485 
5486 err_phy_free:
5487 	b43_phy_free(dev);
5488 err_powerdown:
5489 	b43_bus_may_powerdown(dev);
5490 	return err;
5491 }
5492 
5493 static void b43_one_core_detach(struct b43_bus_dev *dev)
5494 {
5495 	struct b43_wldev *wldev;
5496 
5497 	/* Do not cancel ieee80211-workqueue based work here.
5498 	 * See comment in b43_remove(). */
5499 
5500 	wldev = b43_bus_get_wldev(dev);
5501 	b43_debugfs_remove_device(wldev);
5502 	b43_wireless_core_detach(wldev);
5503 	list_del(&wldev->list);
5504 	b43_bus_set_wldev(dev, NULL);
5505 	kfree(wldev);
5506 }
5507 
5508 static int b43_one_core_attach(struct b43_bus_dev *dev, struct b43_wl *wl)
5509 {
5510 	struct b43_wldev *wldev;
5511 	int err = -ENOMEM;
5512 
5513 	wldev = kzalloc(sizeof(*wldev), GFP_KERNEL);
5514 	if (!wldev)
5515 		goto out;
5516 
5517 	wldev->use_pio = b43_modparam_pio;
5518 	wldev->dev = dev;
5519 	wldev->wl = wl;
5520 	b43_set_status(wldev, B43_STAT_UNINIT);
5521 	wldev->bad_frames_preempt = modparam_bad_frames_preempt;
5522 	INIT_LIST_HEAD(&wldev->list);
5523 
5524 	err = b43_wireless_core_attach(wldev);
5525 	if (err)
5526 		goto err_kfree_wldev;
5527 
5528 	b43_bus_set_wldev(dev, wldev);
5529 	b43_debugfs_add_device(wldev);
5530 
5531       out:
5532 	return err;
5533 
5534       err_kfree_wldev:
5535 	kfree(wldev);
5536 	return err;
5537 }
5538 
5539 #define IS_PDEV(pdev, _vendor, _device, _subvendor, _subdevice)		( \
5540 	(pdev->vendor == PCI_VENDOR_ID_##_vendor) &&			\
5541 	(pdev->device == _device) &&					\
5542 	(pdev->subsystem_vendor == PCI_VENDOR_ID_##_subvendor) &&	\
5543 	(pdev->subsystem_device == _subdevice)				)
5544 
5545 #ifdef CONFIG_B43_SSB
5546 static void b43_sprom_fixup(struct ssb_bus *bus)
5547 {
5548 	struct pci_dev *pdev;
5549 
5550 	/* boardflags workarounds */
5551 	if (bus->boardinfo.vendor == SSB_BOARDVENDOR_DELL &&
5552 	    bus->chip_id == 0x4301 && bus->sprom.board_rev == 0x74)
5553 		bus->sprom.boardflags_lo |= B43_BFL_BTCOEXIST;
5554 	if (bus->boardinfo.vendor == PCI_VENDOR_ID_APPLE &&
5555 	    bus->boardinfo.type == 0x4E && bus->sprom.board_rev > 0x40)
5556 		bus->sprom.boardflags_lo |= B43_BFL_PACTRL;
5557 	if (bus->bustype == SSB_BUSTYPE_PCI) {
5558 		pdev = bus->host_pci;
5559 		if (IS_PDEV(pdev, BROADCOM, 0x4318, ASUSTEK, 0x100F) ||
5560 		    IS_PDEV(pdev, BROADCOM, 0x4320,    DELL, 0x0003) ||
5561 		    IS_PDEV(pdev, BROADCOM, 0x4320,      HP, 0x12f8) ||
5562 		    IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0015) ||
5563 		    IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0014) ||
5564 		    IS_PDEV(pdev, BROADCOM, 0x4320, LINKSYS, 0x0013) ||
5565 		    IS_PDEV(pdev, BROADCOM, 0x4320, MOTOROLA, 0x7010))
5566 			bus->sprom.boardflags_lo &= ~B43_BFL_BTCOEXIST;
5567 	}
5568 }
5569 
5570 static void b43_wireless_exit(struct b43_bus_dev *dev, struct b43_wl *wl)
5571 {
5572 	struct ieee80211_hw *hw = wl->hw;
5573 
5574 	ssb_set_devtypedata(dev->sdev, NULL);
5575 	ieee80211_free_hw(hw);
5576 }
5577 #endif
5578 
5579 static struct b43_wl *b43_wireless_init(struct b43_bus_dev *dev)
5580 {
5581 	struct ssb_sprom *sprom = dev->bus_sprom;
5582 	struct ieee80211_hw *hw;
5583 	struct b43_wl *wl;
5584 	char chip_name[6];
5585 	int queue_num;
5586 
5587 	hw = ieee80211_alloc_hw(sizeof(*wl), &b43_hw_ops);
5588 	if (!hw) {
5589 		b43err(NULL, "Could not allocate ieee80211 device\n");
5590 		return ERR_PTR(-ENOMEM);
5591 	}
5592 	wl = hw_to_b43_wl(hw);
5593 
5594 	/* fill hw info */
5595 	ieee80211_hw_set(hw, RX_INCLUDES_FCS);
5596 	ieee80211_hw_set(hw, SIGNAL_DBM);
5597 
5598 	hw->wiphy->interface_modes =
5599 		BIT(NL80211_IFTYPE_AP) |
5600 		BIT(NL80211_IFTYPE_MESH_POINT) |
5601 		BIT(NL80211_IFTYPE_STATION) |
5602 #ifdef CONFIG_WIRELESS_WDS
5603 		BIT(NL80211_IFTYPE_WDS) |
5604 #endif
5605 		BIT(NL80211_IFTYPE_ADHOC);
5606 
5607 	hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
5608 
5609 	wiphy_ext_feature_set(hw->wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST);
5610 
5611 	wl->hw_registered = false;
5612 	hw->max_rates = 2;
5613 	SET_IEEE80211_DEV(hw, dev->dev);
5614 	if (is_valid_ether_addr(sprom->et1mac))
5615 		SET_IEEE80211_PERM_ADDR(hw, sprom->et1mac);
5616 	else
5617 		SET_IEEE80211_PERM_ADDR(hw, sprom->il0mac);
5618 
5619 	/* Initialize struct b43_wl */
5620 	wl->hw = hw;
5621 	mutex_init(&wl->mutex);
5622 	spin_lock_init(&wl->hardirq_lock);
5623 	spin_lock_init(&wl->beacon_lock);
5624 	INIT_WORK(&wl->beacon_update_trigger, b43_beacon_update_trigger_work);
5625 	INIT_WORK(&wl->txpower_adjust_work, b43_phy_txpower_adjust_work);
5626 	INIT_WORK(&wl->tx_work, b43_tx_work);
5627 
5628 	/* Initialize queues and flags. */
5629 	for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) {
5630 		skb_queue_head_init(&wl->tx_queue[queue_num]);
5631 		wl->tx_queue_stopped[queue_num] = 0;
5632 	}
5633 
5634 	snprintf(chip_name, ARRAY_SIZE(chip_name),
5635 		 (dev->chip_id > 0x9999) ? "%d" : "%04X", dev->chip_id);
5636 	b43info(wl, "Broadcom %s WLAN found (core revision %u)\n", chip_name,
5637 		dev->core_rev);
5638 	return wl;
5639 }
5640 
5641 #ifdef CONFIG_B43_BCMA
5642 static int b43_bcma_probe(struct bcma_device *core)
5643 {
5644 	struct b43_bus_dev *dev;
5645 	struct b43_wl *wl;
5646 	int err;
5647 
5648 	if (!modparam_allhwsupport &&
5649 	    (core->id.rev == 0x17 || core->id.rev == 0x18)) {
5650 		pr_err("Support for cores revisions 0x17 and 0x18 disabled by module param allhwsupport=0. Try b43.allhwsupport=1\n");
5651 		return -ENOTSUPP;
5652 	}
5653 
5654 	dev = b43_bus_dev_bcma_init(core);
5655 	if (!dev)
5656 		return -ENODEV;
5657 
5658 	wl = b43_wireless_init(dev);
5659 	if (IS_ERR(wl)) {
5660 		err = PTR_ERR(wl);
5661 		goto bcma_out;
5662 	}
5663 
5664 	err = b43_one_core_attach(dev, wl);
5665 	if (err)
5666 		goto bcma_err_wireless_exit;
5667 
5668 	/* setup and start work to load firmware */
5669 	INIT_WORK(&wl->firmware_load, b43_request_firmware);
5670 	schedule_work(&wl->firmware_load);
5671 
5672 	return err;
5673 
5674 bcma_err_wireless_exit:
5675 	ieee80211_free_hw(wl->hw);
5676 bcma_out:
5677 	kfree(dev);
5678 	return err;
5679 }
5680 
5681 static void b43_bcma_remove(struct bcma_device *core)
5682 {
5683 	struct b43_wldev *wldev = bcma_get_drvdata(core);
5684 	struct b43_wl *wl = wldev->wl;
5685 
5686 	/* We must cancel any work here before unregistering from ieee80211,
5687 	 * as the ieee80211 unreg will destroy the workqueue. */
5688 	cancel_work_sync(&wldev->restart_work);
5689 	cancel_work_sync(&wl->firmware_load);
5690 
5691 	B43_WARN_ON(!wl);
5692 	if (!wldev->fw.ucode.data)
5693 		return;			/* NULL if firmware never loaded */
5694 	if (wl->current_dev == wldev && wl->hw_registered) {
5695 		b43_leds_stop(wldev);
5696 		ieee80211_unregister_hw(wl->hw);
5697 	}
5698 
5699 	b43_one_core_detach(wldev->dev);
5700 
5701 	/* Unregister HW RNG driver */
5702 	b43_rng_exit(wl);
5703 
5704 	b43_leds_unregister(wl);
5705 	ieee80211_free_hw(wl->hw);
5706 	kfree(wldev->dev);
5707 }
5708 
5709 static struct bcma_driver b43_bcma_driver = {
5710 	.name		= KBUILD_MODNAME,
5711 	.id_table	= b43_bcma_tbl,
5712 	.probe		= b43_bcma_probe,
5713 	.remove		= b43_bcma_remove,
5714 };
5715 #endif
5716 
5717 #ifdef CONFIG_B43_SSB
5718 static
5719 int b43_ssb_probe(struct ssb_device *sdev, const struct ssb_device_id *id)
5720 {
5721 	struct b43_bus_dev *dev;
5722 	struct b43_wl *wl;
5723 	int err;
5724 
5725 	dev = b43_bus_dev_ssb_init(sdev);
5726 	if (!dev)
5727 		return -ENOMEM;
5728 
5729 	wl = ssb_get_devtypedata(sdev);
5730 	if (wl) {
5731 		b43err(NULL, "Dual-core devices are not supported\n");
5732 		err = -ENOTSUPP;
5733 		goto err_ssb_kfree_dev;
5734 	}
5735 
5736 	b43_sprom_fixup(sdev->bus);
5737 
5738 	wl = b43_wireless_init(dev);
5739 	if (IS_ERR(wl)) {
5740 		err = PTR_ERR(wl);
5741 		goto err_ssb_kfree_dev;
5742 	}
5743 	ssb_set_devtypedata(sdev, wl);
5744 	B43_WARN_ON(ssb_get_devtypedata(sdev) != wl);
5745 
5746 	err = b43_one_core_attach(dev, wl);
5747 	if (err)
5748 		goto err_ssb_wireless_exit;
5749 
5750 	/* setup and start work to load firmware */
5751 	INIT_WORK(&wl->firmware_load, b43_request_firmware);
5752 	schedule_work(&wl->firmware_load);
5753 
5754 	return err;
5755 
5756 err_ssb_wireless_exit:
5757 	b43_wireless_exit(dev, wl);
5758 err_ssb_kfree_dev:
5759 	kfree(dev);
5760 	return err;
5761 }
5762 
5763 static void b43_ssb_remove(struct ssb_device *sdev)
5764 {
5765 	struct b43_wl *wl = ssb_get_devtypedata(sdev);
5766 	struct b43_wldev *wldev = ssb_get_drvdata(sdev);
5767 	struct b43_bus_dev *dev = wldev->dev;
5768 
5769 	/* We must cancel any work here before unregistering from ieee80211,
5770 	 * as the ieee80211 unreg will destroy the workqueue. */
5771 	cancel_work_sync(&wldev->restart_work);
5772 	cancel_work_sync(&wl->firmware_load);
5773 
5774 	B43_WARN_ON(!wl);
5775 	if (!wldev->fw.ucode.data)
5776 		return;			/* NULL if firmware never loaded */
5777 	if (wl->current_dev == wldev && wl->hw_registered) {
5778 		b43_leds_stop(wldev);
5779 		ieee80211_unregister_hw(wl->hw);
5780 	}
5781 
5782 	b43_one_core_detach(dev);
5783 
5784 	/* Unregister HW RNG driver */
5785 	b43_rng_exit(wl);
5786 
5787 	b43_leds_unregister(wl);
5788 	b43_wireless_exit(dev, wl);
5789 	kfree(dev);
5790 }
5791 
5792 static struct ssb_driver b43_ssb_driver = {
5793 	.name		= KBUILD_MODNAME,
5794 	.id_table	= b43_ssb_tbl,
5795 	.probe		= b43_ssb_probe,
5796 	.remove		= b43_ssb_remove,
5797 };
5798 #endif /* CONFIG_B43_SSB */
5799 
5800 /* Perform a hardware reset. This can be called from any context. */
5801 void b43_controller_restart(struct b43_wldev *dev, const char *reason)
5802 {
5803 	/* Must avoid requeueing, if we are in shutdown. */
5804 	if (b43_status(dev) < B43_STAT_INITIALIZED)
5805 		return;
5806 	b43info(dev->wl, "Controller RESET (%s) ...\n", reason);
5807 	ieee80211_queue_work(dev->wl->hw, &dev->restart_work);
5808 }
5809 
5810 static void b43_print_driverinfo(void)
5811 {
5812 	const char *feat_pci = "", *feat_pcmcia = "", *feat_nphy = "",
5813 		   *feat_leds = "", *feat_sdio = "";
5814 
5815 #ifdef CONFIG_B43_PCI_AUTOSELECT
5816 	feat_pci = "P";
5817 #endif
5818 #ifdef CONFIG_B43_PCMCIA
5819 	feat_pcmcia = "M";
5820 #endif
5821 #ifdef CONFIG_B43_PHY_N
5822 	feat_nphy = "N";
5823 #endif
5824 #ifdef CONFIG_B43_LEDS
5825 	feat_leds = "L";
5826 #endif
5827 #ifdef CONFIG_B43_SDIO
5828 	feat_sdio = "S";
5829 #endif
5830 	printk(KERN_INFO "Broadcom 43xx driver loaded "
5831 	       "[ Features: %s%s%s%s%s ]\n",
5832 	       feat_pci, feat_pcmcia, feat_nphy,
5833 	       feat_leds, feat_sdio);
5834 }
5835 
5836 static int __init b43_init(void)
5837 {
5838 	int err;
5839 
5840 	b43_debugfs_init();
5841 	err = b43_sdio_init();
5842 	if (err)
5843 		goto err_dfs_exit;
5844 #ifdef CONFIG_B43_BCMA
5845 	err = bcma_driver_register(&b43_bcma_driver);
5846 	if (err)
5847 		goto err_sdio_exit;
5848 #endif
5849 #ifdef CONFIG_B43_SSB
5850 	err = ssb_driver_register(&b43_ssb_driver);
5851 	if (err)
5852 		goto err_bcma_driver_exit;
5853 #endif
5854 	b43_print_driverinfo();
5855 
5856 	return err;
5857 
5858 #ifdef CONFIG_B43_SSB
5859 err_bcma_driver_exit:
5860 #endif
5861 #ifdef CONFIG_B43_BCMA
5862 	bcma_driver_unregister(&b43_bcma_driver);
5863 err_sdio_exit:
5864 #endif
5865 	b43_sdio_exit();
5866 err_dfs_exit:
5867 	b43_debugfs_exit();
5868 	return err;
5869 }
5870 
5871 static void __exit b43_exit(void)
5872 {
5873 #ifdef CONFIG_B43_SSB
5874 	ssb_driver_unregister(&b43_ssb_driver);
5875 #endif
5876 #ifdef CONFIG_B43_BCMA
5877 	bcma_driver_unregister(&b43_bcma_driver);
5878 #endif
5879 	b43_sdio_exit();
5880 	b43_debugfs_exit();
5881 }
5882 
5883 module_init(b43_init)
5884 module_exit(b43_exit)
5885