xref: /linux/drivers/net/wireless/broadcom/brcm80211/brcmsmac/mac80211_if.c (revision 300a0cfe9f375b2843bcb331bcfa7503475ef5dd)
1 /*
2  * Copyright (c) 2010 Broadcom Corporation
3  * Copyright (c) 2013 Hauke Mehrtens <hauke@hauke-m.de>
4  *
5  * Permission to use, copy, modify, and/or distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
12  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
14  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
15  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 
18 #define __UNDEF_NO_VERSION__
19 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
20 
21 #include <linux/etherdevice.h>
22 #include <linux/sched.h>
23 #include <linux/firmware.h>
24 #include <linux/interrupt.h>
25 #include <linux/module.h>
26 #include <linux/bcma/bcma.h>
27 #include <linux/string_choices.h>
28 #include <net/mac80211.h>
29 #include <defs.h>
30 #include "phy/phy_int.h"
31 #include "d11.h"
32 #include "channel.h"
33 #include "scb.h"
34 #include "pub.h"
35 #include "ucode_loader.h"
36 #include "mac80211_if.h"
37 #include "main.h"
38 #include "debug.h"
39 #include "led.h"
40 
41 #define N_TX_QUEUES	4 /* #tx queues on mac80211<->driver interface */
42 #define BRCMS_FLUSH_TIMEOUT	500 /* msec */
43 
44 /* Flags we support */
45 #define MAC_FILTERS (FIF_ALLMULTI | \
46 	FIF_FCSFAIL | \
47 	FIF_CONTROL | \
48 	FIF_OTHER_BSS | \
49 	FIF_BCN_PRBRESP_PROMISC | \
50 	FIF_PSPOLL)
51 
52 #define CHAN2GHZ(channel, frequency, chflags)  { \
53 	.band = NL80211_BAND_2GHZ, \
54 	.center_freq = (frequency), \
55 	.hw_value = (channel), \
56 	.flags = chflags, \
57 	.max_antenna_gain = 0, \
58 	.max_power = 19, \
59 }
60 
61 #define CHAN5GHZ(channel, chflags)  { \
62 	.band = NL80211_BAND_5GHZ, \
63 	.center_freq = 5000 + 5*(channel), \
64 	.hw_value = (channel), \
65 	.flags = chflags, \
66 	.max_antenna_gain = 0, \
67 	.max_power = 21, \
68 }
69 
70 #define RATE(rate100m, _flags) { \
71 	.bitrate = (rate100m), \
72 	.flags = (_flags), \
73 	.hw_value = (rate100m / 5), \
74 }
75 
76 struct firmware_hdr {
77 	__le32 offset;
78 	__le32 len;
79 	__le32 idx;
80 };
81 
82 static const char * const brcms_firmwares[MAX_FW_IMAGES] = {
83 	"brcm/bcm43xx",
84 	NULL
85 };
86 
87 static int n_adapters_found;
88 
89 MODULE_AUTHOR("Broadcom Corporation");
90 MODULE_DESCRIPTION("Broadcom 802.11n wireless LAN driver.");
91 MODULE_LICENSE("Dual BSD/GPL");
92 /* This needs to be adjusted when brcms_firmwares changes */
93 MODULE_FIRMWARE("brcm/bcm43xx-0.fw");
94 MODULE_FIRMWARE("brcm/bcm43xx_hdr-0.fw");
95 
96 /* recognized BCMA Core IDs */
97 static struct bcma_device_id brcms_coreid_table[] = {
98 	BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 17, BCMA_ANY_CLASS),
99 	BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 23, BCMA_ANY_CLASS),
100 	BCMA_CORE(BCMA_MANUF_BCM, BCMA_CORE_80211, 24, BCMA_ANY_CLASS),
101 	{},
102 };
103 MODULE_DEVICE_TABLE(bcma, brcms_coreid_table);
104 
105 #if defined(CONFIG_BRCMDBG)
106 /*
107  * Module parameter for setting the debug message level. Available
108  * flags are specified by the BRCM_DL_* macros in
109  * drivers/net/wireless/brcm80211/include/defs.h.
110  */
111 module_param_named(debug, brcm_msg_level, uint, 0644);
112 #endif
113 
114 static struct ieee80211_channel brcms_2ghz_chantable[] = {
115 	CHAN2GHZ(1, 2412, IEEE80211_CHAN_NO_HT40MINUS),
116 	CHAN2GHZ(2, 2417, IEEE80211_CHAN_NO_HT40MINUS),
117 	CHAN2GHZ(3, 2422, IEEE80211_CHAN_NO_HT40MINUS),
118 	CHAN2GHZ(4, 2427, IEEE80211_CHAN_NO_HT40MINUS),
119 	CHAN2GHZ(5, 2432, 0),
120 	CHAN2GHZ(6, 2437, 0),
121 	CHAN2GHZ(7, 2442, 0),
122 	CHAN2GHZ(8, 2447, IEEE80211_CHAN_NO_HT40PLUS),
123 	CHAN2GHZ(9, 2452, IEEE80211_CHAN_NO_HT40PLUS),
124 	CHAN2GHZ(10, 2457, IEEE80211_CHAN_NO_HT40PLUS),
125 	CHAN2GHZ(11, 2462, IEEE80211_CHAN_NO_HT40PLUS),
126 	CHAN2GHZ(12, 2467,
127 		 IEEE80211_CHAN_NO_IR |
128 		 IEEE80211_CHAN_NO_HT40PLUS),
129 	CHAN2GHZ(13, 2472,
130 		 IEEE80211_CHAN_NO_IR |
131 		 IEEE80211_CHAN_NO_HT40PLUS),
132 	CHAN2GHZ(14, 2484,
133 		 IEEE80211_CHAN_NO_IR |
134 		 IEEE80211_CHAN_NO_HT40PLUS | IEEE80211_CHAN_NO_HT40MINUS |
135 		 IEEE80211_CHAN_NO_OFDM)
136 };
137 
138 static struct ieee80211_channel brcms_5ghz_nphy_chantable[] = {
139 	/* UNII-1 */
140 	CHAN5GHZ(36, IEEE80211_CHAN_NO_HT40MINUS),
141 	CHAN5GHZ(40, IEEE80211_CHAN_NO_HT40PLUS),
142 	CHAN5GHZ(44, IEEE80211_CHAN_NO_HT40MINUS),
143 	CHAN5GHZ(48, IEEE80211_CHAN_NO_HT40PLUS),
144 	/* UNII-2 */
145 	CHAN5GHZ(52,
146 		 IEEE80211_CHAN_RADAR |
147 		 IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40MINUS),
148 	CHAN5GHZ(56,
149 		 IEEE80211_CHAN_RADAR |
150 		 IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS),
151 	CHAN5GHZ(60,
152 		 IEEE80211_CHAN_RADAR |
153 		 IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40MINUS),
154 	CHAN5GHZ(64,
155 		 IEEE80211_CHAN_RADAR |
156 		 IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS),
157 	/* MID */
158 	CHAN5GHZ(100,
159 		 IEEE80211_CHAN_RADAR |
160 		 IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40MINUS),
161 	CHAN5GHZ(104,
162 		 IEEE80211_CHAN_RADAR |
163 		 IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS),
164 	CHAN5GHZ(108,
165 		 IEEE80211_CHAN_RADAR |
166 		 IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40MINUS),
167 	CHAN5GHZ(112,
168 		 IEEE80211_CHAN_RADAR |
169 		 IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS),
170 	CHAN5GHZ(116,
171 		 IEEE80211_CHAN_RADAR |
172 		 IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40MINUS),
173 	CHAN5GHZ(120,
174 		 IEEE80211_CHAN_RADAR |
175 		 IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS),
176 	CHAN5GHZ(124,
177 		 IEEE80211_CHAN_RADAR |
178 		 IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40MINUS),
179 	CHAN5GHZ(128,
180 		 IEEE80211_CHAN_RADAR |
181 		 IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS),
182 	CHAN5GHZ(132,
183 		 IEEE80211_CHAN_RADAR |
184 		 IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40MINUS),
185 	CHAN5GHZ(136,
186 		 IEEE80211_CHAN_RADAR |
187 		 IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS),
188 	CHAN5GHZ(140,
189 		 IEEE80211_CHAN_RADAR |
190 		 IEEE80211_CHAN_NO_IR | IEEE80211_CHAN_NO_HT40PLUS |
191 		 IEEE80211_CHAN_NO_HT40MINUS),
192 	/* UNII-3 */
193 	CHAN5GHZ(149, IEEE80211_CHAN_NO_HT40MINUS),
194 	CHAN5GHZ(153, IEEE80211_CHAN_NO_HT40PLUS),
195 	CHAN5GHZ(157, IEEE80211_CHAN_NO_HT40MINUS),
196 	CHAN5GHZ(161, IEEE80211_CHAN_NO_HT40PLUS),
197 	CHAN5GHZ(165, IEEE80211_CHAN_NO_HT40PLUS | IEEE80211_CHAN_NO_HT40MINUS)
198 };
199 
200 /*
201  * The rate table is used for both 2.4G and 5G rates. The
202  * latter being a subset as it does not support CCK rates.
203  */
204 static struct ieee80211_rate legacy_ratetable[] = {
205 	RATE(10, 0),
206 	RATE(20, IEEE80211_RATE_SHORT_PREAMBLE),
207 	RATE(55, IEEE80211_RATE_SHORT_PREAMBLE),
208 	RATE(110, IEEE80211_RATE_SHORT_PREAMBLE),
209 	RATE(60, 0),
210 	RATE(90, 0),
211 	RATE(120, 0),
212 	RATE(180, 0),
213 	RATE(240, 0),
214 	RATE(360, 0),
215 	RATE(480, 0),
216 	RATE(540, 0),
217 };
218 
219 static const struct ieee80211_supported_band brcms_band_2GHz_nphy_template = {
220 	.band = NL80211_BAND_2GHZ,
221 	.channels = brcms_2ghz_chantable,
222 	.n_channels = ARRAY_SIZE(brcms_2ghz_chantable),
223 	.bitrates = legacy_ratetable,
224 	.n_bitrates = ARRAY_SIZE(legacy_ratetable),
225 	.ht_cap = {
226 		   /* from include/linux/ieee80211.h */
227 		   .cap = IEEE80211_HT_CAP_GRN_FLD |
228 			  IEEE80211_HT_CAP_SGI_20 | IEEE80211_HT_CAP_SGI_40,
229 		   .ht_supported = true,
230 		   .ampdu_factor = IEEE80211_HT_MAX_AMPDU_64K,
231 		   .ampdu_density = AMPDU_DEF_MPDU_DENSITY,
232 		   .mcs = {
233 			   /* placeholders for now */
234 			   .rx_mask = {0xff, 0xff, 0, 0, 0, 0, 0, 0, 0, 0},
235 			   .rx_highest = cpu_to_le16(500),
236 			   .tx_params = IEEE80211_HT_MCS_TX_DEFINED}
237 		   }
238 };
239 
240 static const struct ieee80211_supported_band brcms_band_5GHz_nphy_template = {
241 	.band = NL80211_BAND_5GHZ,
242 	.channels = brcms_5ghz_nphy_chantable,
243 	.n_channels = ARRAY_SIZE(brcms_5ghz_nphy_chantable),
244 	.bitrates = legacy_ratetable + BRCMS_LEGACY_5G_RATE_OFFSET,
245 	.n_bitrates = ARRAY_SIZE(legacy_ratetable) -
246 			BRCMS_LEGACY_5G_RATE_OFFSET,
247 	.ht_cap = {
248 		   .cap = IEEE80211_HT_CAP_GRN_FLD | IEEE80211_HT_CAP_SGI_20 |
249 			  IEEE80211_HT_CAP_SGI_40,
250 		   .ht_supported = true,
251 		   .ampdu_factor = IEEE80211_HT_MAX_AMPDU_64K,
252 		   .ampdu_density = AMPDU_DEF_MPDU_DENSITY,
253 		   .mcs = {
254 			   /* placeholders for now */
255 			   .rx_mask = {0xff, 0xff, 0, 0, 0, 0, 0, 0, 0, 0},
256 			   .rx_highest = cpu_to_le16(500),
257 			   .tx_params = IEEE80211_HT_MCS_TX_DEFINED}
258 		   }
259 };
260 
261 /* flags the given rate in rateset as requested */
262 static void brcms_set_basic_rate(struct brcm_rateset *rs, u16 rate, bool is_br)
263 {
264 	u32 i;
265 
266 	for (i = 0; i < rs->count; i++) {
267 		if (rate != (rs->rates[i] & 0x7f))
268 			continue;
269 
270 		if (is_br)
271 			rs->rates[i] |= BRCMS_RATE_FLAG;
272 		else
273 			rs->rates[i] &= BRCMS_RATE_MASK;
274 		return;
275 	}
276 }
277 
278 /*
279  * This function frees the WL per-device resources.
280  *
281  * This function frees resources owned by the WL device pointed to
282  * by the wl parameter.
283  *
284  * precondition: can both be called locked and unlocked
285  */
286 static void brcms_free(struct brcms_info *wl)
287 {
288 	struct brcms_timer *t, *next;
289 
290 	/* free ucode data */
291 	if (wl->fw.fw_cnt)
292 		brcms_ucode_data_free(&wl->ucode);
293 	if (wl->irq)
294 		free_irq(wl->irq, wl);
295 
296 	/* kill dpc */
297 	tasklet_kill(&wl->tasklet);
298 
299 	if (wl->pub) {
300 		brcms_debugfs_detach(wl->pub);
301 		brcms_c_module_unregister(wl->pub, "linux", wl);
302 	}
303 
304 	/* free common resources */
305 	if (wl->wlc) {
306 		brcms_c_detach(wl->wlc);
307 		wl->wlc = NULL;
308 		wl->pub = NULL;
309 	}
310 
311 	/* virtual interface deletion is deferred so we cannot spinwait */
312 
313 	/* wait for all pending callbacks to complete */
314 	while (atomic_read(&wl->callbacks) > 0)
315 		schedule();
316 
317 	/* free timers */
318 	for (t = wl->timers; t; t = next) {
319 		next = t->next;
320 #ifdef DEBUG
321 		kfree(t->name);
322 #endif
323 		kfree(t);
324 	}
325 }
326 
327 /*
328 * called from both kernel as from this kernel module (error flow on attach)
329 * precondition: perimeter lock is not acquired.
330 */
331 static void brcms_remove(struct bcma_device *pdev)
332 {
333 	struct ieee80211_hw *hw = bcma_get_drvdata(pdev);
334 	struct brcms_info *wl = hw->priv;
335 
336 	if (wl->wlc) {
337 		brcms_led_unregister(wl);
338 		wiphy_rfkill_set_hw_state(wl->pub->ieee_hw->wiphy, false);
339 		wiphy_rfkill_stop_polling(wl->pub->ieee_hw->wiphy);
340 		ieee80211_unregister_hw(hw);
341 	}
342 
343 	brcms_free(wl);
344 
345 	bcma_set_drvdata(pdev, NULL);
346 	ieee80211_free_hw(hw);
347 }
348 
349 /*
350  * Precondition: Since this function is called in brcms_pci_probe() context,
351  * no locking is required.
352  */
353 static void brcms_release_fw(struct brcms_info *wl)
354 {
355 	int i;
356 	for (i = 0; i < MAX_FW_IMAGES; i++) {
357 		release_firmware(wl->fw.fw_bin[i]);
358 		release_firmware(wl->fw.fw_hdr[i]);
359 	}
360 }
361 
362 /*
363  * Precondition: Since this function is called in brcms_pci_probe() context,
364  * no locking is required.
365  */
366 static int brcms_request_fw(struct brcms_info *wl, struct bcma_device *pdev)
367 {
368 	int status;
369 	struct device *device = &pdev->dev;
370 	char fw_name[100];
371 	int i;
372 
373 	memset(&wl->fw, 0, sizeof(struct brcms_firmware));
374 	for (i = 0; i < MAX_FW_IMAGES; i++) {
375 		if (brcms_firmwares[i] == NULL)
376 			break;
377 		sprintf(fw_name, "%s-%d.fw", brcms_firmwares[i],
378 			UCODE_LOADER_API_VER);
379 		status = request_firmware(&wl->fw.fw_bin[i], fw_name, device);
380 		if (status) {
381 			wiphy_err(wl->wiphy, "%s: fail to load firmware %s\n",
382 				  KBUILD_MODNAME, fw_name);
383 			return status;
384 		}
385 		sprintf(fw_name, "%s_hdr-%d.fw", brcms_firmwares[i],
386 			UCODE_LOADER_API_VER);
387 		status = request_firmware(&wl->fw.fw_hdr[i], fw_name, device);
388 		if (status) {
389 			wiphy_err(wl->wiphy, "%s: fail to load firmware %s\n",
390 				  KBUILD_MODNAME, fw_name);
391 			return status;
392 		}
393 		wl->fw.hdr_num_entries[i] =
394 		    wl->fw.fw_hdr[i]->size / (sizeof(struct firmware_hdr));
395 	}
396 	wl->fw.fw_cnt = i;
397 	status = brcms_ucode_data_init(wl, &wl->ucode);
398 	brcms_release_fw(wl);
399 	return status;
400 }
401 
402 static void brcms_ops_tx(struct ieee80211_hw *hw,
403 			 struct ieee80211_tx_control *control,
404 			 struct sk_buff *skb)
405 {
406 	struct brcms_info *wl = hw->priv;
407 	struct ieee80211_tx_info *tx_info = IEEE80211_SKB_CB(skb);
408 
409 	spin_lock_bh(&wl->lock);
410 	if (!wl->pub->up) {
411 		brcms_err(wl->wlc->hw->d11core, "ops->tx called while down\n");
412 		kfree_skb(skb);
413 		goto done;
414 	}
415 	if (brcms_c_sendpkt_mac80211(wl->wlc, skb, hw))
416 		tx_info->rate_driver_data[0] = control->sta;
417  done:
418 	spin_unlock_bh(&wl->lock);
419 }
420 
421 static int brcms_ops_start(struct ieee80211_hw *hw)
422 {
423 	struct brcms_info *wl = hw->priv;
424 	bool blocked;
425 	int err;
426 
427 	if (!wl->ucode.bcm43xx_bomminor) {
428 		err = brcms_request_fw(wl, wl->wlc->hw->d11core);
429 		if (err)
430 			return -ENOENT;
431 	}
432 
433 	ieee80211_wake_queues(hw);
434 	spin_lock_bh(&wl->lock);
435 	blocked = brcms_rfkill_set_hw_state(wl);
436 	spin_unlock_bh(&wl->lock);
437 	if (!blocked)
438 		wiphy_rfkill_stop_polling(wl->pub->ieee_hw->wiphy);
439 
440 	spin_lock_bh(&wl->lock);
441 	/* avoid acknowledging frames before a non-monitor device is added */
442 	wl->mute_tx = true;
443 
444 	if (!wl->pub->up)
445 		if (!blocked)
446 			err = brcms_up(wl);
447 		else
448 			err = -ERFKILL;
449 	else
450 		err = -ENODEV;
451 	spin_unlock_bh(&wl->lock);
452 
453 	if (err != 0)
454 		brcms_err(wl->wlc->hw->d11core, "%s: brcms_up() returned %d\n",
455 			  __func__, err);
456 
457 	bcma_core_pci_power_save(wl->wlc->hw->d11core->bus, true);
458 	return err;
459 }
460 
461 static void brcms_ops_stop(struct ieee80211_hw *hw, bool suspend)
462 {
463 	struct brcms_info *wl = hw->priv;
464 	int status;
465 
466 	ieee80211_stop_queues(hw);
467 
468 	if (wl->wlc == NULL)
469 		return;
470 
471 	spin_lock_bh(&wl->lock);
472 	status = brcms_c_chipmatch(wl->wlc->hw->d11core);
473 	spin_unlock_bh(&wl->lock);
474 	if (!status) {
475 		brcms_err(wl->wlc->hw->d11core,
476 			  "wl: brcms_ops_stop: chipmatch failed\n");
477 		return;
478 	}
479 
480 	bcma_core_pci_power_save(wl->wlc->hw->d11core->bus, false);
481 
482 	/* put driver in down state */
483 	spin_lock_bh(&wl->lock);
484 	brcms_down(wl);
485 	spin_unlock_bh(&wl->lock);
486 }
487 
488 static int
489 brcms_ops_add_interface(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
490 {
491 	struct brcms_info *wl = hw->priv;
492 
493 	/* Just STA, AP and ADHOC for now */
494 	if (vif->type != NL80211_IFTYPE_STATION &&
495 	    vif->type != NL80211_IFTYPE_AP &&
496 	    vif->type != NL80211_IFTYPE_ADHOC) {
497 		brcms_err(wl->wlc->hw->d11core,
498 			  "%s: Attempt to add type %d, only STA, AP and AdHoc for now\n",
499 			  __func__, vif->type);
500 		return -EOPNOTSUPP;
501 	}
502 
503 	spin_lock_bh(&wl->lock);
504 	wl->wlc->vif = vif;
505 	wl->mute_tx = false;
506 	brcms_c_mute(wl->wlc, false);
507 	if (vif->type == NL80211_IFTYPE_STATION)
508 		brcms_c_start_station(wl->wlc, vif->addr);
509 	else if (vif->type == NL80211_IFTYPE_AP)
510 		brcms_c_start_ap(wl->wlc, vif->addr, vif->bss_conf.bssid,
511 				 vif->cfg.ssid, vif->cfg.ssid_len);
512 	else if (vif->type == NL80211_IFTYPE_ADHOC)
513 		brcms_c_start_adhoc(wl->wlc, vif->addr);
514 	spin_unlock_bh(&wl->lock);
515 
516 	return 0;
517 }
518 
519 static void
520 brcms_ops_remove_interface(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
521 {
522 	struct brcms_info *wl = hw->priv;
523 
524 	spin_lock_bh(&wl->lock);
525 	wl->wlc->vif = NULL;
526 	spin_unlock_bh(&wl->lock);
527 }
528 
529 static int brcms_ops_config(struct ieee80211_hw *hw, int radio_idx,
530 			    u32 changed)
531 {
532 	struct ieee80211_conf *conf = &hw->conf;
533 	struct brcms_info *wl = hw->priv;
534 	struct bcma_device *core = wl->wlc->hw->d11core;
535 	int err = 0;
536 	int new_int;
537 
538 	spin_lock_bh(&wl->lock);
539 	if (changed & IEEE80211_CONF_CHANGE_LISTEN_INTERVAL) {
540 		brcms_c_set_beacon_listen_interval(wl->wlc,
541 						   conf->listen_interval);
542 	}
543 	if (changed & IEEE80211_CONF_CHANGE_MONITOR)
544 		brcms_dbg_info(core, "%s: change monitor mode: %s\n", __func__,
545 			       str_true_false(conf->flags &
546 					      IEEE80211_CONF_MONITOR));
547 	if (changed & IEEE80211_CONF_CHANGE_PS)
548 		brcms_err(core, "%s: change power-save mode: %s (implement)\n",
549 			  __func__,
550 			  str_true_false(conf->flags & IEEE80211_CONF_PS));
551 
552 	if (changed & IEEE80211_CONF_CHANGE_POWER) {
553 		err = brcms_c_set_tx_power(wl->wlc, conf->power_level);
554 		if (err < 0) {
555 			brcms_err(core, "%s: Error setting power_level\n",
556 				  __func__);
557 			goto config_out;
558 		}
559 		new_int = brcms_c_get_tx_power(wl->wlc);
560 		if (new_int != conf->power_level)
561 			brcms_err(core,
562 				  "%s: Power level req != actual, %d %d\n",
563 				  __func__, conf->power_level,
564 				  new_int);
565 	}
566 	if (changed & IEEE80211_CONF_CHANGE_CHANNEL) {
567 		if (conf->chandef.width == NL80211_CHAN_WIDTH_20 ||
568 		    conf->chandef.width == NL80211_CHAN_WIDTH_20_NOHT)
569 			err = brcms_c_set_channel(wl->wlc,
570 						  conf->chandef.chan->hw_value);
571 		else
572 			err = -ENOTSUPP;
573 	}
574 	if (changed & IEEE80211_CONF_CHANGE_RETRY_LIMITS)
575 		err = brcms_c_set_rate_limit(wl->wlc,
576 					     conf->short_frame_max_tx_count,
577 					     conf->long_frame_max_tx_count);
578 
579  config_out:
580 	spin_unlock_bh(&wl->lock);
581 	return err;
582 }
583 
584 static void
585 brcms_ops_bss_info_changed(struct ieee80211_hw *hw,
586 			struct ieee80211_vif *vif,
587 			struct ieee80211_bss_conf *info, u64 changed)
588 {
589 	struct brcms_info *wl = hw->priv;
590 	struct bcma_device *core = wl->wlc->hw->d11core;
591 
592 	if (changed & BSS_CHANGED_ASSOC) {
593 		/* association status changed (associated/disassociated)
594 		 * also implies a change in the AID.
595 		 */
596 		brcms_err(core, "%s: %s: %sassociated\n", KBUILD_MODNAME,
597 			  __func__, vif->cfg.assoc ? "" : "dis");
598 		spin_lock_bh(&wl->lock);
599 		brcms_c_associate_upd(wl->wlc, vif->cfg.assoc);
600 		spin_unlock_bh(&wl->lock);
601 	}
602 	if (changed & BSS_CHANGED_ERP_SLOT) {
603 		s8 val;
604 
605 		/* slot timing changed */
606 		if (info->use_short_slot)
607 			val = 1;
608 		else
609 			val = 0;
610 		spin_lock_bh(&wl->lock);
611 		brcms_c_set_shortslot_override(wl->wlc, val);
612 		spin_unlock_bh(&wl->lock);
613 	}
614 
615 	if (changed & BSS_CHANGED_HT) {
616 		/* 802.11n parameters changed */
617 		u16 mode = info->ht_operation_mode;
618 
619 		spin_lock_bh(&wl->lock);
620 		brcms_c_protection_upd(wl->wlc, BRCMS_PROT_N_CFG,
621 			mode & IEEE80211_HT_OP_MODE_PROTECTION);
622 		brcms_c_protection_upd(wl->wlc, BRCMS_PROT_N_NONGF,
623 			mode & IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT);
624 		brcms_c_protection_upd(wl->wlc, BRCMS_PROT_N_OBSS,
625 			mode & IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT);
626 		spin_unlock_bh(&wl->lock);
627 	}
628 	if (changed & BSS_CHANGED_BASIC_RATES) {
629 		struct ieee80211_supported_band *bi;
630 		u32 br_mask, i;
631 		u16 rate;
632 		struct brcm_rateset rs;
633 		int error;
634 
635 		/* retrieve the current rates */
636 		spin_lock_bh(&wl->lock);
637 		brcms_c_get_current_rateset(wl->wlc, &rs);
638 		spin_unlock_bh(&wl->lock);
639 
640 		br_mask = info->basic_rates;
641 		bi = hw->wiphy->bands[brcms_c_get_curband(wl->wlc)];
642 		for (i = 0; i < bi->n_bitrates; i++) {
643 			/* convert to internal rate value */
644 			rate = (bi->bitrates[i].bitrate << 1) / 10;
645 
646 			/* set/clear basic rate flag */
647 			brcms_set_basic_rate(&rs, rate, br_mask & 1);
648 			br_mask >>= 1;
649 		}
650 
651 		/* update the rate set */
652 		spin_lock_bh(&wl->lock);
653 		error = brcms_c_set_rateset(wl->wlc, &rs);
654 		spin_unlock_bh(&wl->lock);
655 		if (error)
656 			brcms_err(core, "changing basic rates failed: %d\n",
657 				  error);
658 	}
659 	if (changed & BSS_CHANGED_BEACON_INT) {
660 		/* Beacon interval changed */
661 		spin_lock_bh(&wl->lock);
662 		brcms_c_set_beacon_period(wl->wlc, info->beacon_int);
663 		spin_unlock_bh(&wl->lock);
664 	}
665 	if (changed & BSS_CHANGED_BSSID) {
666 		/* BSSID changed, for whatever reason (IBSS and managed mode) */
667 		spin_lock_bh(&wl->lock);
668 		brcms_c_set_addrmatch(wl->wlc, RCM_BSSID_OFFSET, info->bssid);
669 		spin_unlock_bh(&wl->lock);
670 	}
671 	if (changed & BSS_CHANGED_SSID) {
672 		/* BSSID changed, for whatever reason (IBSS and managed mode) */
673 		spin_lock_bh(&wl->lock);
674 		brcms_c_set_ssid(wl->wlc, vif->cfg.ssid, vif->cfg.ssid_len);
675 		spin_unlock_bh(&wl->lock);
676 	}
677 	if (changed & BSS_CHANGED_BEACON) {
678 		/* Beacon data changed, retrieve new beacon (beaconing modes) */
679 		struct sk_buff *beacon;
680 		u16 tim_offset = 0;
681 
682 		spin_lock_bh(&wl->lock);
683 		beacon = ieee80211_beacon_get_tim(hw, vif, &tim_offset, NULL, 0);
684 		brcms_c_set_new_beacon(wl->wlc, beacon, tim_offset,
685 				       info->dtim_period);
686 		spin_unlock_bh(&wl->lock);
687 	}
688 
689 	if (changed & BSS_CHANGED_AP_PROBE_RESP) {
690 		struct sk_buff *probe_resp;
691 
692 		spin_lock_bh(&wl->lock);
693 		probe_resp = ieee80211_proberesp_get(hw, vif);
694 		brcms_c_set_new_probe_resp(wl->wlc, probe_resp);
695 		spin_unlock_bh(&wl->lock);
696 	}
697 
698 	if (changed & BSS_CHANGED_BEACON_ENABLED) {
699 		/* Beaconing should be enabled/disabled (beaconing modes) */
700 		brcms_err(core, "%s: Beacon enabled: %s\n", __func__,
701 			  str_true_false(info->enable_beacon));
702 		if (info->enable_beacon &&
703 		    hw->wiphy->flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) {
704 			brcms_c_enable_probe_resp(wl->wlc, true);
705 		} else {
706 			brcms_c_enable_probe_resp(wl->wlc, false);
707 		}
708 	}
709 
710 	if (changed & BSS_CHANGED_CQM) {
711 		/* Connection quality monitor config changed */
712 		brcms_err(core, "%s: cqm change: threshold %d, hys %d "
713 			  " (implement)\n", __func__, info->cqm_rssi_thold,
714 			  info->cqm_rssi_hyst);
715 	}
716 
717 	if (changed & BSS_CHANGED_IBSS) {
718 		/* IBSS join status changed */
719 		brcms_err(core, "%s: IBSS joined: %s (implement)\n",
720 			  __func__, str_true_false(vif->cfg.ibss_joined));
721 	}
722 
723 	if (changed & BSS_CHANGED_ARP_FILTER) {
724 		/* Hardware ARP filter address list or state changed */
725 		brcms_err(core, "%s: arp filtering: %d addresses"
726 			  " (implement)\n", __func__, vif->cfg.arp_addr_cnt);
727 	}
728 
729 	if (changed & BSS_CHANGED_QOS) {
730 		/*
731 		 * QoS for this association was enabled/disabled.
732 		 * Note that it is only ever disabled for station mode.
733 		 */
734 		brcms_err(core, "%s: qos enabled: %s (implement)\n",
735 			  __func__, str_true_false(info->qos));
736 	}
737 	return;
738 }
739 
740 static void
741 brcms_ops_configure_filter(struct ieee80211_hw *hw,
742 			unsigned int changed_flags,
743 			unsigned int *total_flags, u64 multicast)
744 {
745 	struct brcms_info *wl = hw->priv;
746 	struct bcma_device *core = wl->wlc->hw->d11core;
747 
748 	changed_flags &= MAC_FILTERS;
749 	*total_flags &= MAC_FILTERS;
750 
751 	if (changed_flags & FIF_ALLMULTI)
752 		brcms_dbg_info(core, "FIF_ALLMULTI\n");
753 	if (changed_flags & FIF_FCSFAIL)
754 		brcms_dbg_info(core, "FIF_FCSFAIL\n");
755 	if (changed_flags & FIF_CONTROL)
756 		brcms_dbg_info(core, "FIF_CONTROL\n");
757 	if (changed_flags & FIF_OTHER_BSS)
758 		brcms_dbg_info(core, "FIF_OTHER_BSS\n");
759 	if (changed_flags & FIF_PSPOLL)
760 		brcms_dbg_info(core, "FIF_PSPOLL\n");
761 	if (changed_flags & FIF_BCN_PRBRESP_PROMISC)
762 		brcms_dbg_info(core, "FIF_BCN_PRBRESP_PROMISC\n");
763 
764 	spin_lock_bh(&wl->lock);
765 	brcms_c_mac_promisc(wl->wlc, *total_flags);
766 	spin_unlock_bh(&wl->lock);
767 	return;
768 }
769 
770 static void brcms_ops_sw_scan_start(struct ieee80211_hw *hw,
771 				    struct ieee80211_vif *vif,
772 				    const u8 *mac_addr)
773 {
774 	struct brcms_info *wl = hw->priv;
775 	spin_lock_bh(&wl->lock);
776 	brcms_c_scan_start(wl->wlc);
777 	spin_unlock_bh(&wl->lock);
778 	return;
779 }
780 
781 static void brcms_ops_sw_scan_complete(struct ieee80211_hw *hw,
782 				       struct ieee80211_vif *vif)
783 {
784 	struct brcms_info *wl = hw->priv;
785 	spin_lock_bh(&wl->lock);
786 	brcms_c_scan_stop(wl->wlc);
787 	spin_unlock_bh(&wl->lock);
788 	return;
789 }
790 
791 static int
792 brcms_ops_conf_tx(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
793 		  unsigned int link_id, u16 queue,
794 		  const struct ieee80211_tx_queue_params *params)
795 {
796 	struct brcms_info *wl = hw->priv;
797 
798 	spin_lock_bh(&wl->lock);
799 	brcms_c_wme_setparams(wl->wlc, queue, params, true);
800 	spin_unlock_bh(&wl->lock);
801 
802 	return 0;
803 }
804 
805 static int
806 brcms_ops_sta_add(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
807 	       struct ieee80211_sta *sta)
808 {
809 	struct brcms_info *wl = hw->priv;
810 	struct scb *scb = &wl->wlc->pri_scb;
811 
812 	brcms_c_init_scb(scb);
813 
814 	wl->pub->global_ampdu = &(scb->scb_ampdu);
815 	wl->pub->global_ampdu->max_pdu = 16;
816 
817 	/*
818 	 * minstrel_ht initiates addBA on our behalf by calling
819 	 * ieee80211_start_tx_ba_session()
820 	 */
821 	return 0;
822 }
823 
824 static int
825 brcms_ops_ampdu_action(struct ieee80211_hw *hw,
826 		    struct ieee80211_vif *vif,
827 		    struct ieee80211_ampdu_params *params)
828 {
829 	struct brcms_info *wl = hw->priv;
830 	struct scb *scb = &wl->wlc->pri_scb;
831 	int status;
832 	struct ieee80211_sta *sta = params->sta;
833 	enum ieee80211_ampdu_mlme_action action = params->action;
834 	u16 tid = params->tid;
835 
836 	if (WARN_ON(scb->magic != SCB_MAGIC))
837 		return -EIDRM;
838 	switch (action) {
839 	case IEEE80211_AMPDU_RX_START:
840 		break;
841 	case IEEE80211_AMPDU_RX_STOP:
842 		break;
843 	case IEEE80211_AMPDU_TX_START:
844 		spin_lock_bh(&wl->lock);
845 		status = brcms_c_aggregatable(wl->wlc, tid);
846 		spin_unlock_bh(&wl->lock);
847 		if (!status) {
848 			brcms_dbg_ht(wl->wlc->hw->d11core,
849 				     "START: tid %d is not agg\'able\n", tid);
850 			return -EINVAL;
851 		}
852 		return IEEE80211_AMPDU_TX_START_IMMEDIATE;
853 
854 	case IEEE80211_AMPDU_TX_STOP_CONT:
855 	case IEEE80211_AMPDU_TX_STOP_FLUSH:
856 	case IEEE80211_AMPDU_TX_STOP_FLUSH_CONT:
857 		spin_lock_bh(&wl->lock);
858 		brcms_c_ampdu_flush(wl->wlc, sta, tid);
859 		spin_unlock_bh(&wl->lock);
860 		ieee80211_stop_tx_ba_cb_irqsafe(vif, sta->addr, tid);
861 		break;
862 	case IEEE80211_AMPDU_TX_OPERATIONAL:
863 		/*
864 		 * BA window size from ADDBA response ('buf_size') defines how
865 		 * many outstanding MPDUs are allowed for the BA stream by
866 		 * recipient and traffic class (this is actually unused by the
867 		 * rest of the driver). 'ampdu_factor' gives maximum AMPDU size.
868 		 */
869 		spin_lock_bh(&wl->lock);
870 		brcms_c_ampdu_tx_operational(wl->wlc, tid,
871 			(1 << (IEEE80211_HT_MAX_AMPDU_FACTOR +
872 			 sta->deflink.ht_cap.ampdu_factor)) - 1);
873 		spin_unlock_bh(&wl->lock);
874 		/* Power save wakeup */
875 		break;
876 	default:
877 		brcms_err(wl->wlc->hw->d11core,
878 			  "%s: Invalid command, ignoring\n", __func__);
879 	}
880 
881 	return 0;
882 }
883 
884 static void brcms_ops_rfkill_poll(struct ieee80211_hw *hw)
885 {
886 	struct brcms_info *wl = hw->priv;
887 	bool blocked;
888 
889 	spin_lock_bh(&wl->lock);
890 	blocked = brcms_c_check_radio_disabled(wl->wlc);
891 	spin_unlock_bh(&wl->lock);
892 
893 	wiphy_rfkill_set_hw_state(wl->pub->ieee_hw->wiphy, blocked);
894 }
895 
896 static bool brcms_tx_flush_completed(struct brcms_info *wl)
897 {
898 	bool result;
899 
900 	spin_lock_bh(&wl->lock);
901 	result = brcms_c_tx_flush_completed(wl->wlc);
902 	spin_unlock_bh(&wl->lock);
903 	return result;
904 }
905 
906 static void brcms_ops_flush(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
907 			    u32 queues, bool drop)
908 {
909 	struct brcms_info *wl = hw->priv;
910 	int ret;
911 
912 	no_printk("%s: drop = %s\n", __func__, str_true_false(drop));
913 
914 	ret = wait_event_timeout(wl->tx_flush_wq,
915 				 brcms_tx_flush_completed(wl),
916 				 msecs_to_jiffies(BRCMS_FLUSH_TIMEOUT));
917 
918 	brcms_dbg_mac80211(wl->wlc->hw->d11core,
919 			   "ret=%d\n", jiffies_to_msecs(ret));
920 }
921 
922 static u64 brcms_ops_get_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
923 {
924 	struct brcms_info *wl = hw->priv;
925 	u64 tsf;
926 
927 	spin_lock_bh(&wl->lock);
928 	tsf = brcms_c_tsf_get(wl->wlc);
929 	spin_unlock_bh(&wl->lock);
930 
931 	return tsf;
932 }
933 
934 static void brcms_ops_set_tsf(struct ieee80211_hw *hw,
935 			   struct ieee80211_vif *vif, u64 tsf)
936 {
937 	struct brcms_info *wl = hw->priv;
938 
939 	spin_lock_bh(&wl->lock);
940 	brcms_c_tsf_set(wl->wlc, tsf);
941 	spin_unlock_bh(&wl->lock);
942 }
943 
944 static int brcms_ops_beacon_set_tim(struct ieee80211_hw *hw,
945 				 struct ieee80211_sta *sta, bool set)
946 {
947 	struct brcms_info *wl = hw->priv;
948 	struct sk_buff *beacon = NULL;
949 	u16 tim_offset = 0;
950 
951 	spin_lock_bh(&wl->lock);
952 	if (wl->wlc->vif)
953 		beacon = ieee80211_beacon_get_tim(hw, wl->wlc->vif,
954 						  &tim_offset, NULL, 0);
955 	if (beacon)
956 		brcms_c_set_new_beacon(wl->wlc, beacon, tim_offset,
957 				       wl->wlc->vif->bss_conf.dtim_period);
958 	spin_unlock_bh(&wl->lock);
959 
960 	return 0;
961 }
962 
963 static const struct ieee80211_ops brcms_ops = {
964 	.add_chanctx = ieee80211_emulate_add_chanctx,
965 	.remove_chanctx = ieee80211_emulate_remove_chanctx,
966 	.change_chanctx = ieee80211_emulate_change_chanctx,
967 	.switch_vif_chanctx = ieee80211_emulate_switch_vif_chanctx,
968 	.tx = brcms_ops_tx,
969 	.wake_tx_queue = ieee80211_handle_wake_tx_queue,
970 	.start = brcms_ops_start,
971 	.stop = brcms_ops_stop,
972 	.add_interface = brcms_ops_add_interface,
973 	.remove_interface = brcms_ops_remove_interface,
974 	.config = brcms_ops_config,
975 	.bss_info_changed = brcms_ops_bss_info_changed,
976 	.configure_filter = brcms_ops_configure_filter,
977 	.sw_scan_start = brcms_ops_sw_scan_start,
978 	.sw_scan_complete = brcms_ops_sw_scan_complete,
979 	.conf_tx = brcms_ops_conf_tx,
980 	.sta_add = brcms_ops_sta_add,
981 	.ampdu_action = brcms_ops_ampdu_action,
982 	.rfkill_poll = brcms_ops_rfkill_poll,
983 	.flush = brcms_ops_flush,
984 	.get_tsf = brcms_ops_get_tsf,
985 	.set_tsf = brcms_ops_set_tsf,
986 	.set_tim = brcms_ops_beacon_set_tim,
987 };
988 
989 void brcms_dpc(struct tasklet_struct *t)
990 {
991 	struct brcms_info *wl;
992 
993 	wl = from_tasklet(wl, t, tasklet);
994 
995 	spin_lock_bh(&wl->lock);
996 
997 	/* call the common second level interrupt handler */
998 	if (wl->pub->up) {
999 		if (wl->resched) {
1000 			unsigned long flags;
1001 
1002 			spin_lock_irqsave(&wl->isr_lock, flags);
1003 			brcms_c_intrsupd(wl->wlc);
1004 			spin_unlock_irqrestore(&wl->isr_lock, flags);
1005 		}
1006 
1007 		wl->resched = brcms_c_dpc(wl->wlc, true);
1008 	}
1009 
1010 	/* brcms_c_dpc() may bring the driver down */
1011 	if (!wl->pub->up)
1012 		goto done;
1013 
1014 	/* re-schedule dpc */
1015 	if (wl->resched)
1016 		tasklet_schedule(&wl->tasklet);
1017 	else
1018 		/* re-enable interrupts */
1019 		brcms_intrson(wl);
1020 
1021  done:
1022 	spin_unlock_bh(&wl->lock);
1023 	wake_up(&wl->tx_flush_wq);
1024 }
1025 
1026 static irqreturn_t brcms_isr(int irq, void *dev_id)
1027 {
1028 	struct brcms_info *wl;
1029 	irqreturn_t ret = IRQ_NONE;
1030 
1031 	wl = (struct brcms_info *) dev_id;
1032 
1033 	spin_lock(&wl->isr_lock);
1034 
1035 	/* call common first level interrupt handler */
1036 	if (brcms_c_isr(wl->wlc)) {
1037 		/* schedule second level handler */
1038 		tasklet_schedule(&wl->tasklet);
1039 		ret = IRQ_HANDLED;
1040 	}
1041 
1042 	spin_unlock(&wl->isr_lock);
1043 
1044 	return ret;
1045 }
1046 
1047 /*
1048  * is called in brcms_pci_probe() context, therefore no locking required.
1049  */
1050 static int ieee_hw_rate_init(struct ieee80211_hw *hw)
1051 {
1052 	struct brcms_info *wl = hw->priv;
1053 	struct brcms_c_info *wlc = wl->wlc;
1054 	struct ieee80211_supported_band *band;
1055 	u16 phy_type;
1056 
1057 	hw->wiphy->bands[NL80211_BAND_2GHZ] = NULL;
1058 	hw->wiphy->bands[NL80211_BAND_5GHZ] = NULL;
1059 
1060 	phy_type = brcms_c_get_phy_type(wl->wlc, 0);
1061 	if (phy_type == PHY_TYPE_N || phy_type == PHY_TYPE_LCN) {
1062 		band = &wlc->bandstate[BAND_2G_INDEX]->band;
1063 		*band = brcms_band_2GHz_nphy_template;
1064 		if (phy_type == PHY_TYPE_LCN) {
1065 			/* Single stream */
1066 			band->ht_cap.mcs.rx_mask[1] = 0;
1067 			band->ht_cap.mcs.rx_highest = cpu_to_le16(72);
1068 		}
1069 		hw->wiphy->bands[NL80211_BAND_2GHZ] = band;
1070 	} else {
1071 		return -EPERM;
1072 	}
1073 
1074 	/* Assume all bands use the same phy.  True for 11n devices. */
1075 	if (wl->pub->_nbands > 1) {
1076 		if (phy_type == PHY_TYPE_N || phy_type == PHY_TYPE_LCN) {
1077 			band = &wlc->bandstate[BAND_5G_INDEX]->band;
1078 			*band = brcms_band_5GHz_nphy_template;
1079 			hw->wiphy->bands[NL80211_BAND_5GHZ] = band;
1080 		} else {
1081 			return -EPERM;
1082 		}
1083 	}
1084 	return 0;
1085 }
1086 
1087 /*
1088  * is called in brcms_pci_probe() context, therefore no locking required.
1089  */
1090 static int ieee_hw_init(struct ieee80211_hw *hw)
1091 {
1092 	ieee80211_hw_set(hw, AMPDU_AGGREGATION);
1093 	ieee80211_hw_set(hw, SIGNAL_DBM);
1094 	ieee80211_hw_set(hw, REPORTS_TX_ACK_STATUS);
1095 	ieee80211_hw_set(hw, MFP_CAPABLE);
1096 
1097 	hw->extra_tx_headroom = brcms_c_get_header_len();
1098 	hw->queues = N_TX_QUEUES;
1099 	hw->max_rates = 2;	/* Primary rate and 1 fallback rate */
1100 
1101 	/* channel change time is dependent on chip and band  */
1102 	hw->wiphy->interface_modes = BIT(NL80211_IFTYPE_STATION) |
1103 				     BIT(NL80211_IFTYPE_AP) |
1104 				     BIT(NL80211_IFTYPE_ADHOC);
1105 
1106 	/*
1107 	 * deactivate sending probe responses by ucude, because this will
1108 	 * cause problems when WPS is used.
1109 	 *
1110 	 * hw->wiphy->flags |= WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD;
1111 	 */
1112 
1113 	wiphy_ext_feature_set(hw->wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST);
1114 
1115 	hw->rate_control_algorithm = "minstrel_ht";
1116 
1117 	hw->sta_data_size = 0;
1118 	return ieee_hw_rate_init(hw);
1119 }
1120 
1121 /*
1122  * attach to the WL device.
1123  *
1124  * Attach to the WL device identified by vendor and device parameters.
1125  * regs is a host accessible memory address pointing to WL device registers.
1126  *
1127  * is called in brcms_bcma_probe() context, therefore no locking required.
1128  */
1129 static struct brcms_info *brcms_attach(struct bcma_device *pdev)
1130 {
1131 	struct brcms_info *wl = NULL;
1132 	int unit, err;
1133 	struct ieee80211_hw *hw;
1134 	u8 perm[ETH_ALEN];
1135 
1136 	unit = n_adapters_found;
1137 	err = 0;
1138 
1139 	if (unit < 0)
1140 		return NULL;
1141 
1142 	/* allocate private info */
1143 	hw = bcma_get_drvdata(pdev);
1144 	if (hw != NULL)
1145 		wl = hw->priv;
1146 	if (WARN_ON(hw == NULL) || WARN_ON(wl == NULL))
1147 		return NULL;
1148 	wl->wiphy = hw->wiphy;
1149 
1150 	atomic_set(&wl->callbacks, 0);
1151 
1152 	init_waitqueue_head(&wl->tx_flush_wq);
1153 
1154 	/* setup the bottom half handler */
1155 	tasklet_setup(&wl->tasklet, brcms_dpc);
1156 
1157 	spin_lock_init(&wl->lock);
1158 	spin_lock_init(&wl->isr_lock);
1159 
1160 	/* common load-time initialization */
1161 	wl->wlc = brcms_c_attach((void *)wl, pdev, unit, false, &err);
1162 	if (!wl->wlc) {
1163 		wiphy_err(wl->wiphy, "%s: attach() failed with code %d\n",
1164 			  KBUILD_MODNAME, err);
1165 		goto fail;
1166 	}
1167 	wl->pub = brcms_c_pub(wl->wlc);
1168 
1169 	wl->pub->ieee_hw = hw;
1170 
1171 	/* register our interrupt handler */
1172 	if (request_irq(pdev->irq, brcms_isr,
1173 			IRQF_SHARED, KBUILD_MODNAME, wl)) {
1174 		wiphy_err(wl->wiphy, "wl%d: request_irq() failed\n", unit);
1175 		goto fail;
1176 	}
1177 	wl->irq = pdev->irq;
1178 
1179 	/* register module */
1180 	brcms_c_module_register(wl->pub, "linux", wl, NULL);
1181 
1182 	if (ieee_hw_init(hw)) {
1183 		wiphy_err(wl->wiphy, "wl%d: %s: ieee_hw_init failed!\n", unit,
1184 			  __func__);
1185 		goto fail;
1186 	}
1187 
1188 	brcms_c_regd_init(wl->wlc);
1189 
1190 	memcpy(perm, &wl->pub->cur_etheraddr, ETH_ALEN);
1191 	if (WARN_ON(!is_valid_ether_addr(perm)))
1192 		goto fail;
1193 	SET_IEEE80211_PERM_ADDR(hw, perm);
1194 
1195 	err = ieee80211_register_hw(hw);
1196 	if (err)
1197 		wiphy_err(wl->wiphy, "%s: ieee80211_register_hw failed, status"
1198 			  "%d\n", __func__, err);
1199 
1200 	if (wl->pub->srom_ccode[0] &&
1201 	    regulatory_hint(wl->wiphy, wl->pub->srom_ccode))
1202 		wiphy_err(wl->wiphy, "%s: regulatory hint failed\n", __func__);
1203 
1204 	brcms_debugfs_attach(wl->pub);
1205 	brcms_debugfs_create_files(wl->pub);
1206 	n_adapters_found++;
1207 	return wl;
1208 
1209 fail:
1210 	brcms_free(wl);
1211 	return NULL;
1212 }
1213 
1214 
1215 
1216 /*
1217  * determines if a device is a WL device, and if so, attaches it.
1218  *
1219  * This function determines if a device pointed to by pdev is a WL device,
1220  * and if so, performs a brcms_attach() on it.
1221  *
1222  * Perimeter lock is initialized in the course of this function.
1223  */
1224 static int brcms_bcma_probe(struct bcma_device *pdev)
1225 {
1226 	struct brcms_info *wl;
1227 	struct ieee80211_hw *hw;
1228 	int ret;
1229 
1230 	dev_info(&pdev->dev, "mfg %x core %x rev %d class %d irq %d\n",
1231 		 pdev->id.manuf, pdev->id.id, pdev->id.rev, pdev->id.class,
1232 		 pdev->irq);
1233 
1234 	if ((pdev->id.manuf != BCMA_MANUF_BCM) ||
1235 	    (pdev->id.id != BCMA_CORE_80211))
1236 		return -ENODEV;
1237 
1238 	hw = ieee80211_alloc_hw(sizeof(struct brcms_info), &brcms_ops);
1239 	if (!hw) {
1240 		pr_err("%s: ieee80211_alloc_hw failed\n", __func__);
1241 		return -ENOMEM;
1242 	}
1243 
1244 	SET_IEEE80211_DEV(hw, &pdev->dev);
1245 
1246 	bcma_set_drvdata(pdev, hw);
1247 
1248 	memset(hw->priv, 0, sizeof(*wl));
1249 
1250 	wl = brcms_attach(pdev);
1251 	if (!wl) {
1252 		pr_err("%s: brcms_attach failed!\n", __func__);
1253 		ret = -ENODEV;
1254 		goto err_free_ieee80211;
1255 	}
1256 	brcms_led_register(wl);
1257 
1258 	return 0;
1259 
1260 err_free_ieee80211:
1261 	ieee80211_free_hw(hw);
1262 	return ret;
1263 }
1264 
1265 static int brcms_suspend(struct bcma_device *pdev)
1266 {
1267 	struct brcms_info *wl;
1268 	struct ieee80211_hw *hw;
1269 
1270 	hw = bcma_get_drvdata(pdev);
1271 	wl = hw->priv;
1272 	if (!wl) {
1273 		pr_err("%s: %s: no driver private struct!\n", KBUILD_MODNAME,
1274 		       __func__);
1275 		return -ENODEV;
1276 	}
1277 
1278 	/* only need to flag hw is down for proper resume */
1279 	spin_lock_bh(&wl->lock);
1280 	wl->pub->hw_up = false;
1281 	spin_unlock_bh(&wl->lock);
1282 
1283 	brcms_dbg_info(wl->wlc->hw->d11core, "brcms_suspend ok\n");
1284 
1285 	return 0;
1286 }
1287 
1288 static int brcms_resume(struct bcma_device *pdev)
1289 {
1290 	return 0;
1291 }
1292 
1293 static struct bcma_driver brcms_bcma_driver = {
1294 	.name     = KBUILD_MODNAME,
1295 	.probe    = brcms_bcma_probe,
1296 	.suspend  = brcms_suspend,
1297 	.resume   = brcms_resume,
1298 	.remove   = brcms_remove,
1299 	.id_table = brcms_coreid_table,
1300 };
1301 
1302 /*
1303  * This is the main entry point for the brcmsmac driver.
1304  *
1305  * This function is scheduled upon module initialization and
1306  * does the driver registration, which result in brcms_bcma_probe()
1307  * call resulting in the driver bringup.
1308  */
1309 static void brcms_driver_init(struct work_struct *work)
1310 {
1311 	int error;
1312 
1313 	error = bcma_driver_register(&brcms_bcma_driver);
1314 	if (error)
1315 		pr_err("%s: register returned %d\n", __func__, error);
1316 }
1317 
1318 static DECLARE_WORK(brcms_driver_work, brcms_driver_init);
1319 
1320 static int __init brcms_module_init(void)
1321 {
1322 	brcms_debugfs_init();
1323 	if (!schedule_work(&brcms_driver_work))
1324 		return -EBUSY;
1325 
1326 	return 0;
1327 }
1328 
1329 /*
1330  * This function unloads the brcmsmac driver from the system.
1331  *
1332  * This function unconditionally unloads the brcmsmac driver module from the
1333  * system.
1334  *
1335  */
1336 static void __exit brcms_module_exit(void)
1337 {
1338 	cancel_work_sync(&brcms_driver_work);
1339 	bcma_driver_unregister(&brcms_bcma_driver);
1340 	brcms_debugfs_exit();
1341 }
1342 
1343 module_init(brcms_module_init);
1344 module_exit(brcms_module_exit);
1345 
1346 /*
1347  * precondition: perimeter lock has been acquired
1348  */
1349 void brcms_txflowcontrol(struct brcms_info *wl, struct brcms_if *wlif,
1350 			 bool state, int prio)
1351 {
1352 	brcms_err(wl->wlc->hw->d11core, "Shouldn't be here %s\n", __func__);
1353 }
1354 
1355 /*
1356  * precondition: perimeter lock has been acquired
1357  */
1358 void brcms_init(struct brcms_info *wl)
1359 {
1360 	brcms_dbg_info(wl->wlc->hw->d11core, "Initializing wl%d\n",
1361 		       wl->pub->unit);
1362 	brcms_reset(wl);
1363 	brcms_c_init(wl->wlc, wl->mute_tx);
1364 }
1365 
1366 /*
1367  * precondition: perimeter lock has been acquired
1368  */
1369 uint brcms_reset(struct brcms_info *wl)
1370 {
1371 	brcms_dbg_info(wl->wlc->hw->d11core, "Resetting wl%d\n", wl->pub->unit);
1372 	brcms_c_reset(wl->wlc);
1373 
1374 	/* dpc will not be rescheduled */
1375 	wl->resched = false;
1376 
1377 	/* inform publicly that interface is down */
1378 	wl->pub->up = false;
1379 
1380 	return 0;
1381 }
1382 
1383 void brcms_fatal_error(struct brcms_info *wl)
1384 {
1385 	brcms_err(wl->wlc->hw->d11core, "wl%d: fatal error, reinitializing\n",
1386 		  wl->wlc->pub->unit);
1387 	brcms_reset(wl);
1388 	ieee80211_restart_hw(wl->pub->ieee_hw);
1389 }
1390 
1391 /*
1392  * These are interrupt on/off entry points. Disable interrupts
1393  * during interrupt state transition.
1394  */
1395 void brcms_intrson(struct brcms_info *wl)
1396 {
1397 	unsigned long flags;
1398 
1399 	spin_lock_irqsave(&wl->isr_lock, flags);
1400 	brcms_c_intrson(wl->wlc);
1401 	spin_unlock_irqrestore(&wl->isr_lock, flags);
1402 }
1403 
1404 u32 brcms_intrsoff(struct brcms_info *wl)
1405 {
1406 	unsigned long flags;
1407 	u32 status;
1408 
1409 	spin_lock_irqsave(&wl->isr_lock, flags);
1410 	status = brcms_c_intrsoff(wl->wlc);
1411 	spin_unlock_irqrestore(&wl->isr_lock, flags);
1412 	return status;
1413 }
1414 
1415 void brcms_intrsrestore(struct brcms_info *wl, u32 macintmask)
1416 {
1417 	unsigned long flags;
1418 
1419 	spin_lock_irqsave(&wl->isr_lock, flags);
1420 	brcms_c_intrsrestore(wl->wlc, macintmask);
1421 	spin_unlock_irqrestore(&wl->isr_lock, flags);
1422 }
1423 
1424 /*
1425  * precondition: perimeter lock has been acquired
1426  */
1427 int brcms_up(struct brcms_info *wl)
1428 {
1429 	int error = 0;
1430 
1431 	if (wl->pub->up)
1432 		return 0;
1433 
1434 	error = brcms_c_up(wl->wlc);
1435 
1436 	return error;
1437 }
1438 
1439 /*
1440  * precondition: perimeter lock has been acquired
1441  */
1442 void brcms_down(struct brcms_info *wl)
1443 	__must_hold(&wl->lock)
1444 {
1445 	uint callbacks, ret_val = 0;
1446 
1447 	/* call common down function */
1448 	ret_val = brcms_c_down(wl->wlc);
1449 	callbacks = atomic_read(&wl->callbacks) - ret_val;
1450 
1451 	/* wait for down callbacks to complete */
1452 	spin_unlock_bh(&wl->lock);
1453 
1454 	/* For HIGH_only driver, it's important to actually schedule other work,
1455 	 * not just spin wait since everything runs at schedule level
1456 	 */
1457 	SPINWAIT((atomic_read(&wl->callbacks) > callbacks), 100 * 1000);
1458 
1459 	spin_lock_bh(&wl->lock);
1460 }
1461 
1462 /*
1463 * precondition: perimeter lock is not acquired
1464  */
1465 static void _brcms_timer(struct work_struct *work)
1466 {
1467 	struct brcms_timer *t = container_of(work, struct brcms_timer,
1468 					     dly_wrk.work);
1469 
1470 	spin_lock_bh(&t->wl->lock);
1471 
1472 	if (t->set) {
1473 		if (t->periodic) {
1474 			atomic_inc(&t->wl->callbacks);
1475 			ieee80211_queue_delayed_work(t->wl->pub->ieee_hw,
1476 						     &t->dly_wrk,
1477 						     msecs_to_jiffies(t->ms));
1478 		} else {
1479 			t->set = false;
1480 		}
1481 
1482 		t->fn(t->arg);
1483 	}
1484 
1485 	atomic_dec(&t->wl->callbacks);
1486 
1487 	spin_unlock_bh(&t->wl->lock);
1488 }
1489 
1490 /*
1491  * Adds a timer to the list. Caller supplies a timer function.
1492  * Is called from wlc.
1493  *
1494  * precondition: perimeter lock has been acquired
1495  */
1496 struct brcms_timer *brcms_init_timer(struct brcms_info *wl,
1497 				     void (*fn) (void *arg),
1498 				     void *arg, const char *name)
1499 {
1500 	struct brcms_timer *t;
1501 
1502 	t = kzalloc(sizeof(*t), GFP_ATOMIC);
1503 	if (!t)
1504 		return NULL;
1505 
1506 	INIT_DELAYED_WORK(&t->dly_wrk, _brcms_timer);
1507 	t->wl = wl;
1508 	t->fn = fn;
1509 	t->arg = arg;
1510 	t->next = wl->timers;
1511 	wl->timers = t;
1512 
1513 #ifdef DEBUG
1514 	t->name = kstrdup(name, GFP_ATOMIC);
1515 #endif
1516 
1517 	return t;
1518 }
1519 
1520 /*
1521  * adds only the kernel timer since it's going to be more accurate
1522  * as well as it's easier to make it periodic
1523  *
1524  * precondition: perimeter lock has been acquired
1525  */
1526 void brcms_add_timer(struct brcms_timer *t, uint ms, int periodic)
1527 {
1528 	struct ieee80211_hw *hw = t->wl->pub->ieee_hw;
1529 
1530 #ifdef DEBUG
1531 	if (t->set)
1532 		brcms_dbg_info(t->wl->wlc->hw->d11core,
1533 			       "%s: Already set. Name: %s, per %d\n",
1534 			       __func__, t->name, periodic);
1535 #endif
1536 	t->ms = ms;
1537 	t->periodic = (bool) periodic;
1538 	if (!t->set) {
1539 		t->set = true;
1540 		atomic_inc(&t->wl->callbacks);
1541 	}
1542 
1543 	ieee80211_queue_delayed_work(hw, &t->dly_wrk, msecs_to_jiffies(ms));
1544 }
1545 
1546 /*
1547  * return true if timer successfully deleted, false if still pending
1548  *
1549  * precondition: perimeter lock has been acquired
1550  */
1551 bool brcms_del_timer(struct brcms_timer *t)
1552 {
1553 	if (t->set) {
1554 		t->set = false;
1555 		if (!cancel_delayed_work(&t->dly_wrk))
1556 			return false;
1557 
1558 		atomic_dec(&t->wl->callbacks);
1559 	}
1560 
1561 	return true;
1562 }
1563 
1564 /*
1565  * precondition: perimeter lock has been acquired
1566  */
1567 void brcms_free_timer(struct brcms_timer *t)
1568 {
1569 	struct brcms_info *wl = t->wl;
1570 	struct brcms_timer *tmp;
1571 
1572 	/* delete the timer in case it is active */
1573 	brcms_del_timer(t);
1574 
1575 	if (wl->timers == t) {
1576 		wl->timers = wl->timers->next;
1577 #ifdef DEBUG
1578 		kfree(t->name);
1579 #endif
1580 		kfree(t);
1581 		return;
1582 
1583 	}
1584 
1585 	tmp = wl->timers;
1586 	while (tmp) {
1587 		if (tmp->next == t) {
1588 			tmp->next = t->next;
1589 #ifdef DEBUG
1590 			kfree(t->name);
1591 #endif
1592 			kfree(t);
1593 			return;
1594 		}
1595 		tmp = tmp->next;
1596 	}
1597 
1598 }
1599 
1600 /*
1601  * precondition: no locking required
1602  */
1603 int brcms_ucode_init_buf(struct brcms_info *wl, void **pbuf, u32 idx)
1604 {
1605 	int i, entry;
1606 	const u8 *pdata;
1607 	struct firmware_hdr *hdr;
1608 	for (i = 0; i < wl->fw.fw_cnt; i++) {
1609 		hdr = (struct firmware_hdr *)wl->fw.fw_hdr[i]->data;
1610 		for (entry = 0; entry < wl->fw.hdr_num_entries[i];
1611 		     entry++, hdr++) {
1612 			u32 len = le32_to_cpu(hdr->len);
1613 			if (le32_to_cpu(hdr->idx) == idx) {
1614 				pdata = wl->fw.fw_bin[i]->data +
1615 					le32_to_cpu(hdr->offset);
1616 				*pbuf = kvmemdup(pdata, len, GFP_KERNEL);
1617 				if (*pbuf == NULL)
1618 					return -ENOMEM;
1619 				return 0;
1620 			}
1621 		}
1622 	}
1623 	brcms_err(wl->wlc->hw->d11core,
1624 		  "ERROR: ucode buf tag:%d can not be found!\n", idx);
1625 	*pbuf = NULL;
1626 	return -ENODATA;
1627 }
1628 
1629 /*
1630  * Precondition: Since this function is called in brcms_bcma_probe() context,
1631  * no locking is required.
1632  */
1633 int brcms_ucode_init_uint(struct brcms_info *wl, size_t *n_bytes, u32 idx)
1634 {
1635 	int i, entry;
1636 	const u8 *pdata;
1637 	struct firmware_hdr *hdr;
1638 	for (i = 0; i < wl->fw.fw_cnt; i++) {
1639 		hdr = (struct firmware_hdr *)wl->fw.fw_hdr[i]->data;
1640 		for (entry = 0; entry < wl->fw.hdr_num_entries[i];
1641 		     entry++, hdr++) {
1642 			if (le32_to_cpu(hdr->idx) == idx) {
1643 				pdata = wl->fw.fw_bin[i]->data +
1644 					le32_to_cpu(hdr->offset);
1645 				if (le32_to_cpu(hdr->len) != 4) {
1646 					brcms_err(wl->wlc->hw->d11core,
1647 						  "ERROR: fw hdr len\n");
1648 					return -ENOMSG;
1649 				}
1650 				*n_bytes = le32_to_cpu(*((__le32 *) pdata));
1651 				return 0;
1652 			}
1653 		}
1654 	}
1655 	brcms_err(wl->wlc->hw->d11core,
1656 		  "ERROR: ucode tag:%d can not be found!\n", idx);
1657 	return -ENOMSG;
1658 }
1659 
1660 /*
1661  * precondition: can both be called locked and unlocked
1662  */
1663 void brcms_ucode_free_buf(void *p)
1664 {
1665 	kvfree(p);
1666 }
1667 
1668 /*
1669  * checks validity of all firmware images loaded from user space
1670  *
1671  * Precondition: Since this function is called in brcms_bcma_probe() context,
1672  * no locking is required.
1673  */
1674 int brcms_check_firmwares(struct brcms_info *wl)
1675 {
1676 	int i;
1677 	int entry;
1678 	int rc = 0;
1679 	const struct firmware *fw;
1680 	const struct firmware *fw_hdr;
1681 	struct firmware_hdr *ucode_hdr;
1682 	for (i = 0; i < MAX_FW_IMAGES && rc == 0; i++) {
1683 		fw =  wl->fw.fw_bin[i];
1684 		fw_hdr = wl->fw.fw_hdr[i];
1685 		if (fw == NULL && fw_hdr == NULL) {
1686 			break;
1687 		} else if (fw == NULL || fw_hdr == NULL) {
1688 			wiphy_err(wl->wiphy, "%s: invalid bin/hdr fw\n",
1689 				  __func__);
1690 			rc = -EBADF;
1691 		} else if (fw_hdr->size % sizeof(struct firmware_hdr)) {
1692 			wiphy_err(wl->wiphy, "%s: non integral fw hdr file "
1693 				"size %zu/%zu\n", __func__, fw_hdr->size,
1694 				sizeof(struct firmware_hdr));
1695 			rc = -EBADF;
1696 		} else if (fw->size < MIN_FW_SIZE || fw->size > MAX_FW_SIZE) {
1697 			wiphy_err(wl->wiphy, "%s: out of bounds fw file size %zu\n",
1698 				  __func__, fw->size);
1699 			rc = -EBADF;
1700 		} else {
1701 			/* check if ucode section overruns firmware image */
1702 			ucode_hdr = (struct firmware_hdr *)fw_hdr->data;
1703 			for (entry = 0; entry < wl->fw.hdr_num_entries[i] &&
1704 			     !rc; entry++, ucode_hdr++) {
1705 				if (le32_to_cpu(ucode_hdr->offset) +
1706 				    le32_to_cpu(ucode_hdr->len) >
1707 				    fw->size) {
1708 					wiphy_err(wl->wiphy,
1709 						  "%s: conflicting bin/hdr\n",
1710 						  __func__);
1711 					rc = -EBADF;
1712 				}
1713 			}
1714 		}
1715 	}
1716 	if (rc == 0 && wl->fw.fw_cnt != i) {
1717 		wiphy_err(wl->wiphy, "%s: invalid fw_cnt=%d\n", __func__,
1718 			wl->fw.fw_cnt);
1719 		rc = -EBADF;
1720 	}
1721 	return rc;
1722 }
1723 
1724 /*
1725  * precondition: perimeter lock has been acquired
1726  */
1727 bool brcms_rfkill_set_hw_state(struct brcms_info *wl)
1728 	__must_hold(&wl->lock)
1729 {
1730 	bool blocked = brcms_c_check_radio_disabled(wl->wlc);
1731 
1732 	spin_unlock_bh(&wl->lock);
1733 	wiphy_rfkill_set_hw_state(wl->pub->ieee_hw->wiphy, blocked);
1734 	if (blocked)
1735 		wiphy_rfkill_start_polling(wl->pub->ieee_hw->wiphy);
1736 	spin_lock_bh(&wl->lock);
1737 	return blocked;
1738 }
1739